From 1570008cfc7146acef0845aa96035fd71fca59f5 Mon Sep 17 00:00:00 2001 From: Chris Hammer Date: Tue, 25 Mar 2025 21:31:23 -0400 Subject: [PATCH] initial --- .ansible-lint | 5 ++ .gitignore | 4 ++ ansible.cfg | 22 +++++++++ hosts | 5 ++ requirements.yml | 9 ++++ tasks/versionlock_package.yml | 49 ++++++++++++++++++ versionlock copy 2.yml | 93 +++++++++++++++++++++++++++++++++++ versionlock copy.yml | 58 ++++++++++++++++++++++ versionlock.yml | 82 ++++++++++++++++++++++++++++++ 9 files changed, 327 insertions(+) create mode 100644 .ansible-lint create mode 100644 .gitignore create mode 100644 ansible.cfg create mode 100644 hosts create mode 100644 requirements.yml create mode 100644 tasks/versionlock_package.yml create mode 100644 versionlock copy 2.yml create mode 100644 versionlock copy.yml create mode 100644 versionlock.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..b6d3809 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,5 @@ +skip_list: + - yaml[colons] + - yaml[empty-lines] + - yaml[line-length] + - no-changed-when diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c83c375 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +collections +deprecated +kernel_notes.md +versionlock.md diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..3e465bb --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,22 @@ +[defaults] +inventory = hosts +roles_path = roles +collections_path = collections +remote_tmp = /tmp/.ansible-${USER}/tmp +gathering = smart +gather_timeout = 600 +fact_caching = jsonfile +fact_caching_connection = /tmp/.ansible_facts +fact_caching_timeout = 300 +retry_files_enabled = false +forks = 40 +timeout = 30 +host_key_checking = false +display_skipped_hosts = false +deprecation_warnings = false +callbacks_enabled = ansible.posix.profile_tasks, ansible.posix.timer + +[ssh_connection] +pipelining = True +ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey + diff --git a/hosts b/hosts new file mode 100644 index 0000000..9d2815f --- /dev/null +++ b/hosts @@ -0,0 +1,5 @@ +[temp] +ipu-test-1 ansible_host=10.10.42.186 + +[temp:vars] +ansible_user=root diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..adc7d8c --- /dev/null +++ b/requirements.yml @@ -0,0 +1,9 @@ +--- +collections: + - name: community.general + version: 8.4.0 + + - name: ansible.posix + version: 1.5.4 + +... diff --git a/tasks/versionlock_package.yml b/tasks/versionlock_package.yml new file mode 100644 index 0000000..9aa100e --- /dev/null +++ b/tasks/versionlock_package.yml @@ -0,0 +1,49 @@ +--- +# Conditions: +# - versionlock doesnt exist for pkg *** +# - add versionlock +# - versionlock exists for pkg and version matches *** +# - move on +# - versionlock exists for pkg and version mismatch *** +# - clear current lock +# - add new lock for new version +# - pkg doesnt exist *** +# - fail with message stating to check pkg name/version +# +# Package examples: +# - httpd-2.4.6-18.el7_0 +# - httpd-tools-2.4.6-18.el7_0 +############################################################################### + +- name: Set package name fact + ansible.builtin.set_fact: + r_pkg_name: "{{ item | regex_replace('^(.*?)-\\d+.*?$', '\\1') }}" + +- name: "Check if versionlock currently exists: {{ r_pkg_name }}" + ansible.builtin.command: + cmd: "grep '^0:{{ r_pkg_name }}-[[:digit:]]' /etc/yum/pluginconf.d/versionlock.list" + failed_when: r_versionlock_check['rc'] not in [0, 1] + changed_when: false + register: r_versionlock_check + +- name: "Clear existing lock due to version mismatch: {{ item }}" # noqa: command-instead-of-module + ansible.builtin.command: "yum versionlock delete '{{ r_versionlock_check['stdout'] }}'" + register: r_versionlock_delete + when: + - r_versionlock_check['rc'] == 0 + - item not in r_versionlock_check['stdout'] + +- name: "Add versionlock" + when: + - r_versionlock_check['rc'] == 