ansible_plays/versionlock
1
0
Fork 0
Code Pull Requests Activity

initial

Browse Source
This commit is contained in:
Chris Hammer 2025-03-25 21:31:23 -04:00
commit 1570008cfc
9 changed files with 327 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.ansible-lint Normal file
View File

@ -0,0 +1,5 @@
skip_list:
- yaml[colons]
- yaml[empty-lines]
- yaml[line-length]
- no-changed-when

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
collections
deprecated
kernel_notes.md
versionlock.md

22
ansible.cfg Normal file
View File

@ -0,0 +1,22 @@
[defaults]
inventory = hosts
roles_path = roles
collections_path = collections
remote_tmp = /tmp/.ansible-${USER}/tmp
gathering = smart
gather_timeout = 600
fact_caching = jsonfile
fact_caching_connection = /tmp/.ansible_facts
fact_caching_timeout = 300
retry_files_enabled = false
forks = 40
timeout = 30
host_key_checking = false
display_skipped_hosts = false
deprecation_warnings = false
callbacks_enabled = ansible.posix.profile_tasks, ansible.posix.timer
[ssh_connection]
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey

5
hosts Normal file
View File

@ -0,0 +1,5 @@
[temp]
ipu-test-1 ansible_host=10.10.42.186
[temp:vars]
ansible_user=root

9
requirements.yml Normal file
View File

@ -0,0 +1,9 @@
---
collections:
- name: community.general
version: 8.4.0
- name: ansible.posix
version: 1.5.4
...

49
tasks/versionlock_package.yml Normal file
View File

@ -0,0 +1,49 @@
---
# Conditions:
# - versionlock doesnt exist for pkg ***
# - add versionlock
# - versionlock exists for pkg and version matches ***
# - move on
# - versionlock exists for pkg and version mismatch ***
# - clear current lock
# - add new lock for new version
# - pkg doesnt exist ***
# - fail with message stating to check pkg name/version
#
# Package examples:
# - httpd-2.4.6-18.el7_0
# - httpd-tools-2.4.6-18.el7_0
###############################################################################
- name: Set package name fact
ansible.builtin.set_fact:
r_pkg_name: "{{ item | regex_replace('^(.*?)-\\d+.*?$', '\\1') }}"
- name: "Check if versionlock currently exists: {{ r_pkg_name }}"
ansible.builtin.command:
cmd: "grep '^0:{{ r_pkg_name }}-[[:digit:]]' /etc/yum/pluginconf.d/versionlock.list"
failed_when: r_versionlock_check['rc'] not in [0, 1]
changed_when: false
register: r_versionlock_check
- name: "Clear existing lock due to version mismatch: {{ item }}" # noqa: command-instead-of-module
ansible.builtin.command: "yum versionlock delete '{{ r_versionlock_check['stdout'] }}'"
register: r_versionlock_delete
when:
- r_versionlock_check['rc'] == 0
- item not in r_versionlock_check['stdout']
- name: "Add versionlock"
when:
- r_versionlock_check['rc'] == 1 or
r_versionlock_delete['changed'] | default(false) | bool
block:
- name: "Add versionlock: {{ item }}" # noqa: command-instead-of-module
ansible.builtin.command: "yum versionlock {{ item }}"
changed_when: "'versionlock added: 1' in r_versionlock_pkg['stdout']"
failed_when: "'versionlock added: 0' in r_versionlock_pkg['stdout']"
register: r_versionlock_pkg
rescue:
- name: Failed to add versionlock
ansible.builtin.fail:
msg: "Failed to add versionlock for item: {{ item }}. Please re-check package name/version."

93
versionlock copy 2.yml Normal file
View File

@ -0,0 +1,93 @@
---
- name: Version Lock
hosts: temp
become: false
gather_facts: false
vars:
leapp_role_dependencies:
- httpd-2.4.6-17.el7
- httpd-tools-2.4.6-17.el7
- leapp-0.17.0-2.el7_9
- leapp-upgrade-el7toel8-0.20.0-13.el7_9
- leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9
- leapp-deps-0.17.0-2.el7_9
- python2-leapp-0.17.0-2.el7_9
# - broken-pkg-foo-1.2.3.el7
leapp_all_packages:
- httpd-*
- leapp-*
- python2-leapp
tasks:
- name: Remove Leapp if requested or if required files are not present
block:
- name: Trigger re-install if requested
ansible.builtin.fail:
when: perform_leapp_reinstall | default(false) | bool
# - name: Check /etc/leapp/files
# ansible.builtin.find:
# paths: /etc/leapp/files
# register: etc_leapp
# - name: List out files
# ansible.builtin.set_fact:
# etc_leapp_files: >-
# {{ etc_leapp['files'] | map(attribute='path') | map('basename') }}
# - name: Fail if neither version of the device driver json exists
# ansible.builtin.fail:
# when:
# - "'device_driver_data.json' not in etc_leapp_files"
# - "'device_driver_deprecation_data.json' not in etc_leapp_files"
# - name: Fail if pes or repomap jsons do not exist
# ansible.builtin.assert:
# that:
# - "'pes-events.json' in etc_leapp_files"
# - "'repomap.json' in etc_leapp_files"
rescue:
# - name: Ensure dependencies and verionlocks are removed for fresh install
# block:
# - name: Ensure leapp dependencies are removed for fresh install
# ansible.builtin.yum:
# name: "{{ leapp_all_packages }}"
# state: absent
# autoremove: true
# - name: Ensure versionlocks are removed # noqa: command-instead-of-module
# ansible.builtin.command: "yum versionlock delete {{ leapp_all_packages | join(' ') }}"
# failed_when: r_versionlock_remove['rc'] not in [0, 1]
# changed_when: r_versionlock_remove['rc'] == 0
# ignore_errors: true
# register: r_versionlock_remove
- name: Ensure versionlocks are removed # noqa: command-instead-of-module
ansible.builtin.command: "yum versionlock delete '{{ item }}'"
failed_when: r_versionlock_remove['rc'] not in [0, 1]
changed_when: r_versionlock_remove['rc'] == 0
ignore_errors: true
register: r_versionlock_remove
loop: "{{ leapp_all_packages }}"
- name: End host
ansible.builtin.meta: end_host
- name: Ensure yum-plugin-versionlock is present
ansible.builtin.yum:
name: yum-plugin-versionlock
state: present
- name: Check provided list of packages and versionlock as needed
ansible.builtin.include_tasks: tasks/lock_pkg.yml
loop: "{{ leapp_role_dependencies }}"
- name: Ensure dependencies are installed
ansible.builtin.yum:
name: "{{ leapp_role_dependencies }}"
state: present
allow_downgrade: true

