Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ansible syntax update #1435

Closed
wants to merge 3 commits into from
Closed

Ansible syntax update #1435

wants to merge 3 commits into from

Conversation

psivesely
Copy link
Contributor

Resolves #1427. Updates Ansible syntax, so it stops spitting out deprecation warnings at us. Will help in migrations to Ansible 2.

Note: I have not been able to test this comprehensively yet because doing so is blocking on #1430.

Noah Vesely added 3 commits October 31, 2016 16:52
@conorsch
Copy link
Contributor

conorsch commented Nov 2, 2016

👎 Cannot be merged as-is, mostly due to the sudo -> become changes. Those changes would break backwards compatibility for versions of Ansible before 1.9—which includes the 1.7.x versions currently shipped by Tails on Admin Workstations.

It's a significant problem that our virtualized development environment does not provide a method of testing the Tails workflow. At present it's always best to test changes to the Admin workflow and packages on hardware with Tails to make sure there's no breakage.

@conorsch
Copy link
Contributor

conorsch commented Nov 2, 2016

Relevant discussion about out-of-date Ansible versions on Admin Workstations in #1146.

@conorsch
Copy link
Contributor

conorsch commented Nov 2, 2016

On the subject of tracking Ansible versions explicitly, we need to pin the version installed in Travis, since we're currently getting failures. Will open a separate issue.

@conorsch
Copy link
Contributor

conorsch commented Nov 2, 2016

Opened #1438 to track the Travis changes.

@psivesely
Copy link
Contributor Author

We just discussed this PR in-person. Tails is running on Debian Jessie which is currently shipping Ansible 1.7.2. We cannot use this version for development because it does not fully support all the playbooks we run in development. One's inclination would be to believe that 1.7.2 must support securedrop-prod.yml, but perhaps not the development of staging playbooks. However, from what @conorsch had to say, it seems like the Ansible 1.7.2 Debian is shipping is inconsistent with the Ansible installed via pip install -U ansible==1.7.2. Maybe @conorsch can chip in more to that regard.

The only commit here that includes supported syntax in Ansible 1.7.2 is dcfafdd. We decided that if this PR is amended to drop the first two commits it can be merged (I'll likely just cherry-pick it into a new branch of develop in order to preserve the work here, and close this PR in favor of a new one off that branch).

@conorsch
Copy link
Contributor

conorsch commented Nov 3, 2016

Thanks for documenting the discussion, @fowlslegs.

it seems like the Ansible 1.7.2 Debian is shipping is inconsistent with the Ansible installed via pip install -U ansible==1.7.2. Maybe @conorsch can chip in more to that regard.

Further testing required here. Try running pip install ansible==1.7.2 in your local virtualenv for SecureDrop, then run the playbooks. I see:

$ ansible --version
ansible 1.7.2
$ vagrant provision
==> development: Running provisioner: ansible...
    development: Running ansible-playbook...
PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --connection=ssh --timeout=30 --limit="development" --inventory-file=/home/conor/freedomofpress/securedrop/.vagrant/provisioners/ansible/inventory -v install_files/ansible-base/securedrop-development.yml
ERROR: apt is not a legal parameter in an Ansible task or handler
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.

That's no good! Manual testing in Tails with Ansible 1.7.2 installed via apt (from the Jessie stable repos) does not show the same error, however.

We decided that if this PR is amended to drop the first two commits it can be merged (I'll likely just cherry-pick it into a new branch of develop in order to preserve the work here, and close this PR in favor of a new one off that branch).

Yes, if the become -> sudo changes are removed, the with_items updates are still worth considering for inclusion. They should be backwards compatible with all relevant prior versions of Ansible, but will need to be explicitly tested and confirmed working with:

  • ansible==1.8.4 in staging VMs
  • ansible==1.7.2 (via apt) on Tails

If the changes check out in both those contexts, let's get them in. I recommend simply rebasing this feature branch, rather than submitting a new PR, so we have the conversation tracked along side the changes.

@conorsch conorsch mentioned this pull request Nov 3, 2016
Closed
@psivesely psivesely mentioned this pull request Nov 3, 2016
Merged
@psivesely
Copy link
Contributor Author

Closed in favor of #1442.

@psivesely psivesely closed this Nov 3, 2016
@psivesely
Copy link
Contributor Author

I found it easier to preserve this branch, but I did add a note @conorsch to your regard in your last commment: #1442 (comment).

@legoktm legoktm deleted the ansible-syntax-update branch January 9, 2025 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@psivesely @conorsch