-
Notifications
You must be signed in to change notification settings - Fork 76
/
ansible
executable file
·311 lines (267 loc) · 18.1 KB
/
ansible
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
#!/bin/bash -e
# FWIW "-e" tries to exit right away on error:
# https://tldp.org/LDP/abs/html/options.html
# https://stackoverflow.com/questions/9952177/whats-the-meaning-of-the-parameter-e-for-bash-shell-command-line/9952249
# PLZ SEE http://FAQ.IIAB.IO > "What is Ansible and what version should I use?"
# https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible
APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint
CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.16.5]
GOOD_VER=2.16.5 # Orig for 'yum install [rpm]' & XO laptops (pip install)
# 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and
# .gpg key etc) are commented out with ### below. Associated guidance/comments
# are intentionally preserved.
# 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive
# delays in publishing the PPA (.deb installer files) for ansible-core, this
# file bypasses the apt approach (and associated PPA source) in favor of:
#
# pip3 install --upgrade ansible-core
# 2021-02-25: Latest 'ansible-base' was being installed from PPA, using either
# OS 'CODENAME' below: https://launchpad.net/~ansible/+archive/ubuntu/ansible
# 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED)
###if grep -q buster /etc/os-release /etc/debian_version; then
### CODENAME=bionic # Debian 10, RasPiOS 10 & Buster-like distros
###else
### CODENAME=focal # Debian 11+, RasPiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC)
###fi
# APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+):
# https://www.ansible.com/blog/ansible-3.0.0-qa
# https://github.com/ansible/ansible/tags
# https://github.com/ansible/ansible/releases
# https://github.com/ansible/ansible/commits/stable-2.16
# https://github.com/ansible/ansible/blob/stable-2.16/changelogs/CHANGELOG-v2.16.rst
# https://github.com/ansible/ansible/commits/stable-2.15
# https://github.com/ansible/ansible/blob/stable-2.15/changelogs/CHANGELOG-v2.15.rst
# https://github.com/ansible/ansible/commits/stable-2.14
# https://github.com/ansible/ansible/blob/stable-2.14/changelogs/CHANGELOG-v2.14.rst
# https://github.com/ansible/ansible/commits/stable-2.13
# https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst
# https://github.com/ansible/ansible/commits/stable-2.12
# https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-v2.12.rst
# https://pypi.org/project/ansible-core/
# https://pypi.org/project/ansible-base/ (OLD)
# https://releases.ansible.com/ansible-core/ (OLD)
# https://releases.ansible.com/ansible-base/ (OLD)
# https://launchpad.net/~ansible
# https://launchpad.net/~ansible-gha
# https://launchpad.net/~ansible/+archive/ubuntu/ansible
# https://launchpad.net/~ansible/+archive/ubuntu/ansible/+packages
# https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 (OLD)
# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ (OLD)
# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible-core/
# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743)
# IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below
# ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible:
# TEMPORARILY USE pip3 to install the latest ansible-core as listed at
# https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core")
#apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv
#pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works
#ansible-galaxy collection install -r collections.yml
# TEMPORARILY USE ansible-base 2.10.17 (REMOVE W/ "pip3 uninstall ansible-base")
#apt install python3-pip
#pip3 install ansible-base==2.10.17 # Start new shell, so /usr/local/bin works
# TEMPORARILY USE ANSIBLE 2.9.27 (REMOVE IT WITH "pip3 uninstall ansible")
#apt install python3-pip
#pip3 install ansible==2.9.27
# TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669
#echo "Install https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"
#cd /tmp
#wget https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb
#apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb
export DEBIAN_FRONTEND=noninteractive
# Why 'noninteractive' appears needed:
# https://github.com/iiab/iiab/issues/564#issuecomment-347264985
echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE ETC)\n"
#echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n'
echo -e "RECOMMENDED PREREQUISITES:"
echo -e "(1) Verify you're online"
echo -e "(2) Remove all prior versions of Ansible using..."
echo -e " 'apt purge ansible-core' and/or 'pip3 uninstall ansible-core' and/or"
#echo -e " 'apt purge ansible-base' and/or 'pip3 uninstall ansible-base' and/or"
echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'"
#echo -e "(3) Remove all lines containing 'ansible' from..."
#echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n"
echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)"
echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n"
if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd"
CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ")
# Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not:
#CURR_VER=$(ansible --version | head -1 | awk '{print $2}')
#CURR_VER=$(ansible --version | head -1 | sed -e 's/.* //')
echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER -- LET'S TRY TO UPGRADE IT!"
else
echo -e "ANSIBLE NOT FOUND ON THIS COMPUTER -- LET'S TRY TO INSTALL IT!"
fi
echo -e "(Internet-in-a-Box requests ansible-core $GOOD_VER or higher)\n"
# Code above designed to work on all Linux distributions, to preserve options,
# in support of any volunteer(s) wanting to port IIAB to a new Linux/distro.
if [ ! -f /etc/debian_version ]; then # e.g. RasPiOS, Ubuntu, Mint & Debian
echo -e "\nEXITING: /etc/debian_version FILE NOT FOUND. Linux OS support info here:"
echo -e " https://github.com/iiab/iiab/wiki/IIAB-Platforms\n"
exit 1
fi
# 2021-04-26: JV & @holta WIP. The apt-key command is going away, and the past
# practice of putting keys in /etc/apt/trusted.gpg.d is considered insecure:
# https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html
# https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key/1307181#1307181
# So we put .gpg key in repo iiab/iiab, also for reliable installs/containers.
#echo -e "\napt update; install dirmngr; PPA to /etc/apt/sources.list.d/iiab-ansible.list\n"
#$APT_PATH/apt update
#$APT_PATH/apt -y install dirmngr
#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
### > /etc/apt/sources.list.d/iiab-ansible.list
# 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421)
#echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \
# > /etc/apt/sources.list.d/iiab-ansible.list
# In future we might instead consider 'add-apt-repository ppa:ansible/ansible'
# or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined
# removal using 'apt-add-repository -r' -- however that currently requires
# 'apt install software-properties-common' which drags in a dozen packages we
# might not want, e.g. unattended-upgrades, packagekit etc.
# 2020-08-20: TEMP WORKAROUND (REVERT TO ANSIBLE 2.9.6) MITIGATING
# iiab/iiab#2481 (Ansible 2.9.12 and 2.10.0's 666-TO-600 file permissions
# problem). This workaround installs 2.9.6-1ppa~disco onto RasPiOS, from
# https://launchpad.net/~ansible/+archive/ubuntu/ansible
#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu disco main" \
# > /etc/apt/sources.list.d/iiab-ansible.list
# 2021-04-26: JV & @holta WIP: (see above)
#echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n'
#apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
#chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg
# 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421)
#cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"'
###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n"
###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO"
###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n'
###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error)
#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc"
#echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n"
#$APT_PATH/apt update
#$APT_PATH/apt -y install python3-pip
# 2021-07-29:
# 'python3-packaging' dropped for now
# 'python3-pymysql' (drags in 'python3' which drags in 'python3-venv' on Debian 11 but not on Ubuntu 20.04) -- moved to roles/mysql/tasks/install.yml
# 'python3-psycopg2' moved to roles/postgresql/tasks/install.yml
# 'python3-passlib' moved to roles/munin/tasks/install.yml
# 'python3-venv' moved to roles/2-common/tasks/packages.yml
# 'virtualenv' for Python 2 moved to roles/kalite/tasks/install.yml
#
#$APT_PATH/apt -y install \
# python3-pymysql python3-psycopg2 python3-passlib python3-pip \
# python3-setuptools python3-packaging python3-venv virtualenv
#$APT_PATH/apt -y --allow-downgrades install ansible-core
# 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip
# cache system-wide before installing:
# https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308
# https://github.com/iiab/iiab/pull/3022
#pip3 config --global set global.no-cache-dir false
#if ! uname -m | grep -q 64; then
# echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)"
# $APT_PATH/apt -y --allow-downgrades install ansible-core
# echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n"
# pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org"
#fi
#echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8
#pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780
echo -e "\napt update; apt install python3-venv"
