Skip to content

Commit

Permalink
feat: support for ostree systems
Browse files Browse the repository at this point in the history
Feature: Allow running and testing the role with ostree managed nodes.

Reason: We have users who want to use the role to manage ostree
systems.

Result: Users can use the role to manage ostree managed nodes.
Signed-off-by: Rich Megginson <[email protected]>
  • Loading branch information
richm committed Nov 2, 2023
1 parent 235bf73 commit c0f6d69
Show file tree
Hide file tree
Showing 15 changed files with 261 additions and 1 deletion.
2 changes: 2 additions & 0 deletions .ansible-lint
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,5 @@ exclude_paths:
- examples/roles/
mock_roles:
- linux-system-roles.postfix
mock_modules:
- ansible.utils.update_fact
3 changes: 3 additions & 0 deletions .ostree/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
*NOTE*: The `*.txt` files are used by `get_ostree_data.sh` to create the lists
of packages, and to find other system roles used by this role. DO NOT use them
directly.
123 changes: 123 additions & 0 deletions .ostree/get_ostree_data.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
#!/bin/bash

set -euo pipefail

role_collection_dir="${ROLE_COLLECTION_DIR:-fedora/linux_system_roles}"
ostree_dir="${OSTREE_DIR:-"$(dirname "$(realpath "$0")")"}"

if [ -z "${4:-}" ] || [ "${1:-}" = help ] || [ "${1:-}" = -h ]; then
cat <<EOF
Usage: $0 packages [runtime|testing] DISTRO-MAJOR[.MINOR] [json|yaml|raw|toml]
The script will use the packages and roles files in $ostree_dir to
construct the list of packages needed to build the ostree image. The script
will output the list of packages in the given format
- json is a JSON list like ["pkg1","pkg2",....,"pkgN"]
- yaml is the YAML list format
- raw is the list of packages, one per line
- toml is a list of [[packages]] elements as in https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/composing_installing_and_managing_rhel_for_edge_images/index#creating-an-image-builder-blueprint-for-a-rhel-for-edge-image-using-the-command-line-interface_composing-a-rhel-for-edge-image-using-image-builder-command-line
The DISTRO-MAJOR.MINOR is the same format used by Ansible for distribution e.g. CentOS-8, RedHat-8.9, etc.
EOF
exit 1
fi
category="$1"
pkgtype="$2"
distro_ver="$3"
format="$4"
pkgtypes=("$pkgtype")
if [ "$pkgtype" = testing ]; then
pkgtypes+=(runtime)
fi

get_rolepath() {
local ostree_dir role rolesdir roles_parent_dir
ostree_dir="$1"
role="$2"
roles_parent_dir="$(dirname "$(dirname "$ostree_dir")")"
rolesdir="$roles_parent_dir/$role/.ostree"
# assumes collection format
if [ -d "$rolesdir" ]; then
echo "$rolesdir"
return 0
fi
# assumes legacy role format like linux-system-roles.$role/
for rolesdir in "$roles_parent_dir"/*-system-roles."$role"/.ostree; do
if [ -d "$rolesdir" ]; then
echo "$rolesdir"
return 0
fi
done
# look elsewhere
if [ -n "${ANSIBLE_COLLECTIONS_PATHS:-}" ]; then
for pth in ${ANSIBLE_COLLECTIONS_PATHS//:/ }; do
rolesdir="$pth/ansible_collections/$role_collection_dir/roles/$role/.ostree"
if [ -d "$rolesdir" ]; then
echo "$rolesdir"
return 0
fi
done
fi
return 1
}

