emdee/libvirt_cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ansible_local.*

Browse Source
This commit is contained in:
emdee 2023-12-29 20:03:58 +00:00
parent 762e81cea7
commit fde52a9abc
3 changed files with 679 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
ansible_local.args Normal file
View File

@ -0,0 +1,167 @@
# included file
# -o/--one-line
# debug can be split into controller/client
USAGE="USAGE: $0 [--verbose 0-3] [--check] [--debug port|-port|debug|ansible] [--diff] [--step] [--skip comma,separated] [--tags comma,separated] [ -l limit ] [ -c connection ] roles..."
skip=
tags='untagged'
check=0
connection='local'
verbose=1
debug=
diff=0
become=-1
limit=''
inventory=hosts.yml
step=0
timeout=60
gather_timeout=120
start=""
list_tags=0
list_tasks=0
# unused
user=""
group=""
home=""
also=""
# from inventory
TEMP=$(getopt -o 'HCRDSGTbs:t:u:v:g:h:a:l:c:i:' --long 'help,check,debug,diff,step,listtags,listtasks,become,start:,skip:,tags:,user:,verbose:,group:,home:,also:,limit:,connection:,inventory:' -n $0 -- "$@" )
if [ $? -ne 0 ]; then
echo $USAGE >&2
exit 1
fi
# Note the quotes around "$TEMP": they are essential!
eval set -- "$TEMP"
unset TEMP
# echo DEBUG: $*
while true; do
case "$1" in
'-H'|'--help')
echo $USAGE
exit 0
;;
'-C'|'--check')
check=1
shift
continue
;;
'-R'|'--debug')
shift
debug=$1
shift
continue
;;
'-D'|'--diff')
diff=1
shift
continue
;;
'-S'|'--step')
step=1
shift
continue
;;
'-G'|'--listtags')
list_tasks=1
shift
continue
;;
'-L'|'--listtasks')
list_tasks=1
shift
continue
;;
'-b'|'--become')
become=1
shift
continue
;;
'-T'|'--start')
start=$2
shift 2
continue
;;
'-s'|'--skip')
skip=$2
shift 2
continue
;;
'-t'|'--tags')
tags=$2
shift 2
continue
;;
'-u'|'--user')
user=$2
shift 2
continue
;;
'-v'|'--verbose')
verbose=$2
shift 2
continue
;;
'-g'|'--group')
group=$2
shift 2
continue
;;
'-h'|'--home')
home=$2
shift 2
continue
;;
'-a'|'--also')
also=$2
shift 2
continue
;;
'-l'|'--limit')
limit=$2
shift 2
continue
;;
'-c'|'--connection')
connection=$2
shift 2
continue
;;
'-i'|'--inventory')
inventory=$2
shift 2
continue
;;
'--')
shift
break
;;
*)
ERROR 'Internal error! unprocessed --' $* >&2
exit 2
;;
esac
done
# echo DEBUG: ROLES $*
roles="$*"
RUN_QERC_USERFILE="$HOME/QeRcUser.yaml"
[ -z "$limit" ] && BOX_HOST=localhost || BOX_HOST=$limit
limit=$BOX_HOST
# --flush-cache
if [ $verbose -eq 1 ] ; then
LARGS="-v"
elif [ $verbose -eq 2 ] ; then
LARGS="-vv"
elif [ $verbose -eq 3 ] ; then
LARGS="-vvv"
elif [ $verbose -eq 4 ] ; then
LARGS="-vvvv"
else
LARGS=""
fi

255
ansible_local.bash Normal file
View File

@ -0,0 +1,255 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
