diff --git a/roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml b/roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml new file mode 100644 index 000000000..e2ae66666 --- /dev/null +++ b/roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml @@ -0,0 +1,60 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Set selinux state + ansible.posix.selinux: + policy: targeted + state: "{{ edpm_bootstrap_selinux_mode }}" + become: true + +- name: Stop NetworkManager from updating resolv.conf + when: ( edpm_bootstrap_network_service == 'NetworkManager' ) and ( not edpm_bootstrap_network_resolvconf_update ) + become: true + block: + - name: Set 'dns=none' in /etc/NetworkManager/NetworkManager.conf + community.general.ini_file: + path: /etc/NetworkManager/NetworkManager.conf + state: present + no_extra_spaces: true + section: main + option: dns + value: none + backup: true + mode: '0644' + - name: Set 'rc-manager=unmanaged' in /etc/NetworkManager/NetworkManager.conf + community.general.ini_file: + path: /etc/NetworkManager/NetworkManager.conf + state: present + no_extra_spaces: true + section: main + option: rc-manager + value: unmanaged + backup: true + mode: '0644' + - name: Reload NetworkManager + ansible.builtin.systemd: + name: NetworkManager + state: reloaded + +- name: Stop dhclient from updating resolv.conf + become: true + ansible.builtin.copy: + dest: /etc/dhcp/dhclient-enter-hooks + mode: "0755" + content: | + #!/bin/sh + make_resolv_conf() { : ; } + diff --git a/roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml b/roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml new file mode 100644 index 000000000..f3392366c --- /dev/null +++ b/roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml @@ -0,0 +1,62 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Ensure /var/log/journal exists + ansible.builtin.file: + path: /var/log/journal + state: directory + mode: '0750' + owner: root + group: root + setype: var_log_t + become: true + +- name: Gather services facts + ansible.builtin.service_facts: + +- name: Print cloud-init service status + ansible.builtin.debug: + var: ansible_facts.services["cloud-init.service"] + +- name: Check if cloud-init is disabled via kernel args + ansible.builtin.lineinfile: + path: /proc/cmdline + line: "cloud-init=disabled" + state: present + check_mode: true + register: cloud_init_vendor_disabled + +- name: Wait for cloud-init to finish, if enabled + community.general.cloud_init_data_facts: + filter: status + register: res + until: > + res.cloud_init_data_facts.status.v1.stage is defined and + not res.cloud_init_data_facts.status.v1.stage + retries: 50 + delay: 5 + when: + - not ansible_check_mode + - ansible_facts.services["cloud-init.service"] is defined + - ansible_facts.services["cloud-init.service"]["status"] != "not-found" + - ansible_facts.services["cloud-init.service"]["state"] == "running" + - ansible_facts.services["cloud-init.service"]["status"] == "enabled" + - cloud_init_vendor_disabled is changed + become: true + +- name: Execute bootstrap command + ansible.builtin.import_tasks: bootstrap_command.yml + diff --git a/roles/edpm_bootstrap/tasks/bootstrap.yml b/roles/edpm_bootstrap/tasks/bootstrap.yml index d10a02684..8a32403c1 100644 --- a/roles/edpm_bootstrap/tasks/bootstrap.yml +++ b/roles/edpm_bootstrap/tasks/bootstrap.yml @@ -14,102 +14,24 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Ensure /var/log/journal exists - ansible.builtin.file: - path: /var/log/journal - state: directory - mode: '0750' - owner: root - group: root - setype: var_log_t - become: true +- name: Import edpm_bootc role + ansible.builtin.import_role: + name: edpm_bootc -- name: Gather services facts - ansible.builtin.service_facts: +- name: Import common pre packages tasks + ansible.builtin.import_tasks: bootstrap-common-pre-packages.yml -- name: Print cloud-init service status - ansible.builtin.debug: - var: ansible_facts.services["cloud-init.service"] +- name: Include packages tasks + ansible.builtin.include_tasks: packages.yml + when: not bootc -- name: Check if cloud-init is disabled via kernel args - ansible.builtin.lineinfile: - path: /proc/cmdline - line: "cloud-init=disabled" - state: present - check_mode: true - register: cloud_init_vendor_disabled +- name: Import common post packages tasks + ansible.builtin.import_tasks: bootstrap-common-post-packages.yml -- name: Wait for cloud-init to finish, if enabled - community.general.cloud_init_data_facts: - filter: status - register: res - until: > - res.cloud_init_data_facts.status.v1.stage is defined and - not res.cloud_init_data_facts.status.v1.stage - retries: 50 - delay: 5 - when: - - not ansible_check_mode - - ansible_facts.services["cloud-init.service"] is defined - - ansible_facts.services["cloud-init.service"]["status"] != "not-found" - - ansible_facts.services["cloud-init.service"]["state"] == "running" - - ansible_facts.services["cloud-init.service"]["status"] == "enabled" - - cloud_init_vendor_disabled is changed - become: true +- name: Include swap tasks + ansible.builtin.include_tasks: swap.yml + when: not bootc -- name: Execute bootstrap command - ansible.builtin.import_tasks: bootstrap_command.yml - -- name: Import packages tasks - ansible.builtin.import_tasks: packages.yml - -- name: Set selinux state - ansible.posix.selinux: - policy: targeted - state: "{{ edpm_bootstrap_selinux_mode }}" - become: true - -- name: Stop NetworkManager from updating resolv.conf - when: ( edpm_bootstrap_network_service == 'NetworkManager' ) and ( not edpm_bootstrap_network_resolvconf_update ) - become: true - block: - - name: Set 'dns=none' in /etc/NetworkManager/NetworkManager.conf - community.general.ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: dns - value: none - backup: true - mode: '0644' - - name: Set 'rc-manager=unmanaged' in /etc/NetworkManager/NetworkManager.conf - community.general.ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: rc-manager - value: unmanaged - backup: true - mode: '0644' - - name: Reload NetworkManager - ansible.builtin.systemd: - name: NetworkManager - state: reloaded - -- name: Stop dhclient from updating resolv.conf - become: true - ansible.builtin.copy: - dest: /etc/dhcp/dhclient-enter-hooks - mode: "0755" - content: | - #!/bin/sh - make_resolv_conf() { : ; } - -- name: Configure swap - ansible.builtin.import_tasks: swap.yml - -- name: FIPS tasks +- name: Import FIPS tasks ansible.builtin.import_tasks: fips.yml when: edpm_bootstrap_fips_mode != 'check' diff --git a/roles/edpm_bootstrap/tasks/download_cache.yml b/roles/edpm_bootstrap/tasks/download_cache.yml index 930c1ad38..3ca5264ad 100644 --- a/roles/edpm_bootstrap/tasks/download_cache.yml +++ b/roles/edpm_bootstrap/tasks/download_cache.yml @@ -7,37 +7,39 @@ - "distribution" when: "'distribution' not in ansible_facts" -- name: Download needed packages - ansible.builtin.dnf: - name: "{{ edpm_bootstrap_packages_bootstrap }}" - download_only: true - become: true - register: edpm_bootstrap_packages_bootstrap_download - until: edpm_bootstrap_packages_bootstrap_download is succeeded - retries: "{{ edpm_bootstrap_download_retries }}" - delay: "{{ edpm_bootstrap_download_delay }}" +- name: edpm_bootstrap download cache block + block: + - name: Download needed packages + ansible.builtin.dnf: + name: "{{ edpm_bootstrap_packages_bootstrap }}" + download_only: true + become: true + register: edpm_bootstrap_packages_bootstrap_download + until: edpm_bootstrap_packages_bootstrap_download is succeeded + retries: "{{ edpm_bootstrap_download_retries }}" + delay: "{{ edpm_bootstrap_download_delay }}" -- name: Download legacy network service package - when: - - (edpm_bootstrap_legacy_network_packages | length) > 0 - ansible.builtin.dnf: - name: "{{ edpm_bootstrap_legacy_network_packages }}" - download_only: true - become: true - register: edpm_bootstrap_legacy_network_packages_download - until: edpm_bootstrap_legacy_network_packages_download is succeeded - retries: "{{ edpm_bootstrap_download_retries }}" - delay: "{{ edpm_bootstrap_download_delay }}" + - name: Download legacy network service package + when: + - (edpm_bootstrap_legacy_network_packages | length) > 0 + ansible.builtin.dnf: + name: "{{ edpm_bootstrap_legacy_network_packages }}" + download_only: true + become: true + register: edpm_bootstrap_legacy_network_packages_download + until: edpm_bootstrap_legacy_network_packages_download is succeeded + retries: "{{ edpm_bootstrap_download_retries }}" + delay: "{{ edpm_bootstrap_download_delay }}" -- name: Download release version package - when: - - (ansible_facts['distribution'] | lower) == 'redhat' - - (edpm_bootstrap_release_version_package | list | length) > 0 - ansible.builtin.dnf: - name: "{{ edpm_bootstrap_release_version_package }}" - download_only: true - become: true - register: edpm_bootstrap_release_version_package_download - until: edpm_bootstrap_release_version_package_download is succeeded - retries: "{{ edpm_bootstrap_download_retries }}" - delay: "{{ edpm_bootstrap_download_delay }}" + - name: Download release version package + when: + - (ansible_facts['distribution'] | lower) == 'redhat' + - (edpm_bootstrap_release_version_package | list | length) > 0 + ansible.builtin.dnf: + name: "{{ edpm_bootstrap_release_version_package }}" + download_only: true + become: true + register: edpm_bootstrap_release_version_package_download + until: edpm_bootstrap_release_version_package_download is succeeded + retries: "{{ edpm_bootstrap_download_retries }}" + delay: "{{ edpm_bootstrap_download_delay }}" diff --git a/roles/edpm_bootstrap/tasks/main.yml b/roles/edpm_bootstrap/tasks/main.yml index 1d10a7e3c..a374207b0 100644 --- a/roles/edpm_bootstrap/tasks/main.yml +++ b/roles/edpm_bootstrap/tasks/main.yml @@ -14,8 +14,13 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Import download_cache tasks - ansible.builtin.import_tasks: download_cache.yml +- name: Import edpm_bootc role + ansible.builtin.import_role: + name: edpm_bootc + +- name: Include download_cache tasks + ansible.builtin.include_tasks: download_cache.yml + when: not bootc - name: Import bootstrap tasks ansible.builtin.import_tasks: bootstrap.yml