Merge pull request #261 from amanda11/master

Ansible-playbooks to install on Centos8

.kitchen-docker/centos8/Dockerfile

@@ -0,0 +1,13 @@
+FROM stackstorm/packagingtest:centos8-systemd
+
+RUN mkdir -p /var/run/sshd
+RUN useradd -d /home/<%= @username %> -m -s /bin/bash <%= @username %>
+RUN echo <%= "#{@username}:#{@password}" %> | chpasswd
+RUN echo '<%= @username %> ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+RUN mkdir -p /home/<%= @username %>/.ssh
+RUN chown -R <%= @username %> /home/<%= @username %>/.ssh
+RUN chmod 0700 /home/<%= @username %>/.ssh
+RUN touch /home/<%= @username %>/.ssh/authorized_keys
+RUN chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys
+RUN chmod 0600 /home/<%= @username %>/.ssh/authorized_keys
+RUN echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys

.kitchen.yml

@@ -52,6 +52,14 @@ platforms:
       run_command: /sbin/init
       volume:
         - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  # CentOS8 with Systemd
+  - name: centos-8
+    driver_config:
+      platform: centos
+      dockerfile: .kitchen-docker/centos8/Dockerfile
+      run_command: /sbin/init
+      volume:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro
 
 suites:
   - name: default

.travis.yml

@@ -13,12 +13,14 @@ env:
   - DISTRO=ubuntu-16 LICENSE='BWC_LICENSE_ENTERPRISE'
   - DISTRO=centos-6 LICENSE='BWC_LICENSE_ENTERPRISE'
   - DISTRO=centos-7 LICENSE='BWC_LICENSE_ENTERPRISE'
+  - DISTRO=centos-8 LICENSE='BWC_LICENSE_ENTERPRISE'
 
   # StackStorm 'unstable' repo check
   - DISTRO=ubuntu-14 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
   - DISTRO=ubuntu-16 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
   - DISTRO=centos-6 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
   - DISTRO=centos-7 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
+  - DISTRO=centos-8 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
 
 before_script:
   # Personal token for forked PRs

README.md

@@ -13,9 +13,12 @@ Aka IFTTT orchestration for Ops.
 * Ubuntu Xenial (16.04)
 * RHEL6 / CentOS6
 * RHEL7 / CentOS7
+* RHEL8 / CentOS8
 
 > If you're using the provided Vagrantfile, note that it uses Xenial by default.
 
+> In order to access StackStorm Web UI, please don't forget to ensure that http/https ports are opened in your firewall system.
+
 ## Requirements
 At least 2GB of memory and 3.5GB of disk space is required, since StackStorm is shipped with RabbitMQ, PostgreSQL, Mongo, nginx and OpenStack Mistral.
 
@@ -102,8 +105,10 @@ These are the platforms we must support (must pass end-to-end testing):
 - Trusty
 - CentOS6
 - CentOS7
+- CentOS8
 - RHEL6 (via AWS)
 - RHEL7 (via AWS)
+- RHEL8 (via AWS)
 
 Must also support Ansible Idempotence (Eg. Ansible-playbook re-run should end with the following results: `changed=0.*failed=0`)
 
