Open ohthehugemanatee opened 5 months ago
Hi @ohthehugemanatee, I welcome the idea in general, but don't really know how it can be implemented efficiently. Currently we have one pip package here https://github.com/shaderecker/ansible-pihole/blob/master/roles/docker/tasks/main.yaml#L29 (docker) But only pinning this package alone won't do the trick since indirect dependencies are still not pinned then. Not sure what would be the best approach here, but welcome to ideas.
Hi @shaderecker,
I have stumbled upon your repository while searching for an example setting up Pi-Hole with Ansible. Great work!
I've forked your repository to make some changes of my own. For example, implementing a custom /etc/dnsmasq.d file for wildcard DNS lookups (Local DNS). Also, I've implemented synchronization using Orbital Sync.
My repository can be found here: https://github.com/bramwalet/ansible-pihole-cluster
I got a lot of inspiration watching Jeff Geerlings content and specifically this presentation: https://www.youtube.com/watch?v=kNDL13MJG6Y. I already implemented version locking of all my depencencies. I use the Renovate bot in order to check for the latest version.
Renovate bot:
How to specify versions:
In order for this to work efficiently, I am implementing integration tests using Ansible Molecule. I have a single node setup working currently (See the GitHub Actions tab on my Repo) and working on a clustered version. One issue I'm stumbling upon is the use of ansible_host for the IP address within the Orbital Sync task.
I am also refactoring the playbooks. It looks like your playbooks are written to be performed in a specific sequence (bootstrap-pihole.yaml, keepalived to enable HA, then periodically sync.yaml and update-pihole.yaml). I am working towards a playbook setup where I define one playbook to cover the entire installation of the Pi including all necessary software (based upon your settings, so HA=true or false), and one playbook (which imports the master playbook) which skips certain roles or tasks (using Ansible tags) in order to update all necessary software (this will skip for example the bootstrap role).
Let me know what you think of my setup!
Hi @bramwalet, Thank you for sharing this, it is really cool stuff that you are building there! I'm looking forward to seeing how the clustered version will work.
Thank you also for the suggestion with renovatebot. I am wondering if this would also help with this specific problem that @ohthehugemanatee found (pinning the version of the docker pip package and its indirect dependencies)?
Hi @bramwalet, Thank you for sharing this, it is really cool stuff that you are building there! I'm looking forward to seeing how the clustered version will work.
Thanks! I will keep you updated. I committed my work in progress in a separate branch.
I am wondering if this would also help with this specific problem that @ohthehugemanatee found (pinning the version of the docker pip package and its indirect dependencies)?
Ansible collection community.docker has fixed this problem in version 3.10.2, see the release notes: https://docs.ansible.com/ansible/latest/collections/community/docker/changelog.html#v3-10-2
I've tested this:
However, while running the test against version 3.10.0 of the collection, the build also breaks. It looks like community.docker hasn't fixed their dependency versions (requests) either, so then it won't fix the problem.
I realized community.docker requires requests to be installed, it can be done manually. So in my molecule/prepare.yml and prepare steps for Github Actions, I used to install this using the latest version. When I specify a version in a requirements.txt file, to the older version 2.31.0, things won't break.
See changes and more changes and build result.
Ok cool, nice catch! Thank you for testing this so thoroughly.
Today I tried running the update playbook and ended up in a broken state because of docker/docker-py#3256 . I suggest pinning versions of the installed packages to avoid this kind of breakage in future.