From 4e16e2c000d70bde4e2878812f61bbad6eb9d76b Mon Sep 17 00:00:00 2001 From: Murat Aybars <39916128+aybarsm@users.noreply.github.com> Date: Sat, 6 Jul 2024 21:07:28 +0100 Subject: [PATCH] role: package_manager: upgrade tasks redesign --- .../tasks/{deb.yml => deb_repo.yml} | 0 roles/package_manager/tasks/main.yml | 36 +-- roles/package_manager/tasks/upgrade.yml | 292 ++++++++++-------- ...repo_disabled.j2 => repo_list_disabled.j2} | 2 +- roles/package_manager/vars/common.yml | 9 +- 5 files changed, 193 insertions(+), 146 deletions(-) rename roles/package_manager/tasks/{deb.yml => deb_repo.yml} (100%) rename roles/package_manager/templates/common/{repo_disabled.j2 => repo_list_disabled.j2} (92%) diff --git a/roles/package_manager/tasks/deb.yml b/roles/package_manager/tasks/deb_repo.yml similarity index 100% rename from roles/package_manager/tasks/deb.yml rename to roles/package_manager/tasks/deb_repo.yml diff --git a/roles/package_manager/tasks/main.yml b/roles/package_manager/tasks/main.yml index 872686b..a883a77 100644 --- a/roles/package_manager/tasks/main.yml +++ b/roles/package_manager/tasks/main.yml @@ -9,24 +9,18 @@ - name: Load common variables structured on OS related variables ansible.builtin.include_vars: common.yml -# FIXME: Commented out for testing. Uncomment after testing. -# - name: Import aybarsm linux ansible role -# ansible.builtin.import_role: -# name: aybarsm.linux.ansible - # FIXME: Commented out for testing. Uncomment after testing. # - name: Set facts for package manager # ansible.builtin.import_tasks: # file: set_facts.yml # when: package_manager__role_enabled | default(false) | bool -# FIXME: Commented out for testing. Uncomment after testing. -# - name: Import DEB repository and repository key tasks (APT) -# ansible.builtin.import_tasks: -# file: deb.yml -# when: -# - package_manager__role_enabled | default(false) | bool -# - ansible_os_family | default('') | lower == 'debian' +- name: Include DEB repository and repository key tasks (APT) + ansible.builtin.include_tasks: + file: deb_repo.yml + when: + - package_manager__role_enabled | default(false) | bool + - ansible_os_family | default('') | lower == 'debian' # FIXME: Commented out for testing. Uncomment after testing. # - name: Check upgrade strategy once compliance @@ -37,13 +31,17 @@ # - __package_manager__upgrade_once_eligible is defined # - not __package_manager__upgrade_once_eligible -# FIXME: Commented out for testing. Uncomment after testing. -# - name: Import upgrade tasks -# ansible.builtin.import_tasks: -# file: upgrade.yml -# when: -# - package_manager__role_enabled | default(false) | bool -# - __package_manager__upgrade_perform +- name: Import upgrade tasks + ansible.builtin.include_tasks: + file: upgrade.yml + when: + - package_manager__role_enabled | default(false) | bool + - __package_manager__upgrade_execute.decision + vars: + ansible_callback_diy_runner_on_skipped_msg: | + skipping: [{{ inventory_hostname }}] + msg: {{ __package_manager__upgrade_execute.reason }} + ansible_callback_diy_runner_on_skipped_msg_color: green # FIXME: Commented out for testing. Uncomment after testing. # - name: Import DEB package tasks (APT) diff --git a/roles/package_manager/tasks/upgrade.yml b/roles/package_manager/tasks/upgrade.yml index a752b02..2c374f6 100644 --- a/roles/package_manager/tasks/upgrade.yml +++ b/roles/package_manager/tasks/upgrade.yml @@ -1,150 +1,194 @@ --- -- name: Deploy default main repo list files (Clean Upgrade) - become: true - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - backup: "{{ item.backup | default(true) | bool }}" - loop: "{{ package_manager__main_repo_list_files }}" - vars: - default_repo_lists: "{{ package_manager__main_repo_list_files | selectattr('type', 'defined') | selectattr('type', 'equalto', 'default') | list }}" - register: package_manager__upgrade_ - when: - - __package_manager__upgrade_clean | default(false) | bool - - package_manager__main_repo_list_files is defined - - package_manager__main_repo_list_files | selectattr('type', 'defined') | selectattr('type', 'equalto', 'default') | length > 0 - -- name: Find repo source files (Clean Upgrade) +- name: Find repo list files (Clean Upgrade) become: true ansible.builtin.find: paths: "{{ package_manager__repo_list_dir }}" patterns: "{{ package_manager__repo_list_patterns }}" use_regex: "{{ package_manager__repo_list_use_regex | bool }}" - register: package_manager__upgrade_find_repo_list_files - when: - - __package_manager__upgrade_clean | default(false) | bool - -- name: Set facts for backup and restore (Clean Upgrade) - ansible.builtin.set_fact: - __package_manager__clean_upgrade_backup: "{{ {'src': backup_src, 'dest': backup_dest} | aybarsm.helper.to_list_of_dicts }}" - __package_manager__clean_upgrade_restore: "{{ {'src': backup_dest, 'dest': backup_src} | aybarsm.helper.to_list_of_dicts }}" - vars: - main_repo_list: "{{ - (package_manager__upgrade_main_repo_list_stat.stat.exist is defined and package_manager__upgrade_main_repo_list_stat.stat.exist is truthy ) | - ternary( - [package_manager__upgrade_main_repo_list_stat.stat.path], - [] - ) - }}" - repo_lists: "{{ (package_manager__upgrade_find_repo_list_files.files.length > 0) | - ternary( - (package_manager__upgrade_find_repo_list_files.files | map(attribute='path') | list), - [] - ) - }}" - backup_src: "{{ main_repo_list + repo_lists }}" - backup_dest: "{{ backup_src | map('regex_replace', '^(.*)$', '\\1.' + now().utcnow().strftime('%Y%m%dT%H%M%S.%fZ') + '.disabled') }}" - register: package_manager__upgrade_set_facts_backup_restore + register: package_manager__upgrade_clean_find_repo_list_files when: - __package_manager__upgrade_clean | default(false) | bool - - package_manager__upgrade_main_repo_list_stat.stat.exist is defined -- name: Copy (Backup) repo list files and directory (Clean Upgrade) +- name: Deploy default repo lists by copy (Clean Upgrade) become: true ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ item.dest }}" - remote_src: true - loop: "{{ __package_manager__clean_upgrade_backup }}" - register: package_manager__upgrade_repo_list_backup - when: + backup: true + loop: "{{ __package_manager__repo_list_defaults_copy }}" + register: package_manager__upgrade_clean_default_repo_list_copies + when: - __package_manager__upgrade_clean | default(false) | bool - - __package_manager__clean_upgrade_backup is defined - - __package_manager__clean_upgrade_backup | length > 0 + - __package_manager__repo_list_defaults_copy | length > 0 -- name: Temproarily remove repo list files and directory (Clean Upgrade) +# TODO: Gather backup file paths +- name: Deploy default repo lists by template (Clean Upgrade) become: true - ansible.builtin.file: - path: "{{ item.src }}" - state: absent - loop: "{{ __package_manager__clean_upgrade_backup }}" - register: package_manager__upgrade_repo_list_remove + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + backup: true + loop: "{{ repo_list_templates }}" + vars: + repo_lists_default: "{{ __package_manager__repo_list_defaults_template | default([]) }}" + repo_list_additonals_src: "{{ package_manager__upgrade_clean_find_repo_list_files.files | map(attribute='path') | default([]) }}" + repo_lists_additional: "{{ (repo_list_additonals_src | length > 0) | + ternary( + {'dest': repo_list_additonals_src} | aybarsm.helper.to_list_of_dicts(defaults={'src': package_manager__repo_list_disabled_template}), + []) }}" + repo_list_templates: "{{ repo_lists_default + repo_lists_additional }}" + register: package_manager__upgrade_clean_default_repo_list_templates when: - __package_manager__upgrade_clean | default(false) | bool - - __package_manager__clean_upgrade_backup is defined - - __package_manager__clean_upgrade_backup | length > 0 + - (__package_manager__repo_list_defaults_template | length > 0) or (package_manager__upgrade_clean_find_repo_list_files.files | default([]) | length > 0) -- name: Perform DEB package upgrade via APT - become: true - ansible.builtin.apt: - update_cache: "{{ update_cache }}" - upgrade: "{{ upgrade_mode }}" - dpkg_options: "{{ package_manager__upgrade_dpkg_options | default(omit) }}" - vars: - upgrade_mode: "{{ package_manager__upgrade_mode | regex_replace('clean_', '') }}" - update_cache: "{{ (__package_manager__upgrade_clean | default(false) | bool) or (package_manager__upgrade_update_repo_cache | default(true) | bool) }}" - register: package_manager__deb_upgrade +- name: Debug found files + ansible.builtin.debug: + msg: + list_templates: "{{ package_manager__upgrade_clean_default_repo_list_templates }}" + # repo_lists_default: "{{ repo_lists_default }}" + # repo_lists_additional: "{{ repo_lists_additional }}" + # repo_list_additonals_src: "{{ repo_list_additonals_src }}" + # repo_list_templates: "{{ repo_list_templates }}" + # vars: + # repo_lists_default: "{{ __package_manager__repo_list_defaults_template | default([]) }}" + # repo_list_additonals_src: "{{ package_manager__upgrade_clean_find_repo_list_files.files | map(attribute='path') | default([]) }}" + # repo_lists_additional: "{{ (repo_list_additonals_src | length > 0) | + # ternary( + # {'dest': repo_list_additonals_src} | aybarsm.helper.to_list_of_dicts(defaults={'src': package_manager__repo_list_disabled_template}), + # []) }}" + # repo_list_templates: "{{ repo_lists_default + repo_lists_additional }}" when: - - ansible_os_family | lower == 'debian' - - package_manager__upgrade_mode is defined - - upgrade_mode in __package_manager__upgrade_modes + - __package_manager__upgrade_clean | default(false) | bool + # - (__package_manager__repo_list_defaults_template | length > 0) or (package_manager__upgrade_clean_find_repo_list_files.files | default([]) | length > 0) + + +# register: package_manager__upgrade_clean_default_repo_list_templates +# when: +# - __package_manager__upgrade_clean | default(false) | bool +# - (__package_manager__repo_list_defaults_template | length > 0) or (package_manager__upgrade_clean_find_repo_list_files.files | default([]) | length > 0) -- name: Clean RPM repo metadata cache before upgrade - become: true - ansible.builtin.command: - cmd: yum clean metadata - vars: - update_cache: "{{ (__package_manager__upgrade_clean | default(false) | bool) or (package_manager__upgrade_update_repo_cache | default(true) | bool) }}" - register: package_manager__rpm_upgrade_clean_cache_pre - when: - - ansible_os_family | lower == 'redhat' - - update_cache +# - name: Set facts for backup and restore (Clean Upgrade) +# ansible.builtin.set_fact: +# __package_manager__clean_upgrade_backup: "{{ {'src': backup_src, 'dest': backup_dest} | aybarsm.helper.to_list_of_dicts }}" +# __package_manager__clean_upgrade_restore: "{{ {'src': backup_dest, 'dest': backup_src} | aybarsm.helper.to_list_of_dicts }}" +# vars: +# main_repo_list: "{{ +# (package_manager__upgrade_main_repo_list_stat.stat.exist is defined and package_manager__upgrade_main_repo_list_stat.stat.exist is truthy ) | +# ternary( +# [package_manager__upgrade_main_repo_list_stat.stat.path], +# [] +# ) +# }}" +# repo_lists: "{{ (package_manager__upgrade_find_repo_list_files.files.length > 0) | +# ternary( +# (package_manager__upgrade_find_repo_list_files.files | map(attribute='path') | list), +# [] +# ) +# }}" +# backup_src: "{{ main_repo_list + repo_lists }}" +# backup_dest: "{{ backup_src | map('regex_replace', '^(.*)$', '\\1.' + now().utcnow().strftime('%Y%m%dT%H%M%S.