diff --git a/roles/edpm_bootc/files/.gitkeep b/roles/edpm_bootc/files/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/roles/edpm_bootc/meta/argument_specs.yml b/roles/edpm_bootc/meta/argument_specs.yml new file mode 100644 index 000000000..03f1cdc9c --- /dev/null +++ b/roles/edpm_bootc/meta/argument_specs.yml @@ -0,0 +1,7 @@ +--- +argument_specs: + # ./roles/edpm_bootc/tasks/main.yml entry point + main: + short_description: The main entry point for the edpm_bootc role. + description: Multiple lines description + options: {} diff --git a/roles/edpm_bootc/meta/main.yml b/roles/edpm_bootc/meta/main.yml new file mode 100644 index 000000000..3c288cc28 --- /dev/null +++ b/roles/edpm_bootc/meta/main.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: EDPM OpenStack Role -- edpm_bootc + company: Red Hat + license: Apache-2.0 + min_ansible_version: '2.14' + namespace: osp + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: 'EL' + versions: + - '8' + - '9' + + galaxy_tags: + - edpm + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/roles/edpm_bootc/molecule/default/collections.yml b/roles/edpm_bootc/molecule/default/collections.yml new file mode 100644 index 000000000..424ad60b8 --- /dev/null +++ b/roles/edpm_bootc/molecule/default/collections.yml @@ -0,0 +1,3 @@ +--- +collections: +- name: community.general diff --git a/roles/edpm_bootc/molecule/default/converge.yml b/roles/edpm_bootc/molecule/default/converge.yml new file mode 100644 index 000000000..7e69c510c --- /dev/null +++ b/roles/edpm_bootc/molecule/default/converge.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: "edpm_bootc" diff --git a/roles/edpm_bootc/molecule/default/molecule.yml b/roles/edpm_bootc/molecule/default/molecule.yml new file mode 100644 index 000000000..9b9dc5722 --- /dev/null +++ b/roles/edpm_bootc/molecule/default/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy + options: + role-file: collections.yml +driver: + name: podman +platforms: +- command: /sbin/init + dockerfile: ../../../../molecule/common/Containerfile.j2 + image: ${EDPM_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} + name: instance + privileged: true + registry: + url: ${EDPM_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} + ulimits: + - host +provisioner: + log: true + name: ansible +scenario: + test_sequence: + - dependency + - destroy + - create + - prepare + - converge + - destroy +verifier: + name: ansible diff --git a/roles/edpm_bootc/molecule/default/prepare.yml b/roles/edpm_bootc/molecule/default/prepare.yml new file mode 100644 index 000000000..0605adf7e --- /dev/null +++ b/roles/edpm_bootc/molecule/default/prepare.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: ../../../../molecule/common/test_deps + - role: env_data diff --git a/roles/edpm_bootc/tasks/main.yml b/roles/edpm_bootc/tasks/main.yml new file mode 100644 index 000000000..7ba9cf3bc --- /dev/null +++ b/roles/edpm_bootc/tasks/main.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Check for /bin/bootc + ansible.builtin.stat: + path: /bin/bootc + register: bootc_stat + +- name: Set fact for bootc + ansible.builtin.set_fact: + bootc: "{{ bootc_stat.stat.exists }}" diff --git a/roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml b/roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml new file mode 100644 index 000000000..a56beb136 --- /dev/null +++ b/roles/edpm_bootstrap/tasks/bootstrap-common-post-packages.yml @@ -0,0 +1,59 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Set selinux state + ansible.posix.selinux: + policy: targeted + state: "{{ edpm_bootstrap_selinux_mode }}" + become: true + +- name: Stop NetworkManager from updating resolv.conf + when: ( edpm_bootstrap_network_service == 'NetworkManager' ) and ( not edpm_bootstrap_network_resolvconf_update ) + become: true + block: + - name: Set 'dns=none' in /etc/NetworkManager/NetworkManager.conf + community.general.ini_file: + path: /etc/NetworkManager/NetworkManager.conf + state: present + no_extra_spaces: true + section: main + option: dns + value: none + backup: true + mode: '0644' + - name: Set 'rc-manager=unmanaged' in /etc/NetworkManager/NetworkManager.conf + community.general.ini_file: + path: /etc/NetworkManager/NetworkManager.conf + state: present + no_extra_spaces: true + section: main + option: rc-manager + value: unmanaged + backup: true + mode: '0644' + - name: Reload NetworkManager + ansible.builtin.systemd: + name: NetworkManager + state: reloaded + +- name: Stop dhclient from updating resolv.conf + become: true + ansible.builtin.copy: + dest: /etc/dhcp/dhclient-enter-hooks + mode: "0755" + content: | + #!