[WIP] Get rid of ANSIBLE_REPO_PATH var and vars_files includes

sed s/workdir_dir/output_dir/g : Better name

fix travis tests

add setup_runtime and set output_dir if not defined

don't define ANSIBLE_REPO_PATH (it's statically used)

revert changes on linklight

revert rhte-ansible-net

fix path in destroy_env playbooks

fix missing vars_files in rhte-ocp-workshop

use dynamic include_vars instead of vars_files

test destroy_env.yml playbooks from the config dir too

add more tests, without setting ANSIBLE_REPO_PATH

add detection of regions in the infra-ec2-template-destroy role

use common role infra-azure-template-destroy

DRY Code

DRY: use ec2-infra-template-destroy role when possible

fix destroy_env playbooks

add include_vars.yml

revert changes on doc files

add scaleup playbook to tests, fix them

add ansible/ansible.cfg

fix old calls to openshift-node (now host-ocp-node)

keep nocows=1

fix file in setup_runtime

ansible.cfg

@@ -1,15 +1,12 @@
 [defaults]
-nocow                   = 1
+nocows                  = 1
 roles_path              = ansible/roles
 forks                   = 50
 become                  = False
 gathering               = smart
-fact_caching            = jsonfile
-fact_caching_connection = .ansible_facts
 host_key_checking       = False             # dealing with escalation prompt errors on slow links
 timeout                 = 60
 callback_whitelist      = profile_tasks
-# Use the YAML callback plugin.
 stdout_callback         = yaml
 # Use the stdout_callback when running ad-hoc commands.
 bin_ansible_callbacks   = True

ansible/ansible.cfg

@@ -0,0 +1,19 @@
+[defaults]
+nocows                  = 1
+roles_path              = roles
+forks                   = 50
+become                  = false
+gathering               = smart
+host_key_checking       = False             # dealing with escalation prompt errors on slow links
+timeout                 = 60
+callback_whitelist      = profile_tasks
+stdout_callback         = yaml
+# Use the stdout_callback when running ad-hoc commands.
+bin_ansible_callbacks   = True
+
+[privilege_escalation]
+become                  = false
+
+# override ssh_config ControlPath to use hashed value to handle long node names
+[ssh_connection]
+control_path            = /tmp/%%h-%%r

ansible/cloud_providers/azure_destroy_env.yml

@@ -6,91 +6,8 @@
   connection: local
   gather_facts: False
   become: no
-  environment:
-    AZURE_CLIENT_ID: "{{azure_service_principal}}"
-    AZURE_TENANT: "{{azure_tenant}}"
-    AZURE_SECRET: "{{azure_password}}"
-    AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
-    # AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access for 'az' command
-    AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
   tasks:
-    - name: Delete delegation for NS to the main DNSZone
-      azure_rm_dnsrecordset:
-        resource_group: "{{az_dnszone_resource_group|default('dns')}}"
-        relative_name: "{{guid}}"
-        zone_name: "{{HostedZoneId}}"
-        record_type: NS
-        state: absent
+    - name: Run infra-azure-template-destroy
+      include_role:
+        name: infra-azure-template-destroy
 
-    - name: Destroy method resourceGroup (standalone ResourceGroup)
-      when: az_destroy_method|default('resource_group') == 'resource_group'
-      block:
-        - name: Delete the resource group
-          azure_rm_resourcegroup:
-            name: "{{az_resource_group}}"
-            state: absent
-            force: true
-          tags:
-            - destroying
-            - destroy_cloud_deployment
-            - destroy_azure_deployment
-          register: azure_result
-          until: azure_result|succeeded
-          retries: 6
-          delay: 10
-          ignore_errors: yes
-          when:
-            - cloud_provider == 'azure'
-
-        - name: report azure error
-          fail:
-            msg: "FAIL {{ az_resource_group }} Azure delete group"
-          when:
-            - not azure_result|succeeded
-            - cloud_provider == 'azure'
-          tags:
-            - destroying
-            - destroy_cloud_deployment
-            - destroy_azure_deployment
-
-    - name: Method destroy deployment (shared ResourceGroup)
-      when: az_destroy_method|default('resource_group') == 'deployment'
-      environment:
-        AZURE_CLIENT_ID: "{{azure_service_principal}}"
-        AZURE_TENANT: "{{azure_tenant}}"
-        AZURE_SECRET: "{{azure_password}}"
-        AZURE_SUBSCRIPTION_ID: "{{azure_subscription_id}}"
-        # AZURE_CONFIG_DIR: create a specific config dir for this stack to allow concurrent access
-        AZURE_CONFIG_DIR: "/tmp/.azure-{{project_tag}}"
-      block:
-        - set_fact:
-            t_dest: "{{workdir_dir}}/{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
-
-        - name: Get all resources from the deployment
-          command: az group deployment show --name {{env_type}}.{{guid}} --resource-group {{az_resource_group}}
-          changed_when: false
-          register: az_dep
-          until: az_dep|succeeded
-          retries: 5
-
-        - debug:
-            var: az_dep
-            verbosity: 2
-
-        - name: Get all resources from tag
-          command: az resource list --tag 'Project={{project_tag}}'
-          register: az_tag
-          retries: 5
-          until: az_tag|succeeded
-          changed_when: false
-
-        - name: delete all resources
-          vars:
-            ids_tags: "{{ az_tag.stdout|from_json|json_query('[*].id')}}"
-            ids_deployment: "{{ az_dep.stdout|from_json|json_query('properties.additionalProperties.outputResources[*].id')}}"
-            ids: "{{ids_deployment|union(ids_tags)}}"
-          command: "az resource delete --ids {{ids|join(' ')}} --resource-group {{az_resource_group}}"
-          register: az_delete
-          until: az_delete|succeeded
-          retries: 5
-          when: ids|length > 0

