From 72a6e148eb75293d88536557419b9164d7ce656b Mon Sep 17 00:00:00 2001
From: Joe Zheng <joe.zheng@intel.com>
Date: Fri, 31 Mar 2023 16:57:02 +0000
Subject: [PATCH] support openEuler

* upgrade ansible to support ansible_os_family for openEuler
* openEuler has python3 only
* openEuler has no firewalld installed
* openEuler doesn't have /etc/redhat-release
* adjust additional repos for openEuler
* openEuler doesn't support to disable selinux
* openEuler has no yum-utils, moreutils and inxi available
* openEuler has its own way to install Docker
---
 Pipfile                                       |  2 +-
 .../action_plugins/package.py                 |  2 +-
 roles/baseline_ansible/action_plugins/yum.py  |  2 +-
 .../firewall_open_ports/tasks/main.yml        |  2 +-
 .../tasks/install_os_packages.yml             |  2 +-
 .../tasks/redhat_enable_repositories.yml      |  3 ++
 .../tasks/redhat_epel_repository.yml          | 11 +++++++
 ...edhat_install_kernel_headers_and_devel.yml | 17 ++++++++++
 .../install_packages/vars/main.yml            |  8 +++--
 .../infrastructure/selinux/tasks/main.yml     |  2 +-
 .../docker/tasks/install_openEuler.yml        | 31 +++++++++++++++++++
 roles/infrastructure/docker/tasks/main.yml    |  7 +++++
 roles/infrastructure/docker/tasks/proxy.yml   |  4 ++-
 .../calico/common/tasks/firewall_rules.yml    |  3 +-
 14 files changed, 85 insertions(+), 11 deletions(-)
 create mode 100644 roles/infrastructure/docker/tasks/install_openEuler.yml

diff --git a/Pipfile b/Pipfile
index c0b6598..dce8363 100644
--- a/Pipfile
+++ b/Pipfile
@@ -7,7 +7,7 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-ansible = "==2.9.27"
+ansible = "==2.10.0"
 ansible-lint = "==5.0.8"
 jinja2 = "==3.0.3"
 pylint = "==2.7.2"
diff --git a/roles/baseline_ansible/action_plugins/package.py b/roles/baseline_ansible/action_plugins/package.py
index 3a264af..a73c650 100644
--- a/roles/baseline_ansible/action_plugins/package.py
+++ b/roles/baseline_ansible/action_plugins/package.py
@@ -40,7 +40,7 @@ def run(self, tmp=None, task_vars=None):
         # Add/Change ansible_python_interpreter to python2 for CentOS 7.x and RHEL 7.x
         # pylint: disable=f-string-without-interpolation
         is_redhat_family_7 = \
-            self._templar.template("{{ (ansible_os_family == 'RedHat' and "
+            self._templar.template("{{ (ansible_os_family == 'RedHat' and ansible_distribution != 'openEuler' and "
                                    "ansible_distribution_version < '8') | bool }}")
         if is_redhat_family_7:
             if 'ansible_python_interpreter' in task_vars:
diff --git a/roles/baseline_ansible/action_plugins/yum.py b/roles/baseline_ansible/action_plugins/yum.py
index 72860f8..73f2608 100644
--- a/roles/baseline_ansible/action_plugins/yum.py
+++ b/roles/baseline_ansible/action_plugins/yum.py
@@ -40,7 +40,7 @@ def run(self, tmp=None, task_vars=None):
         # Add/Change ansible_python_interpreter to python2 for CentOS 7.x and RHEL 7.x
         # pylint: disable=f-string-without-interpolation
         is_redhat_family_7 = \
-            self._templar.template("{{ (ansible_os_family == 'RedHat' and "
+            self._templar.template("{{ (ansible_os_family == 'RedHat'and ansible_distribution != 'openEuler' and "
                                    "ansible_distribution_version < '8') | bool }}")
         if is_redhat_family_7:
             if 'ansible_python_interpreter' in task_vars:
diff --git a/roles/baseline_ansible/infrastructure/firewall_open_ports/tasks/main.yml b/roles/baseline_ansible/infrastructure/firewall_open_ports/tasks/main.yml
index 4d1c0bc..91bde4d 100644
--- a/roles/baseline_ansible/infrastructure/firewall_open_ports/tasks/main.yml
+++ b/roles/baseline_ansible/infrastructure/firewall_open_ports/tasks/main.yml
@@ -20,4 +20,4 @@
   # where every element has the value "enabled" or "disabled"
   loop: "{{ (fw_open_ports | default([]) | zip_longest([], fillvalue='enabled') | list) + (fw_close_ports | default([]) | zip_longest([], fillvalue='disabled') | list) }}" # noqa line-length
   become: yes
-  when: ansible_os_family == 'RedHat'
+  when: ansible_os_family == 'RedHat' and ansible_distribution != 'openEuler'
diff --git a/roles/baseline_ansible/infrastructure/install_dependencies/tasks/install_os_packages.yml b/roles/baseline_ansible/infrastructure/install_dependencies/tasks/install_os_packages.yml
index 44217ad..f0c4128 100644
--- a/roles/baseline_ansible/infrastructure/install_dependencies/tasks/install_os_packages.yml
+++ b/roles/baseline_ansible/infrastructure/install_dependencies/tasks/install_os_packages.yml
@@ -19,7 +19,7 @@
 - name: install os packages
   block:
     - name: install os packages
-      action: "{{ ansible_pkg_mgr }} name={{ install_dependencies_full_list }} state=present update_cache=yes"
+      action: "{{ ansible_pkg_mgr }} disable_excludes=main name={{ install_dependencies_full_list }} state=present update_cache=yes"
       register: pkg_mgr_results
       retries: "{{ number_of_retries | default(3) }}"
       until: pkg_mgr_results is success
diff --git a/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_enable_repositories.yml b/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_enable_repositories.yml
index 674fe2c..205cf9e 100644
--- a/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_enable_repositories.yml
+++ b/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_enable_repositories.yml
@@ -31,6 +31,7 @@
   when:
     - ansible_distribution_version < '8'
     - ius_repository_enabled
+    - ansible_distribution != 'openEuler'
 
