From 93006aa9b09e98fb05ef72f04ffcf3f5edc37ca4 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Thu, 11 Jun 2020 12:16:34 +0000 Subject: [PATCH 01/23] Initial commit - crude commands to see if can get StackStorm installed on Centos8 from translating from st2-packages/scripts --- .../tasks/ewc_repos_cleanup_dnf.yml | 9 ++ roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml | 35 +++++++ .../StackStorm.mongodb/tasks/mongodb_dnf.yml | 53 +++++++++++ roles/StackStorm.nginx/tasks/nginx_dnf.yml | 93 +++++++++++++++++++ roles/StackStorm.nodejs/tasks/nodejs_dnf.yml | 53 +++++++++++ roles/StackStorm.rabbitmq/tasks/main.yml | 22 +++++ roles/StackStorm.rabbitmq/vars/main.yml | 1 + roles/StackStorm.st2/tasks/auth.yml | 25 ++++- roles/StackStorm.st2/tasks/version.yml | 4 +- roles/StackStorm.st2chatops/tasks/main.yml | 18 ++++ .../StackStorm.st2repo/tasks/st2repo_dnf.yml | 41 ++++++++ stackstorm.yml | 6 +- 12 files changed, 356 insertions(+), 4 deletions(-) create mode 100644 roles/StackStorm.ewc/tasks/ewc_repos_cleanup_dnf.yml create mode 100644 roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml create mode 100644 roles/StackStorm.mongodb/tasks/mongodb_dnf.yml create mode 100644 roles/StackStorm.nginx/tasks/nginx_dnf.yml create mode 100644 roles/StackStorm.nodejs/tasks/nodejs_dnf.yml create mode 100644 roles/StackStorm.st2repo/tasks/st2repo_dnf.yml diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_dnf.yml b/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_dnf.yml new file mode 100644 index 00000000..9aeb9348 --- /dev/null +++ b/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_dnf.yml @@ -0,0 +1,9 @@ +--- +- name: Cleanup repo list file from disk + become: yes + yum_repository: + name: "StackStorm_{{ ewc_repo }}" + state: absent + tags: + - ewc + - enterprise diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml b/roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml new file mode 100644 index 00000000..c085d54f --- /dev/null +++ b/roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml @@ -0,0 +1,35 @@ +--- +# Fixes "Failure talking to yum: Cannot retrieve repository metadata (repomd.xml) for repository: StackStorm_stable. Please verify its path and try again" when installing st2 +- name: Update ca-certificates package + become: yes + yum: + name: ca-certificates + state: latest + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + tags: + - ewc + - enterprise + - skip_ansible_lint + +- name: "Add packagecloud.io repository: StackStorm/{{ ewc_repo }}" + become: yes + no_log: yes + yum_repository: + name: "StackStorm_{{ ewc_repo }}" + description: "StackStorm_{{ ewc_repo }}" + file: "StackStorm_{{ ewc_repo }}" + baseurl: https://{{ ewc_read_token }}:@packagecloud.io/StackStorm/{{ ewc_repo }}/el/{{ ansible_facts.distribution_major_version }}/$basearch + repo_gpgcheck: yes + gpgkey: "https://{{ ewc_read_token }}:@packagecloud.io/StackStorm/{{ ewc_repo }}/gpgkey" + sslcacert: /etc/pki/tls/certs/ca-bundle.crt + metadata_expire: 300 + gpgcheck: no + enabled: yes + sslverify: yes + register: added_ewc_rpm_repository + tags: + - ewc + - enterprise diff --git a/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml b/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml new file mode 100644 index 00000000..d6bb6796 --- /dev/null +++ b/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml @@ -0,0 +1,53 @@ +--- +- name: yum | Install mongodb dependencies + become: yes + yum: + name: + # Failed to validate the SSL certificate for www.mongodb.org:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the `urllib3`, `pyopenssl`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible + - python3-urllib3 + - python3-pyOpenSSL + state: present + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + tags: [databases, mongodb] + +- name: yum | Add mongodb key + become: yes + rpm_key: + key: https://www.mongodb.org/static/pgp/server-{{ mongodb_major_minor_version }}.asc + state: present + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + tags: [databases, mongodb] + +- name: yum | Add mongodb repository + become: yes + yum_repository: + name: mongodb-org-{{ mongodb_major_minor_version }} + description: MongoDB Repository + gpgcheck: yes + enabled: yes + baseurl: https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/{{ mongodb_major_minor_version }}/x86_64/ + gpgkey: https://www.mongodb.org/static/pgp/server-{{ mongodb_major_minor_version }}.asc + state: present + tags: [databases, mongodb] + +- name: yum | Install mongodb + become: yes + yum: + name: mongodb-org-{{ mongodb_version }}* + state: present + # TODO: Allow yum downgrade since Ansible 2.4 + # https://github.com/ansible/ansible/pull/21516 + # allow_downgrade: yes + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + notify: + - restart mongodb + tags: [databases, mongodb] diff --git a/roles/StackStorm.nginx/tasks/nginx_dnf.yml b/roles/StackStorm.nginx/tasks/nginx_dnf.yml new file mode 100644 index 00000000..96545844 --- /dev/null +++ b/roles/StackStorm.nginx/tasks/nginx_dnf.yml @@ -0,0 +1,93 @@ +--- +- name: Add nginx key + become: yes + rpm_key: + key: http://nginx.org/keys/nginx_signing.key + state: present + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + tags: nginx + +- name: Add nginx repos + become: yes + yum_repository: + name: nginx + description: nginx repo + baseurl: http://nginx.org/packages/rhel/{{ ansible_facts.distribution_major_version }}/x86_64/ + gpgcheck: yes + enabled: yes + state: present + tags: nginx + +- name: Install nginx + become: yes + yum: + name: nginx + state: present + disablerepo: epel + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + tags: nginx + +- name: Remove default site + become: yes + file: + path: /etc/nginx/conf.d/default.conf + state: absent + tags: nginx + +- name: Backup nginx.conf + become: yes + shell: + cmd: cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak + +- name: Comment out server block in nginx.conf + become: yes + shell: + cmd: awk '/^ server {/{f=1}f{$0 = "#" $0}{print}' /etc/nginx/nginx.conf.bak > /tmp/nginx.conf + +- name: Restore nginx.conf + become: yes + shell: + cmd: mv /tmp/nginx.conf /etc/nginx/nginx.conf + +- name: Cleanup double comments + become: yes + shell: + cmd: sed -i -e 's/##/#/' /etc/nginx/nginx.conf + +- name: Cleanup comment closing out server block + become: yes + shell: + cmd: sed -i -e 's/#}/}/' /etc/nginx/nginx.conf + +- name: Install dependencies for SELinux Ansible module + become: yes + yum: + name: python3-libsemanage, python3-libselinux + state: present + register: nginx_selinux_dependencies + retries: 5 + delay: 3 + until: nginx_selinux_dependencies is succeeded + tags: nginx + +- name: Update SELinux facts after installing dependencies + become: yes + setup: + filter: ansible_selinux + when: nginx_selinux_dependencies.changed + tags: nginx, skip_ansible_lint + +- name: Adjust SELinux to allow network access for nginx + become: yes + seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + when: ansible_facts.selinux.status == "enabled" and ansible_facts.selinux.mode == "enforcing" + tags: nginx diff --git a/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml b/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml new file mode 100644 index 00000000..20b56609 --- /dev/null +++ b/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml @@ -0,0 +1,53 @@ +--- +- name: Add nodesource key + become: yes + rpm_key: + key: http://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL + state: present + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + tags: nodejs + +- name: Remove nodesource repo rpm + # rpm conflicts with yum_repository added file below + become: yes + yum: + name: "nodesource-release-el{{ ansible_facts.distribution_major_version }}-1.noarch" + state: absent + register: nodesource_repo_rm + tags: nodejs + +- name: Add nodesource repo file + become: yes + # This is based on the nodesource repo rpm (both 4.x and 10.x for EL6/7/8), + # but that rpm is not versioned even though it hard-codes the major node.js version. + # So, installing the repo directly (vs via the rpm) simplifies major node.js upgrades. + # see - http://rpm.nodesource.com/pub_10.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm + yum_repository: + file: "nodesource-el{{ ansible_facts.distribution_major_version }}" + name: nodesource + description: "Node.js Packages for Enterprise Linux {{ ansible_facts.distribution_major_version }} - $basearch" + baseurl: https://rpm.nodesource.com/pub_{{ nodejs_major_version }}.x/el/{{ ansible_facts.distribution_major_version }}/$basearch + failovermethod: priority + gpgcheck: yes + gpgkey: file:///etc/pki/rpm-gpg/NODESOURCE-GPG-SIGNING-KEY-EL + state: present + register: nodesource_repo_add + tags: nodejs + +- name: Install nodejs + become: yes + yum: + name: nodejs-{{ nodejs_major_version }}.* + state: present + # TODO: Allow yum downgrade since Ansible 2.4 + # https://github.com/ansible/ansible/pull/21516 + # allow_downgrade: yes + update_cache: "{{ nodesource_repo_rm is changed or nodesource_repo_add is changed }}" + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + tags: nodejs diff --git a/roles/StackStorm.rabbitmq/tasks/main.yml b/roles/StackStorm.rabbitmq/tasks/main.yml index 78f8bda3..51ccbffd 100644 --- a/roles/StackStorm.rabbitmq/tasks/main.yml +++ b/roles/StackStorm.rabbitmq/tasks/main.yml @@ -1,4 +1,26 @@ --- +- name: RabbitMQ on RHEL8 requires module(perl:5.26) + become: yes + shell: + cmd: yum -y module enable perl:5.26 + when: rabbitmq_on_el8 + +- name: Install rabbit from packagecloud for RH 8 + become: yes + no_log: yes + yum_repository: + name: rabbitmq-server + description: rabbitmq-server + baseurl: https://packagecloud.io/rabbitmq/rabbitmq-server/el/{{ ansible_facts.distribution_major_version }}/$basearch + repo_gpgcheck: yes + gpgkey: "https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey" + sslcacert: /etc/pki/tls/certs/ca-bundle.crt + metadata_expire: 300 + gpgcheck: no + enabled: yes + sslverify: yes + when: rabbitmq_on_el8 + - name: Install rabbitmq package on {{ ansible_facts.distribution }} become: yes package: diff --git a/roles/StackStorm.rabbitmq/vars/main.yml b/roles/StackStorm.rabbitmq/vars/main.yml index 64d06b8b..47749a4a 100644 --- a/roles/StackStorm.rabbitmq/vars/main.yml +++ b/roles/StackStorm.rabbitmq/vars/main.yml @@ -1,3 +1,4 @@ --- rabbitmq_el6_prefix: "/usr/lib/rabbitmq/" rabbitmq_on_el6: "{{ (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '6') }}" +rabbitmq_on_el8: "{{ (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') }}" diff --git a/roles/StackStorm.st2/tasks/auth.yml b/roles/StackStorm.st2/tasks/auth.yml index e9098f67..b5df8361 100644 --- a/roles/StackStorm.st2/tasks/auth.yml +++ b/roles/StackStorm.st2/tasks/auth.yml @@ -15,7 +15,6 @@ become: yes yum: name: - - python-passlib - httpd-tools state: present register: _task @@ -24,6 +23,30 @@ until: _task is succeeded when: ansible_facts.os_family == 'RedHat' +- name: auth | Install auth pre-reqs (RedHat < 8) + become: yes + yum: + name: + - python-passlib + state: present + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version != '8' + +- name: auth | Install auth pre-reqs (RedHat 8) + become: yes + yum: + name: + - python3-passlib + state: present + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' + - name: auth | Create htpasswd file become: true htpasswd: diff --git a/roles/StackStorm.st2/tasks/version.yml b/roles/StackStorm.st2/tasks/version.yml index 751dd047..352f37e7 100644 --- a/roles/StackStorm.st2/tasks/version.yml +++ b/roles/StackStorm.st2/tasks/version.yml @@ -1,7 +1,9 @@ --- # Getting the current st2 version is required to understand which 'st2_services' to restart - name: Get installed st2 version - command: /opt/stackstorm/st2/bin/python -c 'import st2common; print st2common.