search

NETWAYS / ansible-collection-elasticstack

A collection to install and manage the Elastic Stack
GNU General Public License v3.0
9 stars 8 forks source link

fixing gpg dependency #166

Closed lcndsmr closed 1 year ago

lcndsmr commented 1 year ago

Fixes Issue #157

lcndsmr commented 1 year ago

i put the task into the repo role in tasks/main.yml with the package module, since gpg is needed on all OS types

widhalmt commented 1 year ago

The "nuke 'em from orbit" variant would be to install the packages but allow for deactivating this task via variable. Should make everybody happy. Ist just a significant bigger blob of code.

widhalmt commented 1 year ago

@dgoetz had another idea: Manage all packages without alternatives inside the role. Especially if they are part of default repositories. Make sure there's no version pin. Everything else (optional packages, those that need extra repos etc.) added as task but disableable (is that a word?) via variable.

lcndsmr commented 1 year ago

Just vomiting thoughts here:

I think we should add dependent packages in the role, as long as we know that they could be missing (like gpg), because maintaining ALL dependencies is nearly impossible and a lot of work, and if they are in the base repos. If they need extra repos or be downloaded or something, they should be diableable (it is a word now).

BUT: Imagine this scenario: We need a package that has its own repo and stuff (like something from hashicorp or something) and if we dont have the package, installation of other things fails and we cannot provide the goaöl of the role. Will we say in the readme "yeah you can disable it, but everything will fail"? I thinkwe should say something like "package x will be provided from source y, if you want to provide it from another source, you can set install_package_x to false. But make sure you have it installed before it runs"

lcndsmr commented 1 year ago

i will change things here when we decide how to handle that :)

widhalmt commented 1 year ago

I was just thinking of the, hopefully mostly hypthetical, situation where users want to install "their own(tm)" version of gpg. I've seen strange things in my consulting days... But to be honest, I guess, if someone really wants to do such a thing, they can always open an issue.

So +1 from my side for your and your and Dirks approach: Install everything we need if it's mandatory for the role to run and mandatory. And install everything else but make the task disableable (🎉 ).