Changes to hxr.admin-tools #998
Conversation
mira-miracoli
requested review from
bgruening,
sanjaysrikakulam and
kysrpex
and removed request for
bgruening
| @@ -15,7 +15,7 @@ admin_packages: | |||
| - net-tools | |||
| - unzip | |||
| - mutt | |||
| - byobu | |||
| - "{{ byobu if ansible_distribution_major_version < '9' | default(omit) }}" | |||
There was a problem hiding this comment.
| - "{{ byobu if ansible_distribution_major_version < '9' | default(omit) }}" | |
| - "{{ 'byobu' if ansible_distribution_major_version < '9' else omit }}" |
Just run this task to see why.
- name: Debug.
ansible.builtin.debug:
msg: "{{ byobu if ansible_distribution_major_version < '9' | default(omit) }}"
There was a problem hiding this comment.
The task runs for me, but yes we can change that
There was a problem hiding this comment.
The task runs for me, but yes we can change that
It runs because you are running the task in EL 9, so the variable byobu is never evaluated. If you run it on sn06 (running EL 8) you get this.
TASK [Debug.] ************************************************************************************************************************************************************************
fatal: [sn06.galaxyproject.eu]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'byobu' is undefined\n\nThe error appears to be in '/home/jose/Dokumente/Repositories/usegalaxy-eu_infrastructure-playbook/htcondor.yml': line 5, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n pre_tasks:\n - name: Debug.\n ^ here\n"}
Apart from that, "{{ 'byobu' if ansible_distribution_major_version < '9' }}" evaluates to an empty string when the condition after the if clause is not met, not to an undefined variable. Therefore the "default" filter does not come into action. You can realize this because the task
- name: Debug.
ansible.builtin.debug:
msg: "{{ 'byobu' if ansible_distribution_major_version < '8' | default(omit) }}"yields
TASK [Debug.] ************************************************************************************************************************************************************************
ok: [sn06.galaxyproject.eu] => {
"msg": ""
}
on the headnode, but
- name: Debug.
ansible.builtin.debug:
msg: "{{ 'byobu' if ansible_distribution_major_version < '8' else omit }}"yields
TASK [Debug.] ************************************************************************************************************************************************************************
ok: [sn06.galaxyproject.eu] => {
"msg": "Hello world!"
}
| - name: Check if firewalld is already installed | ||
| yum: | ||
| list: firewalld | ||
| # If not installed yum_list.results[*].yumstate != installed | ||
| register: yum_list | ||
|
|
||
| - name: Stop firewalld | ||
| service: | ||
| name: firewalld | ||
| state: stopped | ||
| enabled: no | ||
| when: yum_list.results | selectattr("yumstate", "match", "installed") | list | length != 0 |
There was a problem hiding this comment.
This Role is used by:
- telescope
- apollo
- build
- plausible
- cvmfs
Make sure that none of them assume that firewalld is disabled.
There was a problem hiding this comment.
I think we do not want to disable firewalld anywhere.
since this is read only friday, I will not touch other roles today. We can let this unmerged for now
There was a problem hiding this comment.
Yes I also think we do not want to disable firewalld anywhere. I am just commenting it so that we remember this.
mira-miracoli
changed the title
| # If not installed yum_list.results[*].yumstate != installed | ||
| register: yum_list | ||
|
|
||
| - name: Stop firewalld |
There was a problem hiding this comment.
fascinating, why would i do that?
I suspect it was because: internally we didn't strictly need a firewall, since a lot of that functionality was being provided in duplicate by OpenStack's firewall, and internally we did occasionally need random ports open for new services, but either way, that was some 🤠 nonsense, so, good that you add it back :)
Co-authored-by: José Manuel Domínguez <[email protected]>
kysrpex
changed the title
vars/main.ymltodefaults/main.ymldisable firewalld(this is very unexpected behaviour for this role imo)byobuis conditinally installed (no package available for EL9)This Role is used by:
If we need to disable firewalld somewhere there, we should do it separately (even though I don't see a case where it is necessary or good)