%fZ') + '.disabled') }}" +# register: package_manager__upgrade_set_facts_backup_restore +# when: +# - __package_manager__upgrade_clean | default(false) | bool +# - package_manager__upgrade_main_repo_list_stat.stat.exist is defined -- name: Perform RPM package upgrade via DNF - become: true - ansible.builtin.dnf: - name: "*" - state: latest - register: package_manager__rpm_upgrade - when: ansible_os_family | lower == 'redhat' +# - name: Copy (Backup) repo list files and directory (Clean Upgrade) +# become: true +# ansible.builtin.copy: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" +# remote_src: true +# loop: "{{ __package_manager__clean_upgrade_backup }}" +# register: package_manager__upgrade_repo_list_backup +# when: +# - __package_manager__upgrade_clean | default(false) | bool +# - __package_manager__clean_upgrade_backup is defined +# - __package_manager__clean_upgrade_backup | length > 0 -- name: Copy (Restore) repo list files and directory (Clean Upgrade) - become: true - ansible.builtin.copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - remote_src: true - loop: "{{ __package_manager__clean_upgrade_restore }}" - register: package_manager__upgrade_repo_list_restore - when: - - __package_manager__upgrade_clean - - __package_manager__clean_upgrade_restore is defined - - __package_manager__clean_upgrade_restore | length > 0 +# - name: Temproarily remove repo list files and directory (Clean Upgrade) +# become: true +# ansible.builtin.file: +# path: "{{ item.src }}" +# state: absent +# loop: "{{ __package_manager__clean_upgrade_backup }}" +# register: package_manager__upgrade_repo_list_remove +# when: +# - __package_manager__upgrade_clean | default(false) | bool +# - __package_manager__clean_upgrade_backup is defined +# - __package_manager__clean_upgrade_backup | length > 0 -- name: Remove temporary directory for repo lists (Clean Upgrade) - become: true - ansible.builtin.tempfile: - path: "{{ package_manager__upgrade_create_temp_repo_dir.path }}" - state: absent - register: package_manager__upgrade_remove_temp_repo_dir - when: - - __package_manager__upgrade_clean - - package_manager__upgrade_create_temp_repo_dir.path is defined +# - name: Perform DEB package upgrade via APT +# become: true +# ansible.builtin.apt: +# update_cache: "{{ update_cache }}" +# upgrade: "{{ upgrade_mode }}" +# dpkg_options: "{{ package_manager__upgrade_dpkg_options | default(omit) }}" +# vars: +# upgrade_mode: "{{ package_manager__upgrade_mode | regex_replace('clean_', '') }}" +# update_cache: "{{ (__package_manager__upgrade_clean | default(false) | bool) or (package_manager__upgrade_update_repo_cache | default(true) | bool) }}" +# register: package_manager__deb_upgrade +# when: +# - ansible_os_family | lower == 'debian' +# - package_manager__upgrade_mode is defined +# - upgrade_mode in __package_manager__upgrade_modes -- name: Update DEB repo cache via APT after upgrade (Clean Upgrade) - become: true - ansible.builtin.apt: - update_cache: true - register: package_manager__deb_upgrade_clean_cache_post - when: - - ansible_os_family | lower == 'debian' - - __package_manager__upgrade_clean | default(false) | bool +# - name: Clean RPM repo metadata cache before upgrade +# become: true +# ansible.builtin.command: +# cmd: yum clean metadata +# vars: +# update_cache: "{{ (__package_manager__upgrade_clean | default(false) | bool) or (package_manager__upgrade_update_repo_cache | default(true) | bool) }}" +# register: package_manager__rpm_upgrade_clean_cache_pre +# when: +# - ansible_os_family | lower == 'redhat' +# - update_cache -- name: Clean RPM repo metadata cache after upgrade (Clean Upgrade) - become: true - ansible.builtin.command: - cmd: yum clean metadata - register: package_manager__rpm_upgrade_clean_cache_post - when: - - ansible_os_family | lower == 'redhat' - - __package_manager__upgrade_clean | default(false) | bool \ No newline at end of file +# - name: Perform RPM package upgrade via DNF +# become: true +# ansible.builtin.dnf: +# name: "*" +# state: latest +# register: package_manager__rpm_upgrade +# when: ansible_os_family | lower == 'redhat' + +# - name: Copy (Restore) repo list files and directory (Clean Upgrade) +# become: true +# ansible.builtin.copy: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" +# remote_src: true +# loop: "{{ __package_manager__clean_upgrade_restore }}" +# register: package_manager__upgrade_repo_list_restore +# when: +# - __package_manager__upgrade_clean +# - __package_manager__clean_upgrade_restore is defined +# - __package_manager__clean_upgrade_restore | length > 0 + +# - name: Remove temporary directory for repo lists (Clean Upgrade) +# become: true +# ansible.builtin.tempfile: +# path: "{{ package_manager__upgrade_create_temp_repo_dir.path }}" +# state: absent +# register: package_manager__upgrade_remove_temp_repo_dir +# when: +# - __package_manager__upgrade_clean +# - package_manager__upgrade_create_temp_repo_dir.path is defined + +# - name: Update DEB repo cache via APT after upgrade (Clean Upgrade) +# become: true +# ansible.builtin.apt: +# update_cache: true +# register: package_manager__deb_upgrade_clean_cache_post +# when: +# - ansible_os_family | lower == 'debian' +# - __package_manager__upgrade_clean | default(false) | bool + +# - name: Clean RPM repo metadata cache after upgrade (Clean Upgrade) +# become: true +# ansible.builtin.command: +# cmd: yum clean metadata +# register: package_manager__rpm_upgrade_clean_cache_post +# when: +# - ansible_os_family | lower == 'redhat' +# - __package_manager__upgrade_clean | default(false) | bool \ No newline at end of file diff --git a/roles/package_manager/templates/common/repo_disabled.j2 b/roles/package_manager/templates/common/repo_list_disabled.j2 similarity index 92% rename from roles/package_manager/templates/common/repo_disabled.j2 rename to roles/package_manager/templates/common/repo_list_disabled.j2 index c4d1ddd..ead9183 100644 --- a/roles/package_manager/templates/common/repo_disabled.j2 +++ b/roles/package_manager/templates/common/repo_list_disabled.j2 @@ -1,4 +1,4 @@ # {{ ansible_managed }} {% if package_manager__repo_list_disabled_comment is defined %} {{ package_manager__repo_list_disabled_comment | comment }} -{% end if %} \ No newline at end of file +{% endif %} \ No newline at end of file diff --git a/roles/package_manager/vars/common.yml b/roles/package_manager/vars/common.yml index 231964a..8e7347f 100644 --- a/roles/package_manager/vars/common.yml +++ b/roles/package_manager/vars/common.yml @@ -22,7 +22,10 @@ package_manager__repo_lists_all: "{{ package_manager__all | default([]) }}" __package_manager__clean_upgrade_modes: "{{ ['clean_'] | product(__package_manager__upgrade_modes) | map('join') }}" -__package_manager__repo_list_defaults: "{{ package_manager__repo_lists_all | selectattr('category', 'defined') | selectattr('category', 'equalto', 'default') | list }}" + +__package_manager__repo_list_defaults: "{{ package_manager__repo_lists_all | selectattr('category', 'defined') | selectattr('category', 'equalto', 'default') | default([]) }}" +__package_manager__repo_list_defaults_copy: "{{ __package_manager__repo_list_defaults | selectattr('source_module', 'equalto', 'copy') | default([]) }}" +__package_manager__repo_list_defaults_template: "{{ __package_manager__repo_list_defaults | selectattr('source_module', 'equalto', 'template') | default([]) }}" __package_manager__upgrade_clean: "{{ package_manager__upgrade_mode in __package_manager__clean_upgrade_modes }}" __package_manager__upgrade_mode: "{{ package_manager__upgrade_mode | regex_replace('clean_', '') }}" @@ -33,7 +36,9 @@ __package_manager__upgrade_always: "{{ package_manager__upgrade_strategy == 'alw __package_manager__upgrade_never: "{{ package_manager__upgrade_strategy == 'never' }}" __package_manager__upgrade_execute: >- {%- set exec_upgrade = {'decision': true, 'reason': ''} -%} - {%- if __package_manager__upgrade_never -%} + {%- if not package_manager__role_enabled -%} + {%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade requires aybarsm.linux.package_manager role enabled. (package_manager__role_enabled: true)'} -%} + {%- elif __package_manager__upgrade_never -%} {%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade strategy is set to never.'} -%} {%- elif __package_manager__upgrade_clean and not __package_manager__upgrade_clean_eligible -%} {%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade strategy is set to clean, but no default repo list configuration found.'} -%}