Install ansible-core in a virtual environment (#2190)

berendt · lindenb1 · sbstnnmnn · web-flow · commit 7e6abb7279be · 2024-05-10T11:00:33.000+02:00
Signed-off-by: Christian Berendt &lt;berendt@osism.tech&gt;
Co-authored-by: Robin van der Linden &lt;linden@b1-systems.de&gt;
Co-authored-by: Sebastian Neumann &lt;neumann@b1-systems.de&gt;
diff --git a/ansible/manager-part-0.yml b/ansible/manager-part-0.yml
@@ -13,15 +13,22 @@
   hosts: testbed-manager.testbed.osism.xyz
 
   vars:
-    repo_path: /home/ubuntu/src/github.com
     apt_lock_timeout: 300
+    repo_path: /home/ubuntu/src/github.com
+    venv_path: /opt/venv
+    ansible_galaxy: "{{ venv_path }}/bin/ansible-galaxy"
 
   tasks:
     - name: Fail if Ubuntu version is lower than 22.04
       ansible.builtin.fail:
         msg: "Ubuntu version is {{ ansible_distribution_version }}, see https://osism.tech/docs/advanced-guides/testbed#software for required version."
       when: ansible_distribution == "Ubuntu" and ansible_distribution_version < "22.04"
 
+    - name: Get current user
+      ansible.builtin.user:
+        name: "{{ ansible_user }}"
+      register: current_user
+
     - name: Update APT cache and run dist-upgrade
       become: true
       ansible.builtin.apt:
@@ -39,43 +46,47 @@
         executable: /bin/bash
       changed_when: true
 
-    - name: Install packages on manager
+    - name: Install packages
       become: true
       ansible.builtin.apt:
         name:
           # The correct package name is linux-generic-hwe-22.04 on Ubuntu 22.04
           # and linux-generic-hwe-24.04 on Ubuntu 24.04.
           - "linux-generic-hwe-{{ ansible_distribution_version }}"
           - python3-netaddr
-          - python3-pip
-        update_cache: true
+          - python3-venv
       changed_when: true
 
-    - name: Remove existing Ansible package if necessary
+    - name: Create venv directory
       become: true
-      ansible.builtin.apt:
-        name: ansible
-        state: absent
+      ansible.builtin.file:
+        owner: "{{ ansible_user }}"
+        group: "{{ current_user.group }}"
+        path: "{{ venv_path }}"
+        state: directory
+        mode: 0755
 
-    - name: Install ansible-core on manager
-      become: true
-      ansible.builtin.command: |
-          pip3 install --no-cache-dir 'ansible-core>=2.16.0,<2.17.0'
-      changed_when: true
+    - name: Install ansible-core in venv
+      ansible.builtin.pip:
+        umask: "0022"
+        name: "ansible-core>=2.16.0,<2.17.0"
+        state: present
+        virtualenv: "{{ venv_path }}"
+        virtualenv_command: python3 -m venv
 
-    - name: Create source directories
+    - name: Create directories in /opt/src
       become: true
       ansible.builtin.file:
         state: directory
         path: "/opt/src/{{ item }}"
         recurse: true
-        mode: '0755'
-        owner: ubuntu
+        mode: 0755
+        owner: "{{ ansible_user }}"
       with_items:
         - osism/ansible-collection-commons
         - osism/ansible-collection-services
 
-    - name: Copy sources
+    - name: Sync sources in /opt/src
       ansible.posix.synchronize:
         src: "{{ repo_path }}/{{ item }}"
         delete: true
@@ -89,18 +100,28 @@
       ansible.builtin.file:
         state: directory
         path: /usr/share/ansible
-        mode: '0755'
+        mode: 0755
 
-    - name: Install collections
+    - name: Install collections from Ansible galaxy
       become: true
-      ansible.builtin.shell: |
-          ansible-galaxy collection install --collections-path /usr/share/ansible/collections ansible.netcommon
-          ansible-galaxy collection install --collections-path /usr/share/ansible/collections ansible.posix
-          ansible-galaxy collection install --collections-path /usr/share/ansible/collections community.docker
-          ansible-galaxy collection install --collections-path /usr/share/ansible/collections /opt/src/osism/ansible-collection-commons
-          ansible-galaxy collection install --collections-path /usr/share/ansible/collections /opt/src/osism/ansible-collection-services
-          chmod -R +r /usr/share/ansible
-      changed_when: true
+      ansible.builtin.command: |
+        {{ ansible_galaxy }} collection install --collections-path /usr/share/ansible/collections {{ item }}
+      register: result
+      changed_when: "'was installed successfully' in result.stdout"
+      loop:
+        - ansible.netcommon
+        - ansible.posix
+        - community.docker
+
+    - name: Install local collections
+      become: true
+      ansible.builtin.command: |
+        {{ ansible_galaxy }} collection install --collections-path /usr/share/ansible/collections /opt/src/osism/{{ item }}
+      register: result
+      changed_when: "'was installed successfully' in result.stdout"
+      loop:
+        - ansible-collection-commons
+        - ansible-collection-services
 
