Ansible-playbooks to install on Centos8

[amanda11]

Closes #248

I have tested this on Centos8/7/Xenial with EWC licenses.

Some comments / queries on implementation:

1. Many roles do an import based on package manager, therefore expect to find a _dnf.yml file. I have included those files. The alternative would be to change the imports so that if the package manager was dnf it still imported the yum version. Do we want to have dnf and yum files? Where the RH8 versus 6/7 differ then it omits the need for checks on RH version in the _yum variant, but it also means in some cases the dnf and yum files are identical.

2. I didn't manage to test the firewall-cmd as on my Centos8 not enabled. But have used same logic as single node install.

3. I created a mongodb4 variable. You can't have conditional defaults so if just have the one default mongodb_version then for installing on RH8 then it would default to 3.4. An alternative might have been to have some conditional logic that if the mongodb version is < 4 then to set to the default mongodb4 version instead?

4. In the mongodb dependencies then for RH8 I have removed the dependency on python-ndg_httpsclient. It isn't available on the RH8 manual install. All other python imports are changed to their python3 one.

[amanda11]

I need to fix 5 'changed' tasks on the idempotent. Trying to figure out if there is a yum module where you can specify the stream, so that it doesn't get altered. Just doing some research on this to fix the travis idempotency errors reported.

[amanda11]

I still have 2 idempotent fixes to do on the yum module enable/disable. But wanted to push to get the travis jobs to run to confirm that its the only problem after the last refactor.

Other thoughts:

1. mongodb_dnf.yml - there isn't any common tasks with mongodb_yum.yml - but I can probably refactor it to one mongodb_yum.yml and different variable includes instead. As the tasks are the same just differnet variables. Will try and do refactor of that next week unless prefer to keep as is.
2. On the firewall-cmd the single line install just seems to enable http/https commands if firewalld is enabled and there is a hypervisor/uuid file and it does NOT contain ec2. I've just used the same condition but I don't know if it could be simplifieid to just check if firewalld is enabled? (Not sure on the history of that one...) (on my Centos8 firewalld is NOT enabled)

[amanda11]

@armab thanks for feedback, will Implement those comments - will make it neater.

[amanda11]

@armab @punkrokk Have implemented your comments, let me know any other feedback. All checks now passing.

[amanda11]

Thanks. I believe if I disable / enable on the yum install itself then the problem is any later yum update would then take from AppStream and not nodejs. So you do have to do disable the stream separately for the module.

[arm4b]

Yes, right. I've checked the upgrade case and the fact that st2chatops package relies on epoch:2 of nodejs (https://github.com/StackStorm/st2chatops/blob/master/rpm/st2chatops.spec#L11), nodesource version will be always used as a dependency.

• Appstream provides: 1:10.19.0-2.module_el8.2.0+310+695ca693
• Nodesource provides: 2:10.21.0-1nodesource

So while we're on the safe side already, I'm good to keep it as an additional safety net because I found similar logic in the official nodesource script curl -sL https://rpm.nodesource.com/setup_10.x | sudo -E bash -:

## As yum will try to install Node.js from the AppStream repository
instead of the NodeSource repository, the AppStream's version of Node.js has to be disabled.
## Run `sudo yum module enable -y nodejs` to reactivate the AppStream's Node.js repository.

+ yum module disable -y nodejs

[punkrokk]

I would recommend we now test this on CentOS 8.2, since it got released yesterday and this work is fresh in everyone's mind.

[punkrokk]

Going to run myself quickly. Give me an hour.

[punkrokk]

Great job @amanda11

[arm4b]

The new EL8 support feature should be now available as v1.5.0 in ansible galaxy: https://galaxy.ansible.com/StackStorm/stackstorm