 - name: Install PowerTools repository
   include_tasks: redhat_powertools_repository.yml
@@ -46,6 +47,8 @@
   command: cat /etc/redhat-release
   register: release
   changed_when: false
+  when:
+    - ansible_distribution != 'openEuler'
 
 - name: set full distribution version RHEL
   set_fact:
diff --git a/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_epel_repository.yml b/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_epel_repository.yml
index 4f40064..dcb069d 100644
--- a/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_epel_repository.yml
+++ b/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_epel_repository.yml
@@ -23,3 +23,14 @@
   become: yes
   when:
     - ansible_distribution == "CentOS"
+
+- name: add EPEL repository for openEuler
+  ansible.builtin.yum_repository:
+    name: epel
+    description: EPEL
+    baseurl: https://dl.fedoraproject.org/pub/epel/8/Everything/$basearch/
+    gpgkey: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
+    enabled: true
+  become: yes
+  when:
+    - ansible_distribution == "openEuler"
diff --git a/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_install_kernel_headers_and_devel.yml b/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_install_kernel_headers_and_devel.yml
index b1a9428..9c13807 100644
--- a/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_install_kernel_headers_and_devel.yml
+++ b/roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_install_kernel_headers_and_devel.yml
@@ -91,3 +91,20 @@
   when:
     - ansible_distribution == "RedHat"
     - ansible_distribution_version >= '8'
+
+- name: pull matching kernel headers and devel on openEuler
+  become: yes
+  package:
+    name: "{{ item }}"
+    state: present
+    allow_downgrade: true
+    disable_excludes: main
+  retries: "{{ number_of_retries | default(5) }}"
+  delay: "{{ retry_delay | default(3) }}"
+  register: source_status
+  until: source_status is not failed
+  loop:
+    - "kernel-headers"
+    - "kernel-devel"
+  when:
+    - ansible_distribution == "openEuler"
diff --git a/roles/baseline_ansible/infrastructure/install_packages/vars/main.yml b/roles/baseline_ansible/infrastructure/install_packages/vars/main.yml
index 70e0752..a1ac4e1 100644
--- a/roles/baseline_ansible/infrastructure/install_packages/vars/main.yml
+++ b/roles/baseline_ansible/infrastructure/install_packages/vars/main.yml
@@ -4,8 +4,10 @@
 ---
 os_base_packages:
   RedHat:
+    - CentOS:
+      - yum-utils
+      - moreutils
     - curl
-    - yum-utils
     - device-mapper-persistent-data
     - lvm2
     - wget
@@ -29,7 +31,6 @@ os_base_packages:
     - gcc-c++
     - psmisc
     - pixman-devel
-    - moreutils
     - createrepo
     - sshpass
     - bash-completion
@@ -111,8 +112,9 @@ os_python_packages:
 