 - name: Create operator user
   hosts: testbed-manager.testbed.osism.xyz
@@ -112,5 +133,26 @@
     operator_authorized_keys:
       - "{{ lookup('file', '.id_rsa.' + cloud_env + '.pub') }}"
 
+    venv_path: /opt/venv
+    ansible_python_interpreter: "{{ venv_path }}/bin/python3"
+
   roles:
     - role: osism.commons.operator
+
+- name: Run manager part 0
+  hosts: testbed-manager.testbed.osism.xyz
+
+  vars:
+    operator_user: dragon
+    operator_group: dragon
+    venv_path: /opt/venv
+
+  tasks:
+    - name: "Recursively change ownership of {{ venv_path }}"
+      become: true
+      ansible.builtin.file:
+        path: "{{ venv_path }}"
+        state: directory
+        owner: "{{ operator_user }}"
+        group: "{{ operator_group }}"
+        recurse: true
diff --git a/ansible/manager-part-1.yml b/ansible/manager-part-1.yml
@@ -5,11 +5,15 @@
 
   vars:
     ansible_ssh_user: dragon
+    apt_lock_timeout: 300
     operator_user: dragon
     repo_path: /home/ubuntu/src/github.com
     version_manager: latest
     is_zuul: false
 
+    venv_path: /opt/venv
+    ansible_playbook: "{{ venv_path }}/bin/ansible-playbook"
+
   tasks:
     - name: Copy SSH public key
       ansible.builtin.copy:
@@ -42,12 +46,28 @@
         delete: true
         dest: /opt/configuration
 
-    - name: Install python-gilt on manager
+    - name: Install required packages
       become: true
-      ansible.builtin.command: |
-          pip3 install --no-cache-dir python-gilt==1.2.3
-      when: version_manager != "latest"
-      changed_when: true
+      ansible.builtin.apt:
+        name: "{{ item }}"
+        state: present
+        lock_timeout: "{{ apt_lock_timeout }}"
+      loop:
+        - build-essential
+        - python3-dev
+
+    - name: Install python requirements in venv
+      ansible.builtin.pip:
+        umask: "0022"
+        name: "{{ item }}"
+        state: present
+        virtualenv: "{{ venv_path }}"
+        virtualenv_command: python3 -m venv
+      loop:
+        - docker
+        - netifaces
+        - "python-gilt==1.2.3"
+        - requests
 
     # shell required because of: command module does not accept
     # setting environment variables inline.
@@ -100,5 +120,5 @@
       changed_when: true
 
     - name: Run manager part 2
-      ansible.builtin.command: "ansible-playbook -i testbed-manager.testbed.osism.xyz, -e version_manager={{ version_manager }} /opt/configuration/ansible/manager-part-2.yml"
+      ansible.builtin.command: "{{ ansible_playbook }} -i testbed-manager.testbed.osism.xyz, -e version_manager={{ version_manager }} /opt/configuration/ansible/manager-part-2.yml"
       changed_when: true
diff --git a/ansible/manager-part-2.yml b/ansible/manager-part-2.yml
@@ -5,7 +5,8 @@
   gather_facts: true
 
   vars:
-    ansible_python_interpreter: /usr/bin/python3
+    venv_path: /opt/venv
+    ansible_python_interpreter: "{{ venv_path }}/bin/python3"
 
     version_manager: latest
 
@@ -39,7 +40,8 @@
   gather_facts: true
 
   vars:
-    ansible_python_interpreter: /usr/bin/python3
+    venv_path: /opt/venv
+    ansible_python_interpreter: "{{ venv_path }}/bin/python3"
 
     version_manager: latest
 
diff --git a/ansible/manager-part-3.yml b/ansible/manager-part-3.yml
@@ -5,17 +5,12 @@
   gather_facts: false
 
   vars:
-    ansible_python_interpreter: /usr/bin/python3
+    venv_path: /opt/venv
+    ansible_python_interpreter: "{{ venv_path }}/bin/python3"
+
     apt_lock_timeout: 300
 
   tasks:
-    - name: Install required packages
-      become: true
-      ansible.builtin.apt:
-        name: python3-netifaces
-        state: present
-        lock_timeout: "{{ apt_lock_timeout }}"
-
     - name: Create custom facts directory
       become: true
       ansible.builtin.file:
@@ -43,6 +38,9 @@
   gather_facts: true
 
   vars:
+    venv_path: /opt/venv
+    ansible_python_interpreter: "{{ venv_path }}/bin/python3"
+
     images:
       - "{{ ara_server_image }}"
       - "{{ ara_server_mariadb_image }}"
@@ -142,7 +140,8 @@
   gather_facts: true
 
   vars:
-    ansible_python_interpreter: /usr/bin/python3
+    venv_path: /opt/venv
+    ansible_python_interpreter: "{{ venv_path }}/bin/python3"
 
   vars_files:
     - /opt/configuration/inventory/group_vars/testbed-managers.yml
@@ -180,7 +179,9 @@
   gather_facts: true
 
   vars:
-    ansible_python_interpreter: /usr/bin/python3
+    venv_path: /opt/venv
+    ansible_python_interpreter: "{{ venv_path }}/bin/python3"
+
     manager_service_restart: false
 
   vars_files:
diff --git a/contrib/setup-testbed.py b/contrib/setup-testbed.py
@@ -75,14 +75,19 @@ def clone_repo(path: str, repo_address: str, branch: str) -> None:
         print(f"+ {repo_command}")
         subprocess.check_output(repo_command, shell=True)
 
