From e2ad6aad5a5e8d8832aa05893c61b0c3a7818647 Mon Sep 17 00:00:00 2001
From: MarkusTeufelberger <mteufelberger@mgit.at>
Date: Mon, 11 Feb 2019 23:04:27 +0100
Subject: [PATCH] bootstrap: rework role (#4045)
* bootstrap: rework role
* support being called from a non-root user
* run some commands in check mode
* unify spelling/task names
* bootstrap: fix wording of comments for check_mode: false
* bootstrap: remove setup-pipelining task
---
roles/bootstrap-os/tasks/bootstrap-centos.yml | 15 +++--
.../tasks/bootstrap-clearlinux.yml | 1 +
roles/bootstrap-os/tasks/bootstrap-coreos.yml | 10 +--
roles/bootstrap-os/tasks/bootstrap-debian.yml | 33 ++++++----
roles/bootstrap-os/tasks/bootstrap-fedora.yml | 5 +-
.../bootstrap-os/tasks/bootstrap-opensuse.yml | 1 +
roles/bootstrap-os/tasks/bootstrap-ubuntu.yml | 65 +++++++++++++------
roles/bootstrap-os/tasks/main.yml | 8 +--
roles/bootstrap-os/tasks/setup-pipelining.yml | 8 ---
9 files changed, 88 insertions(+), 58 deletions(-)
delete mode 100644 roles/bootstrap-os/tasks/setup-pipelining.yml
diff --git a/roles/bootstrap-os/tasks/bootstrap-centos.yml b/roles/bootstrap-os/tasks/bootstrap-centos.yml
index 59187dbe8..bd5783355 100644
--- a/roles/bootstrap-os/tasks/bootstrap-centos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml
@@ -1,5 +1,5 @@
---
-- name: check if atomic host
+- name: Check if atomic host
stat:
path: /run/ostree-booted
register: ostree
@@ -19,24 +19,25 @@
regexp: "^enabled=.*"
line: "enabled=0"
state: present
+ become: true
when: fastestmirror.stat.exists
- name: Add proxy to /etc/yum.conf if http_proxy is defined
lineinfile:
path: "/etc/yum.conf"
- line: "proxy={{http_proxy}}"
+ line: "proxy={{ http_proxy }}"
create: yes
state: present
+ become: true
when: http_proxy is defined
- name: Install libselinux-python and yum-utils for bootstrap
yum:
- name: "{{ packages }}"
- state: present
- vars:
- packages:
+ name:
- libselinux-python
- yum-utils
+ state: present
+ become: true
when:
- not is_atomic
@@ -51,6 +52,7 @@
yum:
name: epel-release
state: present
+ become: true
when:
- epel_enabled
- not is_atomic
@@ -82,6 +84,7 @@
yum:
name: python-pip
state: present
+ become: true
when:
- not is_atomic
- package_python_pip.results | length != 0
diff --git a/roles/bootstrap-os/tasks/bootstrap-clearlinux.yml b/roles/bootstrap-os/tasks/bootstrap-clearlinux.yml
index 89859978d..1144893a6 100644
--- a/roles/bootstrap-os/tasks/bootstrap-clearlinux.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-clearlinux.yml
@@ -12,3 +12,4 @@
enabled: yes
daemon_reload: yes
state: started
+ become: true
diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
index 1bd861ca7..909e0e374 100644
--- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
@@ -1,5 +1,5 @@
---
-- name: Bootstrap | Check if bootstrap is needed
+- name: Check if bootstrap is needed
raw: stat /opt/bin/.bootstrapped
register: need_bootstrap
environment: {}
@@ -14,7 +14,7 @@
tags:
- facts
-- name: Bootstrap | Run bootstrap.sh
+- name: Run bootstrap.sh
script: bootstrap.sh
when: need_bootstrap.rc != 0
@@ -23,13 +23,13 @@
tags:
- facts
-- name: Bootstrap | Install pip3
+- name: Install pip3
command: "{{ ansible_python_interpreter }} -m ensurepip"
args:
creates: "{{ bin_dir }}/pypy3/bin/pip3"
register: pip_installed
-- name: Bootstrap | Install pip3 link
+- name: Install pip3 link
file:
src: "{{ bin_dir }}/pypy3/bin/pip3"
dest: "{{ bin_dir }}/pip3"
@@ -45,7 +45,7 @@
environment:
PATH: "{{ ansible_env.PATH }}:{{ bin_dir }}"
-- name: Bootstrap | Disable auto-upgrade
+- name: Disable auto-upgrade
systemd:
name: locksmithd.service
masked: true
diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/bootstrap-debian.yml
index 625b43719..1cb9b273c 100644
