-
Notifications
You must be signed in to change notification settings - Fork 297
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #37051 - Add Katello Ansible default job templates #10850
Fixes #37051 - Add Katello Ansible default job templates #10850
Conversation
Marking draft for now because this also needs #10845. When that's merged I'll rebase this without it. But feel free to review any time. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for my suggestion (I wanted to upstream it but the PR process of opening a issue refrained me to upstream them: however we tested those in prod and they works ok) The only culprit is no package = all package for update. I don't know if we should force user to specify '*'. One thing we did is run this job on machine with query applicable_rpms ~ yum
and we use package query name = yum
however it resolved to empty query and then a yum update
was fired (hopefully no machine were broken).
I don't think if we use the UI we would see the warning.
app/views/foreman/job_templates/install_errata_by_search_query_-_katello_ansible_default.erb
Show resolved
Hide resolved
app/views/foreman/job_templates/install_errata_by_search_query_-_katello_ansible_default.erb
Show resolved
Hide resolved
--- | ||
- hosts: all | ||
tasks: | ||
- package: | ||
name: | ||
<% package_names.each do |package_name| -%> | ||
- <%= package_name %> | ||
<% end -%> | ||
state: present |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
--- | |
- hosts: all | |
tasks: | |
- package: | |
name: | |
<% package_names.each do |package_name| -%> | |
- <%= package_name %> | |
<% end -%> | |
state: present | |
<%= render_template('Package Action - Ansible Default', :state => 'present', :name => package_names) %> |
At least it will be on par with the Katello without Ansible
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rendered output:
# For Windows targets use the win_package module instead.
---
- hosts: all
tasks:
- package:
name: ["libssh2", "libssh-devel"]
state: present
query: name = libssh-devel or name = libssh2
We have a trailling line empty but that can be changed by adding minus
--- | ||
- hosts: all | ||
tasks: | ||
- package: | ||
name: | ||
<% package_names.each do |package_name| -%> | ||
- <%= package_name %> | ||
<% end -%> | ||
state: present |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
--- | |
- hosts: all | |
tasks: | |
- package: | |
name: | |
<% package_names.each do |package_name| -%> | |
- <%= package_name %> | |
<% end -%> | |
state: present | |
<%= render_template('Package Action - Ansible Default', :state => 'latest', :name => package_names) %> |
You have written state: present
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is really an error here: state: present
-> state: latest
or use Package Action - Ansible Default
with latest
I don't put the rendered template because my test machine is outdated (long list) but we have the same layout than the others.
Scenario tested:
- update one package by clicking and it works correctly.
- update two packages by clicking and it works correctly.
- update with search query * and I see the full list and it works correctly
- update with blank search query => the lists is [] so a correct yaml. rc=0 and "Nothing to do"
- update with a query to a uptodate package
name ~ acl
same than blank query. In the proposed file: it would cause to trigger ayum update
because the list is empty.
app/views/foreman/job_templates/remove_packages_by_search_query_-_katello_ansible_default.erb
Show resolved
Hide resolved
The reason for the empty string is that if you run |
if we use the ansible module yes: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/dnf_module.html other dnf command like provides,list accepts glob. I can test it but almost sure it supports it. |
1e385f2
to
c617395
Compare
Rebased per #10850 (comment), marked ready for review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really think my suggestion is worthwhile at least for the last comment.
--- | ||
- hosts: all | ||
tasks: | ||
- package: | ||
name: | ||
<% package_names.each do |package_name| -%> | ||
- <%= package_name %> | ||
<% end -%> | ||
state: present |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rendered output:
# For Windows targets use the win_package module instead.
---
- hosts: all
tasks:
- package:
name: ["libssh2", "libssh-devel"]
state: present
query: name = libssh-devel or name = libssh2
We have a trailling line empty but that can be changed by adding minus
app/views/foreman/job_templates/remove_packages_by_search_query_-_katello_ansible_default.erb
Show resolved
Hide resolved
--- | ||
- hosts: all | ||
tasks: | ||
- package: | ||
name: | ||
<% package_names.each do |package_name| -%> | ||
- <%= package_name %> | ||
<% end -%> | ||
state: present |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is really an error here: state: present
-> state: latest
or use Package Action - Ansible Default
with latest
I don't put the rendered template because my test machine is outdated (long list) but we have the same layout than the others.
Scenario tested:
- update one package by clicking and it works correctly.
- update two packages by clicking and it works correctly.
- update with search query * and I see the full list and it works correctly
- update with blank search query => the lists is [] so a correct yaml. rc=0 and "Nothing to do"
- update with a query to a uptodate package
name ~ acl
same than blank query. In the proposed file: it would cause to trigger ayum update
because the list is empty.
@ianballou 's testing tracker Tested so far: |
@Et7f3 Sometimes, you need to be able to upgrade to a version that is not the latest. There will be multiple upgrade versions to choose from, and you could choose one that's not the latest. This feature was added in #10263. You can see the community demo of this feature here. My idea with using |
Re: updating to an intermediate version:
Here's an example. Neither of these are the latest. |
@jeremylenz should clicking the hamburger button on a package to update and selecting "Upgrade via remote execution" use the ansible script if it's the default? In my case it used bash. |
In my testing it did! Keep in mind you do have to set the default script for all the features on the Features page (katello_package_install_by_search, katello_packages_update_by_search, katello_errata_install_by_search, etc.) |
Can you also test the same with the defaults set back to Script? This def looks like a bug but I don't see how it could be ansible-related |
Confirmed it fails with Script as well. redmine.
All good, I got confused by the switch to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is working well for me, tested via the host details page.