__version__' + command: /opt/stackstorm/st2/bin/python -c 'import st2common; print(st2common.__version__)' + +# command: /opt/stackstorm/st2/bin/python -c 'exec(open("../st2/st2common/st2common/__init__.py").read()); print(__version__)' changed_when: no check_mode: no register: _st2_version_installed diff --git a/roles/StackStorm.st2chatops/tasks/main.yml b/roles/StackStorm.st2chatops/tasks/main.yml index d6ba3e89..288e54b8 100644 --- a/roles/StackStorm.st2chatops/tasks/main.yml +++ b/roles/StackStorm.st2chatops/tasks/main.yml @@ -1,4 +1,16 @@ --- +- name: Temporary hack until proper upstream fix https://bugs.centos.org/view.php?id=13669 + yum: + list: http-parser + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' + register: http_parser + +- name: Install http-parser if needed + yum: + name: http://repo.okay.com.mx/centos/8/x86_64/release//http-parser-2.8.0-2.el8.x86_64.rpm + state: present + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' and (http_parser.results|length == 0) + - name: Assert st2chatops_hubot_adapter is specified fail: msg: > @@ -15,6 +27,12 @@ (st2chatops_config == {} and st2chatops_hubot_adapter != "shell") tags: st2chatops +- name: Disable AppStream repository due to installation conflicts for EL8 + become: yes + shell: + cmd: yum module disable -y nodejs + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' + - name: Install latest st2chatops package, auto-update become: yes package: diff --git a/roles/StackStorm.st2repo/tasks/st2repo_dnf.yml b/roles/StackStorm.st2repo/tasks/st2repo_dnf.yml new file mode 100644 index 00000000..0e51a874 --- /dev/null +++ b/roles/StackStorm.st2repo/tasks/st2repo_dnf.yml @@ -0,0 +1,41 @@ +--- +# Fixes "Failure talking to yum: Cannot retrieve repository metadata (repomd.xml) for repository: StackStorm_stable. Please verify its path and try again" when installing st2 +- name: Update ca-certificates package + become: yes + yum: + name: ca-certificates + state: latest + register: _task + retries: 5 + delay: 3 + until: _task is succeeded + tags: [st2repo, skip_ansible_lint] + +# See: https://github.com/docker-library/docs/tree/master/centos#package-documentation +# We ship `nginx.conf` via `st2` package doc files, for example +- name: Enable shipping package documentation files for EL + become: yes + ini_file: + dest: /etc/yum.conf + section: main + option: tsflags + value: nodocs + state: absent + when: ansible_facts.os_family == "RedHat" + tags: st2repo + +- name: Add StackStorm repo + become: yes + yum_repository: + name: "StackStorm_{{ st2repo_name }}" + description: "StackStorm_{{ st2repo_name }}" + file: "StackStorm_{{ st2repo_name }}" + baseurl: https://packagecloud.io/StackStorm/{{ st2repo_name }}/el/{{ ansible_facts.distribution_major_version }}/$basearch + repo_gpgcheck: yes + gpgkey: "https://packagecloud.io/StackStorm/{{ st2repo_name }}/gpgkey" + sslcacert: /etc/pki/tls/certs/ca-bundle.crt + metadata_expire: 300 + gpgcheck: no + enabled: yes + sslverify: yes + tags: st2repo diff --git a/stackstorm.yml b/stackstorm.yml index c8036f25..f2958759 100644 --- a/stackstorm.yml +++ b/stackstorm.yml @@ -5,10 +5,12 @@ roles: - StackStorm.mongodb - StackStorm.rabbitmq - - StackStorm.postgresql + - role: StackStorm.postgresql + when: not (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - StackStorm.st2repo - StackStorm.st2 - - StackStorm.st2mistral + - role: StackStorm.st2mistral + when: not (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - StackStorm.nginx - StackStorm.st2web - StackStorm.nodejs From 88f5ae6766acd239ca6335718cab6c435f505aa2 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Thu, 11 Jun 2020 13:23:16 +0000 Subject: [PATCH 02/23] Disable repo before install nodejs --- roles/StackStorm.nodejs/tasks/nodejs_dnf.yml | 7 +++++++ roles/StackStorm.st2chatops/tasks/main.yml | 6 ------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml b/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml index 20b56609..d4fc1c15 100644 --- a/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml +++ b/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml @@ -19,6 +19,13 @@ register: nodesource_repo_rm tags: nodejs +- name: Disable AppStream repository due to installation conflicts for EL8 + become: yes + shell: + cmd: yum module disable -y nodejs + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' + + - name: Add nodesource repo file become: yes # This is based on the nodesource repo rpm (both 4.x and 10.x for EL6/7/8), diff --git a/roles/StackStorm.st2chatops/tasks/main.yml b/roles/StackStorm.st2chatops/tasks/main.yml index 288e54b8..683d5c38 100644 --- a/roles/StackStorm.st2chatops/tasks/main.yml +++ b/roles/StackStorm.st2chatops/tasks/main.yml @@ -27,12 +27,6 @@ (st2chatops_config == {} and st2chatops_hubot_adapter != "shell") tags: st2chatops -- name: Disable AppStream repository due to installation conflicts for EL8 - become: yes - shell: - cmd: yum module disable -y nodejs - when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' - - name: Install latest st2chatops package, auto-update become: yes package: From 46c91715cf206654b641361e697418d879700290 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Thu, 11 Jun 2020 15:36:08 +0000 Subject: [PATCH 03/23] Add missing tags and other tidy up --- roles/StackStorm.nginx/tasks/nginx_dnf.yml | 28 +++++++++++++++---- roles/StackStorm.nodejs/tasks/nodejs_dnf.yml | 2 +- roles/StackStorm.rabbitmq/tasks/main.yml | 2 ++ roles/StackStorm.st2/tasks/auth.yml | 29 ++++---------------- roles/StackStorm.st2/vars/st2_dnf.yml | 3 ++ roles/StackStorm.st2/vars/st2_yum.yml | 3 ++ roles/StackStorm.st2chatops/tasks/main.yml | 2 ++ 7 files changed, 38 insertions(+), 31 deletions(-) create mode 100644 roles/StackStorm.st2/vars/st2_dnf.yml create mode 100644 roles/StackStorm.st2/vars/st2_yum.yml diff --git a/roles/StackStorm.nginx/tasks/nginx_dnf.yml b/roles/StackStorm.nginx/tasks/nginx_dnf.yml index 96545844..cd06cb90 100644 --- a/roles/StackStorm.nginx/tasks/nginx_dnf.yml +++ b/roles/StackStorm.nginx/tasks/nginx_dnf.yml @@ -42,28 +42,44 @@ - name: Backup nginx.conf become: yes - shell: - cmd: cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak + copy: + remote_src: yes + src: /etc/nginx/nginx.conf + dest: /etc/nginx/nginx.conf.bak + tags: nginx -- name: Comment out server block in nginx.conf +- name: Comment out server block in nginx.conf temporary file become: yes shell: cmd: awk '/^ server {/{f=1}f{$0 = "#" $0}{print}' /etc/nginx/nginx.conf.bak > /tmp/nginx.conf + tags: nginx -- name: Restore nginx.conf +- name: Restore nginx.conf from temporary file become: yes - shell: - cmd: mv /tmp/nginx.conf /etc/nginx/nginx.conf + copy: + remote_src: yes + dest: /etc/nginx/nginx.conf + src: /tmp/nginx.conf + tags: nginx + +- name: Delete temporary file + become: yes + file: + path: /tmp/nginx.conf + state: absent + tags: nginx - name: Cleanup double comments become: yes shell: cmd: sed -i -e 's/##/#/' /etc/nginx/nginx.conf + tags: nginx - name: Cleanup comment closing out server block become: yes shell: cmd: sed -i -e 's/#}/}/' /etc/nginx/nginx.conf + tags: nginx - name: Install dependencies for SELinux Ansible module become: yes diff --git a/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml b/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml index d4fc1c15..fe7d9b1d 100644 --- a/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml +++ b/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml @@ -24,7 +24,7 @@ shell: cmd: yum module disable -y nodejs when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' - + tags: nodejs - name: Add nodesource repo file become: yes diff --git a/roles/StackStorm.rabbitmq/tasks/main.yml b/roles/StackStorm.rabbitmq/tasks/main.yml index 51ccbffd..2f8bd54a 100644 --- a/roles/StackStorm.rabbitmq/tasks/main.yml +++ b/roles/StackStorm.rabbitmq/tasks/main.yml @@ -4,6 +4,7 @@ shell: cmd: yum -y module enable perl:5.26 when: rabbitmq_on_el8 + tags: rabbitmq - name: Install rabbit from packagecloud for RH 8 become: yes @@ -20,6 +21,7 @@ enabled: yes sslverify: yes when: rabbitmq_on_el8 + tags: rabbitmq - name: Install rabbitmq package on {{ ansible_facts.distribution }} become: yes diff --git a/roles/StackStorm.st2/tasks/auth.yml b/roles/StackStorm.st2/tasks/auth.yml index b5df8361..2d670e71 100644 --- a/roles/StackStorm.st2/tasks/auth.yml +++ b/roles/StackStorm.st2/tasks/auth.yml @@ -11,11 +11,16 @@ until: _task is succeeded when: ansible_facts.os_family == 'Debian' +- name: Include RedHat OS-specific variables + include_vars: st2_{{ ansible_facts.pkg_mgr }}.yml + when: ansible_facts.os_family == 'RedHat' + - name: auth | Install auth pre-reqs (RedHat) become: yes yum: name: - httpd-tools + - "{{ passlib }}" state: present register: _task retries: 5 @@ -23,30 +28,6 @@ until: _task is succeeded when: ansible_facts.os_family == 'RedHat' -- name: auth | Install auth pre-reqs (RedHat < 8) - become: yes - yum: - name: - - python-passlib - state: present - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version != '8' - -- name: auth | Install auth pre-reqs (RedHat 8) - become: yes - yum: - name: - - python3-passlib - state: present - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' - - name: auth | Create htpasswd file become: true htpasswd: diff --git a/roles/StackStorm.st2/vars/st2_dnf.yml b/roles/StackStorm.st2/vars/st2_dnf.yml new file mode 100644 index 00000000..d8736946 --- /dev/null +++ b/roles/StackStorm.st2/vars/st2_dnf.yml @@ -0,0 +1,3 @@ +# List of python2 variables +--- +passlib: python3-passlib diff --git a/roles/StackStorm.st2/vars/st2_yum.yml b/roles/StackStorm.st2/vars/st2_yum.yml new file mode 100644 index 00000000..4c96b656 --- /dev/null +++ b/roles/StackStorm.st2/vars/st2_yum.yml @@ -0,0 +1,3 @@ +# List of python2 variables +--- +passlib: python-passlib diff --git a/roles/StackStorm.st2chatops/tasks/main.yml b/roles/StackStorm.st2chatops/tasks/main.yml index 683d5c38..8def082b 100644 --- a/roles/StackStorm.st2chatops/tasks/main.yml +++ b/roles/StackStorm.st2chatops/tasks/main.yml @@ -4,12 +4,14 @@ list: http-parser when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' register: http_parser + tags: st2chatops - name: Install http-parser if needed yum: name: http://repo.okay.com.mx/centos/8/x86_64/release//http-parser-2.8.0-2.el8.x86_64.rpm state: present when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' and (http_parser.results|length == 0) + tags: st2chatops - name: Assert st2chatops_hubot_adapter is specified fail: From 9f78c71f03fce411adb5e4c219e4fdcf11686910 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Fri, 12 Jun 2020 08:25:23 +0000 Subject: [PATCH 04/23] Add in firewall-cmd --- README.md | 1 + roles/StackStorm.nginx/tasks/nginx_dnf.yml | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/README.md b/README.md index efef112f..1e6bd594 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ Aka IFTTT orchestration for Ops. * Ubuntu Xenial (16.04) * RHEL6 / CentOS6 * RHEL7 / CentOS7 +* RHEL8 / CentOS8 > If you're using the provided Vagrantfile, note that it uses Xenial by default. diff --git a/roles/StackStorm.nginx/tasks/nginx_dnf.yml b/roles/StackStorm.nginx/tasks/nginx_dnf.yml index cd06cb90..0f14bbb8 100644 --- a/roles/StackStorm.nginx/tasks/nginx_dnf.yml +++ b/roles/StackStorm.nginx/tasks/nginx_dnf.yml @@ -107,3 +107,23 @@ persistent: yes when: ansible_facts.selinux.status == "enabled" and ansible_facts.selinux.mode == "enforcing" tags: nginx + +- name: Discover if hypervisor is EC2 + become: yes + shell: + cmd: grep -q "ec2" /sys/hypervisor/uuid + ignore_errors: true + register: ec2 + tags: nginx + +- name: Add http and https services to firewalld + become: yes + shell: + cmd: firewall-cmd --zone=public --add-service=http --add-service=https + when: ec2.rc == 1 + +- name: Add http and https services permanently to firewalld + become: yes + shell: + cmd: firewall-cmd --zone=public --permanent --add-service=http --add-service=https + when: ec2.rc == 1 From 7d77c112e8da28a71bb7fce450b86c6e2893d211 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Fri, 12 Jun 2020 08:27:46 +0000 Subject: [PATCH 05/23] Updated documentation --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 1e6bd594..ee50b096 100644 --- a/README.md +++ b/README.md @@ -103,6 +103,7 @@ These are the platforms we must support (must pass end-to-end testing): - Trusty - CentOS6 - CentOS7 +- CentOS8 - RHEL6 (via AWS) - RHEL7 (via AWS) @@ -128,6 +129,7 @@ You might be interested in other methods to deploy StackStorm engine: * Manual Instructions * [Ubuntu 14.04/16.04](https://docs.stackstorm.com/install/deb.html) + * [RHEL8/CentOS8](https://docs.stackstorm.com/install/rhel8.html) * [RHEL7/CentOS7](https://docs.stackstorm.com/install/rhel7.html) * [RHEL6/CentOS6](https://docs.stackstorm.com/install/rhel6.html) From 1342bbbc559debf2f957c5bf87ca7970d87fa08f Mon Sep 17 00:00:00 2001 From: Cloud User Date: Fri, 12 Jun 2020 09:47:23 +0000 Subject: [PATCH 06/23] Need to install MongoDB 4 on RH8 --- roles/StackStorm.mongodb/defaults/main.yml | 4 +++- roles/StackStorm.mongodb/tasks/mongodb_dnf.yml | 10 +++++----- roles/StackStorm.mongodb/vars/main.yml | 1 + 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/roles/StackStorm.mongodb/defaults/main.yml b/roles/StackStorm.mongodb/defaults/main.yml index d59081d8..cf2af168 100644 --- a/roles/StackStorm.mongodb/defaults/main.yml +++ b/roles/StackStorm.mongodb/defaults/main.yml @@ -1,4 +1,6 @@ --- -# MongoDB version to install +# MongoDB3 version to install # Should be '3.2' or '3.4' mongodb_version: "3.4" +# MongoDB4 version to install on RH 8 +mongodb4_version: "4.0" diff --git a/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml b/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml index d6bb6796..f91a5403 100644 --- a/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml +++ b/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml @@ -16,7 +16,7 @@ - name: yum | Add mongodb key become: yes rpm_key: - key: https://www.mongodb.org/static/pgp/server-{{ mongodb_major_minor_version }}.asc + key: https://www.mongodb.org/static/pgp/server-{{ mongodb4_major_minor_version }}.asc state: present register: _task retries: 5 @@ -27,19 +27,19 @@ - name: yum | Add mongodb repository become: yes yum_repository: - name: mongodb-org-{{ mongodb_major_minor_version }} + name: mongodb-org-{{ mongodb4_major_minor_version }} description: MongoDB Repository gpgcheck: yes enabled: yes - baseurl: https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/{{ mongodb_major_minor_version }}/x86_64/ - gpgkey: https://www.mongodb.org/static/pgp/server-{{ mongodb_major_minor_version }}.asc + baseurl: https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/{{ mongodb4_major_minor_version }}/x86_64/ + gpgkey: https://www.mongodb.org/static/pgp/server-{{ mongodb4_major_minor_version }}.asc state: present tags: [databases, mongodb] - name: yum | Install mongodb become: yes yum: - name: mongodb-org-{{ mongodb_version }}* + name: mongodb-org-{{ mongodb4_version }}* state: present # TODO: Allow yum downgrade since Ansible 2.4 # https://github.com/ansible/ansible/pull/21516 diff --git a/roles/StackStorm.mongodb/vars/main.yml b/roles/StackStorm.mongodb/vars/main.yml index 6f0c4579..f5a87362 100644 --- a/roles/StackStorm.mongodb/vars/main.yml +++ b/roles/StackStorm.mongodb/vars/main.yml @@ -1,5 +1,6 @@ # Extract mongodb "major.minor" version mongodb_major_minor_version: "{{ (mongodb_version|string)[:3] }}" +mongodb4_major_minor_version: "{{ (mongodb4_version|string)[:3] }}" # Use the following URL to find the key: https://www.mongodb.org/static/pgp/server-{{ mongodb_major_minor_version }}.asc mongodb_apt_keys: "3.2": "42F3E95A2C4F08279C4960ADD68FA50FEA312927" From 73156741e2688f61067e44e455d52b3a92feacfe Mon Sep 17 00:00:00 2001 From: Cloud User Date: Fri, 12 Jun 2020 10:12:09 +0000 Subject: [PATCH 07/23] Explicitly add pyasn1 to keep inline with yum install --- roles/StackStorm.mongodb/tasks/mongodb_dnf.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml b/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml index f91a5403..e4ae08bb 100644 --- a/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml +++ b/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml @@ -6,6 +6,7 @@ # Failed to validate the SSL certificate for www.mongodb.org:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the `urllib3`, `pyopenssl`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible - python3-urllib3 - python3-pyOpenSSL + - python3-pyasn1 state: present register: _task retries: 5 From 19346430fd0d4dffc7b3b8d06a8b46ea155e2dfc Mon Sep 17 00:00:00 2001 From: Cloud User Date: Fri, 12 Jun 2020 11:13:34 +0000 Subject: [PATCH 08/23] Fix lint errors --- roles/StackStorm.nginx/tasks/nginx_dnf.yml | 38 +++++++++++++------- roles/StackStorm.nodejs/tasks/nodejs_dnf.yml | 5 ++- roles/StackStorm.rabbitmq/tasks/main.yml | 5 ++- 3 files changed, 34 insertions(+), 14 deletions(-) diff --git a/roles/StackStorm.nginx/tasks/nginx_dnf.yml b/roles/StackStorm.nginx/tasks/nginx_dnf.yml index 0f14bbb8..492aa17d 100644 --- a/roles/StackStorm.nginx/tasks/nginx_dnf.yml +++ b/roles/StackStorm.nginx/tasks/nginx_dnf.yml @@ -52,7 +52,10 @@ become: yes shell: cmd: awk '/^ server {/{f=1}f{$0 = "#" $0}{print}' /etc/nginx/nginx.conf.bak > /tmp/nginx.conf - tags: nginx + args: + warn: False + # Use awk to match one line install + tags: [nginx,skip_ansible_lint] - name: Restore nginx.conf from temporary file become: yes @@ -71,14 +74,18 @@ - name: Cleanup double comments become: yes - shell: - cmd: sed -i -e 's/##/#/' /etc/nginx/nginx.conf + replace: + regexp: "##" + replace: "#" + path: /etc/nginx/nginx.conf tags: nginx - name: Cleanup comment closing out server block become: yes - shell: - cmd: sed -i -e 's/#}/}/' /etc/nginx/nginx.conf + replace: + regexp: "#}" + replace: "}" + path: /etc/nginx/nginx.conf tags: nginx - name: Install dependencies for SELinux Ansible module @@ -110,20 +117,27 @@ - name: Discover if hypervisor is EC2 become: yes - shell: - cmd: grep -q "ec2" /sys/hypervisor/uuid + lineinfile: + path: /sys/hypervisor/uuid + line: "ec2" + state: present + check_mode: yes ignore_errors: true register: ec2 tags: nginx - name: Add http and https services to firewalld become: yes - shell: - cmd: firewall-cmd --zone=public --add-service=http --add-service=https - when: ec2.rc == 1 + firewalld: + permanent: true + service: http + state: enabled + when: ec2 is changed - name: Add http and https services permanently to firewalld become: yes - shell: - cmd: firewall-cmd --zone=public --permanent --add-service=http --add-service=https + firewalld: + permanent: true + service: https + state: enabled when: ec2.rc == 1 diff --git a/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml b/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml index fe7d9b1d..cb211b65 100644 --- a/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml +++ b/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml @@ -23,8 +23,11 @@ become: yes shell: cmd: yum module disable -y nodejs + args: + warn: False when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' - tags: nodejs + # Disable warning as yum doesn't support disable module + tags: [nodejs, skip_ansible_lint] - name: Add nodesource repo file become: yes diff --git a/roles/StackStorm.rabbitmq/tasks/main.yml b/roles/StackStorm.rabbitmq/tasks/main.yml index 2f8bd54a..c969b049 100644 --- a/roles/StackStorm.rabbitmq/tasks/main.yml +++ b/roles/StackStorm.rabbitmq/tasks/main.yml @@ -3,8 +3,11 @@ become: yes shell: cmd: yum -y module enable perl:5.26 + args: + warn: False when: rabbitmq_on_el8 - tags: rabbitmq + # Disable warning as yum doesn't support enable module + tags: [rabbitmq, skip_ansible_lint] - name: Install rabbit from packagecloud for RH 8 become: yes From 0831226aae7d2f4e10230e30351ea7993f9240f0 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Fri, 12 Jun 2020 11:22:56 +0000 Subject: [PATCH 09/23] Fix yaml lint error --- roles/StackStorm.nginx/tasks/nginx_dnf.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/StackStorm.nginx/tasks/nginx_dnf.yml b/roles/StackStorm.nginx/tasks/nginx_dnf.yml index 492aa17d..e87087a2 100644 --- a/roles/StackStorm.nginx/tasks/nginx_dnf.yml +++ b/roles/StackStorm.nginx/tasks/nginx_dnf.yml @@ -55,7 +55,7 @@ args: warn: False # Use awk to match one line install - tags: [nginx,skip_ansible_lint] + tags: [nginx, skip_ansible_lint] - name: Restore nginx.conf from temporary file become: yes From 806876ea138f16a0960cdacb3bea9ab09353a8b7 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Fri, 12 Jun 2020 13:24:30 +0000 Subject: [PATCH 10/23] Remove dnf files --- .kitchen-docker/centos8/Dockerfile | 13 ++ .kitchen.yml | 8 + .travis.yml | 2 + meta/main.yml | 1 + .../tasks/ewc_repos_cleanup_dnf.yml | 9 -- roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml | 35 ----- .../StackStorm.ewc/tasks/ewc_repos_setup.yml | 2 +- roles/StackStorm.ewc/tasks/license.yml | 2 +- roles/StackStorm.ewc/tasks/main.yml | 2 +- roles/StackStorm.nginx/tasks/main.yml | 2 +- roles/StackStorm.nginx/tasks/nginx_dnf.yml | 143 ------------------ roles/StackStorm.nginx/tasks/nginx_yum.yml | 88 ++++++++++- roles/StackStorm.nginx/vars/nginx_dnf.yml | 1 + roles/StackStorm.nginx/vars/nginx_yum.yml | 1 + roles/StackStorm.nodejs/tasks/main.yml | 2 +- roles/StackStorm.nodejs/tasks/nodejs_dnf.yml | 63 -------- roles/StackStorm.nodejs/tasks/nodejs_yum.yml | 10 ++ roles/StackStorm.st2chatops/tasks/main.yml | 14 -- roles/StackStorm.st2repo/tasks/main.yml | 2 +- .../StackStorm.st2repo/tasks/st2repo_dnf.yml | 41 ----- stackstorm.yml | 2 + 21 files changed, 131 insertions(+), 312 deletions(-) create mode 100644 .kitchen-docker/centos8/Dockerfile delete mode 100644 roles/StackStorm.ewc/tasks/ewc_repos_cleanup_dnf.yml delete mode 100644 roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml delete mode 100644 roles/StackStorm.nginx/tasks/nginx_dnf.yml create mode 100644 roles/StackStorm.nginx/vars/nginx_dnf.yml create mode 100644 roles/StackStorm.nginx/vars/nginx_yum.yml delete mode 100644 roles/StackStorm.nodejs/tasks/nodejs_dnf.yml delete mode 100644 roles/StackStorm.st2repo/tasks/st2repo_dnf.yml diff --git a/.kitchen-docker/centos8/Dockerfile b/.kitchen-docker/centos8/Dockerfile new file mode 100644 index 00000000..816b61ba --- /dev/null +++ b/.kitchen-docker/centos8/Dockerfile @@ -0,0 +1,13 @@ +FROM stackstorm/packagingtest:centos8-systemd + +RUN mkdir -p /var/run/sshd +RUN useradd -d /home/<%= @username %> -m -s /bin/bash <%= @username %> +RUN echo <%= "#{@username}:#{@password}" %> | chpasswd +RUN echo '<%= @username %> ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +RUN mkdir -p /home/<%= @username %>/.ssh +RUN chown -R <%= @username %> /home/<%= @username %>/.ssh +RUN chmod 0700 /home/<%= @username %>/.ssh +RUN touch /home/<%= @username %>/.ssh/authorized_keys +RUN chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys +RUN chmod 0600 /home/<%= @username %>/.ssh/authorized_keys +RUN echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys diff --git a/.kitchen.yml b/.kitchen.yml index 9f109cef..f6ebf48f 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -52,6 +52,14 @@ platforms: run_command: /sbin/init volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro + # CentOS8 with Systemd + - name: centos-8 + driver_config: + platform: centos + dockerfile: .kitchen-docker/centos8/Dockerfile + run_command: /sbin/init + volume: + - /sys/fs/cgroup:/sys/fs/cgroup:ro suites: - name: default diff --git a/.travis.yml b/.travis.yml index 16264d4b..2a0467d5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,12 +13,14 @@ env: - DISTRO=ubuntu-16 LICENSE='BWC_LICENSE_ENTERPRISE' - DISTRO=centos-6 LICENSE='BWC_LICENSE_ENTERPRISE' - DISTRO=centos-7 LICENSE='BWC_LICENSE_ENTERPRISE' + - DISTRO=centos-8 LICENSE='BWC_LICENSE_ENTERPRISE' # StackStorm 'unstable' repo check - DISTRO=ubuntu-14 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE' - DISTRO=ubuntu-16 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE' - DISTRO=centos-6 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE' - DISTRO=centos-7 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE' + - DISTRO=centos-8 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE' before_script: # Personal token for forked PRs diff --git a/meta/main.yml b/meta/main.yml index de00cca8..5a16a49d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: versions: - 6 - 7 + - 8 categories: - system - ops diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_dnf.yml b/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_dnf.yml deleted file mode 100644 index 9aeb9348..00000000 --- a/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_dnf.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Cleanup repo list file from disk - become: yes - yum_repository: - name: "StackStorm_{{ ewc_repo }}" - state: absent - tags: - - ewc - - enterprise diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml b/roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml deleted file mode 100644 index c085d54f..00000000 --- a/roles/StackStorm.ewc/tasks/ewc_repos_dnf.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Fixes "Failure talking to yum: Cannot retrieve repository metadata (repomd.xml) for repository: StackStorm_stable. Please verify its path and try again" when installing st2 -- name: Update ca-certificates package - become: yes - yum: - name: ca-certificates - state: latest - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - tags: - - ewc - - enterprise - - skip_ansible_lint - -- name: "Add packagecloud.io repository: StackStorm/{{ ewc_repo }}" - become: yes - no_log: yes - yum_repository: - name: "StackStorm_{{ ewc_repo }}" - description: "StackStorm_{{ ewc_repo }}" - file: "StackStorm_{{ ewc_repo }}" - baseurl: https://{{ ewc_read_token }}:@packagecloud.io/StackStorm/{{ ewc_repo }}/el/{{ ansible_facts.distribution_major_version }}/$basearch - repo_gpgcheck: yes - gpgkey: "https://{{ ewc_read_token }}:@packagecloud.io/StackStorm/{{ ewc_repo }}/gpgkey" - sslcacert: /etc/pki/tls/certs/ca-bundle.crt - metadata_expire: 300 - gpgcheck: no - enabled: yes - sslverify: yes - register: added_ewc_rpm_repository - tags: - - ewc - - enterprise diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml b/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml index 8c22d8f0..2d15210d 100644 --- a/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml +++ b/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml @@ -58,7 +58,7 @@ - enterprise - name: Add EWC enterprise repos on {{ ansible_facts.distribution }} - include_tasks: ewc_repos_{{ ansible_facts.pkg_mgr }}.yml + include_tasks: ewc_repos_{{ package_type }}.yml tags: - ewc - enterprise diff --git a/roles/StackStorm.ewc/tasks/license.yml b/roles/StackStorm.ewc/tasks/license.yml index 9a054284..7eb1398f 100644 --- a/roles/StackStorm.ewc/tasks/license.yml +++ b/roles/StackStorm.ewc/tasks/license.yml @@ -57,7 +57,7 @@ - enterprise - name: "Cleanup repo list file from disk" - include_tasks: "ewc_repos_cleanup_{{ ansible_facts.pkg_mgr }}.yml" + include_tasks: "ewc_repos_cleanup_{{ package_type }}.yml" when: ewc_license | hash("sha512") != ewc_license_hash tags: - ewc diff --git a/roles/StackStorm.ewc/tasks/main.yml b/roles/StackStorm.ewc/tasks/main.yml index e230f81c..e0320849 100644 --- a/roles/StackStorm.ewc/tasks/main.yml +++ b/roles/StackStorm.ewc/tasks/main.yml @@ -48,7 +48,7 @@ - name: Install pinned bwc-enterprise package become: yes package: - name: bwc-enterprise{{ '-' if ansible_facts.pkg_mgr == 'yum' else '=' }}{{ ewc_version }}-{{ ewc_revision }} + name: bwc-enterprise{{ '-' if package_type == 'yum' else '=' }}{{ ewc_version }}-{{ ewc_revision }} state: present register: ewc_installed retries: 5 diff --git a/roles/StackStorm.nginx/tasks/main.yml b/roles/StackStorm.nginx/tasks/main.yml index d5e1d78b..6666c8e9 100644 --- a/roles/StackStorm.nginx/tasks/main.yml +++ b/roles/StackStorm.nginx/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install nginx on {{ ansible_facts.distribution }} - include_tasks: nginx_{{ ansible_facts.pkg_mgr }}.yml + include_tasks: nginx_{{ package_type }}.yml tags: nginx - name: Create common virtual host folders diff --git a/roles/StackStorm.nginx/tasks/nginx_dnf.yml b/roles/StackStorm.nginx/tasks/nginx_dnf.yml deleted file mode 100644 index e87087a2..00000000 --- a/roles/StackStorm.nginx/tasks/nginx_dnf.yml +++ /dev/null @@ -1,143 +0,0 @@ ---- -- name: Add nginx key - become: yes - rpm_key: - key: http://nginx.org/keys/nginx_signing.key - state: present - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - tags: nginx - -- name: Add nginx repos - become: yes - yum_repository: - name: nginx - description: nginx repo - baseurl: http://nginx.org/packages/rhel/{{ ansible_facts.distribution_major_version }}/x86_64/ - gpgcheck: yes - enabled: yes - state: present - tags: nginx - -- name: Install nginx - become: yes - yum: - name: nginx - state: present - disablerepo: epel - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - tags: nginx - -- name: Remove default site - become: yes - file: - path: /etc/nginx/conf.d/default.conf - state: absent - tags: nginx - -- name: Backup nginx.conf - become: yes - copy: - remote_src: yes - src: /etc/nginx/nginx.conf - dest: /etc/nginx/nginx.conf.bak - tags: nginx - -- name: Comment out server block in nginx.conf temporary file - become: yes - shell: - cmd: awk '/^ server {/{f=1}f{$0 = "#" $0}{print}' /etc/nginx/nginx.conf.bak > /tmp/nginx.conf - args: - warn: False - # Use awk to match one line install - tags: [nginx, skip_ansible_lint] - -- name: Restore nginx.conf from temporary file - become: yes - copy: - remote_src: yes - dest: /etc/nginx/nginx.conf - src: /tmp/nginx.conf - tags: nginx - -- name: Delete temporary file - become: yes - file: - path: /tmp/nginx.conf - state: absent - tags: nginx - -- name: Cleanup double comments - become: yes - replace: - regexp: "##" - replace: "#" - path: /etc/nginx/nginx.conf - tags: nginx - -- name: Cleanup comment closing out server block - become: yes - replace: - regexp: "#}" - replace: "}" - path: /etc/nginx/nginx.conf - tags: nginx - -- name: Install dependencies for SELinux Ansible module - become: yes - yum: - name: python3-libsemanage, python3-libselinux - state: present - register: nginx_selinux_dependencies - retries: 5 - delay: 3 - until: nginx_selinux_dependencies is succeeded - tags: nginx - -- name: Update SELinux facts after installing dependencies - become: yes - setup: - filter: ansible_selinux - when: nginx_selinux_dependencies.changed - tags: nginx, skip_ansible_lint - -- name: Adjust SELinux to allow network access for nginx - become: yes - seboolean: - name: httpd_can_network_connect - state: yes - persistent: yes - when: ansible_facts.selinux.status == "enabled" and ansible_facts.selinux.mode == "enforcing" - tags: nginx - -- name: Discover if hypervisor is EC2 - become: yes - lineinfile: - path: /sys/hypervisor/uuid - line: "ec2" - state: present - check_mode: yes - ignore_errors: true - register: ec2 - tags: nginx - -- name: Add http and https services to firewalld - become: yes - firewalld: - permanent: true - service: http - state: enabled - when: ec2 is changed - -- name: Add http and https services permanently to firewalld - become: yes - firewalld: - permanent: true - service: https - state: enabled - when: ec2.rc == 1 diff --git a/roles/StackStorm.nginx/tasks/nginx_yum.yml b/roles/StackStorm.nginx/tasks/nginx_yum.yml index 5aae92c8..fa26f460 100644 --- a/roles/StackStorm.nginx/tasks/nginx_yum.yml +++ b/roles/StackStorm.nginx/tasks/nginx_yum.yml @@ -1,4 +1,8 @@ --- +- name: Install vars + include_vars: + file: "nginx_{{ ansible_facts.pkg_mgr }}.yml" + - name: Add nginx key become: yes rpm_key: @@ -40,10 +44,64 @@ state: absent tags: nginx +- name: Backup nginx.conf + become: yes + copy: + remote_src: yes + src: /etc/nginx/nginx.conf + dest: /etc/nginx/nginx.conf.bak + tags: nginx + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + +- name: Comment out server block in nginx.conf temporary file + become: yes + shell: + cmd: awk '/^ server {/{f=1}f{$0 = "#" $0}{print}' /etc/nginx/nginx.conf.bak > /tmp/nginx.conf + args: + warn: False + # Use awk to match one line install + tags: [nginx, skip_ansible_lint] + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + +- name: Restore nginx.conf from temporary file + become: yes + copy: + remote_src: yes + dest: /etc/nginx/nginx.conf + src: /tmp/nginx.conf + tags: nginx + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + +- name: Delete temporary file + become: yes + file: + path: /tmp/nginx.conf + state: absent + tags: nginx + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + +- name: Cleanup double comments + become: yes + replace: + regexp: "##" + replace: "#" + path: /etc/nginx/nginx.conf + tags: nginx + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + +- name: Cleanup comment closing out server block + become: yes + replace: + regexp: "#}" + replace: "}" + path: /etc/nginx/nginx.conf + tags: nginx + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + - name: Install dependencies for SELinux Ansible module become: yes yum: - name: libsemanage-python, libselinux-python + name: "{{ selinux_dependencies }}" state: present register: nginx_selinux_dependencies retries: 5 @@ -66,3 +124,31 @@ persistent: yes when: ansible_facts.selinux.status == "enabled" and ansible_facts.selinux.mode == "enforcing" tags: nginx + +- name: Discover if hypervisor is EC2 + become: yes + lineinfile: + path: /sys/hypervisor/uuid + line: "ec2" + state: present + check_mode: yes + ignore_errors: true + register: ec2 + tags: nginx + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + +- name: Add http and https services to firewalld + become: yes + firewalld: + permanent: true + service: http + state: enabled + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') and (ec2 is changed) + +- name: Add http and https services permanently to firewalld + become: yes + firewalld: + permanent: true + service: https + state: enabled + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') and (ec2 is changed) diff --git a/roles/StackStorm.nginx/vars/nginx_dnf.yml b/roles/StackStorm.nginx/vars/nginx_dnf.yml new file mode 100644 index 00000000..3526275b --- /dev/null +++ b/roles/StackStorm.nginx/vars/nginx_dnf.yml @@ -0,0 +1 @@ +selinux_dependencies: "python3-libsemanage, python3-libselinux" diff --git a/roles/StackStorm.nginx/vars/nginx_yum.yml b/roles/StackStorm.nginx/vars/nginx_yum.yml new file mode 100644 index 00000000..43a4c4f6 --- /dev/null +++ b/roles/StackStorm.nginx/vars/nginx_yum.yml @@ -0,0 +1 @@ +selinux_dependencies: "libsemanage-python, libselinux-python" diff --git a/roles/StackStorm.nodejs/tasks/main.yml b/roles/StackStorm.nodejs/tasks/main.yml index 0ef5bca3..2280b794 100644 --- a/roles/StackStorm.nodejs/tasks/main.yml +++ b/roles/StackStorm.nodejs/tasks/main.yml @@ -1,4 +1,4 @@ --- - name: Install nodejs on {{ ansible_facts.distribution }} - include_tasks: nodejs_{{ ansible_facts.pkg_mgr }}.yml + include_tasks: nodejs_{{ package_type }}.yml tags: nodejs diff --git a/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml b/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml deleted file mode 100644 index cb211b65..00000000 --- a/roles/StackStorm.nodejs/tasks/nodejs_dnf.