Skip to content

Create ansible playbook for a deployed node #1 #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Fiooodooor wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Create ansible playbook for a deployed node #1 #4

Fiooodooor wants to merge 3 commits into from

Conversation

@Fiooodooor
Copy link

@Fiooodooor Fiooodooor commented Sep 17, 2023
edited
Loading

Addressing issue #1
Create ansible playbook for a deployed node #1

The best way would be not to interfere with installed packages and use pipenv to be sure all packages meet requirements, example of script:

#!/usr/bin/env bash 

set -ex

SCRIPT_DIRECTORY="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")")"

if [[ "$(id -u "${USER}")" == "0" ]]; then
    echo "Run this script as non root user (UID!=0). Exiting."
    exit 1 
fi

sudo apt update
sudo apt upgrade -y
sudo apt satisfy -y "python3 (>=3.9), python3-dev (>= 3.9), python3-pip"
sudo apt install -y libevent-dev
python3 -m pip install --user pipenv
cd "${SCRIPT_DIRECTORY}"
pipenv install
pipenv run ansible-galaxy collection install -r "${SCRIPT_DIRECTORY}/collections.yaml"

USERSPACE_BIN="$(readlink -f "${HOME}/.local/bin")"
if [[ ! $(grep "${USERSPACE_BIN}" <<< "${PATH}") ]]; then
    export PATH="${USERSPACE_BIN}:${PATH}" &&
    echo 'export PATH="'${USERSPACE_BIN}':${PATH}"' >> "${HOME}/.bashrc"
fi

NOTICE ==> Ubuntu 20.04 uses Python3.9 as default, but Ubuntu 22.04 does not allow by default version lower than Python3.10. This is why Pipfile lockfile can not be created as we allow different versions of base python3.

Then also required files need to be added:

Pipfile

[[source]]
url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"

[packages]
ansible = "~=6.7"
ansible-core = "~=2.13"
botocore = "~=1.27"
docker = "~=6.0"
jinja2 = "~=3.1"
jmespath = "~=1.0"
pyopenssl = "~=23.0"
ipaddr = "*"
netaddr = "*"
requests = "*"

[requires]
python_version = "~=3.10"

collections.yaml

---
collections:
  - name: community.general
    version: '>=6.0.1,<7.0.0'
  - name: community.docker
    version: '>=3.0.1,<4.0.0'
  - name: ansible.posix
    version: '>=1.3.0,<2.0.0'

@Fiooodooor
Create Pipfile
854f087 
Create Pipfile for use with `install.sh` script responsible for asnible environment preparation.
@Fiooodooor
Create collections.yaml
96a569a 
Added `collections.yaml` file for use with `ansible galaxy` scripting for modules dependencies installation.
@Fiooodooor Fiooodooor force-pushed the ansible_env_preparation_script branch from 926fa28 to 1db069d Compare September 17, 2023 06:46
@Fiooodooor
Create env_setup.sh
bcda537 
Create env_setup.sh
Basic form of script for environment preparation created.
Tests should be done and conversation should be started.
@Fiooodooor Fiooodooor force-pushed the ansible_env_preparation_script branch from 1db069d to bcda537 Compare September 17, 2023 09:07
@Fiooodooor
Copy link
Author

Fiooodooor commented Sep 17, 2023

Major maas-setup.yml updates included, additional adjustments will be added with upcoming commits. Currently included:

  • YAML standard 1.2.2 adjustment, removed all yes/no occurrence: "According to specification document, starting from YAML 1.2, allowed bool values are true and false only. YAML-1.2.2 We have removed unique implicit typing rules and have updated these rules to align them with JSON's productions. In this version of YAML, Boolean values may be serialized as true or false;

  • Ansible standard requirements mostly meet: -- "Always use the full module name, specially when calling ansible.builtin modules." -- "All tasks, roles and plays must be named." -- "Prefer using ansible.builtin.command module instead ansible.builtin.shell if only one command is called and no advanced scripting is needed" -- "If task is allowed to fail use failed_when: instead ignore_errors: true when defining error cases. For allowing task to fail and not highlighting it in the console output failed_when: false can be used.

  • Minor errors corrected, like for example using pipelines | without firstly specifying shell binary as /bin/bash and not explicitly catching pipeline errors can produce undefined behaviour but return success on task exit. Best would be not to use pipeline, and if this is mandatory set bash to exit on any errors including pipe-conneted ones by adding: set -eo pipefail

Below, is potential system-wide error scripting, as regexp of net.ipv4.ip_forward would treat . as any single symbol and would wrongly replace only the first occurrence of any found string including ones that are not wanted by the user.

- name: Enable ipv4 forward in the /etc/sysctl.conf
  replace:
    path: /etc/sysctl.conf
    regexp: '#net.ipv4.ip_forward=1'
    replace: 'net.ipv4.ip_forward=1'

Instead regexp should be more specific and lineinfile module should be used in form included in the commit. This way the file will be searched for all occurrences of the string, leaving there only one, with value as intended.

- name: Enable IPv4 forward in the /etc/sysctl.conf
  ansible.builtin.lineinfile:
    path: /etc/sysctl.conf
    regexp: '^(# *){0,1}net\.ipv4\.ip_forward *='
    line: net.ipv4.ip_forward=1

@Fiooodooor
Copy link
Author

Fiooodooor commented Sep 17, 2023

Included 2 PR in one as some corrections had to be done :-)
Now I have tested the install scripting and ansible-playbook deployment for maas controller with DB.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Fiooodooor