diff --git a/roles/ansible/defaults/main.yml b/roles/ansible/defaults/main.yml new file mode 100644 index 0000000..1a21c86 --- /dev/null +++ b/roles/ansible/defaults/main.yml @@ -0,0 +1,7 @@ +linux_role_ansible_enabled: true +linux_role_ansible_manage_local_facts: true + +linux_ansible_local_fact_template: aybarsm_linux.json.fact.j2 +linux_ansible_local_fact_backup: true +linux_ansible_local_facts_dir: "{{ (not lookup('config', 'DEFAULT_FACT_PATH')) | ternary('/etc/ansible/facts.d', lookup('config', 'DEFAULT_FACT_PATH')) }}" +linux_ansible_local_fact_file: "{{ linux_ansible_local_facts_dir }}/aybarsm_linux.fact" diff --git a/roles/ansible/handlers/main.yml b/roles/ansible/handlers/main.yml new file mode 100644 index 0000000..eb22fe9 --- /dev/null +++ b/roles/ansible/handlers/main.yml @@ -0,0 +1,26 @@ +--- +- name: Re-assign host local facts to ansible facts + become: true + ansible.builtin.set_fact: + __linux_ansible_local_facts: "{{ linux_ansible_update_local_facts.__linux_ansible_local_facts }}" + register: linux_ansible_local_facts_reassign + listen: "linux_ansible_local_facts_reassign" + notify: linux_ansible_local_facts_settle + +- name: Settle local facts on host if changed + become: true + ansible.builtin.template: + src: "{{ linux_ansible_local_fact_template }}" + dest: "{{ linux_ansible_local_fact_file }}" + backup: "{{ linux_ansible_local_fact_backup | default(omit) | bool }}" + register: linux_ansible_local_facts_settle + listen: "linux_ansible_local_facts_settle" + notify: linux_ansible_local_facts_reread + when: (ansible_local.aybarsm_linux | b64encode) != (__linux_ansible_local_facts | b64encode) + +- name: Re-read local facts + become: true + ansible.builtin.setup: + filter: ansible_local + register: linux_ansible_local_facts_reread + listen: "linux_ansible_local_facts_reread" diff --git a/roles/ansible/meta/main.yml b/roles/ansible/meta/main.yml new file mode 100644 index 0000000..4831b03 --- /dev/null +++ b/roles/ansible/meta/main.yml @@ -0,0 +1 @@ +allow_duplicates: true \ No newline at end of file diff --git a/roles/ansible/tasks/local_facts.yml b/roles/ansible/tasks/local_facts.yml new file mode 100644 index 0000000..3e41cee --- /dev/null +++ b/roles/ansible/tasks/local_facts.yml @@ -0,0 +1,11 @@ +--- +- name: Create directory on host for ansible local facts + become: true + ansible.builtin.file: + state: directory + recurse: true + path: "{{ linux_ansible_local_facts_dir }}" + +- name: Assign local facts as ansible facts + ansible.builtin.set_fact: + __linux_ansible_local_facts: "{{ ansible_local.aybarsm_linux | default({}) }}" \ No newline at end of file diff --git a/roles/ansible/tasks/main.yml b/roles/ansible/tasks/main.yml new file mode 100644 index 0000000..7301130 --- /dev/null +++ b/roles/ansible/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: Import linux ansible local facts tasks + ansible.builtin.import_tasks: + file: local_facts.yml + when: + - linux_role_ansible_enabled | bool + - linux_role_ansible_manage_local_facts | bool \ No newline at end of file diff --git a/roles/ansible/tasks/update_local_facts.yml b/roles/ansible/tasks/update_local_facts.yml new file mode 100644 index 0000000..ae6ee66 --- /dev/null +++ b/roles/ansible/tasks/update_local_facts.yml @@ -0,0 +1,41 @@ +--- +- name: Update host local facts + ansible.utils.update_fact: + updates: "{{ host_fact_updates }}" + vars: + fact_basename: "{{ linux_ansible_local_fact_file | basename | regex_replace('\\.fact$', '') }}" + host_fact_updates: "{{ dict(( + ansible_host_fact_updates | map(attribute='path') | + map('regex_replace', '^ansible_local\\.' + fact_basename + '\\.|^ansible_local\\.', '') | + map('regex_replace', '^(?!__linux_ansible_local_facts\\.)(.*)$', '__linux_ansible_local_facts.