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -- name: Add nodesource key - become: yes - rpm_key: - key: http://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - state: present - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - tags: nodejs - -- name: Remove nodesource repo rpm - # rpm conflicts with yum_repository added file below - become: yes - yum: - name: "nodesource-release-el{{ ansible_facts.distribution_major_version }}-1.noarch" - state: absent - register: nodesource_repo_rm - tags: nodejs - -- name: Disable AppStream repository due to installation conflicts for EL8 - become: yes - shell: - cmd: yum module disable -y nodejs - args: - warn: False - when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' - # Disable warning as yum doesn't support disable module - tags: [nodejs, skip_ansible_lint] - -- name: Add nodesource repo file - become: yes - # This is based on the nodesource repo rpm (both 4.x and 10.x for EL6/7/8), - # but that rpm is not versioned even though it hard-codes the major node.js version. - # So, installing the repo directly (vs via the rpm) simplifies major node.js upgrades. - # see - http://rpm.nodesource.com/pub_10.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm - yum_repository: - file: "nodesource-el{{ ansible_facts.distribution_major_version }}" - name: nodesource - description: "Node.js Packages for Enterprise Linux {{ ansible_facts.distribution_major_version }} - $basearch" - baseurl: https://rpm.nodesource.com/pub_{{ nodejs_major_version }}.x/el/{{ ansible_facts.distribution_major_version }}/$basearch - failovermethod: priority - gpgcheck: yes - gpgkey: file:///etc/pki/rpm-gpg/NODESOURCE-GPG-SIGNING-KEY-EL - state: present - register: nodesource_repo_add - tags: nodejs - -- name: Install nodejs - become: yes - yum: - name: nodejs-{{ nodejs_major_version }}.* - state: present - # TODO: Allow yum downgrade since Ansible 2.4 - # https://github.com/ansible/ansible/pull/21516 - # allow_downgrade: yes - update_cache: "{{ nodesource_repo_rm is changed or nodesource_repo_add is changed }}" - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - tags: nodejs diff --git a/roles/StackStorm.nodejs/tasks/nodejs_yum.yml b/roles/StackStorm.nodejs/tasks/nodejs_yum.yml index 20b56609..cb211b65 100644 --- a/roles/StackStorm.nodejs/tasks/nodejs_yum.yml +++ b/roles/StackStorm.nodejs/tasks/nodejs_yum.yml @@ -19,6 +19,16 @@ register: nodesource_repo_rm tags: nodejs +- name: Disable AppStream repository due to installation conflicts for EL8 + become: yes + shell: + cmd: yum module disable -y nodejs + args: + warn: False + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' + # Disable warning as yum doesn't support disable module + tags: [nodejs, skip_ansible_lint] + - name: Add nodesource repo file become: yes # This is based on the nodesource repo rpm (both 4.x and 10.x for EL6/7/8), diff --git a/roles/StackStorm.st2chatops/tasks/main.yml b/roles/StackStorm.st2chatops/tasks/main.yml index 8def082b..d6ba3e89 100644 --- a/roles/StackStorm.st2chatops/tasks/main.yml +++ b/roles/StackStorm.st2chatops/tasks/main.yml @@ -1,18 +1,4 @@ --- -- name: Temporary hack until proper upstream fix https://bugs.centos.org/view.php?id=13669 - yum: - list: http-parser - when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' - register: http_parser - tags: st2chatops - -- name: Install http-parser if needed - yum: - name: http://repo.okay.com.mx/centos/8/x86_64/release//http-parser-2.8.0-2.el8.x86_64.rpm - state: present - when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' and (http_parser.results|length == 0) - tags: st2chatops - - name: Assert st2chatops_hubot_adapter is specified fail: msg: > diff --git a/roles/StackStorm.st2repo/tasks/main.yml b/roles/StackStorm.st2repo/tasks/main.yml index 54516342..29811e98 100644 --- a/roles/StackStorm.st2repo/tasks/main.yml +++ b/roles/StackStorm.st2repo/tasks/main.yml @@ -1,4 +1,4 @@ --- - name: Add st2repo on {{ ansible_facts.distribution }} - include_tasks: st2repo_{{ ansible_facts.pkg_mgr }}.yml + include_tasks: st2repo_{{ package_type }}.yml tags: st2repo diff --git a/roles/StackStorm.st2repo/tasks/st2repo_dnf.yml b/roles/StackStorm.st2repo/tasks/st2repo_dnf.yml deleted file mode 100644 index 0e51a874..00000000 --- a/roles/StackStorm.st2repo/tasks/st2repo_dnf.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Fixes "Failure talking to yum: Cannot retrieve repository metadata (repomd.xml) for repository: StackStorm_stable. Please verify its path and try again" when installing st2 -- name: Update ca-certificates package - become: yes - yum: - name: ca-certificates - state: latest - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - tags: [st2repo, skip_ansible_lint] - -# See: https://github.com/docker-library/docs/tree/master/centos#package-documentation -# We ship `nginx.conf` via `st2` package doc files, for example -- name: Enable shipping package documentation files for EL - become: yes - ini_file: - dest: /etc/yum.conf - section: main - option: tsflags - value: nodocs - state: absent - when: ansible_facts.os_family == "RedHat" - tags: st2repo - -- name: Add StackStorm repo - become: yes - yum_repository: - name: "StackStorm_{{ st2repo_name }}" - description: "StackStorm_{{ st2repo_name }}" - file: "StackStorm_{{ st2repo_name }}" - baseurl: https://packagecloud.io/StackStorm/{{ st2repo_name }}/el/{{ ansible_facts.distribution_major_version }}/$basearch - repo_gpgcheck: yes - gpgkey: "https://packagecloud.io/StackStorm/{{ st2repo_name }}/gpgkey" - sslcacert: /etc/pki/tls/certs/ca-bundle.crt - metadata_expire: 300 - gpgcheck: no - enabled: yes - sslverify: yes - tags: st2repo diff --git a/stackstorm.yml b/stackstorm.yml index f2958759..bd6da5ed 100644 --- a/stackstorm.yml +++ b/stackstorm.yml @@ -2,6 +2,8 @@ - name: Install st2 hosts: all environment: "{{ st2_proxy_env | default({}) }}" + vars: + - package_type: "{{ 'yum' if ansible_facts.pkg_mgr == 'dnf' else ansible_facts.pkg_mgr }}" roles: - StackStorm.mongodb - StackStorm.rabbitmq From f0d370c7b9442f8c36a01777cd2139d7858524f9 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Fri, 12 Jun 2020 17:28:30 +0000 Subject: [PATCH 11/23] Amend nginx file with replace instead of shell --- roles/StackStorm.nginx/tasks/nginx_yum.yml | 55 +++++----------------- 1 file changed, 11 insertions(+), 44 deletions(-) diff --git a/roles/StackStorm.nginx/tasks/nginx_yum.yml b/roles/StackStorm.nginx/tasks/nginx_yum.yml index fa26f460..29d37a4b 100644 --- a/roles/StackStorm.nginx/tasks/nginx_yum.yml +++ b/roles/StackStorm.nginx/tasks/nginx_yum.yml @@ -44,59 +44,26 @@ state: absent tags: nginx -- name: Backup nginx.conf - become: yes - copy: - remote_src: yes - src: /etc/nginx/nginx.conf - dest: /etc/nginx/nginx.conf.bak - tags: nginx - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - -- name: Comment out server block in nginx.conf temporary file - become: yes - shell: - cmd: awk '/^ server {/{f=1}f{$0 = "#" $0}{print}' /etc/nginx/nginx.conf.bak > /tmp/nginx.conf - args: - warn: False - # Use awk to match one line install - tags: [nginx, skip_ansible_lint] - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - -- name: Restore nginx.conf from temporary file - become: yes - copy: - remote_src: yes - dest: /etc/nginx/nginx.conf - src: /tmp/nginx.conf - tags: nginx - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - -- name: Delete temporary file - become: yes - file: - path: /tmp/nginx.conf - state: absent - tags: nginx - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - -- name: Cleanup double comments +- name: Comment out server line become: yes replace: - regexp: "##" - replace: "#" path: /etc/nginx/nginx.conf + backup: yes + regexp: '^(?![#])(.*server\s*{)' + replace: '#\1' tags: nginx - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') -- name: Cleanup comment closing out server block +- name: Comment out after server block become: yes replace: - regexp: "#}" - replace: "}" path: /etc/nginx/nginx.conf + backup: yes + after: '\s*server\s*{' + regexp: '^(?![#}])(.+)$' + replace: '#\1' tags: nginx - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - name: Install dependencies for SELinux Ansible module become: yes From cc0053a9514778b91bcf60c4b12fc7e2300e9c74 Mon Sep 17 00:00:00 2001 From: amanda Date: Fri, 12 Jun 2020 23:13:24 +0100 Subject: [PATCH 12/23] Missed ansible-lint check --- roles/StackStorm.nginx/tasks/nginx_yum.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/StackStorm.nginx/tasks/nginx_yum.yml b/roles/StackStorm.nginx/tasks/nginx_yum.yml index 29d37a4b..6fce745d 100644 --- a/roles/StackStorm.nginx/tasks/nginx_yum.yml +++ b/roles/StackStorm.nginx/tasks/nginx_yum.yml @@ -52,7 +52,7 @@ regexp: '^(?![#])(.*server\s*{)' replace: '#\1' tags: nginx - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - name: Comment out after server block become: yes @@ -63,7 +63,7 @@ regexp: '^(?![#}])(.+)$' replace: '#\1' tags: nginx - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') + when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - name: Install dependencies for SELinux Ansible module become: yes From 8d8b50f66882806a20ac73351e60a2a8a4ca7671 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Mon, 15 Jun 2020 11:21:54 +0000 Subject: [PATCH 13/23] Fix 2 idempotent and use os_family for vars --- ...p_apt.yml => ewc_repos_cleanup_debian.yml} | 0 ...p_yum.yml => ewc_repos_cleanup_redhat.yml} | 0 ...ewc_repos_apt.yml => ewc_repos_debian.yml} | 0 ...ewc_repos_yum.yml => ewc_repos_redhat.yml} | 0 .../StackStorm.ewc/tasks/ewc_repos_setup.yml | 4 +- roles/StackStorm.ewc/tasks/license.yml | 2 +- roles/StackStorm.ewc/tasks/main.yml | 2 +- roles/StackStorm.mongodb/tasks/main.yml | 9 +++- .../{mongodb_apt.yml => mongodb_debian.yml} | 0 .../StackStorm.mongodb/tasks/mongodb_dnf.yml | 54 ------------------- .../{mongodb_yum.yml => mongodb_redhat.yml} | 10 ++-- .../vars/{main.yml => debian.yml} | 1 - roles/StackStorm.mongodb/vars/redhat.yml | 9 ++++ roles/StackStorm.mongodb/vars/redhat_8.yml | 8 +++ roles/StackStorm.nginx/tasks/main.yml | 2 +- .../tasks/{nginx_apt.yml => nginx_debian.yml} | 0 .../tasks/{nginx_yum.yml => nginx_redhat.yml} | 6 ++- .../vars/{nginx_yum.yml => redhat.yml} | 0 .../vars/{nginx_dnf.yml => redhat_8.yml} | 0 roles/StackStorm.nodejs/tasks/main.yml | 2 +- .../{nodejs_apt.yml => nodejs_debian.yml} | 0 .../{nodejs_yum.yml => nodejs_redhat.yml} | 12 ++++- roles/StackStorm.rabbitmq/tasks/main.yml | 5 +- roles/StackStorm.st2/tasks/auth.yml | 5 +- .../vars/{st2_yum.yml => redhat.yml} | 0 .../vars/{st2_dnf.yml => redhat_8.yml} | 0 roles/StackStorm.st2repo/tasks/main.yml | 2 +- .../{st2repo_apt.yml => st2repo_debian.yml} | 0 .../{st2repo_yum.yml => st2repo_redhat.yml} | 0 stackstorm.yml | 2 - 30 files changed, 58 insertions(+), 77 deletions(-) rename roles/StackStorm.ewc/tasks/{ewc_repos_cleanup_apt.yml => ewc_repos_cleanup_debian.yml} (100%) rename roles/StackStorm.ewc/tasks/{ewc_repos_cleanup_yum.yml => ewc_repos_cleanup_redhat.yml} (100%) rename roles/StackStorm.ewc/tasks/{ewc_repos_apt.yml => ewc_repos_debian.yml} (100%) rename roles/StackStorm.ewc/tasks/{ewc_repos_yum.yml => ewc_repos_redhat.yml} (100%) rename roles/StackStorm.mongodb/tasks/{mongodb_apt.yml => mongodb_debian.yml} (100%) delete mode 100644 roles/StackStorm.mongodb/tasks/mongodb_dnf.yml rename roles/StackStorm.mongodb/tasks/{mongodb_yum.yml => mongodb_redhat.yml} (91%) rename roles/StackStorm.mongodb/vars/{main.yml => debian.yml} (83%) create mode 100644 roles/StackStorm.mongodb/vars/redhat.yml create mode 100644 roles/StackStorm.mongodb/vars/redhat_8.yml rename roles/StackStorm.nginx/tasks/{nginx_apt.yml => nginx_debian.yml} (100%) rename roles/StackStorm.nginx/tasks/{nginx_yum.yml => nginx_redhat.yml} (94%) rename roles/StackStorm.nginx/vars/{nginx_yum.yml => redhat.yml} (100%) rename roles/StackStorm.nginx/vars/{nginx_dnf.yml => redhat_8.yml} (100%) rename roles/StackStorm.nodejs/tasks/{nodejs_apt.yml => nodejs_debian.yml} (100%) rename roles/StackStorm.nodejs/tasks/{nodejs_yum.yml => nodejs_redhat.yml} (87%) rename roles/StackStorm.st2/vars/{st2_yum.yml => redhat.yml} (100%) rename roles/StackStorm.st2/vars/{st2_dnf.yml => redhat_8.yml} (100%) rename roles/StackStorm.st2repo/tasks/{st2repo_apt.yml => st2repo_debian.yml} (100%) rename roles/StackStorm.st2repo/tasks/{st2repo_yum.yml => st2repo_redhat.yml} (100%) diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_apt.yml b/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_debian.yml similarity index 100% rename from roles/StackStorm.ewc/tasks/ewc_repos_cleanup_apt.yml rename to roles/StackStorm.ewc/tasks/ewc_repos_cleanup_debian.yml diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_yum.yml b/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_redhat.yml similarity index 100% rename from roles/StackStorm.ewc/tasks/ewc_repos_cleanup_yum.yml rename to roles/StackStorm.ewc/tasks/ewc_repos_cleanup_redhat.yml diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_apt.yml b/roles/StackStorm.ewc/tasks/ewc_repos_debian.yml similarity index 100% rename from roles/StackStorm.ewc/tasks/ewc_repos_apt.yml rename to roles/StackStorm.ewc/tasks/ewc_repos_debian.yml diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_yum.yml b/roles/StackStorm.ewc/tasks/ewc_repos_redhat.yml similarity index 100% rename from roles/StackStorm.ewc/tasks/ewc_repos_yum.yml rename to roles/StackStorm.ewc/tasks/ewc_repos_redhat.yml diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml b/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml index 2d15210d..b5418278 100644 --- a/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml +++ b/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml @@ -57,8 +57,8 @@ - ewc - enterprise -- name: Add EWC enterprise repos on {{ ansible_facts.distribution }} - include_tasks: ewc_repos_{{ package_type }}.yml +- name: Add EWC enterprise repos on {{ ansible_os_family | lower }} + include_tasks: ewc_repos_{{ ansible_os_family | lower }}.yml tags: - ewc - enterprise diff --git a/roles/StackStorm.ewc/tasks/license.yml b/roles/StackStorm.ewc/tasks/license.yml index 7eb1398f..cc8fc587 100644 --- a/roles/StackStorm.ewc/tasks/license.yml +++ b/roles/StackStorm.ewc/tasks/license.yml @@ -57,7 +57,7 @@ - enterprise - name: "Cleanup repo list file from disk" - include_tasks: "ewc_repos_cleanup_{{ package_type }}.yml" + include_tasks: "ewc_repos_cleanup_{{ ansible_os_family | lower }}.yml" when: ewc_license | hash("sha512") != ewc_license_hash tags: - ewc diff --git a/roles/StackStorm.ewc/tasks/main.yml b/roles/StackStorm.ewc/tasks/main.yml index e0320849..86dc54bc 100644 --- a/roles/StackStorm.ewc/tasks/main.yml +++ b/roles/StackStorm.ewc/tasks/main.yml @@ -48,7 +48,7 @@ - name: Install pinned bwc-enterprise package become: yes package: - name: bwc-enterprise{{ '-' if package_type == 'yum' else '=' }}{{ ewc_version }}-{{ ewc_revision }} + name: bwc-enterprise{{ '-' if ansible_os_family == 'RedHat' else '=' }}{{ ewc_version }}-{{ ewc_revision }} state: present register: ewc_installed retries: 5 diff --git a/roles/StackStorm.mongodb/tasks/main.yml b/roles/StackStorm.mongodb/tasks/main.yml index b402607a..874f7c12 100644 --- a/roles/StackStorm.mongodb/tasks/main.yml +++ b/roles/StackStorm.mongodb/tasks/main.yml @@ -1,6 +1,13 @@ --- +- name: Retrieve variables + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: [databases, mongodb] + - name: Install mongodb on {{ ansible_facts.distribution }} - include_tasks: mongodb_{{ ansible_facts.pkg_mgr }}.yml + include_tasks: mongodb_{{ ansible_os_family | lower }}.yml tags: [databases, mongodb] - name: Start & Enable mongodb diff --git a/roles/StackStorm.mongodb/tasks/mongodb_apt.yml b/roles/StackStorm.mongodb/tasks/mongodb_debian.yml similarity index 100% rename from roles/StackStorm.mongodb/tasks/mongodb_apt.yml rename to roles/StackStorm.mongodb/tasks/mongodb_debian.yml diff --git a/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml b/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml deleted file mode 100644 index e4ae08bb..00000000 --- a/roles/StackStorm.mongodb/tasks/mongodb_dnf.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: yum | Install mongodb dependencies - become: yes - yum: - name: - # Failed to validate the SSL certificate for www.mongodb.org:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the `urllib3`, `pyopenssl`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible - - python3-urllib3 - - python3-pyOpenSSL - - python3-pyasn1 - state: present - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - tags: [databases, mongodb] - -- name: yum | Add mongodb key - become: yes - rpm_key: - key: https://www.mongodb.org/static/pgp/server-{{ mongodb4_major_minor_version }}.asc - state: present - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - tags: [databases, mongodb] - -- name: yum | Add mongodb repository - become: yes - yum_repository: - name: mongodb-org-{{ mongodb4_major_minor_version }} - description: MongoDB Repository - gpgcheck: yes - enabled: yes - baseurl: https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/{{ mongodb4_major_minor_version }}/x86_64/ - gpgkey: https://www.mongodb.org/static/pgp/server-{{ mongodb4_major_minor_version }}.asc - state: present - tags: [databases, mongodb] - -- name: yum | Install mongodb - become: yes - yum: - name: mongodb-org-{{ mongodb4_version }}* - state: present - # TODO: Allow yum downgrade since Ansible 2.4 - # https://github.com/ansible/ansible/pull/21516 - # allow_downgrade: yes - register: _task - retries: 5 - delay: 3 - until: _task is succeeded - notify: - - restart mongodb - tags: [databases, mongodb] diff --git a/roles/StackStorm.mongodb/tasks/mongodb_yum.yml b/roles/StackStorm.mongodb/tasks/mongodb_redhat.yml similarity index 91% rename from roles/StackStorm.mongodb/tasks/mongodb_yum.yml rename to roles/StackStorm.mongodb/tasks/mongodb_redhat.yml index b3299593..ab87e776 100644 --- a/roles/StackStorm.mongodb/tasks/mongodb_yum.yml +++ b/roles/StackStorm.mongodb/tasks/mongodb_redhat.yml @@ -2,12 +2,8 @@ - name: yum | Install mongodb dependencies become: yes yum: - name: + name: "{{ mongo_dependencies }}" # Failed to validate the SSL certificate for www.mongodb.org:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the `urllib3`, `pyopenssl`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible - - python-urllib3 - - pyOpenSSL - - python-pyasn1 - - python-ndg_httpsclient state: present register: _task retries: 5 @@ -15,7 +11,7 @@ until: _task is succeeded tags: [databases, mongodb] -- name: yum | Add mongodb key +- name: yum | Add mongodb key {{ mongodb_major_minor_version }} become: yes rpm_key: key: https://www.mongodb.org/static/pgp/server-{{ mongodb_major_minor_version }}.asc @@ -41,7 +37,7 @@ - name: yum | Install mongodb become: yes yum: - name: mongodb-org-{{ mongodb_version }}* + name: mongodb-org-{{ mongodb_redhat_version }}* state: present # TODO: Allow yum downgrade since Ansible 2.4 # https://github.com/ansible/ansible/pull/21516 diff --git a/roles/StackStorm.mongodb/vars/main.yml b/roles/StackStorm.mongodb/vars/debian.yml similarity index 83% rename from roles/StackStorm.mongodb/vars/main.yml rename to roles/StackStorm.mongodb/vars/debian.yml index f5a87362..6f0c4579 100644 --- a/roles/StackStorm.mongodb/vars/main.yml +++ b/roles/StackStorm.mongodb/vars/debian.yml @@ -1,6 +1,5 @@ # Extract mongodb "major.minor" version mongodb_major_minor_version: "{{ (mongodb_version|string)[:3] }}" -mongodb4_major_minor_version: "{{ (mongodb4_version|string)[:3] }}" # Use the following URL to find the key: https://www.mongodb.org/static/pgp/server-{{ mongodb_major_minor_version }}.asc mongodb_apt_keys: "3.2": "42F3E95A2C4F08279C4960ADD68FA50FEA312927" diff --git a/roles/StackStorm.mongodb/vars/redhat.yml b/roles/StackStorm.mongodb/vars/redhat.yml new file mode 100644 index 00000000..bcadb40c --- /dev/null +++ b/roles/StackStorm.mongodb/vars/redhat.yml @@ -0,0 +1,9 @@ +mongo_dependencies: + - python-urllib3 + - pyOpenSSL + - python-pyasn1 + - python-ndg_httpsclient +# For RH < 8 use mongodb_version +mongodb_redhat_version: "{{ (mongodb_version|string)[:3] }}" +# Extract mongodb "major.minor" version +mongodb_major_minor_version: "{{ (mongodb_redhat_version|string)[:3] }}" diff --git a/roles/StackStorm.mongodb/vars/redhat_8.yml b/roles/StackStorm.mongodb/vars/redhat_8.yml new file mode 100644 index 00000000..949bef03 --- /dev/null +++ b/roles/StackStorm.mongodb/vars/redhat_8.yml @@ -0,0 +1,8 @@ +mongo_dependencies: + - python3-urllib3 + - python3-pyOpenSSL + - python3-pyasn1 +# For RH 8 use mongodb4_version if mongodb_version == 3 +mongodb_redhat_version: "{{ (mongodb4_version|string)[:3] if ( mongodb_version|string)[:1] == '3' else (mongodb_version|string)[:3] }}" +# Extract mongodb "major.minor" version +mongodb_major_minor_version: "{{ (mongodb_redhat_version|string)[:3] }}" diff --git a/roles/StackStorm.nginx/tasks/main.yml b/roles/StackStorm.nginx/tasks/main.yml index 6666c8e9..f42bdc59 100644 --- a/roles/StackStorm.nginx/tasks/main.yml +++ b/roles/StackStorm.nginx/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install nginx on {{ ansible_facts.distribution }} - include_tasks: nginx_{{ package_type }}.yml + include_tasks: nginx_{{ ansible_os_family | lower }}.yml tags: nginx - name: Create common virtual host folders diff --git a/roles/StackStorm.nginx/tasks/nginx_apt.yml b/roles/StackStorm.nginx/tasks/nginx_debian.yml similarity index 100% rename from roles/StackStorm.nginx/tasks/nginx_apt.yml rename to roles/StackStorm.nginx/tasks/nginx_debian.yml diff --git a/roles/StackStorm.nginx/tasks/nginx_yum.yml b/roles/StackStorm.nginx/tasks/nginx_redhat.yml similarity index 94% rename from roles/StackStorm.nginx/tasks/nginx_yum.yml rename to roles/StackStorm.nginx/tasks/nginx_redhat.yml index 6fce745d..94e19c13 100644 --- a/roles/StackStorm.nginx/tasks/nginx_yum.yml +++ b/roles/StackStorm.nginx/tasks/nginx_redhat.yml @@ -1,7 +1,9 @@ --- - name: Install vars - include_vars: - file: "nginx_{{ ansible_facts.pkg_mgr }}.yml" + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_os_family | lower }}.yml" - name: Add nginx key become: yes diff --git a/roles/StackStorm.nginx/vars/nginx_yum.yml b/roles/StackStorm.nginx/vars/redhat.yml similarity index 