$APT_PATH/apt update
$APT_PATH/apt -y install python3-venv
# 2023-09-08 PR #3634: 'apt install ansible-core' is overweight, but works on
# "32-bit" RasPiOS 12 (@EMG70 set 'arm_64bit=0' in /boot/config.txt per #3516
# to force boot its 32-bit kernel; its 64-bit kernel should work too!)
# IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's
# (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617).
# 2023-09-10 PR #3637: Even safer test than querying for Debian 12+ -- verify
# that apt package ansible-core is truly available:
#if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then
#if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then
# 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3
if [[ $(dpkg --print-architecture) == "i386" ]] && apt-cache show ansible-core > /dev/null; then
# 2023-08-10 #3613/#3615/#3617: apt-not-pip kludge for legacy 32-bit i386
# (DEBIAN 12+ ETC) avoids #3547 rust/wheels/cryptography compiling mess!
$APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3
else
# 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask
# that virtual environments (venv) be used to safely isolate pip installs:
# https://peps.python.org/pep-0668
# 2023-09-08: NEW WAY ANSIBLE RECOMMENDS? https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
# $APT_PATH/apt -y install pipx # Typically adds 50+ packages!
# pipx install ansible-core
# pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible
# Or, to install package globally for multi-user access: (pypa/pipx#754)
# PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install ansible-core
# 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!)
# https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi
# https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments
echo -e "\nCreate virtual environment for Ansible"
python3 -m venv /usr/local/ansible
# 2023-09-10: Work around #3526 "32-bit" RasPiOS 12 pre-release issue...
# 'Package issue: cryptography 41.0.3 leads to cffi 1.15.1 failure on
# "32-bit" Raspberry Pi OS [REASON: /etc/pip.conf missing on some Bookworm
# pre-releases' == https://github.com/piwheels/packages/issues/390
if ! [ -f /etc/pip.conf ] && [ -f /etc/rpi-issue ]; then
cat > /etc/pip.conf << EOF
[global]
extra-index-url=https://www.piwheels.org/simple
EOF
fi
# "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad:
# if ! grep -qi ubuntu /etc/os-release; then
#
# if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then
#
# 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust.
# Release problems chart: https://www.piwheels.org/project/cryptography/
# if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general!
# 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates
# new upstream piwheels fix (e.g. cryptography 41.0.3 for now)
# on pre-release 32-bit RasPiOS 12... (#3526)
# if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM
# # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650
# $APT_PATH/apt -y install libffi-dev python3-dev
# /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3
# # else
# # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough!
# # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where
# # `dpkg --print-architecture` was i386 and `uname -m` was i686:
# # $APT_PATH/apt -y install python3-cryptography
# fi
# 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863)
# 2023-10-01 #3650: --prefer-binary or --only-binary ensure you get wheels,
# even if they're not the very latest release -- thereby avoiding compiling
# messes -- and obviating the need for these 2: (above, both commented out)
# - 'apt -y install libffi-dev python3-dev'
# - painstaking pinning of cryptography or cffi (etc) to older version #s
/usr/local/ansible/bin/python3 -m pip install --prefer-binary --upgrade ansible-core
echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*"
cd /usr/local/ansible/bin
for bin in ansible*; do
ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin"
done
fi
# (Re)running collection installs appears safe, with --force-with-deps to force
# upgrade of collection and dependencies it pulls in. Note Ansible may support
# explicit upgrading of collections (--upgrade / -U flag) in version "2.11"
# with PR ansible/ansible#73336. See also IIAB PRs #2647 #2652 #2653 #2655.
echo -e "\n\nIIAB requires these ~4 Ansible Collections: (we upgrade them here if possible!)\n"
ansible-galaxy collection install --force-with-deps \
-r /opt/iiab/iiab/collections.yml \
-p /usr/share/ansible/collections
# 2021-02-24: 'ansible-galaxy collection list' lists those installed. (#2659)
# 2020-11-28: The ~3 Ansible Collections used by IIAB (~37MB) once lived here:
# /root/.ansible/collections/ansible_collections
# But going forward they'll be stored herein: [~24MB for 4 Collections as of 2021-05-19]
# /usr/share/ansible/collections/ansible_collections
# 2021-04-19: No longer needed, per PR #2743 testing
#echo -e "\n\nCreating/verifying directory /etc/ansible & installing /etc/ansible/hosts\n"
#mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible
#echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts
echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n"
echo -e " ansible --version"
echo -e " /usr/local/ansible/bin/pip3 show ansible-core"
echo -e " pip3 show ansible-core"
echo -e ' apt -a list "ansible*"'
echo -e " ansible-galaxy collection list\n"
echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n"