@@ -117,6 +122,7 @@ Other distros:
 vagrant up ubuntu14
 vagrant up centos6
 vagrant up centos7
+vagrant up centos8
 ```
 
 ## Other Installers
@@ -127,6 +133,7 @@ You might be interested in other methods to deploy StackStorm engine:
 
 * Manual Instructions
   * [Ubuntu 14.04/16.04](https://docs.stackstorm.com/install/deb.html)
+  * [RHEL8/CentOS8](https://docs.stackstorm.com/install/rhel8.html)
   * [RHEL7/CentOS7](https://docs.stackstorm.com/install/rhel7.html)
   * [RHEL6/CentOS6](https://docs.stackstorm.com/install/rhel6.html)
 

Vagrantfile

@@ -18,6 +18,10 @@ VIRTUAL_MACHINES = {
     :hostname => 'ansible-st2-centos7',
     :box => 'centos/7',
   },
+  :centos8 => {
+    :hostname => 'ansible-st2-centos8',
+    :box => 'centos/8',
+  },
 }
 
 Vagrant.require_version ">= 1.9.1"

meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
       versions:
         - 6
         - 7
+        - 8
   categories:
     - system
     - ops

roles/StackStorm.epel/meta/main.yml

@@ -10,5 +10,6 @@ galaxy_info:
       versions:
         - 6
         - 7
+        - 8
   galaxy_tags:
     - system

roles/StackStorm.ewc/meta/main.yml

@@ -14,6 +14,7 @@ galaxy_info:
       versions:
         - 6
         - 7
+        - 8
   galaxy_tags:
     - system
     - stackstorm

roles/StackStorm.ewc/tasks/ewc_repos_setup.yml

@@ -57,8 +57,8 @@
     - ewc
     - enterprise
 
-- name: Add EWC enterprise repos on {{ ansible_facts.distribution }}
-  include_tasks: ewc_repos_{{ ansible_facts.pkg_mgr }}.yml
+- name: Add EWC enterprise repos on {{ ansible_os_family | lower }}
+  include_tasks: ewc_repos_{{ ansible_os_family | lower }}.yml
   tags:
     - ewc
     - enterprise

roles/StackStorm.ewc/tasks/license.yml

@@ -57,7 +57,7 @@
     - enterprise
 
 - name: "Cleanup repo list file from disk"
-  include_tasks: "ewc_repos_cleanup_{{ ansible_facts.pkg_mgr }}.yml"
+  include_tasks: "ewc_repos_cleanup_{{ ansible_os_family | lower  }}.yml"
   when: ewc_license | hash("sha512") != ewc_license_hash
   tags:
     - ewc

roles/StackStorm.ewc/tasks/main.yml

@@ -48,7 +48,7 @@
 - name: Install pinned bwc-enterprise package
   become: yes
   package:
-    name: bwc-enterprise{{ '-' if ansible_facts.pkg_mgr == 'yum' else '=' }}{{ ewc_version }}-{{ ewc_revision }}
+    name: bwc-enterprise{{ '-' if ansible_os_family == 'RedHat' else '=' }}{{ ewc_version }}-{{ ewc_revision }}
     state: present
   register: ewc_installed
   retries: 5

roles/StackStorm.ewc_smoketests/meta/main.yml

@@ -14,6 +14,7 @@ galaxy_info:
       versions:
         - 6
         - 7
+        - 8
   galaxy_tags:
     - stackstorm
     - bwc

roles/StackStorm.mongodb/defaults/main.yml

@@ -1,4 +1,6 @@
 ---
-# MongoDB version to install
+# MongoDB3 version to install
 # Should be '3.2' or '3.4'
 mongodb_version: "3.4"
+# MongoDB4 version to install on RH 8
+mongodb4_version: "4.0"

roles/StackStorm.mongodb/meta/main.yml

@@ -14,6 +14,7 @@ galaxy_info:
       versions:
         - 6
         - 7
+        - 8
   galaxy_tags:
     - system
 dependencies:

roles/StackStorm.mongodb/tasks/main.yml

@@ -1,6 +1,13 @@
 ---
+- name: Retrieve variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml"
+    - "{{ ansible_os_family | lower }}.yml"
+  tags: [databases, mongodb]
+
 - name: Install mongodb on {{ ansible_facts.distribution }}
-  include_tasks: mongodb_{{ ansible_facts.pkg_mgr }}.yml
+  include_tasks: mongodb_{{ ansible_os_family | lower }}.yml
   tags: [databases, mongodb]
 