ansible/cloud_providers/azure_infrastructure_deployment.yml

@@ -33,8 +33,8 @@
         - must
 
     - set_fact:
-        t_dest: "{{workdir_dir}}/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
-        params_dest: "{{workdir_dir}}/{{project_tag}}-cloud_template_parameters.json"
+        t_dest: "{{output_dir}}/{{ env_type }}.{{ guid }}.{{cloud_provider}}_cloud_template"
+        params_dest: "{{output_dir}}/{{project_tag}}-cloud_template_parameters.json"
       tags:
         - azure_infrastructure_deployment
         - validate_azure_template
@@ -255,8 +255,9 @@
         var: hostvars
         verbosity: 2
 
+# TODO: use common infra role instead of this playbook
 - name: Configure local ssh config for bastion proxy use
-  import_playbook: "{{ANSIBLE_REPO_PATH | default('.')}}/cloud_providers/{{cloud_provider}}_ssh_config_setup.yml"
+  import_playbook: "{{cloud_provider}}_ssh_config_setup.yml"
   when: groups['bastions']
   tags:
     - must

ansible/cloud_providers/azure_ssh_config_setup.yml

@@ -1,3 +1,3 @@
 ---
 - name: Configure local ssh config for bastion proxy use
-  import_playbook: "{{ANSIBLE_REPO_PATH | default('.')}}/cloud_providers/common_ssh_config_setup.yml"
+  import_playbook: common_ssh_config_setup.yml

ansible/cloud_providers/common_ssh_config_setup.yml

@@ -19,8 +19,8 @@
         bastion_hostname: "{{groups['bastions'].0 }}"
         # This is where the ssh_config file will be created, this file is used to
         # define the communication method to all the hosts in the deployment
-        ansible_ssh_config: "{{workdir_dir}}/{{ env_type }}_{{ guid }}_ssh_conf"
-        ansible_known_host: "{{workdir_dir}}/{{ env_type }}_{{ guid }}_ssh_known_hosts"
+        ansible_ssh_config: "{{output_dir}}/{{ env_type }}_{{ guid }}_ssh_conf"
+        ansible_known_host: "{{output_dir}}/{{ env_type }}_{{ guid }}_ssh_known_hosts"
 
     - name: Delete dedicated known_host if it exists (new deployment)
       file:

ansible/cloud_providers/ec2_destroy_env.yml

@@ -7,34 +7,6 @@
   gather_facts: False
   become: no
   tasks:
-    - name: Destroy cloudformation template
-      cloudformation:
-        aws_access_key: "{{ aws_access_key_id }}"
-        aws_secret_key: "{{ aws_secret_access_key }}"
-        stack_name: "{{project_tag}}"
-        state: "absent"
-        region: "{{aws_region_final|d(aws_region)}}"
-        disable_rollback: false
-        tags:
-          Stack: "project {{env_type}}-{{ guid }}"
-      tags:
-        - destroying
-        - destroy_cf_deployment
-        - destroy_cloud_deployment
-      register: cloudformation_result
-      until: cloudformation_result|succeeded
-      retries: "{{cloudformation_retries|d(3)}}"
-      delay: "{{ cloudformation_retry_delay | default(60) }}"
-      ignore_errors: yes
-      when: cloud_provider == 'ec2'
-
-    - name: report Cloudformation error
-      fail:
-        msg: "FAIL {{ project_tag }} Destroy Cloudformation"
-      when:
-        - not cloudformation_result is succeeded
-        - cloud_provider == 'ec2'
-      tags:
-        - destroying
-        - destroy_cf_deployment
-        - destroy_cloud_deployment
+    - name: Run infra-ec2-template-destroy
+      include_role:
+        name: infra-ec2-template-destroy

ansible/cloud_providers/ec2_infrastructure_deployment.yml

@@ -82,7 +82,7 @@
         - create_inventory
       set_fact:
         aws_region_final: "{{hostvars['localhost'].aws_region_final}}"
-        ansible_ssh_extra_args: "{{ ansible_ssh_extra_args|d() }} -F {{workdir_dir}}/{{ env_type }}_{{ guid }}_ssh_conf"
+        ansible_ssh_extra_args: "{{ ansible_ssh_extra_args|d() }} -F {{output_dir}}/{{ env_type }}_{{ guid }}_ssh_conf"
 