get_packages() {
local ostree_dir pkgtype pkgfile rolefile
ostree_dir="$1"
for pkgtype in "${pkgtypes[@]}"; do
for suff in "" "-$distro" "-${distro}-${major_ver}" "-${distro}-${ver}"; do
pkgfile="$ostree_dir/packages-${pkgtype}${suff}.txt"
if [ -f "$pkgfile" ]; then
cat "$pkgfile"
fi
done
rolefile="$ostree_dir/roles-${pkgtype}.txt"
if [ -f "$rolefile" ]; then
local roles role rolepath
roles="$(cat "$rolefile")"
for role in $roles; do
rolepath="$(get_rolepath "$ostree_dir" "$role")"
get_packages "$rolepath"
done
fi
done | sort -u
}

format_packages_json() {
local comma pkgs pkg
comma=""
pkgs="["
while read -r pkg; do
pkgs="${pkgs}${comma}\"${pkg}\""
comma=,
done
pkgs="${pkgs}]"
echo "$pkgs"
}

format_packages_raw() {
cat
}

format_packages_yaml() {
while read -r pkg; do
echo "- $pkg"
done
}

format_packages_toml() {
while read -r pkg; do
echo "[[packages]]"
echo "name = \"$pkg\""
echo "version = \"*\""
done
}

distro="${distro_ver%%-*}"
ver="${distro_ver##*-}"
if [[ "$ver" =~ ^([0-9]*) ]]; then
major_ver="${BASH_REMATCH[1]}"
else
echo ERROR: cannot parse major version number from version "$ver"
exit 1
fi

"get_$category" "$ostree_dir" | "format_${category}_$format"
1 change: 1 addition & 0 deletions .ostree/packages-runtime.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
postfix
2 changes: 2 additions & 0 deletions .ostree/roles-runtime.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
firewall
selinux
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.12.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
roles/postfix/.ostree/get_ostree_data.sh shebang!skip
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.13.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
roles/postfix/.ostree/get_ostree_data.sh shebang!skip
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.14.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
roles/postfix/.ostree/get_ostree_data.sh shebang!skip
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.15.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
roles/postfix/.ostree/get_ostree_data.sh shebang!skip
1 change: 1 addition & 0 deletions .sanity-ansible-ignore-2.9.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
roles/postfix/.ostree/get_ostree_data.sh shebang!skip
66 changes: 66 additions & 0 deletions README-ostree.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# rpm-ostree

The role supports running on [rpm-ostree](https://coreos.github.io/rpm-ostree/)
systems. The primary issue is that the `/usr` filesystem is read-only, and the
role cannot install packages. Instead, it will just verify that the necessary
packages and any other `/usr` files are pre-installed. The role will change the
package manager to one that is compatible with `rpm-ostree` systems.

## Building

To build an ostree image for a particular operating system distribution and
version, use the script `.ostree/get_ostree_data.sh` to get the list of
packages. If the role uses other system roles, then the script will include the
packages for the other roles in the list it outputs. The list of packages will
be sorted in alphanumeric order.

Usage:

```bash
.ostree/get_ostree_data.sh packages runtime DISTRO-VERSION FORMAT
```

`DISTRO-VERSION` is in the format that Ansible uses for `ansible_distribution`
and `ansible_distribution_version` - for example, `Fedora-38`, `CentOS-8`,
`RedHat-9.4`

`FORMAT` is one of `toml`, `json`, `yaml`, `raw`

* `toml` - each package in a TOML `[[packages]]` element

```toml
[[packages]]
name = "package-a"
version = "*"
[[packages]]
name = "package-b"
version = "*"
...
```

* `yaml` - a YAML list of packages

```yaml
- package-a
- package-b
...
```

* `json` - a JSON list of packages

```json
["package-a","package-b",...]
```

* `raw` - a plain text list of packages, one per line

```bash
package-a
package-b
...
```

What format you choose depends on which image builder you are using. For
example, if you are using something based on
[osbuild-composer](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/composing_installing_and_managing_rhel_for_edge_images/index#creating-an-image-builder-blueprint-for-a-rhel-for-edge-image-using-the-command-line-interface_composing-a-rhel-for-edge-image-using-image-builder-command-line),
you will probably want to use the `toml` output format.
12 changes: 11 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@ If the `postfix` is a role from the `fedora.linux_system_roles`
collection or from the Fedora RPM package, the requirement is already
satisfied.

