opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/install-ansible/tasks/main.yaml
Ian Wienand e182394e97
install-ansible: overhaul install ansible requirements 
Change I4789fe99651597b073e35066ec3be312e18659b8 made me realise that
with the extant code, nothing will update the /usr/ansible-env
environment when we bump the versions.

The installation of the Ansible, openstacksdk and ARA packages as part
of the "install-ansible" role was done this way to facilitate being
able to install all three of these from their main/master/devel
branches for the "-devel" job, which is our basic canary for upstream
things that might affect us.  Because of the way the pip: role works
with "state: latest" and mixing on-disk paths with pypi package names,
this became a bit of a complex swizzling operation.

Some thing have changed since then; particularly us now using a
separate venv and upstream Ansible's change to use "collections"; so
pulling in a bug-fix for Ansible is not as simple as just cloning
github.com/ansible/ansible at a particular tag any more.  This means
we should reconsider how we're specifying the packages here.

This simplifies things to list the required packages in a
requirements.txt file, which we install into the venv root.  The nice
thing about this is that creating requirements.txt with the template:
role is idempotent, so we can essentially monitor the file for changes
and only (re-)run the pip install into /usr/ansible-env when we change
versions (forcing upgrades so we get the versions we want, and fixing
the original issue mentioned above).

Change-Id: I3696740112fa691d1700040b557f53f6721393e7
2022-12-06 13:27:46 +11:00

178 lines
4.7 KiB
YAML
Raw Blame History

# The -devel job in particular already defines
# install_ansbile_requirements in the job definition to pick
# main/devel branch repos checked out from Zuul
- name: Set default ansible install requirements
when: install_ansible_requirements is not defined
block:
- name: Set defaults
set_fact:
_install_ansible_requirements:
- 'ansible<8'
- 'openstacksdk'
- name: Add ARA to defaults if enabled
when: install_ansible_ara_enable
set_fact:
_install_ansible_requirements: '{{ _install_ansible_requirements + ["ara[server]"] }}'
- name: Set variable
# NOTE(ianw) the block when: statement is calcuated for each task
# -- keep this last!
set_fact:
install_ansible_requirements: '{{ _install_ansible_requirements }}'
# NOTE(ianw) 2022-10-26 : ARM64 generally needs this because upstream
# projects don't always ship arm64 wheels. But x86 may need it when
# we have a fresh host with a more recent Python too
- name: Ensure required Ansible build packages
apt:
update_cache: yes
name:
- libffi-dev
- libssl-dev
- build-essential
- python3-dev
- name: Install python-venv package
package:
name:
- python3-venv
state: present
- name: Create venv
include_role:
name: create-venv
vars:
create_venv_path: '/usr/ansible-venv'
- name: Write out requirements file
template:
src: requirements.txt.j2
dest: '/usr/ansible-venv/requirements.txt'
owner: root
group: root
mode: 0644
register: _requirements_updated
- name: Install packages
when: _requirements_updated.changed
pip:
requirements: '/usr/ansible-venv/requirements.txt'
virtualenv: '/usr/ansible-venv'
# If the requirements.txt has changed, force things to upgrade
extra_args: '--upgrade'
# From Ansible 2.10 >= most of the fun stuff is in collections. Clone
# our required collections here. Note this is only for our testing of
# the devel branch; if we're using a release we use the Ansible
# distribution package which bundles all this.
- name: Install Ansible collections
include_tasks: install_ansible_collection.yaml
when: install_ansible_collections is defined
loop: '{{ install_ansible_collections }}'
- name: Symlink Ansible globally
file:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
state: link
loop:
- { src: '/usr/ansible-venv/bin/ansible-playbook', dest: '/usr/local/bin/ansible-playbook' }
- { src: '/usr/ansible-venv/bin/ansible', dest: '/usr/local/bin/ansible' }
- name: Ansible version check
command: 'ansible-playbook --version'
register: _ansible_version_check
- name: Sanity check Ansible version
debug:
msg: '{{ _ansible_version_check.stdout }}'
- name: Ansible cmd version check
command: 'ansible --version'
register: _ansible_version_check
- name: Sanity check Ansible version
debug:
msg: '{{ _ansible_version_check.stdout }}'
# This registered variable is templated into ansible.cfg below
# to setup the callback plugins for ARA
- name: Get ARA's location for callback plugins
when: install_ansible_ara_enable
command: /usr/ansible-venv/bin/python3 -m ara.setup.callback_plugins
register: install_ansible_ara_callback_plugins
changed_when: false
# For use by k8s_raw ansible module
# - name: Install openshift client
# pip:
# name: 'openshift'
# TODO(corvus): re-add this once kubernetes 9.0.0 is released
- name: Ensure /etc/ansible and /etc/ansible/hosts
file:
state: directory
path: /etc/ansible/hosts
- name: Ensure /etc/ansible/inventory_plugins
file:
state: directory
path: /etc/ansible/inventory_plugins
- name: Ensure /var/cache/ansible
file:
state: directory
path: /var/cache/ansible
owner: root
group: root
mode: 0770
- name: Ensure ansible log dir is writable
file:
path: /var/log/ansible
state: directory
owner: root
group: root
mode: 0775
- name: Copy ansible.cfg in to place
template:
src: ansible.cfg.j2
dest: /etc/ansible/ansible.cfg
- name: Remove old inventory files
file:
path: '/etc/ansible/hosts/{{ item }}'
state: absent
loop:
- openstack.yaml
- groups.yaml
- name: Copy system-config roles into place
copy:
src: roles/
dest: /etc/ansible/roles
- name: Copy disable-ansible utility script in place
copy:
src: disable-ansible
dest: /usr/local/bin/disable-ansible
mode: 0755
owner: root
group: root
- name: Copy yamlgroup inventory in place
copy:
src: inventory_plugins/yamlgroup.py
dest: /etc/ansible/inventory_plugins/yamlgroup.py
- name: Setup log rotation
include_role:
name: logrotate
vars:
logrotate_file_name: /var/log/ansible/ansible.log
- name: Verify ansible install
command: ansible --version
View Git Blame Copy Permalink