Merge pull request #12236 from VannTen/cleanup/bootstap+packages

Cleanup of bootstrap and package installation
2025-12-14 05:45:06 +03:00 · 2025-06-12 07:24:56 -07:00
parent cd82ac552b 5243b33bd7
commit 28d23ffc3b
7 changed files with 15 additions and 114 deletions
--- a/roles/bootstrap_os/tasks/centos.yml
+++ b/roles/bootstrap_os/tasks/centos.yml
@@ -17,32 +17,6 @@
  when: not skip_http_proxy_on_os_packages

 # For Oracle Linux install public repo
- name: Download Oracle Linux public yum repo
-  get_url:
-    url: https://yum.oracle.com/public-yum-ol7.repo
-    dest: /etc/yum.repos.d/public-yum-ol7.repo
-    mode: "0644"
-  when:
-    - use_oracle_public_repo | default(true)
-    - '''ID="ol"'' in os_release.stdout_lines'
-    - (ansible_distribution_version | float) < 7.6
-  environment: "{{ proxy_env }}"
-
- name: Enable Oracle Linux repo
-  community.general.ini_file:
-    dest: /etc/yum.repos.d/public-yum-ol7.repo
-    section: "{{ item }}"
-    option: enabled
-    value: "1"
-    mode: "0644"
-  with_items:
-    - ol7_latest
-    - ol7_addons
-    - ol7_developer_EPEL
-  when:
-    - use_oracle_public_repo | default(true)
-    - '''ID="ol"'' in os_release.stdout_lines'
-    - (ansible_distribution_version | float) < 7.6

 - name: Install EPEL for Oracle Linux repo package
  package:
--- a/roles/bootstrap_os/tasks/clear-linux-os.yml
+++ b/roles/bootstrap_os/tasks/clear-linux-os.yml
@@ -1,16 +0,0 @@
---
-# ClearLinux ships with Python installed
-
- name: Install basic package to run containers
-  package:
-    name: containers-basic
-    state: present
-
- name: Make sure docker service is enabled
-  systemd_service:
-    name: docker
-    masked: false
-    enabled: true
-    daemon_reload: true
-    state: started
-  become: true
--- a/roles/bootstrap_os/tasks/debian.yml
+++ b/roles/bootstrap_os/tasks/debian.yml
@@ -50,15 +50,3 @@
  become: true
  when:
    - need_bootstrap.rc != 0
-
- name: Update Apt cache
-  raw: apt-get update --allow-releaseinfo-change
-  become: true
-  when:
-    - os_release_dict['ID'] == 'debian'
-    - os_release_dict['VERSION_ID'] in ["10", "11"]
-  register: bootstrap_update_apt_result
-  changed_when:
-    - '"changed its" in bootstrap_update_apt_result.stdout'
-    - '"value from" in bootstrap_update_apt_result.stdout'
-  ignore_errors: true
--- a/roles/bootstrap_os/tasks/opensuse.yml
+++ b/roles/bootstrap_os/tasks/opensuse.yml
@@ -55,31 +55,3 @@
  become: true
  tags:
    - facts
-
-# Without this package, the get_url module fails when trying to handle https
- name: Install python-cryptography
-  community.general.zypper:
-    name: python-cryptography
-    state: present
-    update_cache: true
-  become: true
-  when:
-    - ansible_distribution_version is version('15.4', '<')
-
- name: Install python3-cryptography
-  community.general.zypper:
-    name: python3-cryptography
-    state: present
-    update_cache: true
-  become: true
-  when:
-    - ansible_distribution_version is version('15.4', '>=')
-
-# Nerdctl needs some basic packages to get an environment up
- name: Install basic dependencies
-  community.general.zypper:
-    name:
-      - iptables
-      - apparmor-parser
-    state: present
-  become: true
--- a/roles/system_packages/tasks/main.yml
+++ b/roles/system_packages/tasks/main.yml
@@ -15,37 +15,6 @@
    - ansible_pkg_mgr == 'zypper'
  tags: bootstrap_os

