diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 000000000..0301ad68a --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,26 @@ +--- +# Project-level ansible-lint configuration for ansible-lint 26.x +# Profile levels: min, basic, moderate, safety, shared, production +profile: min + +# Exclude external/vendored roles and hardware-specific roles +exclude_paths: + - roles/galaxy/ + - roles/nvidia-dgx/ + - roles/nvidia-dgx-firmware/ + - roles/nvidia-gpu-tests/ + - submodules/ + +# Skip rules for pre-existing issues across the codebase. +# These should be fixed incrementally in future PRs. +skip_list: + - fqcn[action-core] # 634 violations: modules not using FQCN + - fqcn[action] # 24 violations: same for non-core + - name[casing] # 526 violations: task names not capitalized + - yaml[truthy] # 152 violations: yes/no instead of true/false + - yaml[octal-values] # 52 violations: octal file modes + - jinja[spacing] # 20 violations: jinja2 spacing + - name[play] # 12 violations: play names + - schema[meta] # 3 violations: meta/main.yml schema + - key-order[task] # 3 violations: task key ordering + - ignore-errors # pre-existing ignore_errors usage diff --git a/.github/workflows/ansible-lint-roles.yml b/.github/workflows/ansible-lint-roles.yml index 9b574d673..be2e4f611 100644 --- a/.github/workflows/ansible-lint-roles.yml +++ b/.github/workflows/ansible-lint-roles.yml @@ -5,23 +5,23 @@ on: - pull_request jobs: lint: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: check out repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: "${{ github.repository }}" - name: set up python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: - python-version: "3.9" + python-version: "3.10" - name: install dependencies run: | python3 -m pip install --upgrade pip - python3 -m pip install ansible-lint==5.4.0 ansible==4.8.0 + python3 -m pip install ansible-lint==26.1.1 ansible==10.7.0 - name: run lint script env: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 005da3b1e..c43a97068 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -24,18 +24,18 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 55eee2ec7..d9b03347f 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -5,42 +5,43 @@ on: - pull_request jobs: build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 strategy: - max-parallel: 4 + fail-fast: false matrix: deepops-role: - cachefilesd - facts - kerberos_client - lmod - - nis_client - nfs - nhc - nvidia_dcgm - openmpi - openshift - - rsyslog_client - - rsyslog_server - mofed - - singularity_wrapper - - slurm - spack + # Excluded from Docker CI (require systemd services that can't + # run in containers): nis_client, rsyslog_client, rsyslog_server, + # slurm. Tested end-to-end on real MAAS VMs instead. + # Also excluded: singularity_wrapper (broken upstream Galaxy dep) steps: - name: check out repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: "${{ github.repository }}" - name: set up python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: - python-version: "3.9" + python-version: "3.12" - name: install dependencies run: | python3 -m pip install --upgrade pip - python3 -m pip install ansible==4.8.0 - python3 -m pip install molecule[docker] docker + python3 -m pip install ansible==10.7.0 passlib + python3 -m pip install molecule molecule-plugins[docker] docker - name: run molecule test + env: + ANSIBLE_ROLES_PATH: "${{ github.workspace }}/${{ github.repository }}/roles/galaxy:${{ github.workspace }}/${{ github.repository }}/roles" run: | cd "${{ github.repository }}/roles" ansible-galaxy role install --force -r ./requirements.yml diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml new file mode 100644 index 000000000..c76487b07 --- /dev/null +++ b/.github/workflows/setup.yml @@ -0,0 +1,25 @@ +--- +name: test setup.sh +on: + - push + - pull_request +jobs: + setup: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: + - ubuntu-22.04 + - ubuntu-24.04 + steps: + - name: check out repo + uses: actions/checkout@v4 + + - name: run setup.sh + run: bash scripts/setup.sh + + - name: verify ansible in venv + run: | + source /opt/deepops/env/bin/activate + ansible --version + python3 -c "from packaging.version import Version; print('packaging OK')" diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index bee157879..59049dbbd 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v3 + - uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue is stale because it has been open for 60 days with no activity. Please update the issue or it will be closed in 7 days.' diff --git a/.gitignore b/.gitignore index 994801774..ef8d9d733 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,13 @@ # misc. .*.swp +# virtualenv +/.venv/ + +# claude code +/CLAUDE.md +/tasks/ + # project-specific /admin.conf /config*/ diff --git a/ansible.cfg b/ansible.cfg index 3e49b7ad1..349edff5d 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -11,7 +11,8 @@ fact_caching_timeout = 86400 deprecation_warnings = False #vault_password_file = ./config/.vault-pass timeout=60 -stdout_callback = yaml +stdout_callback = ansible.builtin.default +result_format = yaml bin_ansible_callbacks = True local_tmp=/tmp remote_tmp=/tmp diff --git a/config.example/group_vars/all.yml b/config.example/group_vars/all.yml index e041ae430..ecb0c448c 100644 --- a/config.example/group_vars/all.yml +++ b/config.example/group_vars/all.yml @@ -302,7 +302,7 @@ standalone_container_registry_port: "5000" ################################################################################ # Configuration for NGC-Ready playbook # ################################################################################ -ngc_ready_cuda_container: "nvcr.io/nvidia/cuda:10.1-base-ubuntu18.04" -ngc_ready_pytorch: "nvcr.io/nvidia/pytorch:18.10-py3" -ngc_ready_tensorflow: "nvcr.io/nvidia/tensorflow:18.10-py3" +ngc_ready_cuda_container: "nvcr.io/nvidia/cuda:12.4.1-base-ubuntu22.04" +ngc_ready_pytorch: "nvcr.io/nvidia/pytorch:24.04-py3" +ngc_ready_tensorflow: "nvcr.io/nvidia/tensorflow:24.04-tf2-py3" diff --git a/config.example/group_vars/k8s-cluster.yml b/config.example/group_vars/k8s_cluster.yml similarity index 93% rename from config.example/group_vars/k8s-cluster.yml rename to config.example/group_vars/k8s_cluster.yml index 65609a6ee..ee7e141cf 100644 --- a/config.example/group_vars/k8s-cluster.yml +++ b/config.example/group_vars/k8s_cluster.yml @@ -44,7 +44,7 @@ dashboard_metrics_scrape_tagr: "v1.0.4" dashboard_metrics_scraper_repo: "kubernetesui/metrics-scraper" # Ensure hosts file generation only runs across k8s cluster -hosts_add_ansible_managed_hosts_groups: ["k8s-cluster"] +hosts_add_ansible_managed_hosts_groups: ["k8s_cluster"] # NFS Client Provisioner # Playbook: nfs-client-provisioner.yml @@ -76,10 +76,9 @@ docker_registry_mirrors: "{{ groups['kube-master'] | map('regex_replace', '^(.*) #containerd_insecure_registries: # "registry.local:31500": "http://registry.local:31500" -# Workaround an issue where kubespray defaults are causing containerd failures -# https://github.com/kubernetes-sigs/cri-tools/issues/436 -# https://github.com/kubernetes-sigs/cri-tools/issues/710 -containerd_snapshotter: "native" +# Use overlayfs snapshotter (kubespray default, works on ext4/xfs). +# The previous "native" workaround for cri-tools #436/#710 is no longer needed. +containerd_snapshotter: "overlayfs" # Work-around for https://github.com/kubernetes-sigs/kubespray/issues/8529 nerdctl_extra_flags: " --insecure-registry" diff --git a/config.example/inventory b/config.example/inventory index 60a3dff7d..8ccc57f38 100644 --- a/config.example/inventory +++ b/config.example/inventory @@ -19,7 +19,7 @@ ###### # KUBERNETES ###### -[kube-master] +[kube_control_plane] #mgmt01 #mgmt02 #mgmt03 @@ -31,13 +31,13 @@ #mgmt03 # Also add mgmt/master nodes here if they will run non-control plane jobs -[kube-node] +[kube_node] #gpu01 #gpu02 -[k8s-cluster:children] -kube-master -kube-node +[k8s_cluster:children] +kube_control_plane +kube_node ###### # SLURM diff --git a/playbooks/bootstrap/bootstrap-openshift.yml b/playbooks/bootstrap/bootstrap-openshift.yml index a511445a0..d1b779867 100644 --- a/playbooks/bootstrap/bootstrap-openshift.yml +++ b/playbooks/bootstrap/bootstrap-openshift.