Otherwise, please run the following command line to install the collection.
The role requires additional collections to manage `rpm-ostree` systems.
If you need to manage `rpm-ostree` systems, run the below command to
install the collections.

```bash
ansible-galaxy collection install -r meta/collection-requirements.yml
Expand Down Expand Up @@ -48,6 +50,10 @@ package and replaces the existing `/etc/postfix/main.cf` and
`/etc/postfix/master.cf` files. <!--- wokeignore:rule=master -->
Ensure to back up those files to preserve your settings.

**WARNING**: When managing `rpm-ostree` systems, the role cannot reinstall the
postfix package, so it just replaces the modified config files with empty files.
This is not idempotent.

If you specify only `previous: replaced` under the `postfix_conf` dictionary,
the role re-installs the `postfix` package and enables the `postfix` service
without applying any configuration.
Expand Down Expand Up @@ -191,6 +197,10 @@ set to true `postfix_backup` is ignored):
- linux-system-roles.postfix
```

## rpm-ostree

See README-ostree.md

## License

Copyright (C) 2017 Jaroslav Škarvada <[email protected]>
Expand Down
2 changes: 2 additions & 0 deletions meta/collection-requirements.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
# SPDX-License-Identifier: MIT
---
collections:
- ansible.posix
- ansible.utils
- fedora.linux_system_roles
28 changes: 28 additions & 0 deletions tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
when:
- postfix_conf.previous is defined
- postfix_conf.previous == "replaced"
- ansible_facts.pkg_mgr | d() != "ansible.posix.rhel_rpm_ostree"
block:
# It is assumed that the only package providing config files that might
# be modified is postfix - if this is not so, then additional
Expand All @@ -29,6 +30,33 @@
selectattr('stdout', 'search', ' /etc/postfix/.*[.]cf($|\n)') |
list | length > 0

- name: Remove configuration for replacement
when:
- postfix_conf.previous | d() == "replaced"
- ansible_facts.pkg_mgr | d() == "ansible.posix.rhel_rpm_ostree"
block:
# It is assumed that the only package providing config files that might
# be modified is postfix - if this is not so, then additional
# packages need to be added to this check
- name: Get status of config files
command: rpm -V --nomtime {{ item }} # noqa command-instead-of-module
loop: "{{ __postfix_packages }}"
register: __postfix_packages_status
failed_when: false
changed_when: false

- name: Remove config files - make empty
copy:
dest: "{{ item }}"
content: "\n" # to make postconf -e happy
mode: preserve
loop: "{{ mod_cf_files }}"
vars:
mod_cf_files: "{{ __postfix_packages_status.results |
map(attribute='stdout') | map('default', '') |
map('regex_findall', ' (/etc/postfix/.*[.]cf)(?:$|\n)') | select |
flatten | list }}"

- name: Configure firewall
include_tasks: firewall.yml

Expand Down
18 changes: 18 additions & 0 deletions tasks/set_facts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,21 @@
gather_subset: "{{ __postfix_required_facts_subsets }}"
when: __postfix_required_facts |
difference(ansible_facts.keys() | list) | length > 0

- name: Ensure correct package manager for ostree systems
vars:
ostree_pkg_mgr: ansible.posix.rhel_rpm_ostree
ostree_booted_file: /run/ostree-booted
when: ansible_facts.pkg_mgr | d("") != ostree_pkg_mgr
block:
- name: Check if system is ostree
stat:
path: "{{ ostree_booted_file }}"
register: __ostree_booted_stat

- name: Set package manager to use for ostree
ansible.utils.update_fact:
updates:
- path: ansible_facts.pkg_mgr
value: "{{ ostree_pkg_mgr }}"
when: __ostree_booted_stat.stat.exists

0 comments on commit c0f6d69

Please sign in to comment.