58
versionlock copy.yml Normal file
View File

@ -0,0 +1,58 @@
---
- name: Version Lock
hosts: temp
become: false
gather_facts: false
vars:
lock_pkgs:
- httpd-2.4.6-17.el7
- httpd-tools-2.4.6-17.el7
- leapp-0.17.0-2.el7_9
- leapp-upgrade-el7toel8-0.20.0-13.el7_9
- leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9
- leapp-deps-0.17.0-2.el7_9
- python2-leapp-0.17.0-2.el7_9
# - broken-pkg-foo-1.2.3.el7
all_pkgs:
- httpd-*
- leapp-*
- python2-leapp
tasks:
- name: Ensure dependencies and verionlocks are removed for fresh install
when:
- remove_deps | default(false) | bool
block:
- name: Ensure dependencies are removed for fresh install
ansible.builtin.yum:
name: "{{ all_pkgs }}"
state: absent
autoremove: true
- name: Ensure versionlocks are removed # noqa: command-instead-of-module
ansible.builtin.command: "yum versionlock delete '{{ item }}'"
failed_when: r_versionlock_delete['rc'] not in [0, 1]
changed_when: r_versionlock_delete['rc'] == 0
ignore_errors: true
register: r_versionlock_delete
loop: "{{ all_pkgs }}"
- name: End host
ansible.builtin.meta: end_host
- name: Ensure yum-plugin-versionlock is present
ansible.builtin.yum:
name: yum-plugin-versionlock
state: present
- name: Check provided list of packages and versionlock as needed
ansible.builtin.include_tasks: tasks/lock_pkg.yml
loop: "{{ lock_pkgs }}"
- name: Ensure dependencies are installed
ansible.builtin.yum:
name: "{{ lock_pkgs }}"
state: present
allow_downgrade: true

82
versionlock.yml Normal file
View File

@ -0,0 +1,82 @@
---
- name: Version Lock
hosts: temp
become: false
gather_facts: false
vars:
leapp_role_dependencies:
- leapp-0.17.0-2.el7_9
- leapp-upgrade-el7toel8-0.20.0-13.el7_9
- leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9
- leapp-deps-0.17.0-2.el7_9
- python2-leapp-0.17.0-2.el7_9
- kernel-3.10.0-1160.90.1.el7
- httpd-2.4.6-17.el7
- httpd-tools-2.4.6-17.el7
# - broken-pkg-foo-1.2.3.el7
leapp_all_packages:
- httpd-*
- leapp-*
- python2-leapp
tasks:
- name: Remove Leapp if requested or if required files are not present
block:
- name: Trigger re-install if requested
ansible.builtin.fail:
when: perform_leapp_reinstall | default(false) | bool
- name: Check /etc/leapp/files
ansible.builtin.find:
paths: /etc/leapp/files
register: etc_leapp
- name: List out files
ansible.builtin.set_fact:
etc_leapp_files: >-
{{ etc_leapp['files'] | map(attribute='path') | map('basename') }}
- name: Fail if neither version of the device driver json exists
ansible.builtin.fail:
when:
- "'device_driver_data.json' not in etc_leapp_files"
- "'device_driver_deprecation_data.json' not in etc_leapp_files"
- name: Fail if pes or repomap jsons do not exist
ansible.builtin.assert:
that:
- "'pes-events.json' in etc_leapp_files"
- "'repomap.json' in etc_leapp_files"
rescue:
- name: Ensure dependencies and verionlocks are removed for fresh install
block:
- name: Ensure leapp dependencies are removed for fresh install
ansible.builtin.yum:
name: "{{ leapp_all_packages }}"
state: absent
autoremove: true
- name: Ensure versionlocks are removed # noqa: command-instead-of-module
ansible.builtin.command: "yum versionlock delete {{ leapp_all_packages | join(' ') }}"
failed_when: r_versionlock_remove['rc'] not in [0, 1]
changed_when: r_versionlock_remove['rc'] == 0
ignore_errors: true
register: r_versionlock_remove
- name: Ensure yum-plugin-versionlock is present
ansible.builtin.yum:
name: yum-plugin-versionlock
state: present
- name: Check provided list of packages and versionlock as needed
ansible.builtin.include_tasks: tasks/versionlock_package.yml
loop: "{{ leapp_role_dependencies }}"
- name: Ensure dependencies are installed
ansible.builtin.yum:
name: "{{ leapp_role_dependencies }}"
state: present
allow_downgrade: true