[ ! -f /usr/local/etc/testforge/testforge.bash ] || \
. /usr/local/etc/testforge/testforge.bash || exit 1
. /usr/local/bin/usr_local_tput.bash || exit 2
PYVER=3
PYTHON_MINOR=3.11 # $( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
#sudo chmod 1777 /tmp/.ansible /tmp/.ansible/tmp
PYTHON_EXE=/usr/local/bin/python${PYVER}.sh
# old 2 jinja2
export PYTHONPATH=/usr/local/lib/python3.11/site-packages
export TESTFORGE_ANSIBLE_DIR=$PWD
export TMPDIR=/mnt/tmp/Pentoo
export TMP=/mnt/tmp/Pentoo
# subtle problem with MFLAGS in a calling make getting picked up by an inferior make
export MFLAGS=""
WD=$PWD
skip=
tags='untagged'
check=0
connection=
verbose=1
debug=
diff=0
become=-1
limit=''
inventory=hosts.yml
step=0
timeout=60
gather_timeout=120
start=""
list_tags=0
list_tasks=0
# unused
user=""
group=""
home=""
also=""
#
verbose=2
limit=$1
roles="proxy toxcore"
[ -z "$limit" ] && BOX_HOST=localhost || BOX_HOST=$limit
limit=$BOX_HOST
. $PWD/ansible_local.args
# --flush-cache
if [ $verbose -eq 1 ] ; then
LARGS="-v"
elif [ $verbose -eq 2 ] ; then
LARGS="-vv"
elif [ $verbose -eq 3 ] ; then
LARGS="-vvv"
elif [ $verbose -eq 4 ] ; then
LARGS="-vvvv"
else
LARGS=""
fi
# https://git-scm.com/book/en/v2/Git-Internals-Environment-Variables
# https://github.blog/2018-02-01-crypto-removal-notice/
# https://stackoverflow.com/questions/48938019/git-pull-push-unable-to-access-https-ssl-routines-seem-to-be-down
if [ $verbose -ge 3 ] ; then
export GIT_TRACE=1
fi
if [ $verbose -ge 4 ] ; then
export GIT_CURL_VERBOSE=1
fi
export ANSIBLE_CONFIG=/o/var/local/src/play_tox/ansible.cfg
#? ANSIBLE_TRANSPORT=chroot PYTHONUNBUFFERED=1
if [ -z "$debug" ] ; then
EXE="$PYTHON_EXE /usr/local/bin/ansible-playbook"
elif [ $debug = debug -o $debug = ansible ] ; then
export ANSIBLE_KEEP_REMOTE_FILES=1
export ANSIBLE_STRATEGY=debug
EXE="$PYTHON_EXE /usr/local/bin/ansible-playbook"
elif [ $debug = trepan ] ; then
export ANSIBLE_KEEP_REMOTE_FILES=1
EXE="/var/local/bin/trepan${PYVER}2.bash /usr/local/bin/ansible-playbook"
elif [ $debug = trepan2c ] ; then
export ANSIBLE_KEEP_REMOTE_FILES=1
EXE="/var/local/bin/trepan${PYVER}c2.bash /usr/local/bin/ansible-playbook"
# coverage
elif [ $debug != 0 ] ; then
export ANSIBLE_KEEP_REMOTE_FILES=1
export _ANSIBLE_TREPAN_PORT=$debug
EXE="$PYTHON_EXE /usr/local/bin/ansible-playbook"
fi
LARGS="$LARGS -c $connection "
if [ $become -eq -1 ] ; then
[ $connection = chroot ] && become=0 || become=1
fi
[ $become -eq 0 ] || LARGS="$LARGS -b"
[ $check -eq 0 ] || LARGS="$LARGS --check"
[ $diff -eq 0 ] || LARGS="$LARGS -D"
[ $step -eq 0 ] || LARGS="$LARGS --step"
[ $list_tags -eq 0 ] || LARGS="$LARGS --list-tags"
