Update playbooks to support Fedora 41 and Ubuntu 24.04, change device…

…s from Zigbee2Tasmota to Zigbee Home Automation (ZHA) (#33)

* Change devices from Zigbee2Tasmota to Zigbee Home Automation (ZHA)

* add thermostats

* Fedora 41

* Ubuntu 24.04

* Fix dnf5

* fix ubuntu 24.04

* fix fedora

* fix docker

* fix libvirt role

* test without vagrant

* ubuntu fix for pip

* ubuntu fix for pip v2

* fix jenkins and docker

* revert vagrant

* Add some info to readme

* update aws-cli to python3.12

* last fix to vagrant

* remove python 3.11 from dnf apps

* update readme

Dockerfile

@@ -1,4 +1,4 @@
-FROM fedora:40
+FROM fedora:41
 
 # ENV container docker
 ENV FEDORA_USERNAME=mikee
@@ -28,18 +28,18 @@ rm -f /lib/systemd/system/basic.target.wants/*; \
 rm -f /lib/systemd/system/anaconda.target.wants/*;
 
 # https://pypi.org/project/pip/
-RUN pip3 install --no-cache-dir --upgrade pip==24.0 && \
+RUN pip3 install --no-cache-dir --upgrade pip==24.3.1 && \
     pip3 install --no-cache-dir \
       # https://pypi.org/project/ansible/
-      ansible==9.5.1 \
+      ansible==10.5.0 \
       # https://pypi.org/project/ansible-lint/
-      ansible-lint==24.2.3 \
+      ansible-lint==24.9.2 \
       # https://pypi.org/project/yamllint/
       yamllint==1.35.1 \
       # https://pypi.org/project/packaging/
-      packaging==24.0 \
+      packaging==24.1 \
       # https://pypi.org/project/pyOpenSSL/
-      pyOpenSSL==24.1.0
+      pyOpenSSL==24.2.1
 
 # Dive
 RUN curl -LO https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz && \

Dockerfile-ubuntu

@@ -1,7 +1,8 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 
 # ENV container docker
 ENV UBUNTU_USERNAME=mikee
+ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update \
     && apt-get upgrade -y \
@@ -11,18 +12,19 @@ RUN apt-get update \
     && apt-get clean all
 
 # https://pypi.org/project/pip/
-RUN pip3 install --no-cache-dir --upgrade pip==24.0 && \
-    pip3 install --no-cache-dir \
+# rm -rfv /usr/lib/*/EXTERNALLY-MANAGED
+# RUN pip3 install --break-system-packages --no-cache-dir --upgrade pip==24.3.1 && \
+RUN pip3 install --break-system-packages --no-cache-dir \
       # https://pypi.org/project/ansible/
-      ansible==9.5.1 \
+      ansible==10.5.0 \
       # https://pypi.org/project/ansible-lint/
-      ansible-lint==24.2.3 \
+      ansible-lint==24.9.2 \
       # https://pypi.org/project/yamllint/
       yamllint==1.35.1 \
       # https://pypi.org/project/packaging/
-      packaging==24.0 \
+      packaging==24.1 \
       # https://pypi.org/project/pyOpenSSL/
-      pyOpenSSL==24.1.0
+      pyOpenSSL==24.2.1
 
 RUN useradd ${UBUNTU_USERNAME} && usermod -aG sudo ${UBUNTU_USERNAME}
 

README.md

@@ -165,9 +165,9 @@ Contributions are what make the open source community such an amazing place to b
 1. Install
 
    - VSCode - <https://code.visualstudio.com/download>
-   - Ubuntu 22.04 WSL2
+   - Ubuntu 24.04 WSL2
      - <https://apps.microsoft.com/store/detail/windows-subsystem-for-linux/9P9TQF7MRM4R>
-     - <https://apps.microsoft.com/store/detail/ubuntu-22041-lts/9PN20MSR04DW?hl=pl-pl&gl=pl>
+     - <https://apps.microsoft.com/detail/9nz3klhxdjp5?hl=en-gb&gl=PL>
      - <https://docs.microsoft.com/en-us/windows/wsl/install>
    - Docker Desktop for Windows - <https://docs.docker.com/desktop/windows/install/>
    - Windows Terminal
@@ -187,7 +187,7 @@ Contributions are what make the open source community such an amazing place to b
    ```bash
    sudo -i
    apt-get install -y git python3-pip curl sudo
-   pip3 install ansible
+   pip3 install --break-system-packages ansible
    ```
 