100% rename from roles/StackStorm.nginx/vars/nginx_yum.yml rename to roles/StackStorm.nginx/vars/redhat.yml diff --git a/roles/StackStorm.nginx/vars/nginx_dnf.yml b/roles/StackStorm.nginx/vars/redhat_8.yml similarity index 100% rename from roles/StackStorm.nginx/vars/nginx_dnf.yml rename to roles/StackStorm.nginx/vars/redhat_8.yml diff --git a/roles/StackStorm.nodejs/tasks/main.yml b/roles/StackStorm.nodejs/tasks/main.yml index 2280b794..5a2fce27 100644 --- a/roles/StackStorm.nodejs/tasks/main.yml +++ b/roles/StackStorm.nodejs/tasks/main.yml @@ -1,4 +1,4 @@ --- - name: Install nodejs on {{ ansible_facts.distribution }} - include_tasks: nodejs_{{ package_type }}.yml + include_tasks: nodejs_{{ ansible_os_family | lower }}.yml tags: nodejs diff --git a/roles/StackStorm.nodejs/tasks/nodejs_apt.yml b/roles/StackStorm.nodejs/tasks/nodejs_debian.yml similarity index 100% rename from roles/StackStorm.nodejs/tasks/nodejs_apt.yml rename to roles/StackStorm.nodejs/tasks/nodejs_debian.yml diff --git a/roles/StackStorm.nodejs/tasks/nodejs_yum.yml b/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml similarity index 87% rename from roles/StackStorm.nodejs/tasks/nodejs_yum.yml rename to roles/StackStorm.nodejs/tasks/nodejs_redhat.yml index cb211b65..625d3fde 100644 --- a/roles/StackStorm.nodejs/tasks/nodejs_yum.yml +++ b/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml @@ -19,13 +19,23 @@ register: nodesource_repo_rm tags: nodejs +- name: Determine if nodejs disabled on AppStream + become: yes + shell: + cmd: yum module list nodejs --disabled + changed_when: False + args: + warn: False + register: nodejs_disabled + tags: [nodejs, skip_ansible_lint] + - name: Disable AppStream repository due to installation conflicts for EL8 become: yes shell: cmd: yum module disable -y nodejs args: warn: False - when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' and "AppStream" not in nodejs_disabled.stdout # Disable warning as yum doesn't support disable module tags: [nodejs, skip_ansible_lint] diff --git a/roles/StackStorm.rabbitmq/tasks/main.yml b/roles/StackStorm.rabbitmq/tasks/main.yml index c969b049..e803d0f7 100644 --- a/roles/StackStorm.rabbitmq/tasks/main.yml +++ b/roles/StackStorm.rabbitmq/tasks/main.yml @@ -5,7 +5,10 @@ cmd: yum -y module enable perl:5.26 args: warn: False - when: rabbitmq_on_el8 + when: rabbitmq_on_el8 + register: perl_result + changed_when: + - '"Nothing to do" not in perl_result.stdout' # Disable warning as yum doesn't support enable module tags: [rabbitmq, skip_ansible_lint] diff --git a/roles/StackStorm.st2/tasks/auth.yml b/roles/StackStorm.st2/tasks/auth.yml index 2d670e71..9b16d530 100644 --- a/roles/StackStorm.st2/tasks/auth.yml +++ b/roles/StackStorm.st2/tasks/auth.yml @@ -12,7 +12,10 @@ when: ansible_facts.os_family == 'Debian' - name: Include RedHat OS-specific variables - include_vars: st2_{{ ansible_facts.pkg_mgr }}.yml + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_os_family | lower }}.yml" when: ansible_facts.os_family == 'RedHat' - name: auth | Install auth pre-reqs (RedHat) diff --git a/roles/StackStorm.st2/vars/st2_yum.yml b/roles/StackStorm.st2/vars/redhat.yml similarity index 100% rename from roles/StackStorm.st2/vars/st2_yum.yml rename to roles/StackStorm.st2/vars/redhat.yml diff --git a/roles/StackStorm.st2/vars/st2_dnf.yml b/roles/StackStorm.st2/vars/redhat_8.yml similarity index 100% rename from roles/StackStorm.st2/vars/st2_dnf.yml rename to roles/StackStorm.st2/vars/redhat_8.yml diff --git a/roles/StackStorm.st2repo/tasks/main.yml b/roles/StackStorm.st2repo/tasks/main.yml index 29811e98..de06cd84 100644 --- a/roles/StackStorm.st2repo/tasks/main.yml +++ b/roles/StackStorm.st2repo/tasks/main.yml @@ -1,4 +1,4 @@ --- - name: Add st2repo on {{ ansible_facts.distribution }} - include_tasks: st2repo_{{ package_type }}.yml + include_tasks: st2repo_{{ ansible_os_family | lower }}.yml tags: st2repo diff --git a/roles/StackStorm.st2repo/tasks/st2repo_apt.yml b/roles/StackStorm.st2repo/tasks/st2repo_debian.yml similarity index 100% rename from roles/StackStorm.st2repo/tasks/st2repo_apt.yml rename to roles/StackStorm.st2repo/tasks/st2repo_debian.yml diff --git a/roles/StackStorm.st2repo/tasks/st2repo_yum.yml b/roles/StackStorm.st2repo/tasks/st2repo_redhat.yml similarity index 100% rename from roles/StackStorm.st2repo/tasks/st2repo_yum.yml rename to roles/StackStorm.st2repo/tasks/st2repo_redhat.yml diff --git a/stackstorm.yml b/stackstorm.yml index bd6da5ed..f2958759 100644 --- a/stackstorm.yml +++ b/stackstorm.yml @@ -2,8 +2,6 @@ - name: Install st2 hosts: all environment: "{{ st2_proxy_env | default({}) }}" - vars: - - package_type: "{{ 'yum' if ansible_facts.pkg_mgr == 'dnf' else ansible_facts.pkg_mgr }}" roles: - StackStorm.mongodb - StackStorm.rabbitmq From 92237aaf6682f40513df600639a1a59e444ff75b Mon Sep 17 00:00:00 2001 From: Cloud User Date: Mon, 15 Jun 2020 11:36:40 +0000 Subject: [PATCH 14/23] Fix nodejs disable check --- roles/StackStorm.nodejs/tasks/nodejs_redhat.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml b/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml index 625d3fde..304d9907 100644 --- a/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml +++ b/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml @@ -24,6 +24,7 @@ shell: cmd: yum module list nodejs --disabled changed_when: False + ignore_errors: True args: warn: False register: nodejs_disabled From 33b41e0d0a2f0429baae2dcfbc158383aaa2aa8f Mon Sep 17 00:00:00 2001 From: Cloud User Date: Mon, 15 Jun 2020 11:48:15 +0000 Subject: [PATCH 15/23] More readable on mongo versions --- roles/StackStorm.mongodb/tasks/mongodb_redhat.yml | 2 +- roles/StackStorm.mongodb/vars/redhat.yml | 4 ++-- roles/StackStorm.mongodb/vars/redhat_8.yml | 8 +++++--- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/StackStorm.mongodb/tasks/mongodb_redhat.yml b/roles/StackStorm.mongodb/tasks/mongodb_redhat.yml index ab87e776..da4a97f3 100644 --- a/roles/StackStorm.mongodb/tasks/mongodb_redhat.yml +++ b/roles/StackStorm.mongodb/tasks/mongodb_redhat.yml @@ -37,7 +37,7 @@ - name: yum | Install mongodb become: yes yum: - name: mongodb-org-{{ mongodb_redhat_version }}* + name: mongodb-org-{{ mongodb_use_version }}* state: present # TODO: Allow yum downgrade since Ansible 2.4 # https://github.com/ansible/ansible/pull/21516 diff --git a/roles/StackStorm.mongodb/vars/redhat.yml b/roles/StackStorm.mongodb/vars/redhat.yml index bcadb40c..b2f4c3b3 100644 --- a/roles/StackStorm.mongodb/vars/redhat.yml +++ b/roles/StackStorm.mongodb/vars/redhat.yml @@ -4,6 +4,6 @@ mongo_dependencies: - python-pyasn1 - python-ndg_httpsclient # For RH < 8 use mongodb_version -mongodb_redhat_version: "{{ (mongodb_version|string)[:3] }}" +mongodb_use_version: "{{ (mongodb_version|string)[:3] }}" # Extract mongodb "major.minor" version -mongodb_major_minor_version: "{{ (mongodb_redhat_version|string)[:3] }}" +mongodb_major_minor_version: "{{ (mongodb_use_version|string)[:3] }}" diff --git a/roles/StackStorm.mongodb/vars/redhat_8.yml b/roles/StackStorm.mongodb/vars/redhat_8.yml index 949bef03..c30d64c8 100644 --- a/roles/StackStorm.mongodb/vars/redhat_8.yml +++ b/roles/StackStorm.mongodb/vars/redhat_8.yml @@ -2,7 +2,9 @@ mongo_dependencies: - python3-urllib3 - python3-pyOpenSSL - python3-pyasn1 -# For RH 8 use mongodb4_version if mongodb_version == 3 -mongodb_redhat_version: "{{ (mongodb4_version|string)[:3] if ( mongodb_version|string)[:1] == '3' else (mongodb_version|string)[:3] }}" +# We cannot have conditional defaults. The default for mongodb_version is 3, but +# for RH 8 we want to use version 4 at least. So if mongodb_version is 3 use the +# default mongodb4_version +mongodb_use_version: "{{ (mongodb4_version|string)[:3] if ( mongodb_version|string)[:1] == '3' else (mongodb_version|string)[:3] }}" # Extract mongodb "major.minor" version -mongodb_major_minor_version: "{{ (mongodb_redhat_version|string)[:3] }}" +mongodb_major_minor_version: "{{ (mongodb_use_version|string)[:3] }}" From 3c2590ec605dac98406834d5a7854bb7e21484ab Mon Sep 17 00:00:00 2001 From: Cloud User Date: Mon, 15 Jun 2020 12:09:56 +0000 Subject: [PATCH 16/23] Fix ansible-lint errors --- roles/StackStorm.mongodb/vars/redhat.yml | 2 +- roles/StackStorm.mongodb/vars/redhat_8.yml | 2 +- roles/StackStorm.nodejs/tasks/nodejs_redhat.yml | 3 ++- roles/StackStorm.rabbitmq/tasks/main.yml | 4 ++-- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/StackStorm.mongodb/vars/redhat.yml b/roles/StackStorm.mongodb/vars/redhat.yml index b2f4c3b3..3e6f4f70 100644 --- a/roles/StackStorm.mongodb/vars/redhat.yml +++ b/roles/StackStorm.mongodb/vars/redhat.yml @@ -1,4 +1,4 @@ -mongo_dependencies: +mongo_dependencies: - python-urllib3 - pyOpenSSL - python-pyasn1 diff --git a/roles/StackStorm.mongodb/vars/redhat_8.yml b/roles/StackStorm.mongodb/vars/redhat_8.yml index c30d64c8..905c08ce 100644 --- a/roles/StackStorm.mongodb/vars/redhat_8.yml +++ b/roles/StackStorm.mongodb/vars/redhat_8.yml @@ -1,4 +1,4 @@ -mongo_dependencies: +mongo_dependencies: - python3-urllib3 - python3-pyOpenSSL - python3-pyasn1 diff --git a/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml b/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml index 304d9907..3c27c730 100644 --- a/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml +++ b/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml @@ -19,7 +19,7 @@ register: nodesource_repo_rm tags: nodejs -- name: Determine if nodejs disabled on AppStream +- name: Determine if nodejs disabled on AppStream for RH8 become: yes shell: cmd: yum module list nodejs --disabled @@ -28,6 +28,7 @@ args: warn: False register: nodejs_disabled + when: ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8' tags: [nodejs, skip_ansible_lint] - name: Disable AppStream repository due to installation conflicts for EL8 diff --git a/roles/StackStorm.rabbitmq/tasks/main.yml b/roles/StackStorm.rabbitmq/tasks/main.yml index e803d0f7..a9dae579 100644 --- a/roles/StackStorm.rabbitmq/tasks/main.yml +++ b/roles/StackStorm.rabbitmq/tasks/main.yml @@ -5,9 +5,9 @@ cmd: yum -y module enable perl:5.26 args: warn: False - when: rabbitmq_on_el8 + when: rabbitmq_on_el8 register: perl_result - changed_when: + changed_when: - '"Nothing to do" not in perl_result.stdout' # Disable warning as yum doesn't support enable module tags: [rabbitmq, skip_ansible_lint] From 73b9c6ca6047508a2249727645dac1c6e6fb1c22 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 15 Jun 2020 12:24:15 +0000 Subject: [PATCH 17/23] Need ignore_errors as first_found fails even if when would skip --- roles/StackStorm.st2/tasks/auth.