     - name: Run infra-ec2-wait_for_linux_hosts Role
       import_role:

ansible/configs/ans-tower-lab/README.adoc

@@ -60,7 +60,7 @@ DEPLOYER_REPO_PATH=`pwd`
 
 ansible-playbook \
    ${DEPLOYER_REPO_PATH}/main.yml  \
-    -e "ANSIBLE_REPO_PATH | default('.')=${DEPLOYER_REPO_PATH}" \
+    -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \
       -e "guid=${GUID}" \
       -e "env_type=${ENVTYPE}" \
       -e "key_name=${KEYNAME}" \
@@ -91,7 +91,7 @@ DEPLOYER_REPO_PATH=`pwd`
 
 ansible-playbook \
    ${DEPLOYER_REPO_PATH}/main.yml  \
-    -e "ANSIBLE_REPO_PATH | default('.')=${DEPLOYER_REPO_PATH}" \
+    -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \
       -e "guid=${GUID}" \
       -e "env_type=${ENVTYPE}" \
       -e "key_name=${KEYNAME}" \

ansible/configs/ans-tower-lab/destroy_env.yml

@@ -1,12 +1,11 @@
+---
+- import_playbook: ../../include_vars.yml
+
 - name: Delete Infrastructure
   hosts: localhost
   connection: local
   gather_facts: False
   become: no
-
-
-
-
   tasks:
     - name: Destroy cloudformation template
       cloudformation:

ansible/configs/ans-tower-lab/pre_infra.yml

@@ -14,7 +14,7 @@
       block:
       - name: Stat workdir/[...]_windows_password.txt file
         stat:
-          path: "{{workdir_dir}}/{{ env_type }}_{{guid}}_windows_password.txt"
+          path: "{{output_dir}}/{{ env_type }}_{{guid}}_windows_password.txt"
         register: passwordfile
 # This task needs to be "ansibled", we cannot assume tr exists
 # This also doesn't work on MAC, that does have tr.
@@ -24,7 +24,7 @@
         when: not passwordfile.stat.exists
 
       - name: Read windows password from workdir/[...]_windows_password.txt file
-        command: "cat '{{workdir_dir}}/{{ env_type }}_{{guid}}_windows_password.txt'"
+        command: "cat '{{output_dir}}/{{ env_type }}_{{guid}}_windows_password.txt'"
         register: password_get_r
         changed_when: false
         when: passwordfile.stat.exists
@@ -43,5 +43,5 @@
     - name: Save windows_password or generated_windows_password into workdir/
       copy:
         content: "{{ windows_password | default(generated_windows_password) }}"
-        dest: "{{workdir_dir}}/{{ env_type }}_{{guid}}_windows_password.txt"
+        dest: "{{output_dir}}/{{ env_type }}_{{guid}}_windows_password.txt"
         mode: 0600

ansible/configs/ans-tower-lab/pre_software.yml

@@ -12,9 +12,9 @@
     - generate_env_keys
   tasks:
     - name: Generate SSH keys
-      shell: ssh-keygen -b 2048 -t rsa -f "{{workdir_dir}}/{{env_authorized_key}}" -q -N ""
+      shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N ""
       args:
-        creates: "{{workdir_dir}}/{{env_authorized_key}}"
+        creates: "{{output_dir}}/{{env_authorized_key}}"
       when: set_env_authorized_key
 
 # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }}

ansible/configs/ansible-cicd-lab/README.adoc

@@ -75,14 +75,14 @@ ENVTYPE="ansible-cicd-lab"
 CLOUDPROVIDER=ec2
 HOSTZONEID='Z3IHLWJZOU9SRT'
 REPO_PATH='http://admin.example.com/repos/ocp/3.9.33/'
-ANSIBLE_REPO_PATH | default('.')=`pwd`
+ANSIBLE_REPO_PATH=`pwd`
 BASESUFFIX='.example.opentlc.com'
 DEPLOYER_REPO_PATH=`pwd`
 ADMIN_PASSWORD=somepassword
 LICENSE_URL="https://admin.example.com/download/ansible_bootcamp/tower/licenses/license.txt"
 ansible-playbook \
    ${DEPLOYER_REPO_PATH}/main.yml  \
-    -e "ANSIBLE_REPO_PATH | default('.')=${DEPLOYER_REPO_PATH}" \
+    -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \
       -e "guid=${GUID}" \
       -e "env_type=${ENVTYPE}" \
       -e "key_name=${KEYNAME}" \
@@ -114,7 +114,7 @@ DEPLOYER_REPO_PATH=`pwd`
 