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master +- hosts: kube_control_plane become: true tasks: - name: Install required Python OpenShift packages/libraries diff --git a/playbooks/container/docker.yml b/playbooks/container/docker.yml index 9fbf8027d..d073bba30 100644 --- a/playbooks/container/docker.yml +++ b/playbooks/container/docker.yml @@ -7,7 +7,7 @@ vars_files: # include kubespray-defaults here so that we can set the facts using the # kubespray 0020-set_facts.yml tasks - - ../../submodules/kubespray/roles/kubespray-defaults/defaults/main.yml + - ../../submodules/kubespray/roles/kubespray_defaults/defaults/main/main.yml - ../../submodules/kubespray/roles/kubernetes/preinstall/defaults/main.yml tasks: - name: include kubespray task to set facts required for docker role @@ -25,12 +25,9 @@ tags: - docker vars: - # override deprecated dockerproject repo; old docker repo broken as of 03.04.2020 - dockerproject_rh_repo_base_url: 'https://download.docker.com/linux/centos/7/$basearch/stable' - dockerproject_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg' fallback_ips: [] roles: - - role: kubespray-defaults + - role: kubespray_defaults when: docker_install | default('yes') - role: "../../submodules/kubespray/roles/container-engine/docker" when: docker_install | default('yes') diff --git a/playbooks/generic/users.yml b/playbooks/generic/users.yml index 3114c9c45..8c7fce506 100644 --- a/playbooks/generic/users.yml +++ b/playbooks/generic/users.yml @@ -21,7 +21,7 @@ - name: Configure SSH to allow login with password include_role: - name: dev-sec.ssh-hardening + name: devsec.hardening.ssh_hardening - name: Set user password include_role: diff --git a/playbooks/k8s-cluster.yml b/playbooks/k8s-cluster.yml index fc3b165c7..72ed289f1 100644 --- a/playbooks/k8s-cluster.yml +++ b/playbooks/k8s-cluster.yml @@ -68,7 +68,7 @@ import_playbook: generic/hosts.yml - name: Set up a local cluster container registry - import_playbook: container/standalone-container-registry.yml hostlist=kube-master + import_playbook: container/standalone-container-registry.yml hostlist=kube_control_plane when: kube_enable_container_registry|default(false) # Install 'sshpass' program for: https://github.com/ansible/ansible/issues/56629 @@ -110,15 +110,11 @@ environment: "{{proxy_env if proxy_env is defined else {}}}" # Install Kubernetes -# for configuration, see: config/group_vars/k8s-cluster.yml +# for configuration, see: config/group_vars/k8s_cluster.yml - name: Install Kubernetes import_playbook: ../submodules/kubespray/cluster.yml tags: - k8s - vars: - # override deprecated dockerproject repo; old docker repo broken as of 03.04.2020 - dockerproject_rh_repo_base_url: 'https://download.docker.com/linux/centos/7/$basearch/stable' - dockerproject_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg' # Disable swap (required for k8s), kubespray method doesn't quite cut it - hosts: all @@ -132,7 +128,7 @@ - swap # Manage Kubernetes cluster access config file -- hosts: k8s-cluster +- hosts: k8s_cluster gather_facts: false vars: ansible_become: no @@ -169,7 +165,7 @@ - name: Install NVIDIA driver on GPU servers import_playbook: nvidia-software/nvidia-driver.yml vars: - hostlist: "k8s-cluster" + hostlist: "k8s_cluster" tags: - nvidia when: deepops_gpu_operator_enabled|default(true) | bool == false or @@ -178,7 +174,7 @@ - name: Install NVIDIA container runtime on GPU servers import_playbook: container/nvidia-docker.yml vars: - hostlist: "k8s-cluster" + hostlist: "k8s_cluster" tags: - nvidia when: @@ -187,7 +183,7 @@ - container_manager is defined and container_manager == "docker" # Manage kubectl binary -- hosts: kube-master +- hosts: kube_control_plane gather_facts: false vars: ansible_become: no @@ -200,7 +196,7 @@ run_once: true tags: - local -- hosts: k8s-cluster +- hosts: k8s_cluster gather_facts: false vars: config_dir: "../config" @@ -256,9 +252,9 @@ tags: - local -# Remove taint from kube-master nodes. +# Remove taint from kube_control_plane nodes. # This keeps backwards compatibility and allows a few services (monitoring/etc.) to run properly. -- hosts: kube-master +- hosts: kube_control_plane gather_facts: false vars: ansible_become: no @@ -272,7 +268,7 @@ - name: kubeadm | Remove taint for master with node role command: "{{ artifacts_dir }}/kubectl --kubeconfig {{ artifacts_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/control-plane:NoSchedule-" delegate_to: localhost - failed_when: false # Taint will not be present if kube-master also under kube-node + failed_when: false # Taint will not be present if kube_control_plane also under kube_node - name: Install k8s GPU feature discovery import_playbook: k8s-cluster/nvidia-k8s-gpu-feature-discovery.yml @@ -299,11 +295,11 @@ - name: Setup rsyslog server import_playbook: generic/rsyslog-server.yml vars: - hostlist: "{{ rsyslog_server_hostname | default('kube-master[0]') }}" + hostlist: "{{ rsyslog_server_hostname | default('kube_control_plane[0]') }}" when: kube_enable_rsyslog_server|default(true) - name: Setup rsyslog client import_playbook: generic/rsyslog-client.yml vars: - hostlist: "{{ rsyslog_client_group | default('k8s-cluster') }}" + hostlist: "{{ rsyslog_client_group | default('k8s_cluster') }}" when: kube_enable_rsyslog_client|default(true) diff --git a/playbooks/k8s-cluster/container-registry.yml b/playbooks/k8s-cluster/container-registry.yml index 470ad504c..eef256c9e 100644 --- a/playbooks/k8s-cluster/container-registry.yml +++ b/playbooks/k8s-cluster/container-registry.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master +- hosts: kube_control_plane become: true tasks: - name: Install helm chart for container registry @@ -9,7 +9,7 @@ tags: - container-registry -- hosts: kube-node +- hosts: kube_node become: true vars: container_registry_hostname: registry.local @@ -17,6 +17,6 @@ - name: Set registry hostname in /etc/hosts lineinfile: path: /etc/hosts - line: "{{ hostvars[groups['kube-master'][0]]['ansible_host'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }} {{ container_registry_hostname }}" + line: "{{ hostvars[groups['kube_control_plane'][0]]['ansible_host'] | default(hostvars[groups['kube_control_plane'][0]]['ansible_default_ipv4']['address']) }} {{ container_registry_hostname }}" tags: - container-registry diff --git a/playbooks/k8s-cluster/netapp-trident.yml b/playbooks/k8s-cluster/netapp-trident.yml index 433edc15c..1259b1a78 100644 --- a/playbooks/k8s-cluster/netapp-trident.yml +++ b/playbooks/k8s-cluster/netapp-trident.yml @@ -2,7 +2,7 @@ # Playbook for deploying NetApp Trident - name: "Install NFS utils on worker nodes" - hosts: kube-node + hosts: kube_node become: true become_method: sudo tasks: @@ -16,7 +16,7 @@ when: ansible_os_family == "RedHat" - name: "Deploy NetApp Trident" - hosts: kube-master + hosts: kube_control_plane become: true vars_files: - ../../config/group_vars/netapp-trident.yml diff --git