- name: Add debian 10 required repos
-  when:
-    - ansible_distribution == "Debian"
-    - ansible_distribution_version == "10"
-  tags:
-    - bootstrap_os
-  block:
-    - name: Add Debian Backports apt repo
-      apt_repository:
-        repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main"
-        state: present
-        filename: debian-backports
-
-    - name: Set libseccomp2 pin priority to apt_preferences on Debian buster
-      copy:
-        content: |
-          Package: libseccomp2
-          Pin: release a={{ ansible_distribution_release }}-backports
-          Pin-Priority: 1001
-        dest: "/etc/apt/preferences.d/libseccomp2"
-        owner: "root"
-        mode: "0644"
-
- name: Update package management cache (APT)
-  apt:
-    update_cache: true
-    cache_valid_time: 3600
-  when: ansible_os_family == "Debian"
-  tags:
-    - bootstrap_os
-
 - name: Remove legacy docker repo file
  file:
    path: "{{ yum_repo_dir }}/docker.repo"
@@ -69,6 +38,8 @@
  package:
    name: "{{ item.packages | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}"
    state: "{{ item.state }}"
+    update_cache: "{{ true if ansible_pkg_mgr in ['zypper', 'apt', 'dnf'] else omit }}"
+    cache_valid_time: "{{ 86400 if ansible_pkg_mgr == 'apt' else omit }}" # 24h
  register: pkgs_task_result
  until: pkgs_task_result is succeeded
  retries: "{{ pkg_install_retries }}"
--- a/roles/system_packages/vars/main.yml
+++ b/roles/system_packages/vars/main.yml
@@ -7,6 +7,8 @@ pkgs_to_remove:
 pkgs:
  apparmor:
    - "{{ ansible_os_family == 'Debian' }}"
+  apparmor-parser:
+    - "{{ ansible_os_family == 'Suse' }}"
  apt-transport-https:
    - "{{ ansible_os_family == 'Debian' }}"
  aufs-tools:
@@ -27,6 +29,9 @@ pkgs:
  container-selinux:
    - "{{ ansible_os_family == 'RedHat' }}"
    - "{{ 'k8s_cluster' in group_names }}"
+  containers-basic:
+    - "{{ ansible_os_family == 'ClearLinux' }}"
+    - "{{ 'k8s_cluster' in group_names }}"
  curl: []
  device-mapper:
    - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}"
@@ -48,7 +53,7 @@ pkgs:
    - "{{ kube_proxy_mode != 'ipvs' }}"
    - "{{ 'k8s_cluster' in group_names }}"
  iptables:
-    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
+    - "{{ ansible_os_family in ['Debian', 'RedHat', 'Suse'] }}"
  iputils:
    - "{{ not ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk', 'Debian'] }}"
    - "{{ main_access_ip is defined }}"
@@ -88,9 +93,15 @@ pkgs:
  python-apt:
    - "{{ ansible_os_family == 'Debian' }}"
    - "{{ ansible_distribution_major_version == '10' }}"
+  python-cryptography:
+    - "{{ ansible_os_family == 'Suse' }}"
+    - "{{ ansible_distribution_version is version('15.4', '<') }}"
  python3-apt:
    - "{{ ansible_os_family == 'Debian' }}"
    - "{{ ansible_distribution_major_version != '10' }}"
+  python3-cryptography:
+    - "{{ ansible_os_family == 'Suse' }}"
+    - "{{ ansible_distribution_version is version('15.4', '>=') }}"
  python3-libselinux:
    - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
  rsync: []
--- a/scripts/assert-sorted-checksums.yml
+++ b/scripts/assert-sorted-checksums.yml
@@ -48,6 +48,7 @@
      ansible_distribution: irrelevant
      ansible_distribution_major_version: irrelevant
      ansible_distribution_minor_version: irrelevant
+      ansible_distribution_version: 1.0
      ansible_os_family: irrelevant
    assert:
      that: "pkgs_lists | sort == pkgs_lists"