From f13b80cac00d387d1f562fba3da12f2422676165 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 19 May 2025 17:33:21 +0200 Subject: [PATCH 1/4] ClearLinux: remove special casing - put package install in system_packages - docker should be handled by the approriate roles if used as container engine --- roles/bootstrap_os/tasks/clear-linux-os.yml | 16 ---------------- roles/system_packages/vars/main.yml | 3 +++ 2 files changed, 3 insertions(+), 16 deletions(-) delete mode 100644 roles/bootstrap_os/tasks/clear-linux-os.yml diff --git a/roles/bootstrap_os/tasks/clear-linux-os.yml b/roles/bootstrap_os/tasks/clear-linux-os.yml deleted file mode 100644 index 2e41eaa01..000000000 --- a/roles/bootstrap_os/tasks/clear-linux-os.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# ClearLinux ships with Python installed - -- name: Install basic package to run containers - package: - name: containers-basic - state: present - -- name: Make sure docker service is enabled - systemd_service: - name: docker - masked: false - enabled: true - daemon_reload: true - state: started - become: true diff --git a/roles/system_packages/vars/main.yml b/roles/system_packages/vars/main.yml index b26924047..c07f70bfc 100644 --- a/roles/system_packages/vars/main.yml +++ b/roles/system_packages/vars/main.yml @@ -27,6 +27,9 @@ pkgs: container-selinux: - "{{ ansible_os_family == 'RedHat' }}" - "{{ 'k8s_cluster' in group_names }}" + containers-basic: + - "{{ ansible_os_family == 'ClearLinux' }}" + - "{{ 'k8s_cluster' in group_names }}" curl: [] device-mapper: - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}" From 21520229260bf50b958680955116124822350c9c Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 19 May 2025 17:40:54 +0200 Subject: [PATCH 2/4] debian-based distro: handle apt update cache when installing packages The package module pass options to the underlying packages manager module if they support it. No need to handle it in bootstrap. --- roles/bootstrap_os/tasks/debian.yml | 12 ------------ roles/system_packages/tasks/main.yml | 1 + 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/roles/bootstrap_os/tasks/debian.yml b/roles/bootstrap_os/tasks/debian.yml index 9b18baa06..acfc0483b 100644 --- a/roles/bootstrap_os/tasks/debian.yml +++ b/roles/bootstrap_os/tasks/debian.yml @@ -50,15 +50,3 @@ become: true when: - need_bootstrap.rc != 0 - -- name: Update Apt cache - raw: apt-get update --allow-releaseinfo-change - become: true - when: - - os_release_dict['ID'] == 'debian' - - os_release_dict['VERSION_ID'] in ["10", "11"] - register: bootstrap_update_apt_result - changed_when: - - '"changed its" in bootstrap_update_apt_result.stdout' - - '"value from" in bootstrap_update_apt_result.stdout' - ignore_errors: true diff --git a/roles/system_packages/tasks/main.yml b/roles/system_packages/tasks/main.yml index 97d0cbb72..909110b6e 100644 --- a/roles/system_packages/tasks/main.yml +++ b/roles/system_packages/tasks/main.yml @@ -69,6 +69,7 @@ package: name: "{{ item.packages | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}" state: "{{ item.state }}" + update_cache: true register: pkgs_task_result until: pkgs_task_result is succeeded retries: "{{ pkg_install_retries }}" From d5b2a9b5bae57a2f5be6cf614e6b0c2154c43442 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 19 May 2025 17:49:29 +0200 Subject: [PATCH 3/4] opensuse: move package installation to system_packages No reason to special case --- roles/bootstrap_os/tasks/opensuse.yml | 28 --------------------------- roles/system_packages/tasks/main.yml | 3 ++- roles/system_packages/vars/main.yml | 10 +++++++++- scripts/assert-sorted-checksums.yml | 1 + 4 files changed, 12 insertions(+), 30 deletions(-) diff --git a/roles/bootstrap_os/tasks/opensuse.yml b/roles/bootstrap_os/tasks/opensuse.yml index 5a4f9dead..796801958 100644 --- a/roles/bootstrap_os/tasks/opensuse.yml +++ b/roles/bootstrap_os/tasks/opensuse.yml @@ -55,31 +55,3 @@ become: true tags: - facts - -# Without this package, the get_url module fails when trying to handle https -- name: Install python-cryptography - community.general.zypper: - name: python-cryptography - state: present - update_cache: true - become: true - when: - - ansible_distribution_version is version('15.4', '<') - -- name: Install python3-cryptography - community.general.zypper: - name: python3-cryptography - state: present - update_cache: true - become: true - when: - - ansible_distribution_version is version('15.4', '>=') - -# Nerdctl needs some basic packages to get an environment up -- name: Install basic dependencies - community.general.zypper: - name: - - iptables - - apparmor-parser - state: present - become: true diff --git a/roles/system_packages/tasks/main.yml b/roles/system_packages/tasks/main.yml index 909110b6e..269c4bc03 100644 --- a/roles/system_packages/tasks/main.yml +++ b/roles/system_packages/tasks/main.yml @@ -69,7 +69,8 @@ package: name: "{{ item.packages | dict2items | selectattr('value', 'ansible.builtin.all') | map(attribute='key') }}" state: "{{ item.state }}" - update_cache: true + update_cache: "{{ true if ansible_pkg_mgr in ['zypper', 'apt', 'dnf'] else omit }}" + cache_valid_time: "{{ 86400 if ansible_pkg_mgr == 'apt' else omit }}" # 24h register: pkgs_task_result until: pkgs_task_result is succeeded retries: "{{ pkg_install_retries }}" diff --git a/roles/system_packages/vars/main.yml b/roles/system_packages/vars/main.yml index c07f70bfc..90cf120cb 100644 --- a/roles/system_packages/vars/main.yml +++ b/roles/system_packages/vars/main.yml @@ -7,6 +7,8 @@ pkgs_to_remove: pkgs: apparmor: - "{{ ansible_os_family == 'Debian' }}" + apparmor-parser: + - "{{ ansible_os_family == 'Suse' }}" apt-transport-https: - "{{ ansible_os_family == 'Debian' }}" aufs-tools: @@ -51,7 +53,7 @@ pkgs: - "{{ kube_proxy_mode != 'ipvs' }}" - "{{ 'k8s_cluster' in group_names }}" iptables: - - "{{ ansible_os_family in ['Debian', 'RedHat'] }}" + - "{{ ansible_os_family in ['Debian', 'RedHat', 'Suse'] }}" iputils: - "{{ not ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk', 'Debian'] }}" - "{{ main_access_ip is defined }}" @@ -91,9 +93,15 @@ pkgs: python-apt: - "{{ ansible_os_family == 'Debian' }}" - "{{ ansible_distribution_major_version == '10' }}" + python-cryptography: + - "{{ ansible_os_family == 'Suse' }}" + - "{{ ansible_distribution_version is version('15.4', '<') }}" python3-apt: - "{{ ansible_os_family == 'Debian' }}" - "{{ ansible_distribution_major_version != '10' }}" + python3-cryptography: + - "{{ ansible_os_family == 'Suse' }}" + - "{{ ansible_distribution_version is version('15.4', '>=') }}" python3-libselinux: - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}" rsync: [] diff --git a/scripts/assert-sorted-checksums.yml b/scripts/assert-sorted-checksums.yml index d7e2e86db..904abdf10 100755 --- a/scripts/assert-sorted-checksums.yml +++ b/scripts/assert-sorted-checksums.yml @@ -48,6 +48,7 @@ ansible_distribution: irrelevant ansible_distribution_major_version: irrelevant ansible_distribution_minor_version: irrelevant + ansible_distribution_version: 1.0 ansible_os_family: irrelevant assert: that: "pkgs_lists | sort == pkgs_lists" From 5243b33bd79b5fcda5b4ebaec989b48ec259ce11 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 19 May 2025 17:56:50 +0200 Subject: [PATCH 4/4] Cleanup support for removed OS in bootstrap - centos < 8 - debian 10 --- roles/bootstrap_os/tasks/centos.yml | 26 ----------------------- roles/system_packages/tasks/main.yml | 31 ---------------------------- 2 files changed, 57 deletions(-) diff --git a/roles/bootstrap_os/tasks/centos.yml b/roles/bootstrap_os/tasks/centos.yml index a113c573d..02cc429f0 100644 --- a/roles/bootstrap_os/tasks/centos.yml +++ b/roles/bootstrap_os/tasks/centos.yml @@ -17,32 +17,6 @@ when: not skip_http_proxy_on_os_packages # For Oracle Linux install public repo -- name: Download Oracle Linux public yum repo - get_url: - url: https://yum.oracle.com/public-yum-ol7.repo - dest: /etc/yum.repos.d/public-yum-ol7.repo - mode: "0644" - when: - - use_oracle_public_repo | default(true) - - '''ID="ol"'' in os_release.stdout_lines' - - (ansible_distribution_version | float) < 7.6 - environment: "{{ proxy_env }}" - -- name: Enable Oracle Linux repo - community.general.ini_file: - dest: /etc/yum.repos.d/public-yum-ol7.repo - section: "{{ item }}" - option: enabled - value: "1" - mode: "0644" - with_items: - - ol7_latest - - ol7_addons - - ol7_developer_EPEL - when: - - use_oracle_public_repo | default(true) - - '''ID="ol"'' in os_release.stdout_lines' - - (ansible_distribution_version | float) < 7.6 - name: Install EPEL for Oracle Linux repo package package: diff --git a/roles/system_packages/tasks/main.yml b/roles/system_packages/tasks/main.yml index 269c4bc03..d9cffada6 100644 --- a/roles/system_packages/tasks/main.yml +++ b/roles/system_packages/tasks/main.yml @@ -15,37 +15,6 @@ - ansible_pkg_mgr == 'zypper' tags: bootstrap_os -- name: Add debian 10 required repos - when: - - ansible_distribution == "Debian" - - ansible_distribution_version == "10" - tags: - - bootstrap_os - block: - - name: Add Debian Backports apt repo - apt_repository: - repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main" - state: present - filename: debian-backports - - - name: Set libseccomp2 pin priority to apt_preferences on Debian buster - copy: - content: | - Package: libseccomp2 - Pin: release a={{ ansible_distribution_release }}-backports - Pin-Priority: 1001 - dest: "/etc/apt/preferences.d/libseccomp2" - owner: "root" - mode: "0644" - -- name: Update package management cache (APT) - apt: - update_cache: true - cache_valid_time: 3600 - when: ansible_os_family == "Debian" - tags: - - bootstrap_os - - name: Remove legacy docker repo file file: path: "{{ yum_repo_dir }}/docker.repo"