(I just discovered randomly while showcasing foreman to colleagues) latest c-ares can vary but latest c-ares-1.17.1-5.el9_2.1.x86_64 (the one rendered should be unique). I will test it soon but think latest/present in Ansible will honour the version we specify. I don't recall the script version take care of this (command yum update/yum install) |
Test "Update Packages by search query - Katello Ansible Default" with latest and selected version not latestOn a machine with libcurl-7.76.1-23.el9.x86_64 upgradable to libcurl-7.76.1-23.el9_2.4.x86_64 or libcurl-7.76.1-26.el9_3.2.x86_64 # For Windows targets use the win_package module instead.
---
- hosts: all
tasks:
- package:
name: ["libcurl-7.76.1-23.el9_2.4.x86_64"]
state: latest Packages search query id ^ (18828) I changed my template to Test "Update Packages by search query - Katello Ansible Default" with present and selected version not latestOn a machine with open-vm-tools-12.1.5-1.el9_2.2.x86_64 upgradable to open-vm-tools-12.1.5-1.el9_2.3.x86_64, open-vm-tools-12.2.5-3.el9_3.x86_64 or open-vm-tools-12.2.5-3.el9_3.2.x86_64 I triggered `Update package(s) id ^ (19232)` ```yaml # For Windows targets use the win_package module instead. --- - hosts: all tasks: - package: name: ["open-vm-tools-12.1.5-1.el9_2.3.x86_64"] state: present ```Packages search query id ^ (19232)
Test "Update Packages - Katello Ansible Default" selected version not latestOn a machine with glibc-2.34-60.el9.x86_64 upgradadable to glibc-2.34-60.el9_2.7.x86_64 or glibc-2.34-83.el9_3.7.x86_64 I am suprised that these template use raw ansible command when Here is the result:
Ok since One more argument about depending on |
I think this is a good reason. I had originally used
Using Package Action - Ansible Default would require the ['short', 'form'] of writing lists. I did not even know this was possible before now. To be honest, I just prefer the long form of YAML lists (one item per line, beginning with |
c617395
to
9266f56
Compare
Changed the package update template to use |
I don't mind short form/long form. Can you modify the You already have the code just put in the right file.
We use the |
<% package_names.each do |package_name| -%> | ||
- <%= package_name %> | ||
<% end -%> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<% package_names.each do |package_name| -%> | |
- <%= package_name %> | |
<% end -%> | |
<% if package_names.empty? -%> | |
name: [] | |
<% else -%> | |
name: | |
<% package_names.each do |package_name| -%> | |
- <%= package_name %> | |
<% end -%> | |
<% end -%> |
Oh one thing about short form/long form for list: if list is empty (because we use the REX tab) you need to use the short form otherwise the yaml won't be valid and we will get an syntax error.
So either print only short for the empty case or render_error that forbid it.
name: | ||
<% package_names.each do |package_name| -%> | ||
- <%= package_name %> | ||
<% end -%> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems like common idioms there should be a macro:
name: | |
<% package_names.each do |package_name| -%> | |
- <%= package_name %> | |
<% end -%> | |
name: <%= indent(10) { to_yaml(package_names).gsub(/---/, "") } -%> |
['long', 'form']
render:
name:
- long
- form
while []
render
name: []
That would require a code change in https://github.com/theforeman/foreman_ansible which I am trying to avoid. |
Oh didn't see it was another repo. Nevertheless this change is appreciable: will open a PR for it. I tried to add argument about consistency but some code in Katello use it: katello/app/views/foreman/job_templates/remove_package_-_katello_ansible_default.erb Line 16 in f281fc5
katello/app/views/foreman/job_templates/install_package_-_katello_ansible_default.erb Line 16 in f281fc5
but then found upgrade used another mechanism: katello/app/views/foreman/job_templates/update_package_-_katello_ansible_default.erb Line 16 in f281fc5
|
It seems this doesn't work. (dnf thinks there is nothing to do.) I will need to handle the "update all" case separately. Will update shortly. |
It is in the scenario I tested: #10850 (comment) and I think it is correct behavior as it avoid a global |
When you select all upgradable packages in the web UI, the resulting command should be |
9266f56
to
7035012
Compare
Rebased to current master and updated the package upgrade template to work properly with an empty search. |
@ianballou This should be ready for another look, if you wish! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Working well!
Re: update script updates all vs none for an empty package list, I agree that an empty list should update all because it mimics the yum update
command.
Merging to ensure it gets into Katello 4.11.1. Thanks for the feedback and reviews @ianballou @Et7f3 ! |
(cherry picked from commit 4f236c7)
What are the changes introduced in this pull request?
In the new host details UI, remote execution jobs use, by default, the 'xxx by search - Katello Script Default' job templates for package install / remove / upgrade, and errata apply. For those that use remote execution via Ansible, previously there was no way to use the web UI because there were no corresponding 'by search' Ansible job templates. This PR adds those.
Considerations taken when implementing this change?
For the package actions, I was originally looking at inheriting from "Package Action - Ansible Default." But that template only takes a single package name, and I needed multiple. So I'm just rendering the Ansible directly in Katello's template, instead of raising a PR to foreman_ansible. You can yell at me if you must.
What are the testing steps for this pull request?
bundle exec rails runner "ForemanInternal.all.first.destroy"
to trigger seeds, then restart your Foreman server<feature name>
by search - Katello Ansible Default' as the default template for each feature. Example:From the new host details Packages and Errata tabs, try
Make sure that templates render the Ansible correctly (check the 'Preview templates' tab on the REX job details). There's no need to actually communicate with the host, though this is nice to have.