Ansible upgrade 6.1 (#14500)

* linting

* update ansible

* linters

Author: jackivanov

.ansible-lint

@@ -1,6 +1,10 @@
 skip_list:
+  - yaml
   - '204'
 verbosity: 1
 
 warn_list:
   - no-changed-when
+  - no-handler
+  - fqcn-builtins
+  - var-spacing

.github/workflows/main.yml

@@ -18,7 +18,7 @@ jobs:
           python -m pip install --upgrade pip
           pip install -r requirements.txt
           sudo snap install shellcheck
-          pip install ansible-lint
+          pip install ansible-lint==6.3.0
 
       - name: Checks and linters
         run: |

cloud.yml

@@ -8,14 +8,14 @@
 
   tasks:
     - block:
-      - name: Local pre-tasks
-        import_tasks: playbooks/cloud-pre.yml
+        - name: Local pre-tasks
+          import_tasks: playbooks/cloud-pre.yml
 
-      - name: Include a provisioning role
-        include_role:
-          name: "{{ 'local' if algo_provider == 'local' else 'cloud-' + algo_provider }}"
+        - name: Include a provisioning role
+          include_role:
+            name: "{{ 'local' if algo_provider == 'local' else 'cloud-' + algo_provider }}"
 
-      - name: Local post-tasks
-        import_tasks: playbooks/cloud-post.yml
+        - name: Local post-tasks
+          import_tasks: playbooks/cloud-post.yml
       rescue:
         - include_tasks: playbooks/rescue.yml

deploy_client.yml

@@ -13,7 +13,7 @@
         ansible_ssh_user: "{{ 'root' if client_ip == 'localhost' else ssh_user }}"
         vpn_user: "{{ vpn_user }}"
         IP_subject_alt_name: "{{ server_ip }}"
-        ansible_python_interpreter: "/usr/bin/python3"
+        ansible_python_interpreter: /usr/bin/python3
 
 - name: Configure the client and install required software
   hosts: client-host

input.yml

@@ -18,127 +18,126 @@
       - { name: Google Compute Engine, alias: gce }
       - { name: Hetzner Cloud, alias: hetzner }
       - { name: Vultr, alias: vultr }
-      - { name: Scaleway, alias: scaleway}
+      - { name: Scaleway, alias: scaleway }
       - { name: OpenStack (DreamCompute optimised), alias: openstack }
       - { name: CloudStack (Exoscale optimised), alias: cloudstack }
       - { name: Linode, alias: linode }
-      - { name: "Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)", alias: local }
+      - { name: Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users), alias: local }
   vars_files:
     - config.cfg
 
   tasks:
     - block:
-      - name: Cloud prompt
-        pause:
-          prompt: |
-            What provider would you like to use?
-              {% for p in providers_map %}
-              {{ loop.index }}. {{ p['name'] }}
-              {% endfor %}
+        - name: Cloud prompt
+          pause:
+            prompt: |
+              What provider would you like to use?
+                {% for p in providers_map %}
+                {{ loop.index }}. {{ p['name'] }}
+                {% endfor %}
 
-            Enter the number of your desired provider
-        register: _algo_provider
-        when: provider is undefined
+              Enter the number of your desired provider
+          register: _algo_provider
+          when: provider is undefined
 
-      - name: Set facts based on the input
-        set_fact:
-          algo_provider: "{{ provider | default(providers_map[_algo_provider.user_input|default(omit)|int - 1]['alias']) }}"
+        - name: Set facts based on the input
+          set_fact:
+            algo_provider: "{{ provider | default(providers_map[_algo_provider.user_input|default(omit)|int - 1]['alias']) }}"
 
-      - name: VPN server name prompt
-        pause:
-          prompt: |
-            Name the vpn server
-            [algo]
-        register: _algo_server_name
-        when:
-          - server_name is undefined
-          - algo_provider != "local"
+        - name: VPN server name prompt
+          pause:
+            prompt: |
+              Name the vpn server
+              [algo]
+          register: _algo_server_name
+          when:
+            - server_name is undefined
+            - algo_provider != "local"
 
-      - name: Cellular On Demand prompt
-        pause:
-          prompt: |
-            Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
-            [y/N]
-        register: _ondemand_cellular
-        when: ondemand_cellular is undefined
+        - name: Cellular On Demand prompt
+          pause:
+            prompt: |
+              Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
+              [y/N]
+          register: _ondemand_cellular
+          when: ondemand_cellular is undefined
 
-      - name: Wi-Fi On Demand prompt
-        pause:
-          prompt: |
-            Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
-            [y/N]
-        register: _ondemand_wifi
-        when: ondemand_wifi is undefined
+        - name: Wi-Fi On Demand prompt
+          pause:
+            prompt: |
+              Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
+              [y/N]
+          register: _ondemand_wifi
+          when: ondemand_wifi is undefined
 