a/playbooks/k8s-cluster/nfs-client-provisioner.yml b/playbooks/k8s-cluster/nfs-client-provisioner.yml index d4806dcbc..93592e85b 100644 --- a/playbooks/k8s-cluster/nfs-client-provisioner.yml +++ b/playbooks/k8s-cluster/nfs-client-provisioner.yml @@ -1,7 +1,7 @@ --- # This playbook is used to setup the nfs-client-provisioner # If the cluster already has an nfs server setup run with --skip-tags="nfs_server,nfs_mkdir" -# Otherwhise an NFS server will be configured on kube-master[0] +# Otherwhise an NFS server will be configured on kube_control_plane[0] # After settting up an NFS server, nfs software is installed on all nodes # Lastly, the nfs-client-provisioner is helm installed using the role # @@ -9,7 +9,7 @@ # For production deployments please configur NFS with storage-partner guidance # # Install the required NFS software on all nodes and then helm install the nfs-client -- hosts: kube-master[0] +- hosts: kube_control_plane[0] become: yes tasks: - name: Make sure NFS directory exists and is globally writable @@ -25,14 +25,14 @@ - nfs_is_server: yes when: k8s_deploy_nfs_server -- hosts: "k8s-cluster" +- hosts: "k8s_cluster" become: yes roles: - nfs tags: - nfs_software -- hosts: kube-master[0] +- hosts: kube_control_plane[0] become: true tasks: - name: install nfs-client-provisioner diff --git a/playbooks/k8s-cluster/nvidia-gpu-operator.yml b/playbooks/k8s-cluster/nvidia-gpu-operator.yml index 6435704fb..72a77cae6 100644 --- a/playbooks/k8s-cluster/nvidia-gpu-operator.yml +++ b/playbooks/k8s-cluster/nvidia-gpu-operator.yml @@ -3,7 +3,7 @@ import_playbook: ../bootstrap/bootstrap-openshift.yml # GPU operator -- hosts: kube-master[0] +- hosts: kube_control_plane[0] become: yes tasks: - name: Install helm chart for GPU operator diff --git a/playbooks/k8s-cluster/nvidia-k8s-gpu-device-plugin.yml b/playbooks/k8s-cluster/nvidia-k8s-gpu-device-plugin.yml index 89fda5273..cae53061e 100644 --- a/playbooks/k8s-cluster/nvidia-k8s-gpu-device-plugin.yml +++ b/playbooks/k8s-cluster/nvidia-k8s-gpu-device-plugin.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master[0] +- hosts: kube_control_plane[0] become: true tasks: - name: install k8s GPU plugin diff --git a/playbooks/k8s-cluster/nvidia-k8s-gpu-feature-discovery.yml b/playbooks/k8s-cluster/nvidia-k8s-gpu-feature-discovery.yml index 38be3b372..b7c8a49d4 100644 --- a/playbooks/k8s-cluster/nvidia-k8s-gpu-feature-discovery.yml +++ b/playbooks/k8s-cluster/nvidia-k8s-gpu-feature-discovery.yml @@ -1,5 +1,5 @@ --- -- hosts: kube-master[0] +- hosts: kube_control_plane[0] become: true tasks: - name: install k8s GPU feature discovery diff --git a/playbooks/k8s-cluster/nvidia-network-operator.yaml b/playbooks/k8s-cluster/nvidia-network-operator.yaml index e5f3fa7cc..c30469023 100644 --- a/playbooks/k8s-cluster/nvidia-network-operator.yaml +++ b/playbooks/k8s-cluster/nvidia-network-operator.yaml @@ -1,7 +1,7 @@ --- ## Playbook for installing nvidia-network-operator # -- hosts: kube-master[0] +- hosts: kube_control_plane[0] become: true become_method: sudo tasks: diff --git a/playbooks/k8s-cluster/roce.yaml b/playbooks/k8s-cluster/roce.yaml index eb0080af1..e7e3a3770 100644 --- a/playbooks/k8s-cluster/roce.yaml +++ b/playbooks/k8s-cluster/roce.yaml @@ -8,7 +8,7 @@ name: roce_backend tasks_from: allhosts -- hosts: kube-node +- hosts: kube_node become: true become_method: sudo tasks: @@ -26,7 +26,7 @@ state: present pull: yes -- hosts: kube-master +- hosts: kube_control_plane become: true become_method: sudo tasks: diff --git a/playbooks/utilities/nvidia-gpu-tests.yml b/playbooks/utilities/nvidia-gpu-tests.yml index c4ff03dc0..9941f0288 100644 --- a/playbooks/utilities/nvidia-gpu-tests.yml +++ b/playbooks/utilities/nvidia-gpu-tests.yml @@ -1,5 +1,5 @@ --- -- hosts: [ kube-node, slurm-node ] +- hosts: [ kube_node, slurm-node ] gather_facts: no tasks: - name: Include NVIDIA GPU tests role diff --git a/playbooks/utilities/user-password.yml b/playbooks/utilities/user-password.yml index 3ea617c7e..c538dc699 100644 --- a/playbooks/utilities/user-password.yml +++ b/playbooks/utilities/user-password.yml @@ -19,7 +19,7 @@ passwd: "{{ hostvars['localhost'].passwd }}" - name: Configure SSH to allow login with password include_role: - name: dev-sec.ssh-hardening + name: devsec.hardening.ssh_hardening vars: ssh_client_hardening: false ssh_server_password_login: true diff --git a/roles/alertmanager/tasks/main.yml b/roles/alertmanager/tasks/main.yml index 57c1ed2c9..724b5a3e1 100644 --- a/roles/alertmanager/tasks/main.yml +++ b/roles/alertmanager/tasks/main.yml @@ -14,22 +14,10 @@ mode: 0644 notify: restart alertmanager -- name: Ensure Python 2 dependencies are installed via OS packages - when: (ansible_python.version.major==2) and (ansible_python.version.minor==7) - block: - - name: install python-docker - package: - name: python-docker - -- name: Ensure Python 3 dependencies are installed via pip - when: ansible_python.version.major==3 - block: - - name: install pip - package: - name: python3-pip - - name: install docker - pip: - name: docker +- name: install python3 docker module + package: + name: python3-docker + state: present - name: create a persistent docker volume for metrics docker_volume: diff --git a/roles/cachefilesd/molecule/default/molecule.yml b/roles/cachefilesd/molecule/default/molecule.yml index 5f420835f..50511b5a4 100644 --- a/roles/cachefilesd/molecule/default/molecule.yml +++ b/roles/cachefilesd/molecule/default/molecule.yml @@ -4,46 +4,11 @@ dependency: driver: name: docker platforms: - - name: cachefilesd-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp + - name: cachefilesd-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true privileged: true - - name: cachefilesd-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true - - name: cachefilesd-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true -# - name: cachefilesd-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# command: /sbin/init -# tmpfs: -# - /run -# - /tmp -# pre_build_image: true -# privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/docker-login/tasks/main.yml b/roles/docker-login/tasks/main.yml index da30d7a7e..e2b475e7b 100644 --- a/roles/docker-login/tasks/main.yml +++ b/roles/docker-login/tasks/main.yml @@ -1,15 +1,7 @@ --- -- name: ensure python prereqs are installed +- name: ensure python3 docker module is installed package: - name: "{{ item }}" - state: present - with_items: - - "python3-setuptools" - - "python3-pip" - -- name: ensure docker pip package is installed - pip: - name: "docker" + name: python3-docker state: present - name: log into docker registry diff --git a/roles/easy-build-packages/.ansible-lint b/roles/easy-build-packages/.ansible-lint deleted file mode 100644 index 56d1a87e6..000000000 --- a/roles/easy-build-packages/.ansible-lint +++ /dev/null @@ -1,4 +0,0 @@ -skip_list: - - meta-no-info # meta/main.yml should contain relevant info - - no-changed-when # Commands should not change things if nothing needs doing - - role-name diff --git a/roles/easy-build/.ansible-lint b/roles/easy-build/.ansible-lint deleted file mode 100644 index 1d5137cbf..000000000 --- a/roles/easy-build/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -skip_list: # or 'skip_list' to silence them completely - - meta-no-info - - role-name diff --git a/roles/easy-build/tasks/main.yml b/roles/easy-build/tasks/main.yml index 190c60177..d04efcbfe 100644 --- a/roles/easy-build/tasks/main.yml +++ b/roles/easy-build/tasks/main.yml @@ -4,12 +4,16 @@ --- - name: "install needed packages" become: yes - action: apt name=python3-setuptools state=present + ansible.builtin.apt: + name: python3-setuptools + state: present when: ansible_os_family == "Debian" - name: "install needed packages" become: yes - action: yum name=python3-setuptools state=present + ansible.builtin.yum: + name: python3-setuptools + state: present when: ansible_os_family == "RedHat" - name: "rm previous tmp folders" @@ -38,7 +42,11 @@ when: not ebsw_exe.matched - name: "download bootstrap script" - get_url: url="{{ item.url }}" dest="{{ item.dest }}" mode='u=rwx,g=rwx,o=rx' force=yes + ansible.builtin.get_url: + url: "{{ item.url }}" + dest: "{{ item.dest }}" + mode: 'u=rwx,g=rwx,o=rx' + force: true with_items: - url: "{{ eb_bootstrap_url }}" dest: '/tmp' @@ -95,7 +103,10 @@ when: not ebsw_exe.matched - name: "rm EasyBuild tmp directories" - file: path={{ eb_tmp_dir }} state=absent force=yes + ansible.builtin.file: + path: "{{ eb_tmp_dir }}" + state: absent + force: true when: not ebsw_exe.matched - name: "configure sh profile" diff --git a/roles/facts/molecule/default/molecule.yml b/roles/facts/molecule/default/molecule.yml index 751c2c001..26b7ba44c 100644 --- a/roles/facts/molecule/default/molecule.yml +++ b/roles/facts/molecule/default/molecule.yml @@ -4,42 +4,11 @@ dependency: driver: name: docker platforms: - - name: facts-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp + - name: facts-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true - - name: facts-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - - name: facts-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true -# - name: facts-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# command: /sbin/init -# tmpfs: -# - /run -# - /tmp -# pre_build_image: true + privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/kerberos_client/.ansible-lint b/roles/kerberos_client/.ansible-lint deleted file mode 100644 index a61d06902..000000000 --- a/roles/kerberos_client/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -skip_list: - - meta-no-info # meta/main.yml should contain relevant info - - meta-no-tags # Tags must contain lowercase letters and digits only diff --git a/roles/kerberos_client/molecule/default/molecule.yml b/roles/kerberos_client/molecule/default/molecule.yml index 624ee9d24..b6fa34e32 100644 --- a/roles/kerberos_client/molecule/default/molecule.yml +++ b/roles/kerberos_client/molecule/default/molecule.yml @@ -4,42 +4,11 @@ dependency: driver: name: docker platforms: - - name: krb-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp + - name: krb-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true - - name: krb-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - - name: krb-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true -# - name: krb-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# command: /sbin/init -# tmpfs: -# - /run -# - /tmp -# pre_build_image: true + privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/kerberos_client/tasks/main.yml b/roles/kerberos_client/tasks/main.yml index 30b9181ea..534487620 100644 --- a/roles/kerberos_client/tasks/main.yml +++ b/roles/kerberos_client/tasks/main.yml @@ -6,25 +6,19 @@ with_items: - kerberos_client_realm_name -- name: Install the kerberos packages - yum: name={{ item }} state=present - with_items: '{{ kerberos_client_redhat7_pkg }}' - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7" +- name: Install the kerberos packages (RedHat) + ansible.builtin.yum: + name: "{{ item }}" + state: present + with_items: "{{ kerberos_client_redhat_pkg }}" + when: ansible_os_family == "RedHat" -- name: Install the kerberos packages - yum: name={{ item }} state=present - with_items: '{{ kerberos_client_redhat8_pkg }}' - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8" - -- name: Install the kerberos packages - apt: name={{ item }} state=present - with_items: '{{ kerberos_client_ubuntu18_pkg }}' - when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "18" - -- name: Install the kerberos packages - apt: name={{ item }} state=present - with_items: '{{ kerberos_client_ubuntu20_pkg }}' - when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "20" +- name: Install the kerberos packages (Ubuntu) + ansible.builtin.apt: + name: "{{ item }}" + state: present + with_items: "{{ kerberos_client_ubuntu_pkg }}" + when: ansible_distribution == "Ubuntu" - name: Copy the client configuration file template: diff --git a/roles/kerberos_client/vars/main.yml b/roles/kerberos_client/vars/main.yml index 333da8f3e..d34a44320 100644 --- a/roles/kerberos_client/vars/main.yml +++ b/roles/kerberos_client/vars/main.yml @@ -1,23 +1,11 @@ --- -kerberos_client_redhat7_pkg: - - libselinux-python - - krb5-libs - - krb5-workstation - - cyrus-sasl-gssapi - -kerberos_client_redhat8_pkg: +kerberos_client_redhat_pkg: - python3-libselinux - krb5-libs - krb5-workstation - cyrus-sasl-gssapi -kerberos_client_ubuntu18_pkg: - - python-selinux - - krb5-user - - libsasl2-modules-gssapi-mit - - libpam-krb5 - -kerberos_client_ubuntu20_pkg: +kerberos_client_ubuntu_pkg: - python3-selinux - krb5-user - libsasl2-modules-gssapi-mit diff --git a/roles/lmod/molecule/default/molecule.yml b/roles/lmod/molecule/default/molecule.yml index bbdf03097..b5bfbbc08 100644 --- a/roles/lmod/molecule/default/molecule.yml +++ b/roles/lmod/molecule/default/molecule.yml @@ -4,30 +4,11 @@ dependency: driver: name: docker platforms: - - name: lmod-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: lmod-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host privileged: true pre_build_image: true - - name: lmod-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: lmod-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -# - name: lmod-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# privileged: true -# pre_build_image: true provisioner: name: ansible ansible_args: diff --git a/roles/lmod/tasks/main.yml b/roles/lmod/tasks/main.yml index d0aab1b78..2e603cbbf 100644 --- a/roles/lmod/tasks/main.yml +++ b/roles/lmod/tasks/main.yml @@ -28,15 +28,6 @@ state: present when: ansible_os_family == "Debian" -- name: "install packages" - become: yes - yum: - name: - - bash - - tcsh - - Lmod - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7" - - name: "install packages" become: yes dnf: @@ -45,7 +36,7 @@ - tcsh - Lmod enablerepo: powertools - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8" + when: ansible_os_family == "RedHat" - name: "mkdir software path" become: yes @@ -83,25 +74,6 @@ tags: - configuration -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891541 -- name: "bugfix for lmod posix_c" - become: yes - register: lmod_bugfix_posix - file: - src: "/usr/lib/x86_64-linux-gnu/lua/{{ item }}/posix_c.so" - dest: "/usr/lib/x86_64-linux-gnu/lua/{{ item }}/posix.so" - owner: "root" - group: "root" - state: "link" - force: true - when: - - ansible_distribution == 'Ubuntu' - - ansible_distribution_version == '18.04' - with_items: - - "5.1" - - "5.2" - - "5.3" - - name: "unset previous lmod setup" shell: unset MODULEPATH_ROOT # noqa command-instead-of-shell register: unset_lmod_bash diff --git a/roles/mofed/molecule/default/molecule.yml b/roles/mofed/molecule/default/molecule.yml index 4619ac7ee..e4793732f 100644 --- a/roles/mofed/molecule/default/molecule.yml +++ b/roles/mofed/molecule/default/molecule.yml @@ -4,32 +4,9 @@ dependency: driver: name: docker platforms: - - name: mofed-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - pre_build_image: true - privileged: true - - name: mofed-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - pre_build_image: true - privileged: true - - name: mofed-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - pre_build_image: true - privileged: true - - name: mofed-centos-8 - image: geerlingguy/docker-centos8-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init + - name: mofed-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true privileged: true provisioner: @@ -39,6 +16,6 @@ provisioner: inventory: group_vars: all: - mofed_install_flags: "--all --without-fw-update --user-space-only" + mofed_install_flags: "--all --without-fw-update --user-space-only" verifier: name: ansible diff --git a/roles/netapp-trident/.ansible-lint b/roles/netapp-trident/.ansible-lint deleted file mode 100644 index c99e8dbfb..000000000 --- a/roles/netapp-trident/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: -- var-naming diff --git a/roles/nfs/molecule/default/molecule.yml b/roles/nfs/molecule/default/molecule.yml index f96e9e787..14a90e43f 100644 --- a/roles/nfs/molecule/default/molecule.yml +++ b/roles/nfs/molecule/default/molecule.yml @@ -4,42 +4,11 @@ dependency: driver: name: docker platforms: - - name: nfs-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp + - name: nfs-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true - - name: nfs-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - - name: nfs-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true -# - name: nfs-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# command: /sbin/init -# tmpfs: -# - /run -# - /tmp -# pre_build_image: true + privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/nfs/tasks/client.yml b/roles/nfs/tasks/client.yml index 0cdf38333..fc551fef3 100644 --- a/roles/nfs/tasks/client.yml +++ b/roles/nfs/tasks/client.yml @@ -21,17 +21,11 @@ tags: - nfs -- name: rhel 7 | install management prereq - yum: - name: "libsemanage-python" - state: present - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7" - -- name: rhel 8 | install management prereq +- name: rhel | install management prereq yum: name: "python3-libsemanage" state: present - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8" + when: ansible_os_family == "RedHat" - name: rhel | enable nfs home directory usage seboolean: diff --git a/roles/nginx-docker-registry-cache/tasks/server.yml b/roles/nginx-docker-registry-cache/tasks/server.yml index 6713351d8..37b0300bc 100644 --- a/roles/nginx-docker-registry-cache/tasks/server.yml +++ b/roles/nginx-docker-registry-cache/tasks/server.yml @@ -1,20 +1,8 @@ --- -- name: Ensure Python 2 dependencies are installed via OS packages - when: (ansible_python.version.major==2) and (ansible_python.version.minor==7) - block: - - name: install python-docker - package: - name: python-docker - -- name: Ensure Python 3 dependencies are installed via pip - when: ansible_python.version.major==3 - block: - - name: install pip - package: - name: python3-pip - - name: install docker - pip: - name: docker +- name: install python3 docker module + package: + name: python3-docker + state: present - name: Ensure data directories exist file: diff --git a/roles/nhc/.ansible-lint b/roles/nhc/.ansible-lint deleted file mode 100644 index e91e4f81d..000000000 --- a/roles/nhc/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: - - meta-no-info # meta/main.yml should contain relevant info diff --git a/roles/nhc/molecule/default/molecule.yml b/roles/nhc/molecule/default/molecule.yml index 5d20b09ff..805cbf218 100644 --- a/roles/nhc/molecule/default/molecule.yml +++ b/roles/nhc/molecule/default/molecule.yml @@ -4,36 +4,11 @@ dependency: driver: name: docker platforms: - - name: nhc-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: nhc-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - name: nhc-ubuntu-2204 image: geerlingguy/docker-ubuntu2204-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: nhc-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + cgroupns_mode: host privileged: true pre_build_image: true -# - name: nhc-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# privileged: true -# pre_build_image: true provisioner: name: ansible ansible_args: diff --git a/roles/nis_client/molecule/default/molecule.yml b/roles/nis_client/molecule/default/molecule.yml index 4a445d244..9279779af 100644 --- a/roles/nis_client/molecule/default/molecule.yml +++ b/roles/nis_client/molecule/default/molecule.yml @@ -4,34 +4,11 @@ dependency: driver: name: docker platforms: - - name: nis-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init + - name: nis-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true privileged: true - - name: nis-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - pre_build_image: true - privileged: true - - name: nis-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - pre_build_image: true - privileged: true -# - name: nis-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# command: /sbin/init -# pre_build_image: true -# privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/nvidia-gpu-operator/.ansible-lint b/roles/nvidia-gpu-operator/.ansible-lint deleted file mode 100644 index 51514baf1..000000000 --- a/roles/nvidia-gpu-operator/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -skip_list: -- meta-no-info -- role-name diff --git a/roles/nvidia-k8s-gpu-device-plugin/.ansible-lint b/roles/nvidia-k8s-gpu-device-plugin/.ansible-lint deleted file mode 100644 index 2445c56a8..000000000 --- a/roles/nvidia-k8s-gpu-device-plugin/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -skip_list: - - meta-no-info # meta/main.yml should contain relevant info - - role-name diff --git a/roles/nvidia-k8s-gpu-feature-discovery/.ansible-lint b/roles/nvidia-k8s-gpu-feature-discovery/.ansible-lint deleted file mode 100644 index 2445c56a8..000000000 --- a/roles/nvidia-k8s-gpu-feature-discovery/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -skip_list: - - meta-no-info # meta/main.yml should contain relevant info - - role-name diff --git a/roles/nvidia_cuda/molecule/default/molecule.yml b/roles/nvidia_cuda/molecule/default/molecule.yml index 70828cf3a..9362489c1 100644 --- a/roles/nvidia_cuda/molecule/default/molecule.yml +++ b/roles/nvidia_cuda/molecule/default/molecule.yml @@ -4,30 +4,11 @@ dependency: driver: name: docker platforms: - - name: nvidia-cuda-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: nvidia-cuda-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host privileged: true pre_build_image: true - - name: nvidia-cuda-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: nvidia-cuda-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -# - name: nvidia-cuda-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# privileged: true -# pre_build_image: true provisioner: name: ansible ansible_args: diff --git a/roles/nvidia_cuda/tasks/install-ubuntu.yml b/roles/nvidia_cuda/tasks/install-ubuntu.yml index 453c20b06..e5c83b917 100644 --- a/roles/nvidia_cuda/tasks/install-ubuntu.yml +++ b/roles/nvidia_cuda/tasks/install-ubuntu.yml @@ -4,11 +4,6 @@ repo: ppa:graphics-drivers/ppa state: absent -- name: Ubuntu | ensure old key is absent - apt_key: - id: "{{ old_nvidia_driver_ubuntu_cuda_repo_gpgkey_id }}" - state: "absent" - - name: Ubuntu | install CUDA keyring apt: deb: "{{ nvidia_driver_ubuntu_cuda_keyring_url }}" diff --git a/roles/nvidia_dcgm/molecule/default/molecule.yml b/roles/nvidia_dcgm/molecule/default/molecule.yml index 749ce3aad..d51391f76 100644 --- a/roles/nvidia_dcgm/molecule/default/molecule.yml +++ b/roles/nvidia_dcgm/molecule/default/molecule.yml @@ -4,46 +4,11 @@ dependency: driver: name: docker platforms: - - name: dcgm-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp + - name: dcgm-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true privileged: true - - name: dcgm-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true - - name: dcgm-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true -# - name: dcgm-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# command: /sbin/init -# tmpfs: -# - /run -# - /tmp -# pre_build_image: true -# privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/nvidia_dcgm/tasks/install-ubuntu.yml b/roles/nvidia_dcgm/tasks/install-ubuntu.yml index ec9a1255b..5f1890893 100644 --- a/roles/nvidia_dcgm/tasks/install-ubuntu.yml +++ b/roles/nvidia_dcgm/tasks/install-ubuntu.yml @@ -1,9 +1,4 @@ --- -- name: Ubuntu | remove old key - apt_key: - id: "{{ old_nvidia_driver_ubuntu_cuda_repo_gpgkey_id }}" - state: "absent" - - name: Ubuntu | install CUDA keyring apt: deb: "{{ nvidia_driver_ubuntu_cuda_keyring_url }}" diff --git a/roles/nvidia_hpc_sdk/molecule/default/molecule.yml b/roles/nvidia_hpc_sdk/molecule/default/molecule.yml index 8ac2fe5f9..75bab0ed8 100644 --- a/roles/nvidia_hpc_sdk/molecule/default/molecule.yml +++ b/roles/nvidia_hpc_sdk/molecule/default/molecule.yml @@ -4,18 +4,11 @@ dependency: driver: name: docker platforms: - - name: nvhpc-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible + - name: nvhpc-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true - - name: nvhpc-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - pre_build_image: true - - name: nvhpc-centos-7 - image: geerlingguy/docker-centos7-ansible - pre_build_image: true -# - name: nvhpc-centos-8 -# image: geerlingguy/docker-centos8-ansible -# pre_build_image: true + privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/ood-wrapper/defaults/main.yml b/roles/ood-wrapper/defaults/main.yml index 407d20557..b5c893080 100644 --- a/roles/ood-wrapper/defaults/main.yml +++ b/roles/ood-wrapper/defaults/main.yml @@ -73,7 +73,7 @@ ood_linuxhost_adapter_config: | debug: true singularity_bin: /usr/bin/singularity singularity_bindpath: /etc,/media,/mnt,/opt,/run,/srv,/usr,/var,/users - singularity_image: {{ singularity_image_dir }}/ubuntu-18.04.simg + singularity_image: {{ singularity_image_dir }}/ubuntu-22.04.simg # Enabling strict host checking may cause the adapter to fail if the user's known_hosts does not have all the roundrobin hosts strict_host_checking: false diff --git a/roles/ood-wrapper/tasks/linuxhost-adapter.yml b/roles/ood-wrapper/tasks/linuxhost-adapter.yml index 97c810870..68be5d339 100644 --- a/roles/ood-wrapper/tasks/linuxhost-adapter.yml +++ b/roles/ood-wrapper/tasks/linuxhost-adapter.yml @@ -38,10 +38,10 @@ - linuxhost-adapter - name: pull singularity image - command: singularity pull --name ubuntu-18.04.simg docker://ubuntu:18.04 + command: singularity pull --name ubuntu-22.04.simg docker://ubuntu:22.04 args: chdir: "{{ singularity_image_dir }}" - creates: "{{ singularity_image_dir }}/ubuntu-18.04.simg" + creates: "{{ singularity_image_dir }}/ubuntu-22.04.simg" environment: PATH: /usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/go/1.14/bin:/opt/go/packages/bin:/root/bin tags: diff --git a/roles/openmpi/molecule/default/molecule.yml b/roles/openmpi/molecule/default/molecule.yml index 4163e81a3..f2ccca807 100644 --- a/roles/openmpi/molecule/default/molecule.yml +++ b/roles/openmpi/molecule/default/molecule.yml @@ -4,18 +4,11 @@ dependency: driver: name: docker platforms: - - name: openmpi-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible + - name: openmpi-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true - - name: openmpi-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - pre_build_image: true - - name: openmpi-centos-7 - image: geerlingguy/docker-centos7-ansible - pre_build_image: true -# - name: openmpi-centos-8 -# image: geerlingguy/docker-centos8-ansible -# pre_build_image: true + privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/openshift/molecule/default/molecule.yml b/roles/openshift/molecule/default/molecule.yml index 0ba594dd1..e5759f0c1 100644 --- a/roles/openshift/molecule/default/molecule.yml +++ b/roles/openshift/molecule/default/molecule.yml @@ -4,18 +4,11 @@ dependency: driver: name: docker platforms: - - name: openshift-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible + - name: openshift-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true - - name: openshift-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - pre_build_image: true - - name: openshift-centos-7 - image: geerlingguy/docker-centos7-ansible - pre_build_image: true -# - name: openshift-centos-8 -# image: geerlingguy/docker-centos8-ansible -# pre_build_image: true + privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/openshift/tasks/main.yml b/roles/openshift/tasks/main.yml index 69ff0e279..7697d3f09 100644 --- a/roles/openshift/tasks/main.yml +++ b/roles/openshift/tasks/main.yml @@ -33,15 +33,8 @@ name: "{{ epel_package }}" when: ansible_os_family == "RedHat" - # TODO: Verify that RHEL does not require venv -- name: install openshift python client for k8s_raw module - yum: - name: python2-openshift - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == "7" - environment: "{{ proxy_env if proxy_env is defined else {} }}" - - name: install openshift python client for k8s_raw module yum: name: python3-openshift - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == "8" + when: ansible_os_family == 'RedHat' environment: "{{ proxy_env if proxy_env is defined else {} }}" diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index f19c57564..41d37faf0 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -34,22 +34,10 @@ mode: 0644 notify: restart prometheus -- name: Ensure Python 2 dependencies are installed via OS packages - when: (ansible_python.version.major==2) and (ansible_python.version.minor==7) - block: - - name: install python-docker - package: - name: python-docker - -- name: Ensure Python 3 dependencies are installed via pip - when: ansible_python.version.major==3 - block: - - name: install pip - package: - name: python3-pip - - name: install docker - pip: - name: docker +- name: install python3 docker module + package: + name: python3-docker + state: present - name: create a persistent docker volume for metrics docker_volume: diff --git a/roles/requirements.yml b/roles/requirements.yml index bbeb976f8..b6a0795aa 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -2,18 +2,18 @@ collections: - name: ansible.posix - version: 1.5.4 + version: 2.1.0 - name: community.general - version: 7.2.0 + version: 12.3.0 - name: community.docker - version: 3.10.2 + version: 5.0.6 -roles: +- name: devsec.hardening + version: 10.5.0 -- src: dev-sec.ssh-hardening - version: "9.7.0" +roles: - src: https://github.com/DeepOps/ansible-role-users name: DeepOps.users @@ -24,13 +24,13 @@ roles: name: DeepOps.hosts - src: geerlingguy.ntp - version: "2.3.2" + version: "4.0.0" - src: andrewrothstein.miniconda version: "v6.1.9" - src: nvidia.nvidia_driver - version: "v2.3.0" + version: "v2.3.1" - src: nvidia.nvidia_docker version: "v1.2.4" @@ -67,8 +67,5 @@ roles: - src: https://github.com/OSC/ood-ansible.git version: 'v3.0.3' -- src: abims_sbr.singularity - version: 3.7.1-4 - - src: gantsign.golang - version: 3.1.6 + version: 3.5.0 diff --git a/roles/rsyslog_client/molecule/default/molecule.yml b/roles/rsyslog_client/molecule/default/molecule.yml index 43a826e93..a755b7452 100644 --- a/roles/rsyslog_client/molecule/default/molecule.yml +++ b/roles/rsyslog_client/molecule/default/molecule.yml @@ -4,46 +4,11 @@ dependency: driver: name: docker platforms: - - name: rsyslog-client-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp + - name: rsyslog-client-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true privileged: true - - name: rsyslog-client-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true - - name: rsyslog-client-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true -# - name: rsyslog-client-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# command: /sbin/init -# tmpfs: -# - /run -# - /tmp -# pre_build_image: true -# privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/rsyslog_server/molecule/default/molecule.yml b/roles/rsyslog_server/molecule/default/molecule.yml index 60a25d745..28e96dd6e 100644 --- a/roles/rsyslog_server/molecule/default/molecule.yml +++ b/roles/rsyslog_server/molecule/default/molecule.yml @@ -4,46 +4,11 @@ dependency: driver: name: docker platforms: - - name: rsyslog-server-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp + - name: rsyslog-server-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true privileged: true - - name: rsyslog-server-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true - - name: rsyslog-server-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true -# - name: rsyslog-server-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# command: /sbin/init -# tmpfs: -# - /run -# - /tmp -# pre_build_image: true -# privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/singularity_wrapper/.ansible-lint b/roles/singularity_wrapper/.ansible-lint deleted file mode 100644 index e91e4f81d..000000000 --- a/roles/singularity_wrapper/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: - - meta-no-info # meta/main.yml should contain relevant info diff --git a/roles/singularity_wrapper/molecule/default/molecule.yml b/roles/singularity_wrapper/molecule/default/molecule.yml index 934131c4f..9689eabd0 100644 --- a/roles/singularity_wrapper/molecule/default/molecule.yml +++ b/roles/singularity_wrapper/molecule/default/molecule.yml @@ -6,18 +6,11 @@ dependency: driver: name: docker platforms: - - name: singularity-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible + - name: singularity-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true - - name: singularity-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - pre_build_image: true - - name: singularity-centos-7 - image: geerlingguy/docker-centos7-ansible - pre_build_image: true -# - name: singularity-centos-8 -# image: geerlingguy/docker-centos8-ansible -# pre_build_image: true + privileged: true provisioner: name: ansible ansible_args: diff --git a/roles/slurm/.ansible-lint b/roles/slurm/.ansible-lint deleted file mode 100644 index 077bae8e9..000000000 --- a/roles/slurm/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: -- meta-no-info diff --git a/roles/slurm/molecule/default/molecule.yml b/roles/slurm/molecule/default/molecule.yml index 5155d0eab..db67b8b63 100644 --- a/roles/slurm/molecule/default/molecule.yml +++ b/roles/slurm/molecule/default/molecule.yml @@ -4,58 +4,14 @@ dependency: driver: name: docker platforms: - - name: slurm-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp + - name: slurm-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host pre_build_image: true privileged: true groups: - slurm-master - slurm-node - - name: slurm-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true - groups: - - slurm-master - - slurm-node - - name: slurm-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - command: /sbin/init - tmpfs: - - /run - - /tmp - pre_build_image: true - privileged: true - groups: - - slurm-master - - slurm-node -# - name: slurm-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# command: /sbin/init -# tmpfs: -# - /run -# - /tmp -# pre_build_image: true -# privileged: true -# groups: -# - slurm-master -# - slurm-node # Note: Molecule tests do not use NVML because the Github runner can't handle # the CUDA install as well as the Slurm build, it times out. diff --git a/roles/slurm/tasks/build.yml b/roles/slurm/tasks/build.yml index 0dc4dbdd6..ddbf37965 100644 --- a/roles/slurm/tasks/build.yml +++ b/roles/slurm/tasks/build.yml @@ -72,21 +72,13 @@ with_items: "{{ slurm_build_deps }}" when: ansible_distribution == 'Ubuntu' -- name: install build dependencies - yum: - name: "{{ item }}" - state: present - update_cache: yes - with_items: "{{ slurm_build_deps }}" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == "7" - - name: install build dependencies dnf: name: "{{ item }}" state: present enablerepo: "powertools" with_items: "{{ slurm_build_deps }}" - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == "8" + when: ansible_os_family == 'RedHat' - name: remove slurm packages apt: diff --git a/roles/slurm/tasks/controller.yml b/roles/slurm/tasks/controller.yml index 8d764042b..733e32823 100644 --- a/roles/slurm/tasks/controller.yml +++ b/roles/slurm/tasks/controller.yml @@ -11,18 +11,6 @@ - ssmtp when: ansible_os_family == "Debian" -- name: install dependencies - yum: - name: "{{ item }}" - state: present - with_items: - - mariadb-server - - MySQL-python - - mailx - - ssmtp - - policycoreutils-python - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7" - - name: install dependencies dnf: name: "{{ item }}" @@ -32,7 +20,7 @@ - python3-PyMySQL - mailx - policycoreutils-python-utils - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8" + when: ansible_os_family == "RedHat" - name: Allow mysql to read libaio.so.1 sefcontext: diff --git a/roles/slurm/tasks/pmix.yml b/roles/slurm/tasks/pmix.yml index 56334e60f..257143a35 100644 --- a/roles/slurm/tasks/pmix.yml +++ b/roles/slurm/tasks/pmix.yml @@ -28,18 +28,12 @@ with_items: "{{ slurm_pmix_deps }}" when: ansible_os_family == 'RedHat' -- name: install pmix 'pandoc' build dependency for RHEL 7 - yum: - name: pandoc - state: present - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == "7" - -- name: install pmix 'pandoc' build dependency for RHEL 8 +- name: install pmix 'pandoc' build dependency dnf: name: pandoc state: present enablerepo: powertools - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == "8" + when: ansible_os_family == 'RedHat' - name: remove pmix packages apt: diff --git a/roles/spack/defaults/main.yml b/roles/spack/defaults/main.yml index cc98b3b27..26540b781 100644 --- a/roles/spack/defaults/main.yml +++ b/roles/spack/defaults/main.yml @@ -6,8 +6,8 @@ spack_user: "root" spack_group: "root" spack_ubuntu_deps: -- "gcc-7" -- "gfortran-7" +- "gcc" +- "gfortran" - "make" - "git" diff --git a/roles/spack/molecule/default/molecule.yml b/roles/spack/molecule/default/molecule.yml index 355c0bbb6..cc0216f3f 100644 --- a/roles/spack/molecule/default/molecule.yml +++ b/roles/spack/molecule/default/molecule.yml @@ -4,30 +4,11 @@ dependency: driver: name: docker platforms: - - name: spack-ubuntu-1804 - image: geerlingguy/docker-ubuntu1804-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: spack-ubuntu-2204 + image: geerlingguy/docker-ubuntu2204-ansible + cgroupns_mode: host privileged: true pre_build_image: true - - name: spack-ubuntu-2004 - image: geerlingguy/docker-ubuntu2004-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true - - name: spack-centos-7 - image: geerlingguy/docker-centos7-ansible - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -# - name: spack-centos-8 -# image: geerlingguy/docker-centos8-ansible -# volumes: -# - /sys/fs/cgroup:/sys/fs/cgroup:ro -# privileged: true -# pre_build_image: true provisioner: name: ansible ansible_args: diff --git a/roles/standalone-container-registry/tasks/main.yml b/roles/standalone-container-registry/tasks/main.yml index e462581a9..40766a763 100644 --- a/roles/standalone-container-registry/tasks/main.yml +++ b/roles/standalone-container-registry/tasks/main.yml @@ -28,22 +28,10 @@ state: present when: ansible_os_family == 'RedHat' -- name: Ensure Python 2 dependencies are installed via OS packages - when: (ansible_python.version.major==2) and (ansible_python.version.minor==7) - block: - - name: install python-docker - package: - name: python-docker - -- name: Ensure Python 3 dependencies are installed via pip - when: ansible_python.version.major==3 - block: - - name: install pip - package: - name: python3-pip - - name: install docker - pip: - name: docker +- name: install python3 docker module + package: + name: python3-docker + state: present - name: run registry docker container docker_container: diff --git a/scripts/deepops/ansible-lint-roles.sh b/scripts/deepops/ansible-lint-roles.sh index 261265c45..d1f4351ee 100755 --- a/scripts/deepops/ansible-lint-roles.sh +++ b/scripts/deepops/ansible-lint-roles.sh @@ -1,47 +1,39 @@ #!