--- a/roles/bootstrap-os/tasks/bootstrap-debian.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml
@@ -1,11 +1,11 @@
---
-# raw: cat /etc/issue.net | grep '{{ bootstrap_versions }}'
-
-- name: Bootstrap | Check if bootstrap is needed
+- name: Check if bootstrap is needed
raw: which "{{ item }}"
register: need_bootstrap
failed_when: false
changed_when: false
+ # This command should always run, even in check mode
+ check_mode: false
with_items:
- python
- pip
@@ -14,39 +14,48 @@
tags: facts
- name: Check http::proxy in /etc/apt/apt.conf
- raw: grep -qsi 'Acquire::http::Proxy' /etc/apt/apt.conf
+ raw: grep -qsi 'Acquire::http::proxy' /etc/apt/apt.conf
register: need_http_proxy
failed_when: false
changed_when: false
+ # This command should always run, even in check mode
+ check_mode: false
environment: {}
- tags: facts
+ when:
+ - http_proxy is defined
- name: Add http_proxy to /etc/apt/apt.conf if http_proxy is defined
- raw: echo 'Acquire::http::Proxy "{{http_proxy}}";' >> /etc/apt/apt.conf
+ raw: echo 'Acquire::http::proxy "{{ http_proxy }}";' >> /etc/apt/apt.conf
+ become: true
environment: {}
when:
- - need_http_proxy.rc != 0
- http_proxy is defined
+ - need_http_proxy.rc != 0
- name: Check https::proxy in /etc/apt/apt.conf
- raw: grep -qsi 'Acquire::https::Proxy' /etc/apt/apt.conf
+ raw: grep -qsi 'Acquire::https::proxy' /etc/apt/apt.conf
register: need_https_proxy
failed_when: false
changed_when: false
+ # This command should always run, even in check mode
+ check_mode: false
environment: {}
- tags: facts
+ when:
+ - https_proxy is defined
- name: Add https_proxy to /etc/apt/apt.conf if https_proxy is defined
- raw: echo 'Acquire::https::proxy "{{https_proxy}}";' >> /etc/apt/apt.conf
+ raw: echo 'Acquire::https::proxy "{{ https_proxy }}";' >> /etc/apt/apt.conf
+ become: true
environment: {}
when:
- - need_https_proxy.rc != 0
- https_proxy is defined
+ - need_https_proxy.rc != 0
-- name: Bootstrap | Install python 2.x, pip, and dbus
+- name: Install python, pip, and dbus
raw:
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-pip dbus
+ become: true
environment: {}
when:
need_bootstrap.results | map(attribute='rc') | sort | last | bool
diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora.yml b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
index f17d32adf..292c2d34d 100644
--- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
@@ -1,6 +1,5 @@
---
-
-- name: Bootstrap | Check if bootstrap is needed
+- name: Check if bootstrap is needed
raw: which "{{ item }}"
register: need_bootstrap
failed_when: false
@@ -12,6 +11,7 @@
- name: Install python on fedora
raw: "dnf install --assumeyes --quiet python"
+ become: true
environment: {}
when: need_bootstrap.results | map(attribute='rc') | sort | last | bool
@@ -19,3 +19,4 @@
dnf:
name: libselinux-python
state: present
+ become: true
diff --git a/roles/bootstrap-os/tasks/bootstrap-opensuse.yml b/roles/bootstrap-os/tasks/bootstrap-opensuse.yml
index abedd2195..b081710a1 100644
--- a/roles/bootstrap-os/tasks/bootstrap-opensuse.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-opensuse.yml
@@ -5,3 +5,4 @@
state: present
with_items:
- python-cryptography
+ become: true
diff --git a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml
index c33970252..893041ad0 100644
--- a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml
@@ -1,6 +1,4 @@
---
-# raw: cat /etc/issue.net | grep '{{ bootstrap_versions }}'
-
- name: List ubuntu_packages
set_fact:
ubuntu_packages:
@@ -9,36 +7,61 @@
- python-pip
- dbus
-- name: Bootstrap | Check if bootstrap is needed
- raw: dpkg -l | cut -d' ' -f3 |grep -e ^{{item}}$
+- name: Check if bootstrap is needed
+ raw: dpkg -l | cut -d' ' -f3 | grep -e ^{{ item }}$
register: need_bootstrap
failed_when: false
changed_when: false
- with_items: "{{ubuntu_packages}}"