\\1')) | + zip(ansible_host_fact_updates | map(attribute='value'))) | + dict2items(key_name='path', value_name='value') }}" + register: linux_ansible_update_local_facts + +- name: Re-assign host local facts to ansible facts + ansible.builtin.set_fact: + __linux_ansible_local_facts: "{{ linux_ansible_update_local_facts.__linux_ansible_local_facts }}" + register: linux_ansible_local_facts_reassign + +- name: Settle local facts on host if changed + become: true + ansible.builtin.template: + src: "{{ linux_ansible_local_fact_template }}" + dest: "{{ linux_ansible_local_fact_file }}" + backup: "{{ linux_ansible_local_fact_backup | default(omit) | bool }}" + register: linux_ansible_local_facts_settle + vars: + fact_basename: "{{ linux_ansible_local_fact_file | basename | regex_replace('\\.fact$', '') }}" + on_host: "{{ ansible_local[fact_basename] | default({}) | b64encode }}" + on_runtime: "{{ __linux_ansible_local_facts | default({}) | b64encode }}" + when: on_host != on_runtime + +- name: Re-read local facts + become: true + ansible.builtin.setup: + filter: ansible_local + register: linux_ansible_local_facts_reread + when: linux_ansible_local_facts_settle.changed + +# - name: Settle local facts if they have been modified +# ansible.builtin.meta: 'flush_handlers' \ No newline at end of file diff --git a/roles/ansible/templates/aybarsm_linux.json.fact.j2 b/roles/ansible/templates/aybarsm_linux.json.fact.j2 new file mode 100644 index 0000000..4f0f097 --- /dev/null +++ b/roles/ansible/templates/aybarsm_linux.json.fact.j2 @@ -0,0 +1,6 @@ +{% if __linux_ansible_local_facts is defined %} +{{ __linux_ansible_local_facts | to_nice_json }} +{% else %} +{ +} +{% endif %} \ No newline at end of file diff --git a/roles/package_manager/defaults/main.yml b/roles/package_manager/defaults/main.yml index e77928c..5aac707 100644 --- a/roles/package_manager/defaults/main.yml +++ b/roles/package_manager/defaults/main.yml @@ -5,7 +5,14 @@ linux_role_package_manager_enabled: false # Available options: specific, common linux_package_manager_package_strategy: specific -linux_package_manager_package_simulation: true +linux_package_manager_initial_upgrade: false +# Available options: full, dist, clean_full, clean_dist +# Clean options temproarily removes all repos other than OS default repos before upgrade +linux_package_manager_initial_upgrade_strategy: clean_full +linux_package_manager_deb_default_repos_template: etc/apt/default.sources.list.j2 + +# TODO: Implement this feature +# linux_package_manager_package_simulation: true linux_package_manager_default: [] linux_package_manager_group: [] diff --git a/roles/package_manager/tasks/deb.yml b/roles/package_manager/tasks/deb.yml index 5005d1c..5fcbac5 100644 --- a/roles/package_manager/tasks/deb.yml +++ b/roles/package_manager/tasks/deb.yml @@ -1,4 +1,19 @@ --- +- name: Manage DEB repository keys via APT + become: true + ansible.builtin.apt_key: + state: "{{ item.state | default(omit) }}" + data: "{{ item.data | default(omit) }}" + file: "{{ item.file | default(omit) }}" + keyring: "{{ item.keyring | default(omit) }}" + url: "{{ item.url | default(omit) }}" + validate_certs: "{{ item.validate_certs | default(omit) | bool }}" + loop: "{{ linux_package_manager_repo_keys_all }}" + register: linux_package_manager_deb_repo_keys_apply + when: + - linux_package_manager_repo_keys_all | type_debug == 'list' + - linux_package_manager_repo_keys_all | length > 0 + - name: Manage DEB repositories via APT become: true ansible.builtin.apt_repository: @@ -16,19 +31,4 @@ register: linux_package_manager_deb_repos_apply when: - linux_package_manager_repos_all | type_debug == 'list' - - linux_package_manager_repos_all | length > 0 - -- name: Manage DEB repository keys via APT - become: true - ansible.builtin.apt_key: - state: "{{ item.state | default(omit) }}" - data: "{{ item.data | default(omit) }}" - file: "{{ item.file | default(omit) }}" - keyring: "{{ item.keyring | default(omit) }}" - url: "{{ item.url | default(omit) }}" - validate_certs: "{{ item.validate_certs | default(omit) | bool }}" - loop: "{{ linux_package_manager_repo_keys_all }}" - register: linux_package_manager_deb_repo_keys_apply - when: - - linux_package_manager_repo_keys_all | type_debug == 'list' - - linux_package_manager_repo_keys_all | length > 0 + - linux_package_manager_repos_all | length > 0 \ No newline at end of file diff --git a/roles/package_manager/tasks/deb_initial_upgrade.yml b/roles/package_manager/tasks/deb_initial_upgrade.yml new file mode 100644 index 0000000..ca8cb27 --- /dev/null +++ b/roles/package_manager/tasks/deb_initial_upgrade.yml @@ -0,0 +1,39 @@ +--- +- name: Create temporary etc_apt directory + become: true + ansible.builtin.tempfile: + state: directory + suffix: etc_apt + register: linux_package_manager_temp_etc_apt_dir + +- name: Create sources.list.d directory in temporary etc_apt directory + become: true + ansible.builtin.file: + state: directory + recurse: true + path: "{{ linux_package_manager_temp_etc_apt_dir.path }}/sources.list.d" + register: linux_package_manager_temp_etc_apt_sources_dir + +- name: Check main sources.list file status + become: true + ansible.builtin.stat: + path: "{{ linux_package_manager_repo_list_file }}" + register: linux_package_manager_repo_list_file_stat + +# - name: Find apt source files +# become: true +# ansible.builtin.find: +# paths: "{{ linux_systemd_network_dir }}" +# patterns: "{{ linux_systemd_network_cleanup_patterns }}" +# use_regex: "{{ linux_systemd_network_cleanup_patterns_use_regex | bool }}" +# when: linux_systemd_network_cleanup | bool +# register: linux_systemd_network_find_cleanup_files + +# - name: Find apt source files +# become: true +# ansible.builtin.find: +# paths: "{{ linux_systemd_network_dir }}" +# patterns: "{{ linux_systemd_network_cleanup_patterns }}" +# use_regex: "{{ linux_systemd_network_cleanup_patterns_use_regex | bool }}" +# when: linux_systemd_network_cleanup | bool +# register: linux_systemd_network_find_cleanup_files \ No newline at end of file diff --git a/roles/package_manager/tasks/deb_packages.yml b/roles/package_manager/tasks/deb_packages.yml index e6f80fa..f0b3e63 100644 --- a/roles/package_manager/tasks/deb_packages.yml +++ b/roles/package_manager/tasks/deb_packages.yml @@ -27,10 +27,7 @@ update_cache_retry_max_delay: "{{ item.update_cache_retry_max_delay | default(omit) }}" upgrade: "{{ item.upgrade | default(omit) }}" loop: "{{ linux_package_manager_packages_all }}" - vars: - __is_simulation: "{{ __linux_package_manager_simulate_packages | default(false) | bool }}" - register: "{{ 'linux_package_manager_deb_packages_' + ('simulate' if __is_simulation else 'simulate') }}" - check_mode: "{{ __is_simulation }}" + register: linux_package_manager_deb_packages_apply when: - linux_package_manager_packages_all | type_debug == 'list' - linux_package_manager_packages_all | length > 0 diff --git a/roles/package_manager/tasks/deb_simulations.yml b/roles/package_manager/tasks/deb_simulations.yml deleted file mode 100644 index ec213f5..0000000 --- a/roles/package_manager/tasks/deb_simulations.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Simulate DEB package install via APT - ansible.builtin.command: - cmd: "apt --simulate install {{ packages | join(' ') }}" - register: linux_package_manager_deb_packages_simulate_install - changed_when: false - -- name: Simulate DEB package remove via APT - ansible.builtin.command: - cmd: "apt --simulate remove {{ packages | join(' ') }}" - register: linux_package_manager_deb_packages_simulate_remove - changed_when: false \ No newline at end of file diff --git a/roles/package_manager/tasks/initial_upgrade.yml b/roles/package_manager/tasks/initial_upgrade.