system-config/playbooks/roles/install-ansible/tasks/main.yaml

- name: Install python-venv package
  package:
    name:
      - python3-venv
    state: present

- name: Create venv
  include_role:
    name: create-venv
  vars:
    create_venv_path: '/usr/ansible-venv'

# If install_ansible_version is not defined (note; not *empty*) it
# should be "latest"
- name: Set ansible default version to latest
  set_fact:
    install_ansible_version: latest
  when: install_ansible_version is not defined

# If a version is not explicitly set we want to make sure to
# completely omit the version argument to pip:, as it will be coming
# from the long-form install_ansible_name variable.  Additionally, if
# the version is the special value "latest", then we also want to omit
# any version number, but also set the package state to "latest".
- name: Set ansible version for installation
  set_fact:
    _install_ansible_version: '{{ install_ansible_version }}'
  when: install_ansible_version not in ('', 'latest')

- name: Set ansible package state for installation
  set_fact:
    _install_ansible_state: latest
  when: install_ansible_version == 'latest'

# From Ansible 2.10 >= most of the fun stuff is in collections.  Clone
# our required collections here.  Note this is only for our testing of
# the devel branch; if we're using a release we use the Ansible
# distribution package which bundles all this.
#
# TODO(ianw): we should add these to zuul and link the speculative
# copies into ansible, then we could test changes in the collections!
- name: Check if running devel branch
  set_fact:
    _install_ansible_from_devel: true
  when: '"github.com/ansible/ansible" in install_ansible_name'

- name: Install Ansible collections
  include_tasks: install_ansible_collection.yaml
  when: _install_ansible_from_devel is defined
  loop:
    - namespace: ansible
      name: netcommon
      repo: ansible-collections/ansible.netcommon
    - namespace: ansible
      name: posix
      repo: ansible-collections/ansible.posix
    - namespace: community
      name: general
      repo: ansible-collections/community.general
    - namespace: community
      name: crypto
      repo: ansible-collections/community.crypto

# NOTE(ianw) 2022-10-26 : ARM64 generally needs this because upstream
# projects don't always ship arm64 wheels.  But x86 may need it when
# we have a fresh host with a more recent Python too
- name: Ensure required Ansible build packages
  apt:
    update_cache: yes
    name:
      - libffi-dev
      - libssl-dev
      - build-essential

- name: Install ansible
  pip:
    name: '{{ install_ansible_name | default("ansible") }}'
    version: '{{ _install_ansible_version | default(omit) }}'
    state: '{{ _install_ansible_state | default(omit) }}'
    virtualenv: '/usr/ansible-venv'

- name: Symlink to local
  file:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    state: link
  loop:
    - { src: '/usr/ansible-venv/bin/ansible-playbook', dest: '/usr/local/bin/ansible-playbook' }
    - { src: '/usr/ansible-venv/bin/ansible', dest: '/usr/local/bin/ansible' }

- name: Ansible version check
  command: 'ansible-playbook --version'
  register: _ansible_version_check

- name: Sanity check Ansible version
  debug:
    msg: '{{ _ansible_version_check.stdout }}'

- name: Ansible cmd version check
  command: 'ansible --version'
  register: _ansible_version_check

- name: Sanity check Ansible version
  debug:
    msg: '{{ _ansible_version_check.stdout }}'

- name: Set up the ARA callback
  include_tasks: install_ara.yaml
  when: install_ansible_ara_enable

# For use by k8s_raw ansible module
# - name: Install openshift client
#   pip:
#     name: 'openshift'
# TODO(corvus): re-add this once kubernetes 9.0.0 is released

# Same version/state default swizzling as described above for
# openstacksdk
- name: Set openstacksdk default version to latest
  set_fact:
    install_ansible_openstacksdk_version: latest
  when: install_ansible_openstacksdk_version is not defined

- name: Set openstacksdk version for installation
  set_fact:
    _install_ansible_openstacksdk_version: '{{ install_ansible_openstacksdk_version }}'
  when: install_ansible_openstacksdk_version not in ('', 'latest')

- name: Set openstacksdk package state for installation
  set_fact:
    _install_openstacksdk_state: latest
  when: install_ansible_openstacksdk_version == 'latest'

- name: Install openstacksdk
  pip:
    name: '{{ install_ansible_openstacksdk_name | default("openstacksdk") }}'
    version: '{{ _install_ansible_openstacksdk_version | default(omit) }}'
    state: '{{ _install_openstacksdk_state | default(omit) }}'
    virtualenv: '/usr/ansible-venv'

- name: Ensure /etc/ansible and /etc/ansible/hosts
  file:
    state: directory
    path: /etc/ansible/hosts

- name: Ensure /etc/ansible/inventory_plugins
  file:
    state: directory
    path: /etc/ansible/inventory_plugins

- name: Ensure /var/cache/ansible
  file:
    state: directory
    path: /var/cache/ansible
    owner: root
    group: root
    mode: 0770

- name: Ensure ansible log dir is writable
  file:
    path: /var/log/ansible
    state: directory
    owner: root
    group: root
    mode: 0775

- name: Copy ansible.cfg in to place
  template:
    src: ansible.cfg.j2
    dest: /etc/ansible/ansible.cfg

- name: Remove old inventory files
  file:
    path: '/etc/ansible/hosts/{{ item }}'
    state: absent
  loop:
    - openstack.yaml
    - groups.yaml

- name: Copy system-config roles into place
  copy:
    src: roles/
    dest: /etc/ansible/roles

- name: Copy disable-ansible utility script in place
  copy:
    src: disable-ansible
    dest: /usr/local/bin/disable-ansible
    mode: 0755
    owner: root
    group: root

- name: Copy yamlgroup inventory in place
  copy:
    src: inventory_plugins/yamlgroup.py
    dest: /etc/ansible/inventory_plugins/yamlgroup.py

- name: Setup log rotation
  include_role:
    name: logrotate
  vars:
    logrotate_file_name: /var/log/ansible/ansible.log

- name: Verify ansible install
  command: ansible --version