Ansible-playbooks to install on Centos8

[amanda11]

Closes #248

I have tested this on Centos8/7/Xenial with EWC licenses.

Some comments / queries on implementation:

1. Many roles do an import based on package manager, therefore expect to find a _dnf.yml file. I have included those files. The alternative would be to change the imports so that if the package manager was dnf it still imported the yum version.
   Do we want to have dnf and yum files?
   Where the RH8 versus 6/7 differ then it omits the need for checks on RH version in the _yum variant, but it also means in some cases the dnf and yum files are identical.

2. I didn't manage to test the firewall-cmd as on my Centos8 not enabled. But have used same logic as single node install.

3. I created a mongodb4 variable. You can't have conditional defaults so if just have the one default mongodb_version then for installing on RH8 then it would default to 3.4.
   An alternative might have been to have some conditional logic that if the mongodb version is < 4 then to set to the default mongodb4 version instead?

4. In the mongodb dependencies then for RH8 I have removed the dependency on python-ndg_httpsclient. It isn't available on the RH8 manual install. All other python imports are changed to their python3 one.

[arm4b]

Thanks for working on adding EL8 support to Ansible! 👍

Yes, per discussion it would be best to use _yum.yml files instead of _dnf.yml to benefit from the common codebase and avoid code duplication. I also left pointers about other files to touch for full EL8 support.

[arm4b]

👍

[amanda11]

I need to fix 5 'changed' tasks on the idempotent. Trying to figure out if there is a yum module where you can specify the stream, so that it doesn't get altered. Just doing some research on this to fix the travis idempotency errors reported.

[amanda11]

I still have 2 idempotent fixes to do on the yum module enable/disable. But wanted to push to get the travis jobs to run to confirm that its the only problem after the last refactor.

Other thoughts:

1. mongodb_dnf.yml - there isn't any common tasks with mongodb_yum.yml - but I can probably refactor it to one mongodb_yum.yml and different variable includes instead. As the tasks are the same just differnet variables. Will try and do refactor of that next week unless prefer to keep as is.
2. On the firewall-cmd the single line install just seems to enable http/https commands if firewalld is enabled and there is a hypervisor/uuid file and it does NOT contain ec2. I've just used the same condition but I don't know if it could be simplifieid to just check if firewalld is enabled? (Not sure on the history of that one...) (on my Centos8 firewalld is NOT enabled)

[amanda11]

@armab thanks for feedback, will
Implement those comments - will make it neater.

[amanda11]

@armab @punkrokk Have implemented your comments, let me know any other feedback. All checks now passing.

[arm4b]

@amanda11 Looks really good. Thanks a lot for the hard work and additional changes!

I'll try to spend a few more cycles and run the playbooks in a couple of days for any possible corner cases and may provide more feedback.

One of the things that looks excessive are tasks related to "AppStream for RH8". Wondering if we could just pin the required repo name during the nodejs install via --disablerepo vs --enablerepo to make sure nodejs is only installed from the official nodeseource repo. This is a good thing to do anyway.

[amanda11]

Thanks. I believe if I disable / enable on the yum install itself then the problem is any later yum update would then take from AppStream and not nodejs. So you do have to do disable the stream separately for the module.

[arm4b]

Yes, right.
I've checked the upgrade case and the fact that st2chatops package relies on epoch:2 of nodejs (https://github.com/StackStorm/st2chatops/blob/master/rpm/st2chatops.spec#L11), nodesource version will be always used as a dependency.

• Appstream provides: 1:10.19.0-2.module_el8.2.0+310+695ca693
• Nodesource provides: 2:10.21.0-1nodesource

So while we're on the safe side already, I'm good to keep it as an additional safety net because I found similar logic in the official nodesource script curl -sL https://rpm.nodesource.com/setup_10.x | sudo -E bash -:

## As yum will try to install Node.js from the AppStream repository
instead of the NodeSource repository, the AppStream's version of Node.js has to be disabled.
## Run `sudo yum module enable -y nodejs` to reactivate the AppStream's Node.js repository.

+ yum module disable -y nodejs

[arm4b]

@amanda11 Everything worked flawlessly. Just left several more comments and recommendations.

@punkrokk There is a question related to EC2 check, - please take a look. Need your insight on that.

[punkrokk]

I would recommend we now test this on CentOS 8.2, since it got released yesterday and this work is fresh in everyone's mind.

[arm4b]

LGTM! 🎉
Thanks @amanda11 for bringing the EL8 support to Ansible playbooks and additional 👍 for the patience and code changes!

@punkrokk WDYT, good to merge?

[punkrokk]

Going to run myself quickly. Give me an hour.

[punkrokk]

Great job @amanda11

[arm4b]

The new EL8 support feature should be now available as v1.5.0 in ansible galaxy:
https://galaxy.ansible.com/StackStorm/stackstorm