-    repo_command = f"git -C {checkout_path} checkout {branch or 'main'}"
+    repo_command = f"git -C {checkout_path} checkout 'main'"
     print(f"+ {repo_command}")
     subprocess.check_output(repo_command, shell=True)
 
     repo_command = f"git -C {checkout_path} pull"
     print(f"+ {repo_command}")
     subprocess.check_output(repo_command, shell=True)
 
+    if branch and branch != "main":
+        repo_command = f"git -C {checkout_path} checkout {branch}"
+        print(f"+ {repo_command}")
+        subprocess.check_output(repo_command, shell=True)
+
 
 basedir = os.path.realpath(os.path.dirname(os.path.realpath(__file__)) + "/../")
 file_path = f"{basedir}/playbooks/vars/repositories.yml"
diff --git a/gilt.yml b/gilt.yml
@@ -7,10 +7,10 @@
     - src: src/render-images.py
       dst: environments/manager/
       post_commands:
-        - python3 render-images.py
+        - /opt/configuration/scripts/wrapper-gilt.sh render-images
         - rm render-images.py
     - src: src/set-versions.py
       dst: environments/
       post_commands:
-        - python3 set-versions.py
+        - /opt/configuration/scripts/wrapper-gilt.sh set-versions
         - rm set-versions.py
diff --git a/playbooks/managerless/vars/repositories.yml b/playbooks/managerless/vars/repositories.yml
@@ -4,12 +4,16 @@ repositories:
   ansible-collection-commons:
     path: github.com/osism/ansible-collection-commons
     repo: https://github.com/osism/ansible-collection-commons
+    branch: main
   ansible-collection-services:
     path: github.com/osism/ansible-collection-services
     repo: https://github.com/osism/ansible-collection-services
+    branch: main
   terraform-base:
     path: github.com/osism/terraform-base
     repo: https://github.com/osism/terraform-base
+    branch: main
   testbed:
     path: github.com/osism/testbed
     repo: https://github.com/osism/testbed
+    branch: main
diff --git a/playbooks/vars/repositories.yml b/playbooks/vars/repositories.yml
@@ -4,12 +4,16 @@ repositories:
   ansible-collection-commons:
     path: github.com/osism/ansible-collection-commons
     repo: https://github.com/osism/ansible-collection-commons
+    branch: main
   ansible-collection-services:
     path: github.com/osism/ansible-collection-services
     repo: https://github.com/osism/ansible-collection-services
+    branch: main
   terraform-base:
     path: github.com/osism/terraform-base
     repo: https://github.com/osism/terraform-base
+    branch: main
   testbed:
     path: github.com/osism/testbed
     repo: https://github.com/osism/testbed
+    branch: main
diff --git a/scripts/deploy/000-manager-service.sh b/scripts/deploy/000-manager-service.sh
@@ -5,7 +5,12 @@ set -e
 source /opt/manager-vars.sh
 source /opt/configuration/scripts/include.sh
 
-/opt/configuration/scripts/set-manager-version.sh $MANAGER_VERSION
+# The latest version of the Manager is used by default. If a different
+# version is to be used, it must be used accordingly.
+
+if [[ $MANAGER_VERSION != "latest" ]]; then
+    /opt/configuration/scripts/set-manager-version.sh $MANAGER_VERSION
+fi
 
 # For a stable release, the versions of Ceph and OpenStack to use
 # are set by the version of the stable release (set via the
@@ -16,10 +21,12 @@ if [[ $MANAGER_VERSION == "latest" ]]; then
     /opt/configuration/scripts/set-openstack-version.sh $OPENSTACK_VERSION
 fi
 
+source /opt/venv/bin/activate
 ansible-playbook \
   -i testbed-manager.testbed.osism.xyz, \
   --vault-password-file /opt/configuration/environments/.vault_pass \
   /opt/configuration/ansible/manager-part-3.yml
+deactivate
 
 cp /home/dragon/.ssh/id_rsa.pub /opt/ansible/secrets/id_rsa.operator.pub
 
diff --git a/scripts/set-manager-version.sh b/scripts/set-manager-version.sh
@@ -17,9 +17,10 @@ fi
 
 # Sync testbed repo with generics
 pushd /opt/configuration
-pip3 install --no-cache-dir python-gilt==1.2.3
-export PATH=$PATH:/home/dragon/.local/bin
+source /opt/venv/bin/activate
+pip3 install --no-cache-dir python-gilt==1.2.3 requests
 GILT=$(which gilt)
 ${GILT} overlay
 ${GILT} overlay
+deactivate
 popd
diff --git a/scripts/upgrade-ceph-services.sh b/scripts/upgrade-ceph-services.sh
diff --git a/scripts/upgrade.sh b/scripts/upgrade.sh
diff --git a/scripts/wrapper-gilt.sh b/scripts/wrapper-gilt.sh
