CentOS and Fedora infrastructure teams are still relying on ansible 2.9.x (both packaging side and playbook/tasks style). We'd need to consider upgrading as 2.9.x is slowly reaching EOL.
At first sight, we'd need :
centos tracking issue: https://pagure.io/centos-infra/issue/496
Metadata Update from @mohanboddu: - Issue priority set to: Waiting on External (was: Needs Review) - Issue tagged with: medium-gain, medium-trouble, ops
[backlog refinement] We will start working on ansible upgrade soon after ansible-core will available in RHEL8.
Metadata Update from @zlopez: - Issue tagged with: mini-initiative
ok. I've moved this forward a bit here.
Running ansible-core from a git checkout of the 2.12 stable branch:
ansible [core 2.12.4rc1.post0] (stable-2.12 36be99b52d) last updated 2022/03/22 17:12:17 (GMT +000) config file = /etc/ansible/ansible.cfg configured module search path = ['/srv/web/infra/ansible/library', '/usr/share/ansible'] ansible python module location = /home/fedora/kevin/ansible-upstream/lib/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /home/fedora/kevin/ansible-upstream/bin/ansible python version = 3.8.8 (default, Aug 11 2021, 06:52:42) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True
We immediately ran into module's needed:
I then worked on ansible 5.0.0 packaging for epel8-next. With a pretty small patch I got it building ok: https://koji.fedoraproject.org/koji/taskinfo?taskID=84568381
diff --git a/ansible.spec b/ansible.spec index 2bac7ef..766ff8b 100644 --- a/ansible.spec +++ b/ansible.spec @@ -3,6 +3,10 @@ %global with_tests 0 %global ansible_licensedir %{_defaultlicensedir}/ansible %global ansible_docdir %{_defaultdocdir}/ansible +%if 0%{?rhel} == 8 +# for rhel8 we want to use python3.8 as ansible-core is using that +%global __python3 /bin/python3.8 +%endif Name: ansible Summary: Curated set of Ansible collections included in addition to ansible-core @@ -15,8 +19,13 @@ Url: https://ansible.com BuildArch: noarch BuildRequires: findutils +%if 0%{?rhel} == 8 +BuildRequires: python38-devel +BuildRequires: python38-setuptools +%else BuildRequires: python3-devel BuildRequires: python3-setuptools +%endif %if 0%{?with_tests} # TODO build-requires
You also need python38-resolvelib. https://koji.fedoraproject.org/koji/taskinfo?taskID=84570383
In order to use the ansible 5 rpm package on batcave however, we need to remove the old ansible 2.9 package. ;) So thats definitely post freeze.
I got ansible-galaxy working and had to install the following collections:
docker libvirt mysql postgresql rabbitmq
Once those were there, syntax check on main.yml finished!
% python3.8 $(which ansible-playbook) --syntax-check /srv/web/infra/ansible/main.yml [WARNING]: packaging Python module unavailable; unable to validate collection Ansible version requirements [DEPRECATION WARNING]: Additional parameters in import_playbook statements are deprecated. Use 'vars' instead. See 'import_playbook' documentation for examples. This feature will be removed in version 2.14. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: "include" is deprecated, use include_tasks/import_tasks instead. This feature will be removed in version 2.16. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [WARNING]: Could not match supplied host pattern, ignoring: copr_back_dev [WARNING]: Could not match supplied host pattern, ignoring: copr_back_stg [WARNING]: Could not match supplied host pattern, ignoring: copr_back [WARNING]: Could not match supplied host pattern, ignoring: copr_dist_git_dev [WARNING]: Could not match supplied host pattern, ignoring: copr_dist_git_stg [WARNING]: Could not match supplied host pattern, ignoring: copr_dist_git [WARNING]: Could not match supplied host pattern, ignoring: copr_keygen_dev [WARNING]: Could not match supplied host pattern, ignoring: copr_keygen_stg [WARNING]: Could not match supplied host pattern, ignoring: copr_keygen [WARNING]: Could not match supplied host pattern, ignoring: mailman_stg [WARNING]: Could not match supplied host pattern, ignoring: virthost_comm [WARNING]: Could not match supplied host pattern, ignoring: virthost_communishift [WARNING]: Could not match supplied host pattern, ignoring: cloud-noc01.fedorainfracloud.org playbook: /srv/web/infra/ansible/main.yml
So, based on this it might be best to use ansible-galaxy for these (and any other specific modules), or package them up. Although we could still just install/use the ansible collections, but it's somewhat overkill. ;)
I had to install a python38-jmespath for linux-system-roles.networking to work.
After that I was able to run maintainer-test playbook to completion with no errors. :)
So, ran into some problems trying to deploy this. ansible-core in centos-8-stream is built against python3.8.
So, I had to rebuild ansible_utils (the thing with rbac-playbook in it) against python3.8 and patch it in several places.
Just running ansible-playbook as root gives:
[WARNING]: Skipping plugin (/srv/web/infra/ansible/callback_plugins/fedora_messaging_callback.py) as it seems to be invalid: No module named 'fedora_messaging' ERROR! Unexpected Exception, this is probably a bug: No module named 'fedora_messaging'
Any indeed, fedora-messaging is built with python3.6. ;(
I have disabled the callback for now, but I would really like to get it to work somehow.
If we hit problems we can't overcome during freeze we can revert back. ;)
The list-vms-per-host script is also broken. ;(
Fixed (just needed to have it use python3.8)
So, left to fix:
fedora-messaging callback plugin
nightly check-diff playbook (I think this is broken because logview is broken.
I've fixed the logview issue.
fedora-messaging is a good deal less easy, so I am going to just call it good enough for now.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.