[ $list_tasks -eq 0 ] || LARGS="$LARGS --list-tasks"
[ -n "$skip" ] && LARGS="$LARGS --skip-tags=$skip"
[ -n "$tags" ] && LARGS="$LARGS --tags=$tags"
[ -n "$start" ] && LARGS="$LARGS -start-at-task=\"$start\""
[ -n "$inventory" ] && LARGS="$LARGS --inventory=$inventory"
[ -n "$limit" ] && LARGS="$LARGS --limit=$limit"
# --flush-cache
df | grep -q /home$ && [ -n "$RUN_QERC_USERFILE" ] && [ -f "$RUN_QERC_USERFILE" ] && \
LARGS="$LARGS -e $RUN_QERC_USERFILE" && ls -l "$RUN_QERC_USERFILE"
# LARGS="$LARGS --ask-vault-pass" && ls -l "$RUN_QERC_USERFILE"
log_name=`echo $roles|sed -e 's/ /_/g'`
[ -z "$log_name" ] && log_name=ansible
[ "$tags" = untagged ] | log_name=${log_name}-${tags}
date=`date +%Y/%m/%d`
log_relpath=var/tmp/$date/$BOX_HOST/$log_name.log
grep -q "log_path = ${log_relpath}@" ansible.cfg || \
sed -e "s@^log_path = .*@log_path = ${log_relpath}@" -i ansible.cfg
ANSIBLE_RUN_LOG=$PWD/$log_relpath
EXTRA_VARS="{\"ANSIBLE_RUN_LOG\": $ANSIBLE_RUN_LOG"
if [ -d "$PLAY_PIP_CACHE" ] ; then
EXTRA_VARS="$EXTRA_VARS, \"PLAY_PIP_CACHE\": \"$PLAY_PIP_CACHE\""
fi
if [ -f "$PLAY_CA_CERT" ] ; then
EXTRA_VARS="$EXTRA_VARS, \"PLAY_CA_CERT\": \"$PLAY_CA_CERT\""
fi
EXTRA_VARS="$EXTRA_VARS, \"TESTF_ANSIBLE_SRC\": \"$PWD\""
# maybe dynamically determine this - but some of these conflict - e.g. qemu and lxc
#HOSTVMS_FEATURES="['vagrant', 'virtualbox', 'lxc']" # 'packer', 'qemu', 'libvirt', 'docker'
#EXTRA_VARS="$EXTRA_VARS, \"HOSTVMS_FEATURES\": \"$HOSTVMS_FEATURES\""
EXTRA_VARS="$EXTRA_VARS, \"BOX_HOST\": \"$BOX_HOST\""
# TESTF_QERC_USERFILE - NOT $HOME in case this is run as root - let it default
[ -z "$RUN_QERC_USERFILE" ] && [ -f "$RUN_QERC_USERFILE" ] && \
EXTRA_VARS="$EXTRA_VARS, \"RUN_QERC_USERFILE\": \"$RUN_QERC_USERFILE\"" # may not exist
# EXTRA_VARS="$EXTRA_VARS, \"INCD_SKEL_USERS_LIST\": [\"$BOX_USER_NAME\", \"mike\"]"
EXTRA_VARS="$EXTRA_VARS, \"ROLES\": [\"base\""
for role in $roles ; do
[ "$role" = "base" ] && continue
EXTRA_VARS="$EXTRA_VARS, \"$role\""
done
EXTRA_VARS="$EXTRA_VARS]}"
if false && [ $check -eq 0 ] && [ $list_tags -eq 0 ] && [ $list_tasks -eq 0 ] && [ "$tags" = "untagged" ] && \
! wget -O /dev/null --no-check-certificate http://google.com ; then
WARN "We cant reach the Internet - reauthenticate with the proxy?"
fi
[ -f hosts.yml ] || cat > hosts.yml << EOF
# -*- mode: yaml; tab-width: 0; coding: utf-8 -*-
---
all:
children:
localgroup:
hosts:
localhost:
vars:
ansible_connection: "local"
EOF
yamllint -c .yamllint.rc -f standard hosts.yml || {
ERROR yamllint -c .yamllint.rc -f standard hosts.yml
exit 5
}
[ -f ansible.cfg ] || cat > ansible.cfg << EOF
[defaults]