 4. Clone repository
@@ -531,6 +531,43 @@ toolkit.tabbox.switchByScrolling = true
 gfx.canvas.accelerated = false
 ```
 
+20. On Fedora 41 or newer, when connection Azure DevOps or GitHub over SSH fails with an error:
+
+```
+ssh_dispatch_run_fatal: Connection to 40.74.28.12 port 22: error in libcrypto
+```
+
+It needs to fixed by executing `update-crypto-policies --set LEGACY` and rebooting the machine.
+
+21. ssh-config for Azure DevOps and GitHub:
+
+```
+Host ssh.dev.azure.com
+  HostName ssh.dev.azure.com
+  User git
+  Port 22
+  IdentityFile ~/.ssh/id_rsa
+  IdentitiesOnly yes
+  PubkeyAcceptedKeyTypes=ssh-rsa
+  HostKeyAlgorithms=+ssh-rsa
+
+Host vs-ssh.visualstudio.com
+  HostName vs-ssh.visualstudio.com
+  User git
+  Port 22
+  IdentityFile ~/.ssh/id_rsa
+  IdentitiesOnly yes
+  PubkeyAcceptedKeyTypes=ssh-rsa
+  HostKeyAlgorithms=+ssh-rsa
+
+Host github.com
+  HostName github.com
+  User git
+  Port 22
+  IdentityFile ~/.ssh/id_rsa
+  IdentitiesOnly yes
+```
+
 <!-- LICENSE -->
 ## License
 

playbooks/ansible.cfg

@@ -7,5 +7,5 @@ force_color = True
 forks=50
 pipelining = True
 
-stdout_callback=debug
-stderr_callback=debug
+# stdout_callback=debug
+# stderr_callback=debug

playbooks/group_vars/all.yml

@@ -53,8 +53,8 @@ dnf_pkgs:
   - setroubleshoot-server
   - ShellCheck
   - smartmontools
-  - python3.11
-  - python3.11-devel
+  - python3.12
+  - python3.12-devel
   - cargo
   - python3-argcomplete
   - python3-psutil
@@ -103,8 +103,9 @@ flatpak_repos:
     url: https://flathub.org/repo/flathub.flatpakrepo
 
 pip_apps:
-  - name: pip
-    virtualenv_enabled: false
+  # fails on newer Ubuntu as it OS managed
+  # - name: pip
+  #   virtualenv_enabled: false
   - name: pyOpenSSL
     virtualenv_enabled: false
   - name: ansible
@@ -113,7 +114,7 @@ pip_apps:
   #   virtualenv_enabled: false
   - name: azure-cli
     virtualenv_enabled: true
-    virtualenv_python: "python3.11"
+    # virtualenv_python: "python3.11"
   - name: ansible-lint
     virtualenv_enabled: true
   - name: yamllint
@@ -159,7 +160,8 @@ gnome_extension_ids: "{{ gnome_shell_extensions }}"
 # https://github.com/gruntwork-io/terragrunt/releases/latest
 # terragrunt_version: 0.31.8
 # https://releases.hashicorp.com/vagrant
-# vagrant_version: 2.2.19
+# https://github.com/hashicorp/vagrant/issues/13527
+vagrant_version: 2.4.1
 # https://github.com/boz/kail/releases
 # kail_version: 0.16.1
 

roles/apps/aws-cli/tasks/install.yml

@@ -4,7 +4,7 @@
     name: "https://github.com/aws/aws-cli/archive/refs/tags/{{ aws_cli_version }}.tar.gz"
     state: present
     virtualenv: "{{ virtualenv_install_path }}/aws-cli"
-    virtualenv_python: "python3.11"
+    virtualenv_python: "python3.12"
 
 - name: Create a symbolic link for aws-cli
   file:

roles/apps/docker/tasks/install.yml

@@ -6,24 +6,41 @@
   changed_when: docker_check.rc != 0
   ignore_errors: true
 
+# - name: Remove old deps before installing docker
+#   package:
+#     name: "{{ pkgs }}"
+#     state: absent
+#   when: docker_check.rc != 0
+#   vars:
+#     pkgs:
+#       - docker
+#       - docker-client
+#       - docker-client-latest
+#       - docker-common
+#       - docker-latest
+#       - docker-latest-logrotate
+#       - docker-logrotate
+#       - docker-selinux
+#       - docker-engine-selinux
+#       - docker-engine
+#       - podman-docker
+
 - name: Remove old deps before installing docker
-  package:
-    name: "{{ pkgs }}"
-    state: absent
+  shell: |
+    dnf -y remove docker \
+                  docker-client \
+                  docker-client-latest \
+                  docker-common \
+                  docker-latest \
+                  docker-latest-logrotate \
+                  docker-logrotate \
+                  docker-selinux \
+                  docker-engine-selinux \
+                  docker-engine
+  register: docker_inst_cleanup
   when: docker_check.rc != 0
-  vars:
-    pkgs:
-      - docker
-      - docker-client
-      - docker-client-latest
-      - docker-common
-      - docker-latest
-      - docker-latest-logrotate
-      - docker-logrotate
-      - docker-selinux