 - name: Start & Enable mongodb

roles/StackStorm.mongodb/tasks/mongodb_yum.yml → roles/StackStorm.mongodb/tasks/mongodb_redhat.yml

@@ -2,20 +2,16 @@
 - name: yum | Install mongodb dependencies
   become: yes
   yum:
-    name:
+    name: "{{ mongo_dependencies }}"
       # Failed to validate the SSL certificate for www.mongodb.org:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the `urllib3`, `pyopenssl`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible
-      - python-urllib3
-      - pyOpenSSL
-      - python-pyasn1
-      - python-ndg_httpsclient
     state: present
   register: _task
   retries: 5
   delay: 3
   until: _task is succeeded
   tags: [databases, mongodb]
 
-- name: yum | Add mongodb key
+- name: yum | Add mongodb key {{ mongodb_major_minor_version }}
   become: yes
   rpm_key:
     key: https://www.mongodb.org/static/pgp/server-{{ mongodb_major_minor_version }}.asc
@@ -41,7 +37,7 @@
 - name: yum | Install mongodb
   become: yes
   yum:
-    name: mongodb-org-{{ mongodb_version }}*
+    name: mongodb-org-{{ mongodb_use_version }}*
     state: present
     # TODO: Allow yum downgrade since Ansible 2.4
     # https://github.com/ansible/ansible/pull/21516

roles/StackStorm.mongodb/vars/redhat.yml

@@ -0,0 +1,9 @@
+mongo_dependencies:
+      - python-urllib3
+      - pyOpenSSL
+      - python-pyasn1
+      - python-ndg_httpsclient
+# For RH < 8 use mongodb_version
+mongodb_use_version: "{{ (mongodb_version|string)[:3] }}"
+# Extract mongodb "major.minor" version
+mongodb_major_minor_version: "{{ (mongodb_use_version|string)[:3] }}"

roles/StackStorm.mongodb/vars/redhat_8.yml

@@ -0,0 +1,10 @@
+mongo_dependencies:
+      - python3-urllib3
+      - python3-pyOpenSSL
+      - python3-pyasn1
+# We cannot have conditional defaults. The default for mongodb_version is 3, but
+# for RH 8 we want to use version 4 at least. So if mongodb_version is 3 use the
+# default mongodb4_version
+mongodb_use_version: "{{ (mongodb4_version|string)[:3] if ( mongodb_version|string)[:1] == '3' else (mongodb_version|string)[:3] }}"
+# Extract mongodb "major.minor" version
+mongodb_major_minor_version: "{{ (mongodb_use_version|string)[:3] }}"

roles/StackStorm.nginx/meta/main.yml

@@ -15,6 +15,7 @@ galaxy_info:
       versions:
         - 6
         - 7
+        - 8
   galaxy_tags:
     - web
     - nginx

roles/StackStorm.nginx/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Install nginx on {{ ansible_facts.distribution }}
-  include_tasks: nginx_{{ ansible_facts.pkg_mgr }}.yml
+  include_tasks: nginx_{{ ansible_os_family | lower }}.yml
   tags: nginx
 
 - name: Create common virtual host folders

roles/StackStorm.nginx/tasks/nginx_yum.yml → roles/StackStorm.nginx/tasks/nginx_redhat.yml

@@ -1,4 +1,10 @@
 ---
+- name: Install vars
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml"
+    - "{{ ansible_os_family | lower }}.yml"
+
 - name: Add nginx key
   become: yes
   rpm_key:
@@ -40,10 +46,31 @@
     state: absent
   tags: nginx
 
+- name: Comment out server line
+  become: yes
+  replace:
+     path: /etc/nginx/nginx.conf
+     backup: yes
+     regexp: '^(?![#])(.*server\s*{)'
+     replace: '#\1'
+  tags: nginx
+  when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8')
+
+- name: Comment out after server block
+  become: yes
+  replace:
+     path: /etc/nginx/nginx.conf
+     backup: yes
+     after: '\s*server\s*{'
+     regexp: '^(?![#}])(.+)$'
+     replace: '#\1'
+  tags: nginx
