SYS-576 use ansible import_tasks in place of include; update python-b…

…uilder images (#117)

ansible/requirements.txt

@@ -1,3 +1,3 @@
-ansible==4.9.0
-ansible-lint==5.2.1
-pip==21.3.1
+ansible==8.2.0
+ansible-lint==6.17.2
+pip==23.2.1

ansible/roles/docker_node/tasks/main.yml

@@ -4,9 +4,9 @@
 # Set up all packages, volumes, security definitions and services
 #  for a docker swarm node
 
-- include: security.yml
-- include: repos.yml
-- include: kernel.yml
+- import_tasks: security.yml
+- import_tasks: repos.yml
+- include_tasks: kernel.yml
   when: kernel.non_stock
-- include: packages.yml
-- include: docker.yml
+- import_tasks: packages.yml
+- import_tasks: docker.yml

ansible/roles/docker_node/templates/docker.service.conf.j2

@@ -0,0 +1,6 @@
+[Unit]
+RequiresMountsFor={{ docker_volumewait }}
+
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd {{ docker.cli_opts }}

ansible/roles/fileserver/tasks/main.yml

@@ -14,8 +14,8 @@
     name: python-pip
   when: ansible_distribution_version < '20.04'
 
-- include: nfs.yml
-- include: instantlinux.yml
-- include: samba.yml
-- include: virtualbox.yml
-- include: vsftpd.yml
+- import_tasks: nfs.yml
+- import_tasks: instantlinux.yml
+- import_tasks: samba.yml
+- import_tasks: virtualbox.yml
+- import_tasks: vsftpd.yml

ansible/roles/kubernetes/tasks/main.yml

@@ -50,14 +50,14 @@
   command: hostnamectl --static set-hostname {{ inventory_hostname }}
   when: inventory_hostname != ansible_hostname
 
-- include: cri-dockerd.yml
+- include_tasks: cri-dockerd.yml
 
 - name: Set up master
-  include: master.yml
+  include_tasks: master.yml
   when: k8s.master
 
 - name: Join cluster
-  include: join.yml
+  include_tasks: join.yml
   when: not k8s.master
 
 # TODO bug 1294

ansible/roles/monitoring_agent/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 # main.yml
 
-- include: packages.yml
+- import_tasks: packages.yml
 
 - name: Local nagios plugins path
   file:

ansible/roles/mythfrontend/tasks/main.yml

@@ -8,19 +8,19 @@
     path: "{{ x11_config_path }}"
     state: directory
 
-- include: "{{ ansible_os_family | lower }}/packages.yml"
-- include: "{{ ansible_os_family | lower }}/lirc.yml"
+- include_tasks: "{{ ansible_os_family | lower }}/packages.yml"
+- include_tasks: "{{ ansible_os_family | lower }}/lirc.yml"
   when: ansible_distribution_version < '18.04'
-- include: "{{ ansible_os_family | lower }}/network.yml"
+- include_tasks: "{{ ansible_os_family | lower }}/network.yml"
   when: ansible_distribution_version < '18.04'
 
-- include: "{{ ansible_os_family | lower }}/ir-keytable.yml"
+- include_tasks: "{{ ansible_os_family | lower }}/ir-keytable.yml"
   when: ansible_distribution_version >= '18.04'
 
-- include: autosuspend.yml
+- include_tasks: autosuspend.yml
   when: suspend
 
-- include: drivers/{{ display_driver.type }}.yml
+- include_tasks: drivers/{{ display_driver.type }}.yml
 
-- include: setup.yml
-- include: "{{ ansible_os_family | lower }}/desktop.yml"
+- include_tasks: setup.yml
+- include_tasks: "{{ ansible_os_family | lower }}/desktop.yml"

ansible/roles/network/tasks/main.yml

@@ -3,11 +3,11 @@
   apt:
     name: "{{ ubuntu_packages }}"
 
-- include: network_legacy.yml
+- import_tasks: network_legacy.yml
   when: ansible_distribution_version < '18.04'
 
-- include: netplan.yml
+- import_tasks: netplan.yml
   when: ansible_distribution_version >= '18.04'
 
-- include: kernel.yml
-- include: sshd.yml
+- import_tasks: kernel.yml
+- import_tasks: sshd.yml

ansible/roles/users/tasks/main.yml

@@ -3,8 +3,8 @@
 
 # This is heavily customized: replace with your own security policies
 
-- include: packages.yml
-- include: grub.yml
+- import_tasks: packages.yml
+- import_tasks: grub.yml
 
 - name: Define group ids
   group:

ansible/roles/volumes/tasks/main.yml

@@ -32,8 +32,8 @@
   - Cryptsetup resize
   - Filesystem resize
 
-- include: encrypted.yml
-- include: cifs.yml
+- import_tasks: encrypted.yml
+- import_tasks: cifs.yml
 
 - name: Network and local fstab entries
   mount:

images/python-builder/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.18
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF
@@ -14,33 +14,31 @@ ENV BUILD_DIR=/build \
     PYTHONPATH= \
     TZ=UTC
 