1 or + r_versionlock_delete['changed'] | default(false) | bool + block: + - name: "Add versionlock: {{ item }}" # noqa: command-instead-of-module + ansible.builtin.command: "yum versionlock {{ item }}" + changed_when: "'versionlock added: 1' in r_versionlock_pkg['stdout']" + failed_when: "'versionlock added: 0' in r_versionlock_pkg['stdout']" + register: r_versionlock_pkg + rescue: + - name: Failed to add versionlock + ansible.builtin.fail: + msg: "Failed to add versionlock for item: {{ item }}. Please re-check package name/version." diff --git a/versionlock copy 2.yml b/versionlock copy 2.yml new file mode 100644 index 0000000..b5bf317 --- /dev/null +++ b/versionlock copy 2.yml @@ -0,0 +1,93 @@ +--- +- name: Version Lock + hosts: temp + become: false + gather_facts: false + + vars: + leapp_role_dependencies: + - httpd-2.4.6-17.el7 + - httpd-tools-2.4.6-17.el7 + - leapp-0.17.0-2.el7_9 + - leapp-upgrade-el7toel8-0.20.0-13.el7_9 + - leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9 + - leapp-deps-0.17.0-2.el7_9 + - python2-leapp-0.17.0-2.el7_9 + # - broken-pkg-foo-1.2.3.el7 + + leapp_all_packages: + - httpd-* + - leapp-* + - python2-leapp + + tasks: + - name: Remove Leapp if requested or if required files are not present + block: + - name: Trigger re-install if requested + ansible.builtin.fail: + when: perform_leapp_reinstall | default(false) | bool + + # - name: Check /etc/leapp/files + # ansible.builtin.find: + # paths: /etc/leapp/files + # register: etc_leapp + + # - name: List out files + # ansible.builtin.set_fact: + # etc_leapp_files: >- + # {{ etc_leapp['files'] | map(attribute='path') | map('basename') }} + + # - name: Fail if neither version of the device driver json exists + # ansible.builtin.fail: + # when: + # - "'device_driver_data.json' not in etc_leapp_files" + # - "'device_driver_deprecation_data.json' not in etc_leapp_files" + + # - name: Fail if pes or repomap jsons do not exist + # ansible.builtin.assert: + # that: + # - "'pes-events.json' in etc_leapp_files" + # - "'repomap.json' in etc_leapp_files" + + rescue: + # - name: Ensure dependencies and verionlocks are removed for fresh install + # block: + # - name: Ensure leapp dependencies are removed for fresh install + # ansible.builtin.yum: + # name: "{{ leapp_all_packages }}" + # state: absent + # autoremove: true + + # - name: Ensure versionlocks are removed # noqa: command-instead-of-module + # ansible.builtin.command: "yum versionlock delete {{ leapp_all_packages | join(' ') }}" + # failed_when: r_versionlock_remove['rc'] not in [0, 1] + # changed_when: r_versionlock_remove['rc'] == 0 + # ignore_errors: true + # register: r_versionlock_remove + + - name: Ensure versionlocks are removed # noqa: command-instead-of-module + ansible.builtin.command: "yum versionlock delete '{{ item }}'" + failed_when: r_versionlock_remove['rc'] not in [0, 1] + changed_when: r_versionlock_remove['rc'] == 0 + ignore_errors: true + register: r_versionlock_remove + loop: "{{ leapp_all_packages }}" + + - name: End host + ansible.builtin.meta: end_host + + + - name: Ensure yum-plugin-versionlock is present + ansible.builtin.yum: + name: yum-plugin-versionlock + state: present + + - name: Check provided list of packages and versionlock as needed + ansible.builtin.include_tasks: tasks/lock_pkg.yml + loop: "{{ leapp_role_dependencies }}" + + - name: Ensure dependencies are installed + ansible.builtin.yum: + name: "{{ leapp_role_dependencies }}" + state: present + allow_downgrade: true diff --git a/versionlock copy.yml b/versionlock copy.yml new file mode 100644 index 0000000..19fda47 --- /dev/null +++ b/versionlock copy.yml @@ -0,0 +1,58 @@ +--- +- name: Version Lock + hosts: temp + become: false + gather_facts: false + + vars: + lock_pkgs: + - httpd-2.4.6-17.el7 + - httpd-tools-2.4.6-17.el7 + - leapp-0.17.0-2.el7_9 + - leapp-upgrade-el7toel8-0.20.0-13.el7_9 + - leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9 + - leapp-deps-0.17.0-2.el7_9 + - python2-leapp-0.17.0-2.el7_9 + # - broken-pkg-foo-1.2.3.el7 + + all_pkgs: + - httpd-* + - leapp-* + - python2-leapp + + tasks: + - name: Ensure dependencies and verionlocks are removed for fresh install + when: + - remove_deps | default(false) | bool + block: + - name: Ensure dependencies are removed for fresh install + ansible.builtin.yum: + name: "{{ all_pkgs }}" + state: absent + autoremove: true + + - name: Ensure versionlocks are removed # noqa: command-instead-of-module + ansible.builtin.command: "yum versionlock delete '{{ item }}'" + failed_when: r_versionlock_delete['rc'] not in [0, 1] + changed_when: r_versionlock_delete['rc'] == 0 + ignore_errors: true + register: r_versionlock_delete + loop: "{{ all_pkgs }}" + + - name: End host + ansible.builtin.meta: end_host + + - name: Ensure yum-plugin-versionlock is present + ansible.builtin.yum: + name: yum-plugin-versionlock + state: present + + - name: Check provided list of packages and versionlock as needed + ansible.builtin.include_tasks: tasks/lock_pkg.yml + loop: "{{ lock_pkgs }}" + + - name: Ensure dependencies are installed + ansible.builtin.yum: + name: "{{ lock_pkgs }}" + state: present + allow_downgrade: true diff --git a/versionlock.yml b/versionlock.yml new file mode 100644 index 0000000..a38a0a3 --- /dev/null +++ b/versionlock.yml @@ -0,0 +1,82 @@ +--- +- name: Version Lock + hosts: temp + become: false + gather_facts: false + + vars: + leapp_role_dependencies: + - leapp-0.17.0-2.el7_9 + - leapp-upgrade-el7toel8-0.20.0-13.el7_9 + - leapp-upgrade-el7toel8-deps-0.20.0-13.el7_9 + - leapp-deps-0.17.0-2.el7_9 + - python2-leapp-0.17.0-2.el7_9 + - kernel-3.10.0-1160.90.1.el7 + - httpd-2.4.6-17.el7 + - httpd-tools-2.4.6-17.el7 + # - broken-pkg-foo-1.2.3.el7 + + leapp_all_packages: + - httpd-* + - leapp-* + - python2-leapp + + tasks: + - name: Remove Leapp if requested or if required files are not present + block: + - name: Trigger re-install if requested + ansible.builtin.fail: + when: perform_leapp_reinstall | default(false) | bool + + - name: Check /etc/leapp/files + ansible.builtin.find: + paths: /etc/leapp/files + register: etc_leapp + + - name: List out files + ansible.builtin.set_fact: + etc_leapp_files: >- + {{ etc_leapp['files'] | map(attribute='path') | map('basename') }} + + - name: Fail if neither version of the device driver json exists + ansible.builtin.fail: + when: + - "'device_driver_data.json' not in etc_leapp_files" + - "'device_driver_deprecation_data.json' not in etc_leapp_files" + + - name: Fail if pes or repomap jsons do not exist + ansible.builtin.assert: + that: + - "'pes-events.json' in etc_leapp_files" + - "'repomap.json' in etc_leapp_files" + + rescue: + - name: Ensure dependencies and verionlocks are removed for fresh install + block: + - name: Ensure leapp dependencies are removed for fresh install + ansible.builtin.yum: + name: "{{ leapp_all_packages }}" + state: absent + autoremove: true + + - name: Ensure versionlocks are removed # noqa: command-instead-of-module + ansible.builtin.command: "yum versionlock delete {{ leapp_all_packages | join(' ') }}" + failed_when: r_versionlock_remove['rc'] not in [0, 1] + changed_when: r_versionlock_remove['rc'] == 0 + ignore_errors: true + register: r_versionlock_remove + + - name: Ensure yum-plugin-versionlock is present + ansible.builtin.yum: + name: yum-plugin-versionlock + state: present + + - name: Check provided list of packages and versionlock as needed + ansible.builtin.include_tasks: tasks/versionlock_package.yml + loop: "{{ leapp_role_dependencies }}" + + - name: Ensure dependencies are installed + ansible.builtin.yum: + name: "{{ leapp_role_dependencies }}" + state: present + allow_downgrade: true