ci: use tox-lsr 3.3.0 which uses ansible-test 2.17

[richm]

Upgrade ci tests to use tox-lsr 3.3.0

tox-lsr 3.3.0 uses ansible-test 2.17

Create the ansible-test ignore file for 2.17

Signed-off-by: Rich Megginson [email protected]

[tomjelinek]

[citest]

[tomjelinek]

When running Ansible 2.17 locally, I ran into several issues. I'd like to see if the issues exist in CI as well.

RHEL 8 with Ansible 2.17 fails when trying to install packages:

TASK [linux-system-roles.ha_cluster : Install role essential packages] *********
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: SyntaxError: future feature annotations is not defined
fatal: [localhost]: FAILED! => {
    "changed": false,
    "rc": 1
}
MSG:
MODULE FAILURE
See stdout/stderr for the exact error
MODULE_STDOUT:
Traceback (most recent call last):
  File "<stdin>", line 12, in <module>
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 951, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 894, in _find_spec
  File "<frozen importlib._bootstrap_external>", line 1157, in find_spec
  File "<frozen importlib._bootstrap_external>", line 1131, in _get_spec
  File "<frozen importlib._bootstrap_external>", line 1112, in _legacy_get_spec
  File "<frozen importlib._bootstrap>", line 441, in spec_from_loader
  File "<frozen importlib._bootstrap_external>", line 544, in spec_from_file_location
  File "/tmp/ansible_ansible.legacy.dnf_payload_f9gakcng/ansible_ansible.legacy.dnf_payload.zip/ansible/module_utils/basic.py", line 5
SyntaxError: future feature annotations is not defined

According to ansible/ansible#82068 (comment) and ansible/ansible#82068 (comment), Ansible 2.17+ is not supported on RHEL 8.

RHEL 9 with Ansible 2.17 fails when configuring the firewall:

TASK [fedora.linux_system_roles.firewall : Configure firewall] *****************
failed: [localhost] (item={'service': 'high-availability', 'state': 'enabled'}) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": {
        "service": "high-availability",
        "state": "enabled"
    }
}
MSG:
No firewall backend could be imported.

This looks like an issue with the firewall role. The root cause seems to be changes to INTERPRETER_PYTHON_DISTRO_MAP in ansible/config/base.yml. While Ansible 2.16 defines a map:

  default:
    redhat:
      '6': /usr/bin/python
      '8': /usr/libexec/platform-python
      '9': /usr/bin/python3

Ansible 2.17 no longer has this mapping. That causes Ansible to use Python 3.10+ (3.9 is no longer supported with Ansible 2.17, so Python 3.10+ must be installed to run it). Then, it is unable to import Python backend module for firewall, as those modules seem to be shipped for Python 3.9 (as that's the RHEL 9 base Python).

[tomjelinek]

Workflow and ignore files LGTM

[richm]

RHEL 8 with Ansible 2.17 fails when trying to install packages:

ok - we'll need to skip el8 managed nodes when testing with ansible 2.17 - I'm assuming ansible 2.17 does not support python2 either, which means we'll also need to skip el7 too

RHEL 9 with Ansible 2.17 fails when configuring the firewall

How are you running ansible? I see the host is localhost - are you using ansible-playbook -c local ...?

[tomjelinek]

RHEL 9 with Ansible 2.17 fails when configuring the firewall

How are you running ansible? I see the host is localhost - are you using ansible-playbook -c local ...?

It's a RHEL 9.4 machine with Python 3.11 installed from AppStream. Ansible is installed in a Python virtual environment created with Python 3.11. (OS default Python is 3.9 and the latest it can install is ansible-core 2.15). To run a playbook, I activate the virtual environment and run ansible-playbook -v -i localhost, playbook.yml. Using -c ansible.builtin.ssh or -c ansible.builtin.local doesn't make any difference. However, if I run the playbook against other RHEL 9.4 nodes, it works with no issues. The playbook is minimal:

---
- hosts: all
  roles:
    - ha_cluster
  vars:
    ha_cluster_enable_repos: false
    ha_cluster_cluster_present: true
    ha_cluster_manage_firewall: true
    ha_cluster_hacluster_password: example-password
    ha_cluster_fence_virt_key_src: /etc/cluster/fence_xvm.key

[richm]

RHEL 9 with Ansible 2.17 fails when configuring the firewall

How are you running ansible? I see the host is localhost - are you using ansible-playbook -c local ...?

It's a RHEL 9.4 machine with Python 3.11 installed from AppStream. Ansible is installed in a Python virtual environment created with Python 3.11. (OS default Python is 3.9 and the latest it can install is ansible-core 2.15). To run a playbook, I activate the virtual environment and run ansible-playbook -v -i localhost, playbook.yml. Using -c ansible.builtin.ssh or -c ansible.builtin.local doesn't make any difference. However, if I run the playbook against other RHEL 9.4 nodes, it works with no issues. The playbook is minimal:

---
- hosts: all
  roles:
    - ha_cluster
  vars:
    ha_cluster_enable_repos: false
    ha_cluster_cluster_present: true
    ha_cluster_manage_firewall: true
    ha_cluster_hacluster_password: example-password
    ha_cluster_fence_virt_key_src: /etc/cluster/fence_xvm.key

I believe you are running into this: https://access.redhat.com/solutions/6726561 - but if you are using -c local then it should work . . . not sure - using ha_cluster_manage_firewall means the firewall role must be able to install the necessary packages + dependencies into the managed node.