system-config/playbooks/roles/install-ansible/tasks/main.yaml

# If install_ansible_version is not defined (note; not *empty*) it
# should be "latest"
- name: Set ansible default version to latest
  set_fact:
    install_ansible_version: latest
  when: install_ansible_version is not defined

# If a version is not explicitly set we want to make sure to
# completely omit the version argument to pip:, as it will be coming
# from the long-form install_ansible_name variable.  Additionally, if
# the version is the special value "latest", then we also want to omit
# any version number, but also set the package state to "latest".
- name: Set ansible version for installation
  set_fact:
    _install_ansible_version: '{{ install_ansible_version }}'
  when: install_ansible_version not in ('', 'latest')

- name: Set ansible package state for installation
  set_fact:
    _install_ansible_state: latest
  when: install_ansible_version == 'latest'

# Since Ansible 2.10 (~2020-08) the devel core package is split into
# "ansible-base".  The PyPi the package "ansible" has everything in it
# (the so called Ansible Community Distribution) but we specifically
# want to test against devel.  However, ARA still depends on the
# "ansible" package -- but we like ARA, because we can see the nested
# runs with it.  To to keep ARA but avoid it bringing in either an old
# version of Ansible, or the ACD, install a dummy package.
- name: Check if running devel branch
  set_fact:
    _install_ansible_from_devel: true
  when: '"github.com/ansible/ansible" in install_ansible_name'

# Since ~2020-11 ansible renamed "ansible-base" to "ansible-core".
# Unfortunately, ansible-base and ansible-core can not live happily
# together.  For testinfra, our tox role pre-installs the requirements
# from tox.ini (ansible-base) but then tries to install siblings (the
# checked out ansible tree, now trying to install the "ansible-core"
# package).  There is no working "ansible-core" package on PyPi, so
# for now we have to switch this out in the tox.ini for the -devel job
# to work.  We can remove this when "ansible-core" is published at an
# appropriate version on PyPi; at that point the checked-out tree can
# override the package in the testing tox venv.
- name: Override ansible-base tox install
  when: '"github.com/ansible/ansible" in install_ansible_name'
  lineinfile:
    path: /home/zuul/src/opendev.org/opendev/system-config/tox.ini
    regexp: '^  ansible-base # see install-ansible/tasks/main\.yaml$'
    line:   '  ansible-core'

- name: Setup Ansible stub for post 2.10 compat
  include_tasks: install_ansible_stub.yaml
  when: _install_ansible_from_devel is defined

# From Ansible 2.10 >= most of the fun stuff is in collections.  Clone
# our required collections here.  Note, in production, we use ACD
# which bundles most of this.
#
# TODO(ianw): we should add these to zuul and link the speculative
# copies into ansible, then we could test changes in the collections!
- name: Install Ansible collections
  include_tasks: install_ansible_collection.yaml
  when: _install_ansible_from_devel is defined
  loop:
    - namespace: ansible
      name: netcommon
      repo: ansible-collections/ansible.netcommon
    - namespace: ansible
      name: posix
      repo: ansible-collections/ansible.posix
    - namespace: community
      name: general
      repo: ansible-collections/community.general
    - namespace: community
      name: crypto
      repo: ansible-collections/community.crypto

- name: Ensure required Ansible build packages for non-wheel architectures
  apt:
    update_cache: yes
    name:
      - libffi-dev
      - libssl-dev
      - build-essential
  when: ansible_architecture == 'aarch64'

- name: Install ansible
  pip:
    name: '{{ install_ansible_name | default("ansible") }}'
    version: '{{ _install_ansible_version | default(omit) }}'
    state: '{{ _install_ansible_state | default(omit) }}'

- name: Ansible version check
  command: 'ansible-playbook --version'
  register: _ansible_version_check

- name: Sanity check Ansible version
  debug:
    msg: '{{ _ansible_version_check.stdout }}'

- name: Ansible cmd version check
  command: 'ansible --version'
  register: _ansible_version_check

- name: Sanity check Ansible version
  debug:
    msg: '{{ _ansible_version_check.stdout }}'

- name: Set up the ARA callback
  include_tasks: install_ara.yaml
  when: install_ansible_ara_enable

# For use by k8s_raw ansible module
# - name: Install openshift client
#   pip:
#     name: 'openshift'
# TODO(corvus): re-add this once kubernetes 9.0.0 is released

# Same version/state default swizzling as described above for
# openstacksdk
- name: Set openstacksdk default version to latest
  set_fact:
    install_ansible_openstacksdk_version: latest
  when: install_ansible_openstacksdk_version is not defined

- name: Set openstacksdk version for installation
  set_fact:
    _install_ansible_openstacksdk_version: '{{ install_ansible_openstacksdk_version }}'
  when: install_ansible_openstacksdk_version not in ('', 'latest')

- name: Set openstacksdk package state for installation
  set_fact:
    _install_openstacksdk_state: latest
  when: install_ansible_openstacksdk_version == 'latest'

- name: Install openstacksdk
  pip:
    name: '{{ install_ansible_openstacksdk_name | default("openstacksdk") }}'
    version: '{{ _install_ansible_openstacksdk_version | default(omit) }}'
    state: '{{ _install_openstacksdk_state | default(omit) }}'

# NOTE(ianw) 2021-03-03 stevedore < 3.3.0 has a bug where it creates a
# constantly expanding set of cache files in
# /root/.cache/python-endpoints when run under ansible in a /tmp
# directory (this happens via cloud-launcher and openstacksdk).
# Ensure the production host is updated, and drop a .disable file
# for good measure
- name: Ensure stevedore >= 3.3.0
  pip:
    name: 'stevedore>=3.3.0'
- name: Add stevedore cache dir
  file:
    path: /root/.cache/python-entrypoints/
    state: directory
    mode: 0700
- name: Add stevedore cache disable file
  file:
    path: /root/.cache/python-entrypoints/.disable
    state: touch
    mode: 0600

- name: Ensure /etc/ansible and /etc/ansible/hosts
  file:
    state: directory
    path: /etc/ansible/hosts

- name: Ensure /etc/ansible/inventory_plugins
  file:
    state: directory
    path: /etc/ansible/inventory_plugins

- name: Ensure /var/cache/ansible
  file:
    state: directory
    path: /var/cache/ansible
    owner: root
    group: root
    mode: 0770

- name: Ensure ansible log dir is writable
  file:
    path: /var/log/ansible
    state: directory
    owner: root
    group: root
    mode: 0775

- name: Copy ansible.cfg in to place
  template:
    src: ansible.cfg.j2
    dest: /etc/ansible/ansible.cfg

- name: Remove old inventory files
  file:
    path: '/etc/ansible/hosts/{{ item }}'
    state: absent
  loop:
    - openstack.yaml
    - groups.yaml

- name: Copy system-config roles into place
  copy:
    src: roles/
    dest: /etc/ansible/roles

- name: Copy disable-ansible utility script in place
  copy:
    src: disable-ansible
    dest: /usr/local/bin/disable-ansible
    mode: 0755
    owner: root
    group: root

- name: Copy yamlgroup inventory in place
  copy:
    src: inventory_plugins/yamlgroup.py
    dest: /etc/ansible/inventory_plugins/yamlgroup.py

- name: Setup log rotation
  include_role:
    name: logrotate
  vars:
    logrotate_file_name: /var/log/ansible/ansible.log

- name: Verify ansible install
  command: ansible --version