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/StackStorm.st2/tasks/auth.yml b/roles/StackStorm.st2/tasks/auth.yml index 9b16d530..357eac94 100644 --- a/roles/StackStorm.st2/tasks/auth.yml +++ b/roles/StackStorm.st2/tasks/auth.yml @@ -16,6 +16,7 @@ with_first_found: - "{{ ansible_os_family | lower }}_{{ ansible_distribution_major_version }}.yml" - "{{ ansible_os_family | lower }}.yml" + ignore_errors: true when: ansible_facts.os_family == 'RedHat' - name: auth | Install auth pre-reqs (RedHat) From 6f479265cb1ed8385e8855daab5a5eb173aa483a Mon Sep 17 00:00:00 2001 From: armab Date: Tue, 16 Jun 2020 23:24:08 +0100 Subject: [PATCH 18/23] Include centos8 in Vagrant --- Vagrantfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Vagrantfile b/Vagrantfile index 9e21bb3f..fb446a46 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -18,6 +18,10 @@ VIRTUAL_MACHINES = { :hostname => 'ansible-st2-centos7', :box => 'centos/7', }, + :centos8 => { + :hostname => 'ansible-st2-centos8', + :box => 'centos/8', + }, } Vagrant.require_version ">= 1.9.1" From 018168f25f54dbc942265d286130f5dcae5723c9 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Thu, 18 Jun 2020 09:48:41 +0000 Subject: [PATCH 19/23] Address review comments --- README.md | 4 +++ roles/StackStorm.epel/meta/main.yml | 1 + roles/StackStorm.ewc/meta/main.yml | 1 + roles/StackStorm.ewc_smoketests/meta/main.yml | 1 + roles/StackStorm.mongodb/meta/main.yml | 1 + roles/StackStorm.nginx/meta/main.yml | 1 + roles/StackStorm.nginx/tasks/nginx_redhat.yml | 28 ------------------- roles/StackStorm.nginx/vars/redhat.yml | 4 ++- roles/StackStorm.nginx/vars/redhat_8.yml | 4 ++- roles/StackStorm.nodejs/meta/main.yml | 1 + roles/StackStorm.rabbitmq/meta/main.yml | 1 + roles/StackStorm.st2/meta/main.yml | 1 + roles/StackStorm.st2/tasks/version.yml | 2 -- roles/StackStorm.st2/vars/redhat_8.yml | 2 +- roles/StackStorm.st2chatops/meta/main.yml | 1 + roles/StackStorm.st2repo/meta/main.yml | 1 + roles/StackStorm.st2web/meta/main.yml | 1 + 17 files changed, 22 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index ee50b096..2c40e66f 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,8 @@ Aka IFTTT orchestration for Ops. > If you're using the provided Vagrantfile, note that it uses Xenial by default. +> If installing on RHEL8/CentOS8 and firewalld is enabled, then you must ensure that the http and https services are enabled. + ## Requirements At least 2GB of memory and 3.5GB of disk space is required, since StackStorm is shipped with RabbitMQ, PostgreSQL, Mongo, nginx and OpenStack Mistral. @@ -106,6 +108,7 @@ These are the platforms we must support (must pass end-to-end testing): - CentOS8 - RHEL6 (via AWS) - RHEL7 (via AWS) +- RHEL8 (via AWS) Must also support Ansible Idempotence (Eg. Ansible-playbook re-run should end with the following results: `changed=0.*failed=0`) @@ -119,6 +122,7 @@ Other distros: vagrant up ubuntu14 vagrant up centos6 vagrant up centos7 +vagrant up centos8 ``` ## Other Installers diff --git a/roles/StackStorm.epel/meta/main.yml b/roles/StackStorm.epel/meta/main.yml index fba07c7e..ffd8f275 100644 --- a/roles/StackStorm.epel/meta/main.yml +++ b/roles/StackStorm.epel/meta/main.yml @@ -10,5 +10,6 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - system diff --git a/roles/StackStorm.ewc/meta/main.yml b/roles/StackStorm.ewc/meta/main.yml index deced213..184729f1 100644 --- a/roles/StackStorm.ewc/meta/main.yml +++ b/roles/StackStorm.ewc/meta/main.yml @@ -14,6 +14,7 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - system - stackstorm diff --git a/roles/StackStorm.ewc_smoketests/meta/main.yml b/roles/StackStorm.ewc_smoketests/meta/main.yml index ee6922f7..0a2f60b5 100644 --- a/roles/StackStorm.ewc_smoketests/meta/main.yml +++ b/roles/StackStorm.ewc_smoketests/meta/main.yml @@ -14,6 +14,7 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - stackstorm - bwc diff --git a/roles/StackStorm.mongodb/meta/main.yml b/roles/StackStorm.mongodb/meta/main.yml index 7a8c5080..f4c81f23 100644 --- a/roles/StackStorm.mongodb/meta/main.yml +++ b/roles/StackStorm.mongodb/meta/main.yml @@ -14,6 +14,7 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - system dependencies: diff --git a/roles/StackStorm.nginx/meta/main.yml b/roles/StackStorm.nginx/meta/main.yml index a3cfe394..72ee3ff6 100644 --- a/roles/StackStorm.nginx/meta/main.yml +++ b/roles/StackStorm.nginx/meta/main.yml @@ -15,6 +15,7 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - web - nginx diff --git a/roles/StackStorm.nginx/tasks/nginx_redhat.yml b/roles/StackStorm.nginx/tasks/nginx_redhat.yml index 94e19c13..e2cc082d 100644 --- a/roles/StackStorm.nginx/tasks/nginx_redhat.yml +++ b/roles/StackStorm.nginx/tasks/nginx_redhat.yml @@ -93,31 +93,3 @@ persistent: yes when: ansible_facts.selinux.status == "enabled" and ansible_facts.selinux.mode == "enforcing" tags: nginx - -- name: Discover if hypervisor is EC2 - become: yes - lineinfile: - path: /sys/hypervisor/uuid - line: "ec2" - state: present - check_mode: yes - ignore_errors: true - register: ec2 - tags: nginx - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') - -- name: Add http and https services to firewalld - become: yes - firewalld: - permanent: true - service: http - state: enabled - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') and (ec2 is changed) - -- name: Add http and https services permanently to firewalld - become: yes - firewalld: - permanent: true - service: https - state: enabled - when: (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version == '8') and (ec2 is changed) diff --git a/roles/StackStorm.nginx/vars/redhat.yml b/roles/StackStorm.nginx/vars/redhat.yml index 43a4c4f6..47e53333 100644 --- a/roles/StackStorm.nginx/vars/redhat.yml +++ b/roles/StackStorm.nginx/vars/redhat.yml @@ -1 +1,3 @@ -selinux_dependencies: "libsemanage-python, libselinux-python" +selinux_dependencies: + - libsemanage-python + - libselinux-python diff --git a/roles/StackStorm.nginx/vars/redhat_8.yml b/roles/StackStorm.nginx/vars/redhat_8.yml index 3526275b..f93b85f4 100644 --- a/roles/StackStorm.nginx/vars/redhat_8.yml +++ b/roles/StackStorm.nginx/vars/redhat_8.yml @@ -1 +1,3 @@ -selinux_dependencies: "python3-libsemanage, python3-libselinux" +selinux_dependencies: + - python3-libsemanage + - python3-libselinux diff --git a/roles/StackStorm.nodejs/meta/main.yml b/roles/StackStorm.nodejs/meta/main.yml index cfab600b..485d5bdd 100644 --- a/roles/StackStorm.nodejs/meta/main.yml +++ b/roles/StackStorm.nodejs/meta/main.yml @@ -15,5 +15,6 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - system diff --git a/roles/StackStorm.rabbitmq/meta/main.yml b/roles/StackStorm.rabbitmq/meta/main.yml index 913c9b17..334ddd89 100644 --- a/roles/StackStorm.rabbitmq/meta/main.yml +++ b/roles/StackStorm.rabbitmq/meta/main.yml @@ -14,5 +14,6 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - system diff --git a/roles/StackStorm.st2/meta/main.yml b/roles/StackStorm.st2/meta/main.yml index 2d623850..6c33f112 100644 --- a/roles/StackStorm.st2/meta/main.yml +++ b/roles/StackStorm.st2/meta/main.yml @@ -14,6 +14,7 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - system - stackstorm diff --git a/roles/StackStorm.st2/tasks/version.yml b/roles/StackStorm.st2/tasks/version.yml index 352f37e7..d62315b4 100644 --- a/roles/StackStorm.st2/tasks/version.yml +++ b/roles/StackStorm.st2/tasks/version.yml @@ -2,8 +2,6 @@ # Getting the current st2 version is required to understand which 'st2_services' to restart - name: Get installed st2 version command: /opt/stackstorm/st2/bin/python -c 'import st2common; print(st2common.__version__)' - -# command: /opt/stackstorm/st2/bin/python -c 'exec(open("../st2/st2common/st2common/__init__.py").read()); print(__version__)' changed_when: no check_mode: no register: _st2_version_installed diff --git a/roles/StackStorm.st2/vars/redhat_8.yml b/roles/StackStorm.st2/vars/redhat_8.yml index d8736946..9e1046b2 100644 --- a/roles/StackStorm.st2/vars/redhat_8.yml +++ b/roles/StackStorm.st2/vars/redhat_8.yml @@ -1,3 +1,3 @@ -# List of python2 variables +# List of python3 variables --- passlib: python3-passlib diff --git a/roles/StackStorm.st2chatops/meta/main.yml b/roles/StackStorm.st2chatops/meta/main.yml index 8f87d902..9aa8554d 100644 --- a/roles/StackStorm.st2chatops/meta/main.yml +++ b/roles/StackStorm.st2chatops/meta/main.yml @@ -14,6 +14,7 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - system - st2 diff --git a/roles/StackStorm.st2repo/meta/main.yml b/roles/StackStorm.st2repo/meta/main.yml index 82fff354..26c7cb4a 100644 --- a/roles/StackStorm.st2repo/meta/main.yml +++ b/roles/StackStorm.st2repo/meta/main.yml @@ -14,6 +14,7 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - system - stackstorm diff --git a/roles/StackStorm.st2web/meta/main.yml b/roles/StackStorm.st2web/meta/main.yml index 7afe6f68..c0df03bd 100644 --- a/roles/StackStorm.st2web/meta/main.yml +++ b/roles/StackStorm.st2web/meta/main.yml @@ -15,6 +15,7 @@ galaxy_info: versions: - 6 - 7 + - 8 galaxy_tags: - system dependencies: From ad9c6264de5dee88d9da3532449494b7df289afc Mon Sep 17 00:00:00 2001 From: Cloud User Date: Thu, 18 Jun 2020 09:51:39 +0000 Subject: [PATCH 20/23] Minor change to README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2c40e66f..13f30eca 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Aka IFTTT orchestration for Ops. > If you're using the provided Vagrantfile, note that it uses Xenial by default. -> If installing on RHEL8/CentOS8 and firewalld is enabled, then you must ensure that the http and https services are enabled. +> If installing on RHEL8 / CentOS8 and firewalld is enabled, then you must ensure that the http and https services are enabled. The ansible-st2 roles do not configure the firewalld rules. ## Requirements At least 2GB of memory and 3.5GB of disk space is required, since StackStorm is shipped with RabbitMQ, PostgreSQL, Mongo, nginx and OpenStack Mistral. From 00ef1a22ee82ec7d21b2d1ec589e92edfc0d112c Mon Sep 17 00:00:00 2001 From: Cloud User Date: Thu, 18 Jun 2020 09:55:19 +0000 Subject: [PATCH 21/23] Minor README.md change --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 13f30eca..714f9a6e 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Aka IFTTT orchestration for Ops. > If you're using the provided Vagrantfile, note that it uses Xenial by default. -> If installing on RHEL8 / CentOS8 and firewalld is enabled, then you must ensure that the http and https services are enabled. The ansible-st2 roles do not configure the firewalld rules. +> If you're installing on RHEL8 / CentOS8 and firewalld is enabled, then you must ensure that the http and https services are enabled. The ansible-st2 roles do not configure the firewalld rules. ## Requirements At least 2GB of memory and 3.5GB of disk space is required, since StackStorm is shipped with RabbitMQ, PostgreSQL, Mongo, nginx and OpenStack Mistral. From 6a50972b8821bd1e917481e73f2d35c069f23e60 Mon Sep 17 00:00:00 2001 From: Cloud User Date: Thu, 18 Jun 2020 11:36:55 +0000 Subject: [PATCH 22/23] README changes --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 714f9a6e..5dfb99db 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Aka IFTTT orchestration for Ops. > If you're using the provided Vagrantfile, note that it uses Xenial by default. -> If you're installing on RHEL8 / CentOS8 and firewalld is enabled, then you must ensure that the http and https services are enabled. The ansible-st2 roles do not configure the firewalld rules. +> In order to access StackStorm Web UI, please don't forget to ensure that http/https ports are opened in your firewall system. ## Requirements At least 2GB of memory and 3.5GB of disk space is required, since StackStorm is shipped with RabbitMQ, PostgreSQL, Mongo, nginx and OpenStack Mistral. From c37954274e90a3de0e6c8751c171fe1673080181 Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Thu, 18 Jun 2020 15:13:23 -0400 Subject: [PATCH 23/23] Update roles/StackStorm.nodejs/tasks/nodejs_redhat.yml --- roles/StackStorm.nodejs/tasks/nodejs_redhat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml b/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml index 3c27c730..f5e3a301 100644 --- a/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml +++ b/roles/StackStorm.nodejs/tasks/nodejs_redhat.yml @@ -19,7 +19,7 @@ register: nodesource_repo_rm tags: nodejs -- name: Determine if nodejs disabled on AppStream for RH8 +- name: Determine if nodejs disabled on AppStream for EL8 become: yes shell: cmd: yum module list nodejs --disabled