 ansible-playbook \
    ${DEPLOYER_REPO_PATH}/main.yml  \
-    -e "ANSIBLE_REPO_PATH | default('.')=${DEPLOYER_REPO_PATH}" \
+    -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \
       -e "guid=${GUID}" \
       -e "env_type=${ENVTYPE}" \
       -e "key_name=${KEYNAME}" \
@@ -142,7 +142,7 @@ HOSTZONEID='Z3IHLWJZOU9SRT'
 BASESUFFIX='.example.opentlc.com'
 #To Destroy an Env
 ansible-playbook ./configs/${ENVTYPE}/destroy_env.yml \
-  -e "ANSIBLE_REPO_PATH | default('.')=${DEPLOYER_REPO_PATH}" \
+  -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \
  -e "guid=${GUID}" -e "env_type=${ENVTYPE}"  -e "cloud_provider=${CLOUDPROVIDER}" -e "aws_region=${REGION}"  \
  -e "HostedZoneId=${HOSTZONEID}"  -e "key_name=${KEYNAME}"  -e "subdomain_base_suffix=${BASESUFFIX}"
 ----

ansible/configs/ansible-cicd-lab/destroy_env.yml

@@ -1,12 +1,11 @@
+---
+- import_playbook: ../../include_vars.yml
+
 - name: Delete Infrastructure
   hosts: localhost
   connection: local
   gather_facts: False
   become: no
-
-
-
-
   tasks:
     - name: Run infra-ec2-template-destroy
       include_role:

ansible/configs/ansible-cicd-lab/env_vars.yml

@@ -35,7 +35,7 @@ project_tag: "{{ env_type }}-{{ guid }}"
 
 # This is where the ssh_config file will be created, this file is used to
 # define the communication method to all the hosts in the deployment
-deploy_local_ssh_config_location: "{{workdir_dir}}/"
+deploy_local_ssh_config_location: "{{output_dir}}/"
 
 install_bastion: true
 install_common: true

ansible/configs/ansible-cicd-lab/pre_infra.yml

@@ -15,19 +15,19 @@
         msg: "Step 000 Pre Infrastructure"
 
     - name: Generate SSH keys
-      shell: ssh-keygen -b 2048 -t rsa -f "{{workdir_dir}}/{{env_authorized_key}}" -q -N ""
+      shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N ""
       args:
-        creates: "{{workdir_dir}}/{{env_authorized_key}}"
+        creates: "{{output_dir}}/{{env_authorized_key}}"
       when: set_env_authorized_key
 
     - name: fix permission
       file:
-        path: "{{workdir_dir}}/{{env_authorized_key}}"
+        path: "{{output_dir}}/{{env_authorized_key}}"
         mode: 0400
       when: set_env_authorized_key
 
     - name: Generate SSH pub key
-      shell: ssh-keygen -y -f "{{workdir_dir}}/{{env_authorized_key}}" > "{{workdir_dir}}/{{env_authorized_key}}.pub"
+      shell: ssh-keygen -y -f "{{output_dir}}/{{env_authorized_key}}" > "{{output_dir}}/{{env_authorized_key}}.pub"
       args:
-        creates: "{{workdir_dir}}/{{env_authorized_key}}.pub"
+        creates: "{{output_dir}}/{{env_authorized_key}}.pub"
       when: set_env_authorized_key

ansible/configs/ansible-provisioner/README.adoc

@@ -49,7 +49,7 @@ github_token: ""
 ----
 
 
-For managing users on the ansible provisioner, you can override the `mgr_users` variable. The default is located in `{{ ANSIBLE_REPO_PATH | default('.') }}/configs/{{ env_type }}/mgr_users.yml`, and looks like :
+For managing users on the ansible provisioner, you can override the `mgr_users` variable. The default is located in `{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/mgr_users.yml`, and looks like :
 
 .Default mgr_users.yml
 [source,yaml]

ansible/configs/ansible-provisioner/destroy_env.yml

@@ -1,3 +1,3 @@
 ---
 - name: Import default CloudFormation (aws) destroy playbook
-  import_playbook: "{{workdir_dir}}/cloud_providers/{{cloud_provider}}_destroy_env.yml"
+  import_playbook: "../../cloud_providers/{{cloud_provider}}_destroy_env.yml"