The configuration source for linux-system-roles repositories. This uses Ansible to manage configuration, github actions, and other common files used by repositories in the linux-system-roles organization. This allows org admins to easily rollout updates to all repos.
The structure of the files/directories under playbooks/files and
playbooks/templates should match exactly the name and location of the
files/directories in the role repositories. For example,
playbooks/templates/.ansible-lint corresponds to the .ansible-lint file in
the root directory of the role repositories.
playbooks/.github/workflows/weekly_ci.yml corresponds to the file
.github/workflows/weekly_ci.yml in the role repositories.
The file inventory.yml is the list of all roles and contains the groups
active_roles for all of the actively maintained and supported roles, and the
group python_roles for the roles that provide Ansible python plugins such as
modules, filters, etc.
The file inventory/group_vars/active_roles.yml is used for settings common to
all roles.
The file inventory/group_vars/python_roles.yml is used for settings common to
all roles that have python modules, filters, and other Ansible plugin python
code.
The file inventory/host_vars/$ROLENAME.yml is used for settings that are
specific to that role. Some examples:
all.hosts section:all:
hosts:
...
postgresql:
ansible_host: localhost
quite_a_good_new_role:
ansible_host: localhost
rhc:
ansible_host: localhostactive_roles.hosts section: postgresql:
quite_a_good_new_role:
rhc:python_roles.hosts section: network:
quite_a_good_new_role:
selinux:inventory/host_vars/$ROLENAME.yml - add any customizations
for the github actions weekly_ci, ansible_lint, etc.playbooks/files or playbooks/templatesAdd the file according to the location in the role repository under
playbooks/files or playbooks/templates. If the file is static, and needs no
per-role configuration (such as a github action cron schedule), then add under
playbooks/files.
NOTE: github action files will almost always be templates, due to the checkout action being template-ized.
inventory/group_vars/active_roles.yml or
inventory/group_vars/python_roles.ymlpresent_templates are files that should be present in all roles that are
generated by templates.
present_files are files that should be present in all roles that are static.
absent_files are files that should be removed from all roles.
present_python_templates are files that should be present in roles that
provide Ansible python code that are generated by templates.
present_python_files are files that should be present in roles that provide
Ansible python code that are static.
absent_python_files are files that should be removed from roles that provide
Ansible python code.
This uses the gh command line tool provided by the
gh package on Fedora.
To configure Github tools to run the automation, complete the following steps:
Configure gh to authenticate to github using ~/.config/gh/hosts.yml:
github.com:
user: my_user_name
oauth_token: my_oauth_token
git_protocol: sshOr by running interactive gh auth login.
Configure credentials caching by running:
$ git config --global credential.helper cacheThe next time GitHub asks you to log in, use your username and auth token.
The playbook playbooks/update_files.yml will create PRs in all roles with the
new/updated/deleted files.
If you just want to see what the playbook will do without actually creating
anything on github, add -e lsr_dry_run=true to the ansible-playbook command.
update_files_commit_file - REQUIRED, no default - This is the path to the
file containing the git commit message to use for the commit, and will also be
used as the PR title and body. Please use good practices for creating the
commit message as described in
Contributing under
"Write a good commit message".update_files_branch - default "update_role_files" - this is the name of the
git branch that will be used for the PR. You probably don't want to change
this unless you have some conflict.lsr_dry_run - default true - use false to actually push and create PRstest_dir - default none - if you specify this, the playbook will checkout
the role directories under this directory - by default, the playbook will
create and remove a tmpdirexclude_roles - default none - you can specify a comma-delimited list of
roles to exclude from processing. This is useful when you want to update
all roles except the given roles.include_roles - default none - you can specify a comma-delimited list of
roles to include in processing, and all other roles will be excluded. This
is useful when you want to update only the given roles, and exclude the
rest. NOTE: include_roles currently only works with 1 role at a time.
You cannot currently specify a list of roles.Run it like this:
ansible-playbook -vv -i inventory -e lsr_dry_run=false \
-e update_files_branch=my_update_branch -e exclude_roles=nbde_client \
-e test_dir=/var/tmp/lsr \
-e update_files_commit_file=/path/to/git-commit-msg playbooks/update_files.ymltest_dir is not specifiedexclude_rolesupdate_files_branch does not exist, it is
created from the main branchupdate_files_branch already exists, it will
be rebased on top of the main branchupdate_files_commit_file for the messageupdate_files_branch in github.com/linux-system-roles/$ROLE
If the branch already exists, it will be pushed with git push -fNOTE: This process may create multiple commits if you need to make edits to an
existing PR. Use the Squash commits and merge functionality in the github PR
to merge.