/
pre.yaml
270 lines (233 loc) · 8.24 KB
/
pre.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
---
- hosts: all
roles:
- role: add-authorized-keys
public_keys:
# sshnaidm
- public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDhi/BqsZibuAPiUjJe7b3Dqe5nyI7\
BckOwfGwJYg436+bFQMoR/7RKmtPe+ISVQ04lwIriIPwKGaSHj5mbEe4LsCLZ5jAUHxv\
WfgHitqS5ln295zU7vp1z28o7e6LQNplgExyqQlxUPdOU48tmlz93F6szSYkNYvZnhzM\
n9syrajC74qPuKsmHTeYFLEcxesb7/u+BtxCk8WdjYTb//sk038NEtIsNhrGtAOV3WcD\
pXnA5mNMpUfeoQ4yiN9LqtreXr7Zeo587LV3T2QL+huAE0J7EuCzHAKk6TIzJqjLidg0\
SYwZZwfbxgviU66QLkeyzh9oiovwskelvOQCBFq3 sshnaidm@redhat.com"
- hosts: primary
tasks:
- name: Gather needed facts
setup:
gather_subset: "!min,user_dir,distribution,hardware"
- name: Enable container tools 3.0 for CentOS 8 Stream
shell: |
dnf module disable container-tools:rhel8 -y
dnf module enable container-tools:3.0 -y
dnf update -y
become: true
when:
- ansible_distribution == 'CentOS'
- ansible_distribution_major_version|int == 8
- name: Fix SSH config for Gerrit connection
copy:
dest: ~/.ssh/config
content: |
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
Host *
PubkeyAcceptedKeyTypes +ssh-rsa
mode: '0600'
when: >-
(ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 9) or
(ansible_distribution == 'Fedora' and ansible_distribution_major_version|int >= 33)
- when:
- ansible_distribution == 'CentOS'
- ansible_distribution_major_version|int == 7
become: true
block:
- name: Install RDO repos for getting packages for CentOS 7
yum:
name: https://www.rdoproject.org/repos/rdo-release.rpm
- name: Update Git to v2 in CentOS 7 - remove old git
yum:
name: git
state: absent
- name: Update Git to v2 in CentOS 7 - install repo
yum:
name: https://repo.ius.io/ius-release-el7.rpm
- name: Update Git to v2 in CentOS 7 - install git
yum:
name: git224
- name: Enable nested virtualization if possible
become: true
block:
- name: Set CPU vendor
set_fact:
cpu_vendor: "{{ 'intel' if 'Intel' in ansible_processor|join('') else
'amd' if 'AMD' in ansible_processor|join('') else 'unknown' }}"
- name: Configure KVM module
copy:
dest: "/etc/modprobe.d/kvm.conf"
content: |
options kvm_{{ cpu_vendor }} nested=1
- name: Restart KVM module
shell: |
modprobe -r kvm_{{ cpu_vendor }}
sleep 2
modprobe kvm_{{ cpu_vendor }}
cat /sys/module/kvm_{{ cpu_vendor }}/parameters/nested
changed_when: true
ignore_errors: true
- name: Set Selinux for permissive
become: true
command: setenforce 0
changed_when: true
- name: Check if pip is installed
shell: command -v pip > /dev/null 2>&1
ignore_errors: true
changed_when: false
register: pip_exists
- when: pip_exists.rc != 0
name: Install pip
block:
- when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version|int != 9
name: Install EPEL
become: true
package:
name: epel-release
- name: Install pip
become: true
package:
name:
- python{{ '3' if ansible_distribution_major_version|int >= 8 else '' }}-pip
- name: Install bindep
register: result_bindep
until: result_bindep is success
pip:
name: bindep
extra_args: --user --force
retries: 3
delay: 5
# reproducer_role_top_dir evaluates to "reproducer_role_top_dir":
- name: Set fact reproducer_role_top_dir
set_fact:
reproducer_role_top_dir: >-
{{ reproducer_role_top_dir | default(playbook_dir + '/../..') }}
- name: Print top dir
debug:
var: reproducer_role_top_dir
# Adding when to this command for linting error
# https://github.com/ansible/ansible-lint/issues/165
# Pipe true because bindep always returns code 1 (error)
# when packages are missing
- name: Discover packages that are not installed
shell: |
export PATH=$PATH:$HOME/.local/bin/
bindep -b -f {{ reproducer_role_top_dir }}/bindep.txt
register: package_list
failed_when: false
changed_when: false
- name: Install rpms from bindep
become: true
package:
name: "{{ item }}"
state: present
with_items:
- "{{ package_list.stdout_lines }}"
- name: Install python dependencies
register: result
until: not result.failed|bool
pip:
requirements: "{{ reproducer_role_top_dir }}/requirements{{ '9' if ansible_distribution_major_version|int == 9 else '' }}.txt"
extra_args: --user --force
retries: 3
delay: 5
- when: container_mode == 'podman'
block:
- name: Configure events to be in containers, not in journal
lineinfile:
path: /usr/share/containers/containers.conf
regexp: '^events_logger *='
line: events_logger = "file"
become: true
- name: Configure logging to be in containers, not in journal
lineinfile:
path: /usr/share/containers/containers.conf
regexp: '^log_driver *='
line: log_driver = "k8s-file"
become: true
- when: container_mode == 'docker'
block:
- name: Find out docker group name
shell: |
set -euo pipefail
grep docker /etc/group | cut -d":" -f1 | head -1
register: docker_group
changed_when: false
failed_when: false
- when: not docker_group.stdout
block:
- name: Create docker group
become: true
group:
name: docker
state: present
- name: Storing new created docker group
set_fact:
docker_group:
stdout: docker
- name: Check if user is in docker group
command: "groups {{ ansible_user }}"
register: user_groups
changed_when: false
- name: Add user to docker group
become: true
user:
name: '{{ ansible_user }}'
groups: '{{ docker_group.stdout }}'
append: true
register: groupadd
when: "docker_group.stdout not in user_groups.stdout"
# check if
# 1. empty file
# 2. {} in file, 3 chars
# 3. no file
- name: Check if docker configuration file already exists
stat:
path: /etc/docker/daemon.json
register: docker_daemon_file
- name: Create docker configuration if missing or empty
become: true
copy:
content: |
{
"group": "{{ docker_group.stdout }}",
}
dest: /etc/docker/daemon.json
register: docker_config
when:
- (not docker_daemon_file.stat.exists|bool) or ("docker_daemon_file.stat.size <= 3")
# check if docker is configured in docker_daemon
- name: Fail if daemon file is incorrectly configured for the reproducer
shell: >-
if grep "group" /etc/docker/daemon.json; then
grep '\"{{ docker_group.stdout }}\"' /etc/docker/daemon.json
fi
failed_when: false
when:
- docker_daemon_file.stat.exists|bool
- "docker_daemon_file.stat.size >= 3"
- name: Reload docker if config was changed
become: true
service:
name: docker
state: reloaded
when:
- docker_config is defined
- docker_config is changed
- name: Start and enable docker
become: true
service:
name: docker
state: started
enabled: true
- name: reset ssh connection to allow user changes to affect
meta: reset_connection