-      - docker-engine-selinux
-      - docker-engine
-      - podman-docker
+  # changed_when:
+
 
 - name: Check if docker-repo is installed
   shell: |
@@ -36,7 +53,7 @@
   when: docker_repo_check.rc != 0
 
 - name: Install Docker
-  package:
+  dnf:
     name: "{{ pkgs }}"
     state: present
   vars:

roles/apps/docker/tasks/repo.yml

@@ -1,24 +1,30 @@
 ---
-- name: Install Docker deps
-  package:
-    name: "dnf-plugins-core"
-    state: present
+# - name: Install Docker deps
+#   package:
+#     name: "dnf-plugins-core"
+#     state: present
 
-- name: Add docker yum repo
-  shell: |
-    dnf config-manager \
-    --add-repo \
-    https://download.docker.com/linux/fedora/docker-ce.repo
+# - name: Add docker yum repo
+#   shell: |
+#     dnf config-manager \
+#     --add-repo \
+#     https://download.docker.com/linux/fedora/docker-ce.repo
 
-- name: Check releasever
-  shell: |
-    dnf config-manager --dump-variables | grep releasever | awk '{print $NF}'
-  register: releasever_check
-  ignore_errors: true
+- name: Download docker-ce.repo archive
+  get_url:
+    url: "https://download.docker.com/linux/fedora/docker-ce.repo"
+    dest: "/etc/yum.repos.d/docker-ce.repo"
+    mode: 644
 
-- name: Overwrite Fedora release version in yum repo URL (37 doesn't exist yet)
-  ansible.builtin.replace:
-    path: /etc/yum.repos.d/docker-ce.repo
-    regexp: '\$releasever'
-    replace: '40'
-  when: releasever_check.stdout == "rawhide"
+# - name: Check releasever
+#   shell: |
+#     dnf config-manager --dump-variables | grep releasever | awk '{print $NF}'
+#   register: releasever_check
+#   ignore_errors: true
+
+# - name: Overwrite Fedora release version in yum repo URL (37 doesn't exist yet)
+#   ansible.builtin.replace:
+#     path: /etc/yum.repos.d/docker-ce.repo
+#     regexp: '\$releasever'
+#     replace: '41'
+#   when: releasever_check.stdout == "rawhide"

roles/apps/vagrant/tasks/install_x86_64.yml

@@ -25,10 +25,10 @@
 - include_tasks: get_latest_version.yml
   when: vagrant_version is not defined
 
-# name: "https://releases.hashicorp.com/vagrant/{{ version.stdout }}/vagrant_{{ version.stdout }}_x86_64.rpm"
+# name: "https://releases.hashicorp.com/vagrant/{{ vagrant_version }}/vagrant_{{ vagrant_version}}_x86_64.rpm"
 - name: Install vagrant from hashicorp repo
   dnf:
-    name: "https://releases.hashicorp.com/vagrant/{{ version.stdout }}/vagrant-{{ version.stdout }}-1.x86_64.rpm"
+    name: "https://releases.hashicorp.com/vagrant/{{ vagrant_version}}/vagrant-{{ vagrant_version }}-1.x86_64.rpm"
     state: latest
     disable_gpg_check: true
   when: installed_vagrant_version.stdout != vagrant_version

roles/desktop/machines/wsl/tasks/main.yml

@@ -20,10 +20,10 @@
     upgrade: dist
     update_cache: yes
 
-- name: Install python3.11 package
-  apt:
-    name: "python3.11"
-    state: present
+# - name: Install python3.11 package
+#   apt:
+#     name: "python3.11"
+#     state: present
 
 - name: Install packages
   apt:

roles/pkg_mgmt/dnf/tasks/dnf5.yml

@@ -7,11 +7,16 @@
 # - debug:
 #     var: dnf_symlink
 
+- name: Bootstrap a host without python3-libdnf5 installed
+  ansible.builtin.raw: if dnf list --installed | grep -q -i python3-libdnf5; then echo -n "exists"; else dnf install -y python3-libdnf5; fi
+  changed_when: python3_libdnf5_installed.stdout != "exists"
+  register: python3_libdnf5_installed
+
 - name: Install dnf5
   dnf:
-    name: ["dnf5", "python3-libdnf5"]
+    name: ["dnf5"]
     state: present
-  # when: dnf_symlink.stat.lnk_target == "dnf-3"
+  when: dnf_symlink.stat.lnk_target == "dnf-3"
 
 - name: Create a symbolic link
   ansible.builtin.file:
@@ -20,4 +25,4 @@
     owner: root
     group: root
     state: link
-  # when: dnf_symlink.stat.lnk_target == "dnf-3"
+  when: dnf_symlink.stat.lnk_target == "dnf-3"

roles/pkg_mgmt/pip/tasks/main.yml

@@ -1,4 +1,9 @@
 ---
+- name: Remove all system-wide errors in pip
+  shell: rm -rfv /usr/lib/*/EXTERNALLY-MANAGED
+  register: pip_ext_managed
+  changed_when: pip_ext_managed.stdout != ""
+
 - name: Install PIP virtualenv
   pip:
     name: "virtualenv"