+  when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8')
+
 - name: Install dependencies for SELinux Ansible module
   become: yes
   yum:
-    name: libsemanage-python, libselinux-python
+    name: "{{ selinux_dependencies }}"
     state: present
   register: nginx_selinux_dependencies
   retries: 5

roles/StackStorm.nginx/vars/redhat.yml

@@ -0,0 +1,3 @@
+selinux_dependencies:
+  - libsemanage-python
+  - libselinux-python

roles/StackStorm.nginx/vars/redhat_8.yml

@@ -0,0 +1,3 @@
+selinux_dependencies:
+  - python3-libsemanage
+  - python3-libselinux

roles/StackStorm.nodejs/meta/main.yml

@@ -15,5 +15,6 @@ galaxy_info:
       versions:
         - 6
         - 7
+        - 8
   galaxy_tags:
     - system

roles/StackStorm.nodejs/tasks/main.yml

@@ -1,4 +1,4 @@
 ---
 - name: Install nodejs on {{ ansible_facts.distribution }}
-  include_tasks: nodejs_{{ ansible_facts.pkg_mgr }}.yml
+  include_tasks: nodejs_{{ ansible_os_family | lower }}.yml
   tags: nodejs

roles/StackStorm.nodejs/tasks/nodejs_yum.yml → roles/StackStorm.nodejs/tasks/nodejs_redhat.yml

@@ -19,6 +19,28 @@
   register: nodesource_repo_rm
   tags: nodejs
 
+- name: Determine if nodejs disabled on AppStream for EL8
+  become: yes
+  shell:
+     cmd: yum module list nodejs --disabled
+  changed_when: False
+  ignore_errors: True
+  args:
+     warn: False
+  register: nodejs_disabled
+  when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8'
+  tags: [nodejs, skip_ansible_lint]
+
+- name: Disable AppStream repository due to installation conflicts for EL8
+  become: yes
+  shell:
+     cmd: yum module disable -y nodejs
+  args:
+     warn: False
+  when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' and "AppStream" not in nodejs_disabled.stdout
+  # Disable warning as yum doesn't support disable module
+  tags: [nodejs, skip_ansible_lint]
+
 - name: Add nodesource repo file
   become: yes
   # This is based on the nodesource repo rpm (both 4.x and 10.x for EL6/7/8),

roles/StackStorm.rabbitmq/meta/main.yml

@@ -14,5 +14,6 @@ galaxy_info:
       versions:
         - 6
         - 7
+        - 8
   galaxy_tags:
     - system

roles/StackStorm.rabbitmq/tasks/main.yml

@@ -1,4 +1,34 @@
 ---
+- name: RabbitMQ on RHEL8 requires module(perl:5.26)
+  become: yes
+  shell:
+     cmd: yum -y module enable perl:5.26
+  args:
+     warn: False
+  when: rabbitmq_on_el8
+  register: perl_result
+  changed_when:
+     - '"Nothing to do" not in perl_result.stdout'
+  # Disable warning as yum doesn't support enable module
+  tags: [rabbitmq, skip_ansible_lint]
+
+- name: Install rabbit from packagecloud for RH 8
+  become: yes
+  no_log: yes
+  yum_repository:
+    name: rabbitmq-server
+    description: rabbitmq-server
+    baseurl: https://packagecloud.io/rabbitmq/rabbitmq-server/el/{{ ansible_facts.distribution_major_version }}/$basearch
+    repo_gpgcheck: yes
+    gpgkey: "https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey"
+    sslcacert: /etc/pki/tls/certs/ca-bundle.crt
+    metadata_expire: 300
+    gpgcheck: no
+    enabled: yes
+    sslverify: yes
+  when: rabbitmq_on_el8
+  tags: rabbitmq
+
 - name: Install rabbitmq package on {{ ansible_facts.distribution }}
   become: yes
   package:

roles/StackStorm.rabbitmq/vars/main.yml

@@ -1,3 +1,4 @@
 ---
 rabbitmq_el6_prefix: "/usr/lib/rabbitmq/"
 rabbitmq_on_el6: "{{ (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '6') }}"
+rabbitmq_on_el8: "{{ (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') }}"