 hardware_details_tools:
   RedHat:
+    - CentOS:
+      - inxi
     - hwinfo
-    - inxi
     - jq
     - pciutils
   Debian:
diff --git a/roles/baseline_ansible/infrastructure/selinux/tasks/main.yml b/roles/baseline_ansible/infrastructure/selinux/tasks/main.yml
index aacb8e7..c6f6bf7 100644
--- a/roles/baseline_ansible/infrastructure/selinux/tasks/main.yml
+++ b/roles/baseline_ansible/infrastructure/selinux/tasks/main.yml
@@ -22,4 +22,4 @@
         state: disabled
       become: yes
       when: ansible_distribution_version >= '8'
-  when: ansible_os_family == "RedHat"
+  when: ansible_os_family == "RedHat" and ansible_distribution != "openEuler"
diff --git a/roles/infrastructure/docker/tasks/install_openEuler.yml b/roles/infrastructure/docker/tasks/install_openEuler.yml
new file mode 100644
index 0000000..9fa100f
--- /dev/null
+++ b/roles/infrastructure/docker/tasks/install_openEuler.yml
@@ -0,0 +1,31 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+---
+
+- name: add Docker repository
+  yum_repository:
+    name: docker
+    description: Docker CE repository
+    baseurl: "https://download.docker.com/linux/centos/8/$basearch/stable"
+    gpgkey: "{{ _docker_repository_key }}"
+    gpgcheck: true
+  become: yes
+  register: result
+  retries: "{{ number_of_retries }}"
+  until: result is succeeded
+  delay: "{{ retry_delay }}"
+
+- name: install Docker CE
+  package:
+    name: "docker-ce-19.03.15-3.el8"
+    state: present
+  notify:
+    - enable and start docker service
+  become: yes
+
+- name: install docker python package
+  pip:
+    name: docker
+    version: "6.1.0"
+    state: present
diff --git a/roles/infrastructure/docker/tasks/main.yml b/roles/infrastructure/docker/tasks/main.yml
index 3503651..9dc40db 100644
--- a/roles/infrastructure/docker/tasks/main.yml
+++ b/roles/infrastructure/docker/tasks/main.yml
@@ -12,6 +12,11 @@
 
 - name: install docker
   include_tasks: install.yml
+  when: ansible_distribution != "openEuler"
+
+- name: install docker
+  include_tasks: install_openEuler.yml
+  when: ansible_distribution == "openEuler"
 
 - name: mange docker group
   include_tasks: manage_group.yml
@@ -21,6 +26,7 @@
 
 - name: install pip dependencies
   include_tasks: install_pip_dep.yml
+  when: ansible_distribution != "openEuler"
 
 - name: set up proxy
   include_tasks: proxy.yml
@@ -49,3 +55,4 @@
 
 - name: set audit rules for docker
   include_tasks: audit.yml
+  when: ansible_distribution != "openEuler"
diff --git a/roles/infrastructure/docker/tasks/proxy.yml b/roles/infrastructure/docker/tasks/proxy.yml
index f80f9be..0979842 100644
--- a/roles/infrastructure/docker/tasks/proxy.yml
+++ b/roles/infrastructure/docker/tasks/proxy.yml
@@ -22,7 +22,9 @@
 - name: add proxy to already existing config.json
   block:
     - name: add proxy to already existing config.json
-      shell: "jq -s '.[0] + .[1]' .docker/config.json .docker/temp-proxy.json | sponge .docker/config.json"
+      shell: "jq -s '.[0] + .[1]' .docker/config.json .docker/temp-proxy.json > .docker/merged-config.json"
+    - name: rename merged config.json
+      shell: "mv .docker/merged-config.json .docker/config.json"
     - name: remove temporary .docker/temp-proxy.json
       file:
         path: .docker/temp-proxy.json
diff --git a/roles/kubernetes/cni/calico/common/tasks/firewall_rules.yml b/roles/kubernetes/cni/calico/common/tasks/firewall_rules.yml
index 47330d3..ad06213 100644
--- a/roles/kubernetes/cni/calico/common/tasks/firewall_rules.yml
+++ b/roles/kubernetes/cni/calico/common/tasks/firewall_rules.yml
@@ -30,7 +30,7 @@
     - firewall-cmd --reload
   changed_when: true
   become: yes
-  when: ansible_os_family == "RedHat"
+  when: ansible_os_family == "RedHat" and ansible_distribution != "openEuler"
 
 # Due to the fact that the NFTables is used as IPTables backend in RedHat 8, the firewalld performs
 # additional packet filtering (in a 'inet firewalld filter_FORWARD' chain) on top of the calico
@@ -47,3 +47,4 @@
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_version >= '8'
+    - ansible_distribution != "openEuler"