+ # This command should always run, even in check mode
+ check_mode: false
+ with_items: "{{ ubuntu_packages }}"
environment: {}
tags:
- facts
-- name: Add proxy to /etc/apt/apt.conf if http_proxy is defined
- lineinfile:
- path: "/etc/apt/apt.conf"
- line: 'Acquire::http::proxy "{{http_proxy}}";'
- create: yes
- state: present
- when: http_proxy is defined
+- name: Check http::proxy in /etc/apt/apt.conf
+ raw: grep -qsi 'Acquire::http::proxy' /etc/apt/apt.conf
+ register: need_http_proxy
+ failed_when: false
+ changed_when: false
+ # This command should always run, even in check mode
+ check_mode: false
+ environment: {}
+ when:
+ - http_proxy is defined
+
+- name: Add http_proxy to /etc/apt/apt.conf if http_proxy is defined
+ raw: echo 'Acquire::http::proxy "{{ http_proxy }}";' >> /etc/apt/apt.conf
+ become: true
+ environment: {}
+ when:
+ - http_proxy is defined
+ - need_http_proxy.rc != 0
-- name: Add proxy to /etc/apt/apt.conf if https_proxy is defined
- lineinfile:
- path: "/etc/apt/apt.conf"
- line: 'Acquire::https::proxy "{{https_proxy}}";'
- create: yes
- state: present
- when: https_proxy is defined
+- name: Check https::proxy in /etc/apt/apt.conf
+ raw: grep -qsi 'Acquire::https::proxy' /etc/apt/apt.conf
+ register: need_https_proxy
+ failed_when: false
+ changed_when: false
+ # This command should always run, even in check mode
+ check_mode: false
+ environment: {}
+ when:
+ - https_proxy is defined
+
+- name: Add https_proxy to /etc/apt/apt.conf if https_proxy is defined
+ raw: echo 'Acquire::https::proxy "{{ https_proxy }}";' >> /etc/apt/apt.conf
+ become: true
+ environment: {}
+ when:
+ - https_proxy is defined
+ - need_https_proxy.rc != 0
-- name: Bootstrap | Install python 2.x and pip
+- name: Install python and pip
raw:
apt-get update && \
- DEBIAN_FRONTEND=noninteractive apt-get install -y {{ubuntu_packages | join(" ")}}
+ DEBIAN_FRONTEND=noninteractive apt-get install -y {{ ubuntu_packages | join(" ") }}
+ become: true
environment: {}
when:
- need_bootstrap.results | map(attribute='rc') | sort | last | bool
diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml
index 1bb24ee57..f58fbaf2a 100644
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -3,6 +3,8 @@
raw: cat /etc/os-release
register: os_release
changed_when: false
+ # This command should always run, even in check mode
+ check_mode: false
environment: {}
- include_tasks: bootstrap-ubuntu.yml
@@ -26,8 +28,6 @@
- include_tasks: bootstrap-clearlinux.yml
when: '"Clear Linux OS" in os_release.stdout'
-- import_tasks: setup-pipelining.yml
-
- name: Create remote_tmp for it is used by another module
file:
path: "{{ lookup('config', 'DEFAULT_REMOTE_TMP', on_missing='skip', wantlist=True) | first | default('~/.ansible/tmp') }}"
@@ -41,13 +41,13 @@
- name: Assign inventory name to unconfigured hostnames (non-CoreOS and Tumbleweed)
hostname:
- name: "{{inventory_hostname}}"
+ name: "{{ inventory_hostname }}"
when:
- override_system_hostname
- ansible_os_family not in ['Suse', 'CoreOS', 'Container Linux by CoreOS', 'ClearLinux']
- name: Assign inventory name to unconfigured hostnames (CoreOS and Tumbleweed only)
- command: "hostnamectl set-hostname {{inventory_hostname}}"
+ command: "hostnamectl set-hostname {{ inventory_hostname }}"
register: hostname_changed
when:
- override_system_hostname
diff --git a/roles/bootstrap-os/tasks/setup-pipelining.yml b/roles/bootstrap-os/tasks/setup-pipelining.yml
deleted file mode 100644
index 559cef25e..000000000
--- a/roles/bootstrap-os/tasks/setup-pipelining.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# Remove requiretty to make ssh pipelining work
-
-- name: Remove require tty
- lineinfile:
- regexp: '^\w+\s+requiretty'
- dest: /etc/sudoers
- state: absent
--
GitLab