/bin/sh + make_resolv_conf() { : ; } diff --git a/roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml b/roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml new file mode 100644 index 000000000..cbfea2cb6 --- /dev/null +++ b/roles/edpm_bootstrap/tasks/bootstrap-common-pre-packages.yml @@ -0,0 +1,61 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Ensure /var/log/journal exists + ansible.builtin.file: + path: /var/log/journal + state: directory + mode: '0750' + owner: root + group: root + setype: var_log_t + become: true + +- name: Gather services facts + ansible.builtin.service_facts: + +- name: Print cloud-init service status + ansible.builtin.debug: + var: ansible_facts.services["cloud-init.service"] + +- name: Check if cloud-init is disabled via kernel args + ansible.builtin.lineinfile: + path: /proc/cmdline + line: "cloud-init=disabled" + state: present + check_mode: true + register: cloud_init_vendor_disabled + +- name: Wait for cloud-init to finish, if enabled + community.general.cloud_init_data_facts: + filter: status + register: res + until: > + res.cloud_init_data_facts.status.v1.stage is defined and + not res.cloud_init_data_facts.status.v1.stage + retries: 50 + delay: 5 + when: + - not ansible_check_mode + - ansible_facts.services["cloud-init.service"] is defined + - ansible_facts.services["cloud-init.service"]["status"] != "not-found" + - ansible_facts.services["cloud-init.service"]["state"] == "running" + - ansible_facts.services["cloud-init.service"]["status"] == "enabled" + - cloud_init_vendor_disabled is changed + become: true + +- name: Execute bootstrap command + ansible.builtin.import_tasks: bootstrap_command.yml diff --git a/roles/edpm_bootstrap/tasks/bootstrap.yml b/roles/edpm_bootstrap/tasks/bootstrap.yml index d10a02684..8a32403c1 100644 --- a/roles/edpm_bootstrap/tasks/bootstrap.yml +++ b/roles/edpm_bootstrap/tasks/bootstrap.yml @@ -14,102 +14,24 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Ensure /var/log/journal exists - ansible.builtin.file: - path: /var/log/journal - state: directory - mode: '0750' - owner: root - group: root - setype: var_log_t - become: true +- name: Import edpm_bootc role + ansible.builtin.import_role: + name: edpm_bootc -- name: Gather services facts - ansible.builtin.service_facts: +- name: Import common pre packages tasks + ansible.builtin.import_tasks: bootstrap-common-pre-packages.yml -- name: Print cloud-init service status - ansible.builtin.debug: - var: ansible_facts.services["cloud-init.service"] +- name: Include packages tasks + ansible.builtin.include_tasks: packages.yml + when: not bootc -- name: Check if cloud-init is disabled via kernel args - ansible.builtin.lineinfile: - path: /proc/cmdline - line: "cloud-init=disabled" - state: present - check_mode: true - register: cloud_init_vendor_disabled +- name: Import common post packages tasks + ansible.builtin.import_tasks: bootstrap-common-post-packages.yml -- name: Wait for cloud-init to finish, if enabled - community.general.cloud_init_data_facts: - filter: status - register: res - until: > - res.cloud_init_data_facts.status.v1.stage is defined and - not res.cloud_init_data_facts.status.v1.stage - retries: 50 - delay: 5 - when: - - not ansible_check_mode - - ansible_facts.services["cloud-init.service"] is defined - - ansible_facts.services["cloud-init.service"]["status"] != "not-found" - - ansible_facts.services["cloud-init.service"]["state"] == "running" - - ansible_facts.services["cloud-init.service"]["status"] == "enabled" - - cloud_init_vendor_disabled is changed - become: true +- name: Include swap tasks + ansible.builtin.include_tasks: swap.yml + when: not bootc -- name: Execute bootstrap command - ansible.builtin.import_tasks: bootstrap_command.yml - -- name: Import packages tasks - ansible.builtin.import_tasks: packages.yml - -- name: Set selinux state - ansible.posix.selinux: - policy: targeted - state: "{{ edpm_bootstrap_selinux_mode }}" - become: true - -- name: Stop NetworkManager from updating resolv.conf - when: ( edpm_bootstrap_network_service == 'NetworkManager' ) and ( not edpm_bootstrap_network_resolvconf_update ) - become: true - block: - - name: Set 'dns=none' in /etc/NetworkManager/NetworkManager.conf - community.general.ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: dns - value: none - backup: true - mode: '0644' - - name: Set 'rc-manager=unmanaged' in /etc/NetworkManager/NetworkManager.conf - community.general.ini_file: - path: /etc/NetworkManager/NetworkManager.conf - state: present - no_extra_spaces: true - section: main - option: rc-manager - value: unmanaged - backup: true - mode: '0644' - - name: Reload NetworkManager - ansible.builtin.systemd: - name: NetworkManager - state: reloaded - -- name: Stop dhclient from updating resolv.conf - become: true - ansible.builtin.copy: - dest: /etc/dhcp/dhclient-enter-hooks - mode: "0755" - content: | - #!/bin/sh - make_resolv_conf() { : ; } - -- name: Configure swap - ansible.builtin.import_tasks: swap.yml - -- name: FIPS tasks +- name: Import FIPS tasks ansible.builtin.import_tasks: fips.yml when: edpm_bootstrap_fips_mode != 'check' diff --git a/roles/edpm_bootstrap/tasks/main.yml b/roles/edpm_bootstrap/tasks/main.yml index 1d10a7e3c..a374207b0 100644 --- a/roles/edpm_bootstrap/tasks/main.yml +++ b/roles/edpm_bootstrap/tasks/main.yml @@ -14,8 +14,13 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Import download_cache tasks - ansible.builtin.import_tasks: download_cache.yml +- name: Import edpm_bootc role + ansible.builtin.import_role: + name: edpm_bootc + +- name: Include download_cache tasks + ansible.builtin.include_tasks: download_cache.yml + when: not bootc - name: Import bootstrap tasks ansible.builtin.import_tasks: bootstrap.yml