-      - name: Trusted Wi-Fi networks prompt
-        pause:
-          prompt: |
-            List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand"
-            (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
-        register: _ondemand_wifi_exclude
-        when:
-          - ondemand_wifi_exclude is undefined
-          - (ondemand_wifi|default(false)|bool) or
-            (booleans_map[_ondemand_wifi.user_input|default(omit)]|default(false))
+        - name: Trusted Wi-Fi networks prompt
+          pause:
+            prompt: |
+              List the names of any trusted Wi-Fi networks where macOS/iOS clients should not use "Connect On Demand"
+              (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
+          register: _ondemand_wifi_exclude
+          when:
+            - ondemand_wifi_exclude is undefined
+            - (ondemand_wifi|default(false)|bool) or (booleans_map[_ondemand_wifi.user_input|default(omit)]|default(false))
 
-      - name: Retain the PKI prompt
-        pause:
-          prompt: |
-            Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
-            [y/N]
-        register: _store_pki
-        when:
-          - store_pki is undefined
-          - ipsec_enabled
+        - name: Retain the PKI prompt
+          pause:
+            prompt: |
+              Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
+              [y/N]
+          register: _store_pki
+          when:
+            - store_pki is undefined
+            - ipsec_enabled
 
-      - name: DNS adblocking prompt
-        pause:
-          prompt: |
-            Do you want to enable DNS ad blocking on this VPN server?
-            [y/N]
-        register: _dns_adblocking
-        when: dns_adblocking is undefined
+        - name: DNS adblocking prompt
+          pause:
+            prompt: |
+              Do you want to enable DNS ad blocking on this VPN server?
+              [y/N]
+          register: _dns_adblocking
+          when: dns_adblocking is undefined
 
-      - name: SSH tunneling prompt
-        pause:
-          prompt: |
-            Do you want each user to have their own account for SSH tunneling?
-            [y/N]
-        register: _ssh_tunneling
-        when: ssh_tunneling is undefined
+        - name: SSH tunneling prompt
+          pause:
+            prompt: |
+              Do you want each user to have their own account for SSH tunneling?
+              [y/N]
+          register: _ssh_tunneling
+          when: ssh_tunneling is undefined
 
-      - name: Set facts based on the input
-        set_fact:
-          algo_server_name: >-
-            {% if server_name is defined %}{% set _server = server_name %}
-            {%- elif _algo_server_name.user_input is defined and _algo_server_name.user_input|length > 0 -%}
-            {%- set _server = _algo_server_name.user_input -%}
-            {%- else %}{% set _server = defaults['server_name'] %}{% endif -%}
-            {{ _server | regex_replace('(?!\.)(\W|_)', '-') }}
-          algo_ondemand_cellular: >-
-            {% if ondemand_cellular is defined %}{{ ondemand_cellular | bool }}
-            {%- elif _ondemand_cellular.user_input is defined %}{{ booleans_map[_ondemand_cellular.user_input] | default(defaults['ondemand_cellular']) }}
-            {%- else %}false{% endif %}
-          algo_ondemand_wifi: >-
-            {% if ondemand_wifi is defined %}{{ ondemand_wifi | bool }}
-            {%- elif _ondemand_wifi.user_input is defined %}{{ booleans_map[_ondemand_wifi.user_input] | default(defaults['ondemand_wifi']) }}
-            {%- else %}false{% endif %}
-          algo_ondemand_wifi_exclude: >-
-            {% if ondemand_wifi_exclude is defined %}{{ ondemand_wifi_exclude | b64encode }}
-            {%- elif _ondemand_wifi_exclude.user_input is defined and _ondemand_wifi_exclude.user_input|length > 0 -%}
-            {{ _ondemand_wifi_exclude.user_input | b64encode }}
-            {%- else %}{{ '_null' | b64encode }}{% endif %}
-          algo_dns_adblocking: >-
-            {% if dns_adblocking is defined %}{{ dns_adblocking | bool }}
-            {%- elif _dns_adblocking.user_input is defined %}{{ booleans_map[_dns_adblocking.user_input] | default(defaults['dns_adblocking']) }}
-            {%- else %}false{% endif %}
-          algo_ssh_tunneling: >-
-            {% if ssh_tunneling is defined %}{{ ssh_tunneling | bool }}
-            {%- elif _ssh_tunneling.user_input is defined %}{{ booleans_map[_ssh_tunneling.user_input] | default(defaults['ssh_tunneling']) }}
-            {%- else %}false{% endif %}
-          algo_store_pki: >-
-            {% if ipsec_enabled %}{%- if store_pki is defined %}{{ store_pki | bool }}
-            {%- elif _store_pki.user_input is defined  %}{{ booleans_map[_store_pki.user_input] | default(defaults['store_pki']) }}
-            {%- else %}false{% endif %}{% endif %}
+        - name: Set facts based on the input
+          set_fact:
+            algo_server_name: >-
+              {% if server_name is defined %}{% set _server = server_name %}
+              {%- elif _algo_server_name.user_input is defined and _algo_server_name.user_input|length > 0 -%}
+              {%- set _server = _algo_server_name.user_input -%}
+              {%- else %}{% set _server = defaults['server_name'] %}{% endif -%}
+              {{ _server | regex_replace('(?!\.)(\W|_)', '-') }}
+            algo_ondemand_cellular: >-
+              {% if ondemand_cellular is defined %}{{ ondemand_cellular | bool }}
+              {%- elif _ondemand_cellular.user_input is defined %}{{ booleans_map[_ondemand_cellular.user_input] | default(defaults['ondemand_cellular']) }}
+              {%- else %}false{% endif %}
+            algo_ondemand_wifi: >-
+              {% if ondemand_wifi is defined %}{{ ondemand_wifi | bool }}
+              {%- elif _ondemand_wifi.user_input is defined %}{{ booleans_map[_ondemand_wifi.user_input] | default(defaults['ondemand_wifi']) }}
+              {%- else %}false{% endif %}
+            algo_ondemand_wifi_exclude: >-
+              {% if ondemand_wifi_exclude is defined %}{{ ondemand_wifi_exclude | b64encode }}
+              {%- elif _ondemand_wifi_exclude.user_input is defined and _ondemand_wifi_exclude.user_input|length > 0 -%}
+              {{ _ondemand_wifi_exclude.user_input | b64encode }}
+              {%- else %}{{ '_null' | b64encode }}{% endif %}
+            algo_dns_adblocking: >-
+              {% if dns_adblocking is defined %}{{ dns_adblocking | bool }}
+              {%- elif _dns_adblocking.user_input is defined %}{{ booleans_map[_dns_adblocking.user_input] | default(defaults['dns_adblocking']) }}
+              {%- else %}false{% endif %}
+            algo_ssh_tunneling: >-
+              {% if ssh_tunneling is defined %}{{ ssh_tunneling | bool }}
+              {%- elif _ssh_tunneling.user_input is defined %}{{ booleans_map[_ssh_tunneling.user_input] | default(defaults['ssh_tunneling']) }}
+              {%- else %}false{% endif %}
+            algo_store_pki: >-
+              {% if ipsec_enabled %}{%- if store_pki is defined %}{{ store_pki | bool }}
+              {%- elif _store_pki.user_input is defined  %}{{ booleans_map[_store_pki.user_input] | default(defaults['store_pki']) }}
+              {%- else %}false{% endif %}{% endif %}
       rescue:
         - include_tasks: playbooks/rescue.yml