/usr/bin/env bash # ansible-lint-roles.sh -# Runs ansible-lint against each of the subdirectories in roles/ +# Runs ansible-lint against the DeepOps roles using the project .ansible-lint config. # # Roles can be excluded by setting the ANSIBLE_LINT_EXCLUDE variable to a -# regex matching the roles to skip +# regex matching the roles to skip (applied via exclude_paths in .ansible-lint) # Determine current directory and root directory SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" ROOT_DIR="${SCRIPT_DIR}/../.." -# Allow optional passing of an exclude regex as an env var -ANSIBLE_LINT_EXCLUDE="${ANSIBLE_LINT_EXCLUDE:-galaxy}" - # Check for ansible-lint if ! command -v ansible-lint >/dev/null 2>&1; then echo "ansible-lint not found in PATH" exit 1 fi -# Use a var to set script failure so we check all roles -CHECK_FAILED=0; -failedRoles=(); +cd "${ROOT_DIR}" || exit 1 -# Lint each role -cd "${ROOT_DIR}/roles" || exit 1 -for r in $(find . -maxdepth 1 -mindepth 1 -type d | grep -v -E "${ANSIBLE_LINT_EXCLUDE}|galaxy"); do - echo "===============================================================" - echo "Linting ${r}" - cd "${r}" || exit 1 - if ! ansible-lint --parseable-severity; then - CHECK_FAILED=1 - failedRoles+=("${r}") - fi - cd "${ROOT_DIR}/roles" || exit 1 -done +echo "===============================================================" +echo "Running ansible-lint with project config (.ansible-lint)" +echo "ansible-lint version: $(ansible-lint --version 2>&1 | head -1)" +echo "===============================================================" + +# Run ansible-lint from project root — it picks up .ansible-lint config +# which handles exclude_paths, skip_list, and profile settings +ansible-lint -f pep8 roles/ +exit_code=$? -# Print summary of results echo echo "===============================================================" -echo "Failed roles:" -echo " ${failedRoles[*]}" -echo "Excluded role directories:" -echo " $(find . -maxdepth 1 -mindepth 1 -type d | grep -E "${ANSIBLE_LINT_EXCLUDE}|galaxy" | xargs)" +if [ $exit_code -eq 0 ]; then + echo "Lint: PASSED" +else + echo "Lint: FAILED (exit code ${exit_code})" +fi echo "===============================================================" -exit ${CHECK_FAILED} +exit $exit_code diff --git a/scripts/setup.sh b/scripts/setup.sh index e2196b90b..9e4702930 100755 --- a/scripts/setup.sh +++ b/scripts/setup.sh @@ -12,13 +12,13 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" ROOT_DIR="${SCRIPT_DIR}/.." # Configuration -ANSIBLE_VERSION="${ANSIBLE_VERSION:-9.13.0}" # Ansible version to install -ANSIBLE_TOO_NEW="${ANSIBLE_TOO_NEW:-10.0.1}" # Ansible version too new -ANSIBLE_LINT_VERSION="${ANSIBLE_LINT_VERSION:-5.4.0}" +ANSIBLE_VERSION="${ANSIBLE_VERSION:-10.7.0}" # Ansible version to install +ANSIBLE_TOO_NEW="${ANSIBLE_TOO_NEW:-11.0.1}" # Ansible version too new +ANSIBLE_LINT_VERSION="${ANSIBLE_LINT_VERSION:-26.1.1}" CONFIG_DIR="${CONFIG_DIR:-${ROOT_DIR}/config}" # Default configuration directory location DEEPOPS_TAG="${1:-master}" # DeepOps branch to set up JINJA2_VERSION="${JINJA2_VERSION:-3.1.5}" # Jinja2 required version -JMESPATH_VERSION="${JMESPATH_VERSION:-0.10.0}" # jmespath pegged version, actual version probably not that crucial +JMESPATH_VERSION="${JMESPATH_VERSION:-1.1.0}" # jmespath version (matches kubespray requirements) MARKUPSAFE_VERSION="${MARKUPSAFE_VERSION:-3.0.2}" # MarkupSafe version PIP="${PIP:-pip3}" # Pip binary to use PYTHON_BIN="${PYTHON_BIN:-/usr/bin/python3}" # Python3 path @@ -29,8 +29,7 @@ VENV_DIR="${VENV_DIR:-/opt/deepops/env}" # Path to python virtual environ # Set distro-specific variables . /etc/os-release DEPS_DEB=(git virtualenv python3-virtualenv sshpass wget) -DEPS_EL7=(git libselinux-python3 python-virtualenv python3-virtualenv sshpass wget) -DEPS_EL8=(git python3-libselinux python3-virtualenv sshpass wget) +DEPS_EL=(git python3-libselinux python3-virtualenv sshpass wget) EPEL_VERSION="$(echo ${VERSION_ID} | sed 's/^[^0-9]*//;s/[^0-9].*$//')" EPEL_URL="https://dl.fedoraproject.org/pub/epel/epel-release-latest-${EPEL_VERSION}.noarch.rpm" PROXY_USE=`grep -v ^# ${SCRIPT_DIR}/deepops/proxy.sh 2>/dev/null | grep -v ^$ | wc -l` @@ -68,14 +67,7 @@ as_user(){ case "$ID" in rhel*|centos*) as_sudo "yum -y -q install ${EPEL_URL} |& grep -v 'Nothing to do'" # Enable EPEL (required for sshpass package) - case "$EPEL_VERSION" in - 7) - as_sudo "yum -y -q install ${DEPS_EL7[@]}" - ;; - 8) - as_sudo "yum -y -q install ${DEPS_EL8[@]}" - ;; - esac + as_sudo "yum -y -q install ${DEPS_EL[@]}" ;; ubuntu*) as_sudo "apt-get -q update" @@ -95,17 +87,18 @@ if command -v virtualenv &> /dev/null ; then virtualenv -q --python="${PYTHON_BIN}" "${VENV_DIR}" . "${VENV_DIR}/bin/activate" as_user "${PIP} install -q --upgrade pip" + as_user "${PIP} install -q packaging" # Check for any installed ansible pip package if pip show ansible 2>&1 >/dev/null; then current_version=$(pip show ansible | grep Version | awk '{print $2}') echo "Current version of Ansible is ${current_version}" - if "${PYTHON_BIN}" -c "from distutils.version import LooseVersion; print(LooseVersion('$current_version') >= LooseVersion('$ANSIBLE_TOO_NEW'))" | grep True 2>&1 >/dev/null; then + if "${VENV_DIR}/bin/python3" -c "from packaging.version import Version; print(Version('$current_version') >= Version('$ANSIBLE_TOO_NEW'))" | grep True 2>&1 >/dev/null; then echo "Ansible version ${current_version} too new for DeepOps" echo "Please uninstall any ansible, ansible-base, and ansible-core packages and re-run this script" exit 1 fi - if "${PYTHON_BIN}" -c "from distutils.version import LooseVersion; print(LooseVersion('$current_version') < LooseVersion('$ANSIBLE_VERSION'))" | grep True 2>&1 >/dev/null; then + if "${VENV_DIR}/bin/python3" -c "from packaging.version import Version; print(Version('$current_version') < Version('$ANSIBLE_VERSION'))" | grep True 2>&1 >/dev/null; then echo "Ansible will be upgraded from ${current_version} to ${ANSIBLE_VERSION}" fi fi @@ -115,8 +108,10 @@ if command -v virtualenv &> /dev/null ; then ansible-lint==${ANSIBLE_LINT_VERSION} \ Jinja2==${JINJA2_VERSION} \ netaddr \ + packaging \ ruamel.yaml \ PyMySQL \ + passlib \ paramiko \ jmespath==${JMESPATH_VERSION} \ MarkupSafe==${MARKUPSAFE_VERSION} \ diff --git a/submodules/kubespray b/submodules/kubespray index d7962fb46..f4ccdb5e7 160000 --- a/submodules/kubespray +++ b/submodules/kubespray @@ -1 +1 @@ -Subproject commit d7962fb46ee2a346ffed84ad8bef34a1337cc434 +Subproject commit f4ccdb5e72395eaf9f3444056ebd1a6625ddb89a