From 1cd10ca22c34cb91bad115a9094327365b1a3008 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Tue, 10 Dec 2024 11:58:06 -0500 Subject: [PATCH 1/2] Revert "Update edpm_bootstrap for bootc" bootc support is reverted from main. A bootc feature branch for this work will be used instead. This reverts commit 129dea29cc6cdccfabd05a58c57f92eddd1f3f88. --- .../tasks/bootstrap-common-post-packages.yml | 59 ---------- .../tasks/bootstrap-common-pre-packages.yml | 61 ---------- roles/edpm_bootstrap/tasks/bootstrap.yml | 106 +++++++++++++++--- roles/edpm_bootstrap/tasks/main.yml | 9 +- 4 files changed, 94 insertions(+), 141 deletions(-) delete mode 100644 roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml delete mode 100644 roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml diff --git a/roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml b/roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml deleted file mode 100644 index a56beb136..000000000 --- a/roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -# Copyright 2024 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Set selinux state - ansible.posix.selinux: - policy: targeted - state: "{{ edpm_bootstrap_selinux_mode }}" - become: true - -- name: Stop NetworkManager from updating resolv.conf - when: ( edpm_bootstrap_network_service == 'NetworkManager' ) and ( not edpm_bootstrap_network_resolvconf_update ) - become: true - block: - - name: Set 'dns=none' in /etc/NetworkManager/NetworkManager.conf - community.general.ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: dns - value: none - backup: true - mode: '0644' - - name: Set 'rc-manager=unmanaged' in /etc/NetworkManager/NetworkManager.conf - community.general.ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: rc-manager - value: unmanaged - backup: true - mode: '0644' - - name: Reload NetworkManager - ansible.builtin.systemd: - name: NetworkManager - state: reloaded - -- name: Stop dhclient from updating resolv.conf - become: true - ansible.builtin.copy: - dest: /etc/dhcp/dhclient-enter-hooks - mode: "0755" - content: | - #!/bin/sh - make_resolv_conf() { : ; } diff --git a/roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml b/roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml deleted file mode 100644 index cbfea2cb6..000000000 --- a/roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -# Copyright 2024 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Ensure /var/log/journal exists - ansible.builtin.file: - path: /var/log/journal - state: directory - mode: '0750' - owner: root - group: root - setype: var_log_t - become: true - -- name: Gather services facts - ansible.builtin.service_facts: - -- name: Print cloud-init service status - ansible.builtin.debug: - var: ansible_facts.services["cloud-init.service"] - -- name: Check if cloud-init is disabled via kernel args - ansible.builtin.lineinfile: - path: /proc/cmdline - line: "cloud-init=disabled" - state: present - check_mode: true - register: cloud_init_vendor_disabled - -- name: Wait for cloud-init to finish, if enabled - community.general.cloud_init_data_facts: - filter: status - register: res - until: > - res.cloud_init_data_facts.status.v1.stage is defined and - not res.cloud_init_data_facts.status.v1.stage - retries: 50 - delay: 5 - when: - - not ansible_check_mode - - ansible_facts.services["cloud-init.service"] is defined - - ansible_facts.services["cloud-init.service"]["status"] != "not-found" - - ansible_facts.services["cloud-init.service"]["state"] == "running" - - ansible_facts.services["cloud-init.service"]["status"] == "enabled" - - cloud_init_vendor_disabled is changed - become: true - -- name: Execute bootstrap command - ansible.builtin.import_tasks: bootstrap_command.yml diff --git a/roles/edpm_bootstrap/tasks/bootstrap.yml b/roles/edpm_bootstrap/tasks/bootstrap.yml index 8a32403c1..d10a02684 100644 --- a/roles/edpm_bootstrap/tasks/bootstrap.yml +++ b/roles/edpm_bootstrap/tasks/bootstrap.yml @@ -14,24 +14,102 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Import edpm_bootc role - ansible.builtin.import_role: - name: edpm_bootc +- name: Ensure /var/log/journal exists + ansible.builtin.file: + path: /var/log/journal + state: directory + mode: '0750' + owner: root + group: root + setype: var_log_t + become: true -- name: Import common pre packages tasks - ansible.builtin.import_tasks: bootstrap-common-pre-packages.yml +- name: Gather services facts + ansible.builtin.service_facts: -- name: Include packages tasks - ansible.builtin.include_tasks: packages.yml - when: not bootc +- name: Print cloud-init service status + ansible.builtin.debug: + var: ansible_facts.services["cloud-init.service"] -- name: Import common post packages tasks - ansible.builtin.import_tasks: bootstrap-common-post-packages.yml +- name: Check if cloud-init is disabled via kernel args + ansible.builtin.lineinfile: + path: /proc/cmdline + line: "cloud-init=disabled" + state: present + check_mode: true + register: cloud_init_vendor_disabled -- name: Include swap tasks - ansible.builtin.include_tasks: swap.yml - when: not bootc +- name: Wait for cloud-init to finish, if enabled + community.general.cloud_init_data_facts: + filter: status + register: res + until: > + res.cloud_init_data_facts.status.v1.stage is defined and + not res.cloud_init_data_facts.status.v1.stage + retries: 50 + delay: 5 + when: + - not ansible_check_mode + - ansible_facts.services["cloud-init.service"] is defined + - ansible_facts.services["cloud-init.service"]["status"] != "not-found" + - ansible_facts.services["cloud-init.service"]["state"] == "running" + - ansible_facts.services["cloud-init.service"]["status"] == "enabled" + - cloud_init_vendor_disabled is changed + become: true -- name: Import FIPS tasks +- name: Execute bootstrap command + ansible.builtin.import_tasks: bootstrap_command.yml + +- name: Import packages tasks + ansible.builtin.import_tasks: packages.yml + +- name: Set selinux state + ansible.posix.selinux: + policy: targeted + state: "{{ edpm_bootstrap_selinux_mode }}" + become: true + +- name: Stop NetworkManager from updating resolv.conf + when: ( edpm_bootstrap_network_service == 'NetworkManager' ) and ( not edpm_bootstrap_network_resolvconf_update ) + become: true + block: + - name: Set 'dns=none' in /etc/NetworkManager/NetworkManager.conf + community.general.ini_file: + path: /etc/NetworkManager/NetworkManager.conf + state: present + no_extra_spaces: true + section: main + option: dns + value: none + backup: true + mode: '0644' + - name: Set 'rc-manager=unmanaged' in /etc/NetworkManager/NetworkManager.conf + community.general.ini_file: + path: /etc/NetworkManager/NetworkManager.conf + state: present + no_extra_spaces: true + section: main + option: rc-manager + value: unmanaged + backup: true + mode: '0644' + - name: Reload NetworkManager + ansible.builtin.systemd: + name: NetworkManager + state: reloaded + +- name: Stop dhclient from updating resolv.conf + become: true + ansible.builtin.copy: + dest: /etc/dhcp/dhclient-enter-hooks + mode: "0755" + content: | + #!/bin/sh + make_resolv_conf() { : ; } + +- name: Configure swap + ansible.builtin.import_tasks: swap.yml + +- name: FIPS tasks ansible.builtin.import_tasks: fips.yml when: edpm_bootstrap_fips_mode != 'check' diff --git a/roles/edpm_bootstrap/tasks/main.yml b/roles/edpm_bootstrap/tasks/main.yml index a374207b0..1d10a7e3c 100644 --- a/roles/edpm_bootstrap/tasks/main.yml +++ b/roles/edpm_bootstrap/tasks/main.yml @@ -14,13 +14,8 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Import edpm_bootc role - ansible.builtin.import_role: - name: edpm_bootc - -- name: Include download_cache tasks - ansible.builtin.include_tasks: download_cache.yml - when: not bootc +- name: Import download_cache tasks + ansible.builtin.import_tasks: download_cache.yml - name: Import bootstrap tasks ansible.builtin.import_tasks: bootstrap.yml From 786e7ee5f469b6b0bf256ff5b062fb45dee44e22 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Tue, 10 Dec 2024 11:59:00 -0500 Subject: [PATCH 2/2] Revert "Add edpm_bootc role" bootc support is reverted from main. A bootc feature branch for this work will be used instead. This reverts commit 8666a9845c40ca75fba7298d5840de1692518ac9. --- roles/edpm_bootc/files/.gitkeep | 0 roles/edpm_bootc/meta/argument_specs.yml | 7 --- roles/edpm_bootc/meta/main.yml | 43 ------------------- .../molecule/default/collections.yml | 3 -- .../edpm_bootc/molecule/default/converge.yml | 21 --------- .../edpm_bootc/molecule/default/molecule.yml | 30 ------------- roles/edpm_bootc/molecule/default/prepare.yml | 22 ---------- roles/edpm_bootc/tasks/main.yml | 24 ----------- 8 files changed, 150 deletions(-) delete mode 100644 roles/edpm_bootc/files/.gitkeep delete mode 100644 roles/edpm_bootc/meta/argument_specs.yml delete mode 100644 roles/edpm_bootc/meta/main.yml delete mode 100644 roles/edpm_bootc/molecule/default/collections.yml delete mode 100644 roles/edpm_bootc/molecule/default/converge.yml delete mode 100644 roles/edpm_bootc/molecule/default/molecule.yml delete mode 100644 roles/edpm_bootc/molecule/default/prepare.yml delete mode 100644 roles/edpm_bootc/tasks/main.yml diff --git a/roles/edpm_bootc/files/.gitkeep b/roles/edpm_bootc/files/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/roles/edpm_bootc/meta/argument_specs.yml b/roles/edpm_bootc/meta/argument_specs.yml deleted file mode 100644 index 03f1cdc9c..000000000 --- a/roles/edpm_bootc/meta/argument_specs.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -argument_specs: - # ./roles/edpm_bootc/tasks/main.yml entry point - main: - short_description: The main entry point for the edpm_bootc role. - description: Multiple lines description - options: {} diff --git a/roles/edpm_bootc/meta/main.yml b/roles/edpm_bootc/meta/main.yml deleted file mode 100644 index 3c288cc28..000000000 --- a/roles/edpm_bootc/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2024 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: EDPM OpenStack Role -- edpm_bootc - company: Red Hat - license: Apache-2.0 - min_ansible_version: '2.14' - namespace: osp - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: 'EL' - versions: - - '8' - - '9' - - galaxy_tags: - - edpm - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/roles/edpm_bootc/molecule/default/collections.yml b/roles/edpm_bootc/molecule/default/collections.yml deleted file mode 100644 index 424ad60b8..000000000 --- a/roles/edpm_bootc/molecule/default/collections.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -collections: -- name: community.general diff --git a/roles/edpm_bootc/molecule/default/converge.yml b/roles/edpm_bootc/molecule/default/converge.yml deleted file mode 100644 index 7e69c510c..000000000 --- a/roles/edpm_bootc/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2024 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: "edpm_bootc" diff --git a/roles/edpm_bootc/molecule/default/molecule.yml b/roles/edpm_bootc/molecule/default/molecule.yml deleted file mode 100644 index 9b9dc5722..000000000 --- a/roles/edpm_bootc/molecule/default/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependency: - name: galaxy - options: - role-file: collections.yml -driver: - name: podman -platforms: -- command: /sbin/init - dockerfile: ../../../../molecule/common/Containerfile.j2 - image: ${EDPM_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} - name: instance - privileged: true - registry: - url: ${EDPM_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} - ulimits: - - host -provisioner: - log: true - name: ansible -scenario: - test_sequence: - - dependency - - destroy - - create - - prepare - - converge - - destroy -verifier: - name: ansible diff --git a/roles/edpm_bootc/molecule/default/prepare.yml b/roles/edpm_bootc/molecule/default/prepare.yml deleted file mode 100644 index 0605adf7e..000000000 --- a/roles/edpm_bootc/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2024 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: ../../../../molecule/common/test_deps - - role: env_data diff --git a/roles/edpm_bootc/tasks/main.yml b/roles/edpm_bootc/tasks/main.yml deleted file mode 100644 index 7ba9cf3bc..000000000 --- a/roles/edpm_bootc/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# Copyright 2024 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Check for /bin/bootc - ansible.builtin.stat: - path: /bin/bootc - register: bootc_stat - -- name: Set fact for bootc - ansible.builtin.set_fact: - bootc: "{{ bootc_stat.stat.exists }}"