Put our ansible roles in standard location #159
Conversation
|
@kbrock Can you add a link to the |
|
My concern here is that custom roles installed by the user directly or via galaxy would get merged with ours, which might be problematic, particularly during future upgrades. I think one reason we had them separated (and also later in the path) was to avoid that conflict. |
|
@NickLaMuro sorry to do the whole "all things ansible are nick's domain" getting the custom path out of our config is my primary driver here |
|
This is part of what I mentioned in a related PR: ManageIQ/manageiq#21287 (comment) But here is my findings (and they aren't great). The rationale for a custom path really wasn't brought up much here when they were introduced in these two PRs:
However, it seems like Fabien did run into an issue when it finally was enabled via: Which was missing the My guess any discussion of why this decision was made happened in a meeting between @Fryguy, Nick (Carboni), and myself, and wasn't jotted down anywhere 😩 Based on ManageIQ/manageiq-appliance#252 it seems like That all said, you are going to have to make changes to the |
|
I just pushed an update where we are using etc instead of share |
|
ooh, shoot. yea,
|
I don't see this as lockstep at all. This PR will work standalone. Both directories are in our current path. That also goes for if we decide to skip links and just put the directories into the share If we decide to modify our default ansible role path, then yes. We need to make sure this change goes in first. |
|
@kbrock no, that is just incorrect. We have hard coded content for |
|
@NickLaMuro This is how I saw it working in my mind Beforerpm build
runtime
Afterrpm buildone addition:
These files are going to the application root, which ends up in the tarball. But everything happens on the build machine, before the target machine even ecists. So I suppose we can be creative where we put those directores into the tarball, but I for now, I was just thinking we would leave these in their current location. The key difference is adding those (duplicate) symbolic links. runtime
Further changesChanges not in this PR but the intent is to make this change. If we remove If we moved consolidated over to share instead of symbolic linking (probably will never happen) then they will get picked up |
|
I am actually fine with the concept of moving everything into That said, to do that, we would have to either do a very long an complex process of PRs to do it one by one, or a few in lock step. The wrinkle in the "one by one" option is it seems you are using it as a justification to hold up: (an assumption I am currently making) Which is solving a bug where playbook just do not run on podified... at all. So with that said, I don't think we really have the luxury to take our time and find a slow solution here. If you want to be pedantic and solve this the #RightWay™ out of the gate, we should do that, otherwise, we probably should just go with the solution in ManageIQ/manageiq#21287 and iterate later. It makes things sloppy for now, but otherwise we are holding others for something that should probably go out now in a patch release.
|
kbrock
changed the title
|
Installing the ansible configuration file into a user's directory is sketchy. It also means we would have to install this to every user that needs to run the library. Since we only rely upon the ansible configuration file to set the path, it will be simpler to just install our content into the default path and drop our user specific configuration. This is where ovirt also installs the same type of shared code. My first draft put symbolic from /usr/share to /var/www/manageiq but most (all?) rpms do not rely upon symbolic links and just put the files where they belong/are expected. @NickLaMuro do we override the format to JSON, or are we relying upon the configuration to set that or are we using a command line configuration to override it? |
Currently, we use the configuration to override that. However, as discussed, I think it does make sense to change the format in the I can put a PR together to change that configuration so we configure that through command line flags or env vars (I forget which is easier or makes more sense). |
|
update: fixed merge conflict. @Fryguy we currently do not install other playbooks (or even other rpm packages) on our appliances/pods, so handling those special cases seems very edge case. Since we run as Please share alternatives if you don't feel comfortable and I can implement them. |
the share directory is the standard location for installing ansible playbooks this puts our playbooks into that location so they can be picked up without the need to modify the load path Move ansible playbooks to standard location This lets us drop custom path definition and remove the need to introduce any configuration changes.
kbrock
changed the title
|
@kbrock I am good with this change conceptually, but is there a way we can’t test this before I blindly approve? |
not sure how this one slipped by manageiq user was not able to access the data directory, so none of the lower directories were accessible either. This would blow up while creating the ansible repo (via an error in git_repo not accessing lock directory) this fixes that.
|
Checked commits kbrock/manageiq-rpm_build@9ad151c~...45614cb with ruby 2.6.3, rubocop 1.13.0, haml-lint 0.35.0, and yamllint |
| @@ -102,6 +102,12 @@ cd %{_builddir} | |||
| #sample configuration files | |||
| %{__mv} %{buildroot}%{app_root}/config/cable.yml.sample %{buildroot}%{app_root}/config/cable.yml | |||
|
|
|||
| # Move roles to playbook share | |||
There was a problem hiding this comment.
| # Move roles to playbook share | |
| # Move roles to ansible share |
There was a problem hiding this comment.
Discussed with @kbrock and I am good with this approach.
Minor, but I think I'd prefer if the special seeding method did the consolidation directly into /usr/share/ansible/roles, thereby avoiding the extra mv at rpm build time, but that path doesn't exist on Macs so that might introduce complications. For now, I think what's in this PR is the best course of action.
|
UN-WIP: fixed typo Tested rpm and all files are ending up in the right spot. |
|
ugh. I fixed one of the playbook typos but not the other. We are making plenty of changes to build |
related:
Roles are found in
/etc/defalult/rolesand/usr/share/ansible/roles.This information can be found in ansible.cfg and reference/config
This PR puts our roles into the share directory to follow standard practices and not require that we have a custom configuration file updating the path.
The goal here is to remove the
rootcentric configuration file. aka ManageIQ/manageiq#20394ASIDE: The reuse docs does list fewer directories, but I put in a PR to fix those docs. ansible/ansible#75135
/cc @NickLaMuro @Fryguy