main.yml

@@ -23,12 +23,15 @@
 
     - name: Set required ansible version as a fact
       set_fact:
-        required_ansible_version:
-          "{{ item |  regex_replace('^ansible-core[\\s+]?(?P<op>[=,>,<]+)[\\s+]?(?P<ver>\\d.\\d+(.\\d+)?)$',
-                      '{\"op\": \"\\g<op>\",\"ver\": \"\\g<ver>\" }') }}"
-      when: '"ansible-core" in item'
+        required_ansible_version: "{{ item |  regex_replace('^ansible[\\s+]?(?P<op>[=,>,<]+)[\\s+]?(?P<ver>\\d.\\d+(.\\d+)?)$', '{\"op\": \"\\g<op>\",\"ver\"\
+          : \"\\g<ver>\" }') }}"
+      when: '"ansible" in item'
       with_items: "{{ lookup('file', 'requirements.txt').splitlines() }}"
 
+    - name: Just get the list from default pip
+      community.general.pip_package_info:
+      register: pip_package_info
+
     - name: Verify Python meets Algo VPN requirements
       assert:
         that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.8', '>=')
@@ -40,10 +43,10 @@
     - name: Verify Ansible meets Algo VPN requirements
       assert:
         that:
-          - ansible_version.full is version(required_ansible_version.ver, required_ansible_version.op)
+          - pip_package_info.packages.pip.ansible.0.version is version(required_ansible_version.ver, required_ansible_version.op)
           - not ipaddr.failed
         msg: >
-          Ansible version is {{ ansible_version.full }}.
+          Ansible version is {{ pip_package_info.packages.pip.ansible.0.version }}.
           You must update the requirements to use this version of Algo.
           Try to run python3 -m pip install -U -r requirements.txt
 

playbooks/cloud-post.yml

@@ -10,7 +10,7 @@
     ansible_connection: "{% if cloud_instance_ip == 'localhost' %}local{% else %}ssh{% endif %}"
     ansible_ssh_user: "{{ ansible_ssh_user|default('root') }}"
     ansible_ssh_port: "{{ ansible_ssh_port|default(22) }}"
-    ansible_python_interpreter: "/usr/bin/python3"
+    ansible_python_interpreter: /usr/bin/python3
     algo_provider: "{{ algo_provider }}"
     algo_server_name: "{{ algo_server_name }}"
     algo_ondemand_cellular: "{{ algo_ondemand_cellular }}"
@@ -33,7 +33,7 @@
   wait_for:
     port: "{{ ansible_ssh_port|default(22) }}"
     host: "{{ cloud_instance_ip }}"
-    search_regex: "OpenSSH"
+    search_regex: OpenSSH
     delay: 10
     timeout: 320
     state: present
@@ -44,8 +44,7 @@
   when:
     - pki_in_tmpfs
     - not algo_store_pki
-    - ansible_system == "Darwin" or
-      ansible_system == "Linux"
+    - ansible_system == "Darwin" or ansible_system == "Linux"
 
 - debug:
     var: IP_subject_alt_name