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/package_manager/tasks/main.yml b/roles/package_manager/tasks/main.yml index 3683a67..76880b8 100644 --- a/roles/package_manager/tasks/main.yml +++ b/roles/package_manager/tasks/main.yml @@ -5,24 +5,22 @@ - name: Load common variables structured on OS related variables ansible.builtin.include_vars: common.yml -- name: Import DEB repository and repository key tasks (APT) +- name: Import DEB initial upgrade (APT) ansible.builtin.import_tasks: - file: deb.yml + file: deb_initial_upgrade.yml when: - linux_role_package_manager_enabled | default(false) | bool + - linux_package_manager_initial_upgrade | default(false) | bool + - linux_role_ansible_manage_local_facts | default(false) | bool + - __linux_ansible_local_facts is defined - ansible_os_family | lower == 'debian' -- name: Simulate DEB package tasks (APT) +- name: Import DEB repository and repository key tasks (APT) ansible.builtin.import_tasks: - file: deb_packages.yml - vars: - __linux_package_manager_simulate_packages: true + file: deb.yml when: - linux_role_package_manager_enabled | default(false) | bool - - linux_package_manager_package_strategy | lower == 'specific' - ansible_os_family | lower == 'debian' - - linux_package_manager_package_simulation | default(true) | bool - - not ansible_check_mode - name: Import DEB package tasks (APT) ansible.builtin.import_tasks: diff --git a/roles/package_manager/tasks/rpm_packages.yml b/roles/package_manager/tasks/rpm_packages.yml index 515dcfe..5c9be51 100644 --- a/roles/package_manager/tasks/rpm_packages.yml +++ b/roles/package_manager/tasks/rpm_packages.yml @@ -2,7 +2,7 @@ - name: Manage RPM packages via DNF become: true ansible.builtin.dnf: - name: "{{ package_name }}" + name: "{{ item.name }}" allow_downgrade: "{{ item.allow_downgrade | default(omit) | bool }}" allowerasing: "{{ item.allowerasing | default(omit) | bool }}" autoremove: "{{ item.autoremove | default(omit) | bool }}" @@ -34,8 +34,6 @@ update_only: "{{ item.update_only | default(omit) | bool }}" use_backend: "{{ item.use_backend | default(omit) }}" validate_certs: "{{ item.validate_certs | default(omit) | bool }}" - vars: - package_name: "{{ item.name + '=' + item.version if 'version' in item else item.name }}" loop: "{{ linux_package_manager_packages_all }}" register: linux_package_manager_rpm_packages_apply when: diff --git a/roles/package_manager/templates/etc/apt/default.sources.list.j2 b/roles/package_manager/templates/etc/apt/default.sources.list.j2 new file mode 100644 index 0000000..b527068 --- /dev/null +++ b/roles/package_manager/templates/etc/apt/default.sources.list.j2 @@ -0,0 +1,27 @@ +{% set os_distrib = ansible_distribution | lower %} +{% set os_release = ansible_distribution_release | lower %} +{% if os_distrib == "debian" %} +deb http://deb.debian.org/debian/ {{ os_release }} main +deb-src http://deb.debian.org/debian/ {{ os_release }} main + +deb http://security.debian.org/debian-security {{ os_release }}-security main +deb-src http://security.debian.org/debian-security {{ os_release }}-security main + +deb http://deb.debian.org/debian/ {{ os_release }}-updates main +deb-src http://deb.debian.org/debian/ {{ os_release }}-updates main +{% elif os_distrib == "ubuntu" %} +deb http://archive.ubuntu.com/ubuntu/ {{ os_release }} main restricted universe multiverse +deb-src http://archive.ubuntu.com/ubuntu/ {{ os_release }} main restricted universe multiverse + +deb http://archive.ubuntu.com/ubuntu/ {{ os_release }}-updates main restricted universe multiverse +deb-src http://archive.ubuntu.com/ubuntu/ {{ os_release }}-updates main restricted universe multiverse + +deb http://archive.ubuntu.com/ubuntu/ {{ os_release }}-security main restricted universe multiverse +deb-src http://archive.ubuntu.com/ubuntu/ {{ os_release }}-security main restricted universe multiverse + +deb http://archive.ubuntu.com/ubuntu/ {{ os_release }}-backports main restricted universe multiverse +deb-src http://archive.ubuntu.com/ubuntu/ {{ os_release }}-backports main restricted universe multiverse + +deb http://archive.canonical.com/ubuntu {{ os_release }} partner +deb-src http://archive.canonical.com/ubuntu {{ os_release }} partner +{% endif %} \ No newline at end of file diff --git a/roles/package_manager/vars/common.yml b/roles/package_manager/vars/common.yml index c71658c..4329d95 100644 --- a/roles/package_manager/vars/common.yml +++ b/roles/package_manager/vars/common.yml @@ -1,5 +1,6 @@ linux_package_manager_packages_all: "{{ linux_package_manager_all | aybarsm.helper.selectattr(__linux_package_manager_package_config.selectattr) | + ansible.utils.replace_keys(target=__linux_package_manager_package_config.replace_keys) | aybarsm.helper.setattr(__linux_package_manager_package_config.setattr) | aybarsm.helper.splitattr(__linux_package_manager_package_config.splitattr) | aybarsm.helper.unique_recursive(__linux_package_manager_package_config.uniques) | diff --git a/roles/package_manager/vars/debian.yml b/roles/package_manager/vars/debian.yml index 41cfd19..c1395b2 100644 --- a/roles/package_manager/vars/debian.yml +++ b/roles/package_manager/vars/debian.yml @@ -1,3 +1,7 @@ +linux_package_manager_repo_dir: /etc/apt +linux_package_manager_repo_list_file: "{{ linux_package_manager_repo_dir}}/sources.list" +linux_package_manager_repo_list_dir: "{{ linux_package_manager_repo_dir}}/sources.list.d" + __linux_package_manager_uniques_package: ['name', 'package', 'pkg'] __linux_package_manager_uniques_repo: ['repo'] __linux_package_manager_uniques_repo_key: ['keyserver', 'url', 'id', 'data', 'file'] @@ -16,19 +20,6 @@ __linux_package_manager_package_config: - before: pkg after: name setattr: - - attribute: name - value: package - mode: copy_delete - when: - - ['name', 'undefined'] - - ['package', 'defined'] - logic: and - - attribute: name - value: pkg - mode: copy_delete - when: - - ['name', 'undefined'] - - ['pkg', 'defined'] - attribute: state value: present when: diff --git a/roles/proxmox/defaults/main.yml b/roles/proxmox/defaults/main.yml index dab0300..a2e902f 100644 --- a/roles/proxmox/defaults/main.yml +++ b/roles/proxmox/defaults/main.yml @@ -1,5 +1,7 @@ linux_role_proxmox_enabled: false +linux_proxmox_clean_os_upgrade: '' + linux_proxmox_default: {} linux_proxmox_group: {} linux_proxmox_host: {} diff --git a/roles/proxmox/tasks/main.yml b/roles/proxmox/tasks/main.yml index 2ba59a6..fb28cac 100644 --- a/roles/proxmox/tasks/main.yml +++ b/roles/proxmox/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: Import aybarsm linux ansible role + ansible.builtin.import_role: + name: aybarsm.linux.ansible + - name: Include Debug Tasks ansible.builtin.import_tasks: file: debug.yml + +- name: Import aybarsm linux ansible role - settle local fact tasks + ansible.builtin.import_role: + name: aybarsm.linux.ansible + tasks_from: settle_local_facts.yml \ No newline at end of file diff --git a/roles/proxmox/vars/main.yml b/roles/proxmox/vars/main.yml index a70e738..5194b95 100644 --- a/roles/proxmox/vars/main.yml +++ b/roles/proxmox/vars/main.yml @@ -20,6 +20,12 @@ linux_proxmox_role_repos: pmg_no_subscription: repo: "deb {{ linux_proxmox_repo_url_no_subscription }}/pmg {{ ansible_distribution_release }} pmg-no-subscription" filename: pmg-no-subscription + ceph_pacific_enterprise: + repo: "deb {{ linux_proxmox_repo_url_enterprise }}/ceph-pacific {{ ansible_distribution_release }} enterprise" + filename: ceph + ceph_pacific_no_subscription: + repo: "deb {{ linux_proxmox_repo_url_no_subscription }}/ceph-pacific {{ ansible_distribution_release }} no-subscription" + filename: ceph ceph_quincy_enterprise: repo: "deb {{ linux_proxmox_repo_url_enterprise }}/ceph-quincy {{ ansible_distribution_release }} enterprise" filename: ceph