stdout_callback: yaml
log_path = ./var/tmp/2019/10/03/testforge_pydev_.pydev.log
# callback_plugins = $WD/lib/plugins/
# /i/data/DevOps/net/Http/docs.ansible.com/ansible/intro_configuration.html
# http://docs.ansible.com/ansible/intro_configuration.html#command-warnings
callback_whitelist = timer
command_warnings = False
retry_files_enabled = False
deprecation_warnings = False
display_args_to_stdout = False
error_on_undefined_vars = True
force_color = False
forks = 5
# Ansible by default will override variables in specific precedence orders, as described in Variables.
# When a variable of higher precedence wins, it will replace the other value.
#?! hash_behaviour = merged
#! fatal: [localhost]: FAILED! => {"changed": false, "cmd": "/bin/lsblk --list --noheadings --paths --output NAME,UUID --exclude 2", "msg": "Timer expired after 30 seconds", "rc": 257}
gather_timeout = 120
internal_poll_interval=0.1
# This sets the interval (in seconds) of Ansible internal processes polling each other. Lower values
# improve performance with large playbooks at the expense of extra CPU load. Higher values are more
# suitable for Ansible usage in automation scenarios, when UI responsiveness is not required but CPU usage
# might be a concern. Default corresponds to the value hardcoded in 2.1:
# Fixme: should be per user
local_tmp = /var/tmp
# library = /usr/share/ansible
library = $WD/library
nocows = 0
roles_path = $WD/roles
handler_includes_static = True
timeout = 60
EOF
# Fixme: should be per user
# local_tmp = /var/tmp
log_dir="`dirname $log_relpath`"
if [ -d $log_dir ] ; then
cp /dev/null $log_relpath
else
mkdir -p $log_dir
fi
ls $log_dir >/dev/null || { ERROR ls $log_dir ; exit 3 ; }
touch $log_relpath || { ERROR $prog $log_relpat not wrieaable; exit 4 ; }
ls -l $log_relpath || exit 5
#?[ -x /usr/local/bin/clean_path.bash ] && N="`/usr/local/bin/clean_path.bash`" || N=$PATH
# echo "INFO: PATH=$PATH"
# `grep log_path ansible.cfg`
if [ -z "$http_proxy" ] ; then
DBUG make sure http_proxy and no_proxy are set if you need them
. /usr/local/bin/proxy_export.bash
else
DBUG "http_proxy=$http_proxy CORP_NTLM_PROXY=$CORP_NTLM_PROXY"
fi
# [ -z "${DISPLAY}" ] && EXE="xvfb-run ${EXE}"
INFO "$EXE $LARGS --extra-vars \'$EXTRA_VARS\' ansible_local.yml"
DBUG PYTHON_MINOR=$PYTHON_MINOR PYTHONPATH=$PYTHONPATH
if ! ps ax | grep -v grep | grep -q ansible-playbook ; then
# clean the /var/tmp directory
rm -rf /var/tmp/ansible-*
fi
#? bash --norc $PYTHON_EXE
yamllint -c .yamllint.rc -f standard ansible_local.yml || {
ERROR yamllint -c .yamllint.rc -f ansible_local.yml
exit 8
}
# strace -o /tmp/check.str
exec env $ANSIBLE_ENV $EXE $LARGS \
--extra-vars "$EXTRA_VARS" \
ansible_local.yml

257
ansible_local.yml Normal file
View File

@ -0,0 +1,257 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8 -*-
---
- hosts: "{{ BOX_HOST }}" # |default('localhost')
#?? become: "{{ 'false' if ansible_connection|default('') == 'chroot' else 'true'}}"
# become_method: "'' if ansible_connection|default('') == 'chroot' else 'sudo'"
gather_facts: true
vars:
PLAY_CHROOT_CONNECTIONS: ['chroot', 'lxc', 'lxd', 'local'] #?
PLAY_NOSERVICE_CONNECTIONS: ['chroot', 'lxc', 'lxd', 'local'] #?
PLAY_NORSYNC_CONNECTIONS: ['chroot', 'lxc', 'lxd', 'local', 'libvirt_qemu']
PLAY_CA_CERT: "/usr/local/etc/ssl/cacert-curl.haxx.se.pem" # proxy?