-ARG BUILDX_VERSION=0.7.1
-ARG COMPOSE_VERSION=1.29.2
-ARG HELM_VERSION=3.9.0-r1
-ARG KUBECTL_VERSION=1.20.4
-ARG MUSL_VERSION=1.2.2-r7
-ARG PIP_VERSION=20.2.3
-ARG PYTHON_VERSION=3.9.7-r4
-ARG PYCRYPTOGRAPHY_VERSION=3.3.2-r3
-ARG PYPILLOW_VERSION=8.4.0-r3
+ARG BUILDX_VERSION=0.11.2
+ARG COMPOSE_VERSION=2.20.2
+ARG HELM_VERSION=3.11.3-r0
+ARG KUBECTL_VERSION=1.27.4
+ARG MUSL_VERSION=1.2.4-r1
+ARG PIP_VERSION=23.2.1
+ARG PYTHON_VERSION=3.11.4-r0
+ARG PYCRYPTOGRAPHY_VERSION=40.0.2-r1
+ARG PYPILLOW_VERSION=9.5.0-r1
 ARG _DOCKER_DOWNLOADS=https://github.com/docker/compose/releases/download
 ARG _KUBECTL_DOWNLOADS=https://storage.googleapis.com/kubernetes-release/release
 ARG _BUILDX_URL=https://github.com/docker/buildx/releases/download/v${BUILDX_VERSION}/buildx-v${BUILDX_VERSION}.linux-amd64
-ARG _COMPOSE_URL=${_DOCKER_DOWNLOADS}/${COMPOSE_VERSION}/docker-compose-Linux-x86_64
+ARG _COMPOSE_URL=${_DOCKER_DOWNLOADS}/v${COMPOSE_VERSION}/docker-compose-linux-x86_64
 ARG _KUBECTL_URL=${_KUBECTL_DOWNLOADS}/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
 ARG DOCKER_GID=485
 ARG BUILD_UID=1001
-ARG BUILDX_SHA=22fcb78c66905bf6ddf198118aaa9838b0349a25347606264be17e4276d6d5fc
-ARG COMPOSE_SHA=f3f10cf3dbb8107e9ba2ea5f23c1d2159ff7321d16f0a23051d68d8e2547b323
-ARG KUBECTL_SHA=98e8aea149b00f653beeb53d4bd27edda9e73b48fed156c4a0aa1dabe4b1794c
+ARG BUILDX_SHA=311568ee69715abc46163fd688e56c77ab0144ff32e116d0f293bfc3470e75b7
+ARG COMPOSE_SHA=b9385dabb7931636a3afc0aee94625ebff3bb29584493a87804afb6ebaf2d916
+ARG KUBECTL_SHA=4685bfcf732260f72fce58379e812e091557ef1dfc1bc8084226c7891dd6028f
 
 COPY Pipfile* /root/
 
 RUN addgroup -g $DOCKER_GID docker && \
     adduser -D -h $BUILD_DIR -u $BUILD_UID -G docker \
       -s /bin/bash $BUILD_USER && \
-    echo '@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing' \
-      >>/etc/apk/repositories && \
     apk add --update --no-cache \
       bash curl docker-cli gcc gettext git gzip jq libffi-dev make \
       musl==$MUSL_VERSION musl-dev==$MUSL_VERSION openssh-client \
@@ -49,7 +47,7 @@ RUN addgroup -g $DOCKER_GID docker && \
       py3-pycryptodomex py3-flask py3-flask-babel py3-greenlet \
       py3-itsdangerous py3-passlib \
       py3-pillow=$PYPILLOW_VERSION py3-pip py3-requests py3-virtualenv \
-      helm@testing=$HELM_VERSION sqlite tar tzdata wget && \
+      helm=$HELM_VERSION sqlite tar tzdata wget && \
     cp /usr/share/zoneinfo/$TZ /etc/localtime && \
     echo $TZ >/etc/timezone && \
     mkdir -p /usr/lib/docker/cli-plugins && \

images/python-builder/Pipfile

@@ -1,28 +1,27 @@
 # To generate Pipfile.lock:
-#  docker run --rm -it -v `pwd`:/build alpine:3.15 sh
+#  docker run --rm -it -v `pwd`:/build alpine:3.18 sh
 #  apk add python3-dev gcc musl-dev libffi-dev py3-pip py3-pillow
-#  pip install pipenv==2020.11.15 && cd /build && pipenv lock --verbose
+#  pip install pipenv==2023.7.23 && cd /build && pipenv lock --verbose
 
 [packages]
 # alpine provides pre-built wheels for these
-Authlib = "==0.15.5"
-babel = "==2.9.1"
-boto3 = "==1.18.49"
-botocore = "==1.21.49"
-cachetools = "==4.1.1"
-cffi = "==1.14.5"
-cryptography = "==3.3.2"
-Flask = "==2.0.2"
-Flask-Babel = "==2.0.0"
-greenlet = "==1.1.2"
-itsdangerous = "==2.0.1"
-packaging = "==20.9"
+Authlib = "==1.2.0"
+babel = "==2.12.1"
+boto3 = "==1.26.132"
+botocore = "==1.29.132"
+cachetools = "==5.3.0"
+cffi = "==1.15.1"
+cryptography = "==40.0.2"
+Flask = "==2.2.3"
+Flask-Babel = "==3.1.0"
+greenlet = "==2.0.2"
+itsdangerous = "==2.1.2"
+packaging = "==23.1"
 passlib = "1.7.4"
-# Commented out until alpine 3.16
-# Pillow = "==8.4.0"
-pycryptodomex = "==3.10.1"
+Pillow = "==9.5.0"
+pycryptodomex = "==3.17"
 python-dateutil = "==2.8.2"
-requests = "==2.26.0"
+requests = "==2.31.0"
 
 alembic = "*"
 arrow = "*"