# These now come from the inventory except for connection = local,chroot in base_proxy.yml
proxy_env:
# hostvars[inventory_hostname]['http_proxy']
http_proxy: "{{ http_proxy }}"
https_proxy: "{{ https_proxy }}"
socks_proxy: '{{ socks_proxy }}'
ftp_proxy: '{{ ftp_proxy }}'
no_proxy: '{{ no_proxy }}'
SSL_CERT_FILE: "{{ SSL_CERT_FILE }}"
RSYNC_PROXY: "{{ RSYNC_PROXY }}"
# pass this in the -e extravars to the playbook command line - but you need the user and password too...
CORP_NTLM_PROXY: ""
# ...so put CORP_NTLM_PROXY with the username and password in the QeRcUser file
# of the person running this playbook - not on the box - we use the RUN_ prefix.
# If you dont want this, pass in RUN_QERC_USERFILE="" in the -e extra_vars on the command line
# This is intened for credentials and could be vaulted - as opposed to runtime variables
# stored in ~/.config/testforge/facts.d/testforge.yml
RUN_QERC_USERFILE: "{{ lookup('env', 'HOME') }}/QeRcUser.yaml"
# this should be set on the command line
ROLES: []
# pip uses /usr/local
USR_LOCAL: "/usr/local"
# we are installing into the prefix /var/local to not interfere with
# other things that use /usr/local, including some things from other OSes.
VAR_LOCAL: "/var/local"
VAR_LOG: "{{VAR_LOCAL}}/var/log/testforge"
PIP_CACHE: "/root/.cache/pip"
# lynx uses SSL_CERT_DIR/SSL_CERT_FILE
PIP_CA_CERT: "{{USR_LOCAL}}/etc/ssl/cacert-testserver.pem"
PIP_INSTALL_ARGS: "--disable-pip-version-check --user --no-deps "
# for localhost host operations with hostvms - eg hosts.yml
PLAY_ANSIBLE_SRC: "{{ lookup('env', 'PWD')|default('') }}"
PLAY_GI_DATA : /a/tmp/GentooImgr
# lynis objects to . on the PATH and I cant find whos adding it
# FixMe: does this change the PATH?
environment:
# NOT lookup('env', 'PATH')
PATH: "{{ ansible_env.PATH +':' +VAR_LOCAL +'/bin'|replace('.:', '')}}"
pre_tasks:
- name: "Suspicious location (.) in PATH discovered"
shell: |
echo $PATH | grep '\.:' && echo "WARN: dot is on the PATH" && exit 1
exit 0
register: dot_on_path_fact
# warning not an error - I cant see who is putting it on the PATH - a tailing :
ignore_errors: true
- name: lookup env PATH
debug: msg="{{ ansible_env.PATH }}"
when:
- dot_on_path_fact is defined
- dot_on_path_fact is failed
- name: "set dates"
set_fact:
DOW: 0 # Day of week - unused
DOM: "{{ ansible_date_time.day|int }}" # Day of month
DATE: "{{ansible_date_time.day}}" # +%Y-%m-%d
date_slash: "{{ ansible_date_time.date|replace('-','/') }}" # +%Y/%m/%d
date_dash: "{{ ansible_date_time.date }}" # +%Y-%m-%d
date_week_slash: "{{ ansible_date_time.year }}/{{ ansible_date_time.weeknumber }}"
date_week_dash: "{{ ansible_date_time.year }}-{{ ansible_date_time.weeknumber }}"
- debug:
msg: "{{date_slash}} ansible_connection={{ansible_connection|default('') }} ROLES={{ROLES}}"
- name: "hostvars[inventory_hostname]"
debug:
# |to_yaml
msg: "hostvars[inventory_hostname] {{hostvars[inventory_hostname]}}"
when: false
- name: "ansible_lsb.id BOX_OS_FAMILY"
assert:
that:
- "'{{ansible_lsb.id}}' == '{{BOX_OS_NAME}}'"
success_msg: "BOX_OS_FAMILY={{BOX_OS_FAMILY}}"
fail_msg: "ON tHE WRONG BOX {{ansible_lsb.id}} "
when:
- ansible_connection != 'local'
- false # may not exist
ignore_errors: true
- name: "check BOX_ANSIBLE_CONNECTIONS"
assert:
that:
- "{{ansible_connection in BOX_ANSIBLE_CONNECTIONS}}"
- name: "we will use sudo and make it a prerequisite"
shell: |
which sudo
- name: "check ansible_python_interpreter"
shell: |
"{{ansible_python_interpreter|default('python3')}}" --version
- block:
- name: check nbd mounts
shell: |
cat /proc/partitions | grep nbd | head -1 | sed -e 's/.* //'
changed_when: false
register: nbd_out
ignore_errors: true
- name: nbd state
debug:
verbosity: 1
msg: 'var={{nbd_out}} BOX_NBD_DEV={{BOX_NBD_DEV}}'
ignore_errors: true
- name: nbd fact no
set_fact:
nbd_disk: ""
- name: nbd fact yes
set_fact:
nbd_dev: "{{nbd_out.stdout}}"
nbd_disk: "/dev/{{nbd_out.stdout}}"
when:
- nbd_out.rc|default(1) == 0
- nbd_out.stdout|default('') != ''
# required
tags: always
check_mode: false
when: ansible_connection == 'local' or ansible_connection == 'chroot'
- block:
- name: "spinup libvirt hosts"
shell: |
sudo virsh net-list | grep -q default || \
sudo virsh net-start default
sudo virsh list | grep -q "{{ inventory_hostname }}" || \
sudo virsh start "{{ inventory_hostname }}"
delegate_to: localhost
become: yes
- name: "spinup libvirt hosts"
# pip3.sh install ovirt-engine-sdk-python --break-system-packages
ovirt:
url: "qemu:///system"
instance_name: ubuntu18.04
instance_cpus: "1"
state: started
# instance_rootpw
user: "{{ BOX_USER_NAME }}" #
password: "{{ BOX_USER_NAME }}" # "{{ ansible_ssh_user }}
become: yes
# msg: ovirtsdk required for this module
ignore_errors: true
when: ansible_connection == 'libvirt_qemu'
# # required?
# tags: always
# check_mode: false
# handlers:
roles:
# Always run the base prerequsite role.
- role: base
# When you use always: it breaks using daily/monthly/weekly tags - OK as base doesnt use them
tags: always
- role: proxy
# You should run the proxy role even if you are not behind a proxy.
tags: always
when:
- "'proxy' in ROLES"
- role: ansible-gentoo_install
when:
# BOX_OS_FAMILY == 'Gentoo' or BOX_GENTOO_FROM_MP != '' ?
- ( ansible_connection == 'local' and nbd_disk|default('') != '' ) or (ansible_connection == 'chroot' )
- role: toxcore
tags: always
when:
- "'toxcore' in ROLES"
post_tasks:
# queue up these at the end to leave a summary of what happened
- block:
- name: "ANSIBLE_RUN_LOG"
shell: |
ls -l "{{ ANSIBLE_RUN_LOG }}"
exit 0
register: grep_run_log
ignore_errors: true
- block:
- name: last summary of WARN or ERROR in the logfile
#debug: msg="{{ grep_run_log.stdout }}"
#when: "grep_run_log is defined and grep_run_log.stdout_lines|length > 0"
shell: |
ANSIBLE_RUN_LOG="{{ ANSIBLE_RUN_LOG }}"
[ -s "$ANSIBLE_RUN_LOG" ] || { echo "ERROR: empty $ANSIBLE_RUN_LOG" ; exit 2 ; }
echo DEBUG: Summary for ROLES $roles
echo DEBUG: WARN
grep -h -e '^[ msg:-]*[W]ARN:' -e '^[ ]*.WARNING.:' \
-e "^[' stderroumsg:-]*WARN:" $ANSIBLE_RUN_LOG
echo DEBUG: ERROR
grep -h -e '^[ msg:-]*[E]RROR:' -e 'Input/output error' \
-e 'No such file or directory' -e '^[ ]*.ImportError:' \
-e "^[' stderroumsg:-]*ERROR:" $ANSIBLE_RUN_LOG
echo DEBUG: FAILED
grep -h -e 'fatal: \|^failed: ' -B 1 $ANSIBLE_RUN_LOG
exit 0
when:
- grep_run_log is success
# required
tags: always
check_mode: false
when:
- ANSIBLE_RUN_LOG|default('') != ''
delegate_to: localhost
# required
tags: always
# Force a task to run in normal mode, even when the playbook is called with --check
check_mode: false
# if .yamlint exists in this directory is ansible silently reading it?
# if it's garbage does it kill ansible with a no-descripted
# ERROR! Syntax Error while loading YAML.