support openEuler

Pipfile

@@ -7,7 +7,7 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-ansible = "==2.9.27"
+ansible = "==2.10.0"
 ansible-lint = "==5.0.8"
 jinja2 = "==3.0.3"
 pylint = "==2.7.2"

roles/baseline_ansible/action_plugins/package.py

@@ -40,7 +40,7 @@ def run(self, tmp=None, task_vars=None):
         # Add/Change ansible_python_interpreter to python2 for CentOS 7.x and RHEL 7.x
         # pylint: disable=f-string-without-interpolation
         is_redhat_family_7 = \
-            self._templar.template("{{ (ansible_os_family == 'RedHat' and "
+            self._templar.template("{{ (ansible_os_family == 'RedHat' and ansible_distribution != 'openEuler' and "
                                    "ansible_distribution_version < '8') | bool }}")
         if is_redhat_family_7:
             if 'ansible_python_interpreter' in task_vars:

roles/baseline_ansible/action_plugins/yum.py

@@ -40,7 +40,7 @@ def run(self, tmp=None, task_vars=None):
         # Add/Change ansible_python_interpreter to python2 for CentOS 7.x and RHEL 7.x
         # pylint: disable=f-string-without-interpolation
         is_redhat_family_7 = \
-            self._templar.template("{{ (ansible_os_family == 'RedHat' and "
+            self._templar.template("{{ (ansible_os_family == 'RedHat'and ansible_distribution != 'openEuler' and "
                                    "ansible_distribution_version < '8') | bool }}")
         if is_redhat_family_7:
             if 'ansible_python_interpreter' in task_vars:

roles/baseline_ansible/infrastructure/firewall_open_ports/tasks/main.yml

@@ -20,4 +20,4 @@
   # where every element has the value "enabled" or "disabled"
   loop: "{{ (fw_open_ports | default([]) | zip_longest([], fillvalue='enabled') | list) + (fw_close_ports | default([]) | zip_longest([], fillvalue='disabled') | list) }}" # noqa line-length
   become: yes
-  when: ansible_os_family == 'RedHat'
+  when: ansible_os_family == 'RedHat' and ansible_distribution != 'openEuler'

roles/baseline_ansible/infrastructure/install_dependencies/tasks/install_os_packages.yml

@@ -19,7 +19,7 @@
 - name: install os packages
   block:
     - name: install os packages
-      action: "{{ ansible_pkg_mgr }} name={{ install_dependencies_full_list }} state=present update_cache=yes"
+      action: "{{ ansible_pkg_mgr }} disable_excludes=main name={{ install_dependencies_full_list }} state=present update_cache=yes"
       register: pkg_mgr_results
       retries: "{{ number_of_retries | default(3) }}"
       until: pkg_mgr_results is success

roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_enable_repositories.yml

@@ -31,6 +31,7 @@
   when:
     - ansible_distribution_version < '8'
     - ius_repository_enabled
+    - ansible_distribution != 'openEuler'
 
 - name: Install PowerTools repository
   include_tasks: redhat_powertools_repository.yml
@@ -46,6 +47,8 @@
   command: cat /etc/redhat-release
   register: release
   changed_when: false
+  when:
+    - ansible_distribution != 'openEuler'
 
 - name: set full distribution version RHEL
   set_fact:

roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_epel_repository.yml

@@ -23,3 +23,14 @@
   become: yes
   when:
     - ansible_distribution == "CentOS"
+
+- name: add EPEL repository for openEuler
+  ansible.builtin.yum_repository:
+    name: epel
+    description: EPEL
+    baseurl: https://dl.fedoraproject.org/pub/epel/8/Everything/$basearch/
+    gpgkey: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
+    enabled: true
+  become: yes
+  when:
+    - ansible_distribution == "openEuler"

roles/baseline_ansible/infrastructure/install_packages/tasks/redhat_install_kernel_headers_and_devel.yml

@@ -91,3 +91,20 @@
   when:
     - ansible_distribution == "RedHat"
     - ansible_distribution_version >= '8'
+
+- name: pull matching kernel headers and devel on openEuler
+  become: yes
+  package:
+    name: "{{ item }}"
+    state: present
+    allow_downgrade: true
+    disable_excludes: main
+  retries: "{{ number_of_retries | default(5) }}"
+  delay: "{{ retry_delay | default(3) }}"
+  register: source_status
+  until: source_status is not failed
+  loop:
+    - "kernel-headers"
+    - "kernel-devel"
+  when:
+    - ansible_distribution == "openEuler"

roles/baseline_ansible/infrastructure/install_packages/vars/main.yml

@@ -4,8 +4,10 @@
 ---
 os_base_packages:
   RedHat:
+    - CentOS:
+      - yum-utils
+      - moreutils
     - curl
-    - yum-utils
     - device-mapper-persistent-data
     - lvm2
     - wget
@@ -29,7 +31,6 @@ os_base_packages:
     - gcc-c++
     - psmisc
     - pixman-devel
-    - moreutils
     - createrepo
     - sshpass
     - bash-completion
@@ -111,8 +112,9 @@ os_python_packages:
 
 hardware_details_tools:
   RedHat:
+    - CentOS:
+      - inxi
     - hwinfo
-    - inxi
     - jq
     - pciutils
   Debian:

roles/baseline_ansible/infrastructure/selinux/tasks/main.yml

@@ -22,4 +22,4 @@
         state: disabled
       become: yes
       when: ansible_distribution_version >= '8'
-  when: ansible_os_family == "RedHat"
+  when: ansible_os_family == "RedHat" and ansible_distribution != "openEuler"

roles/infrastructure/docker/tasks/install_openEuler.yml

@@ -0,0 +1,31 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+---
+
+- name: add Docker repository
+  yum_repository:
+    name: docker
+    description: Docker CE repository
+    baseurl: "https://download.docker.com/linux/centos/8/$basearch/stable"
+    gpgkey: "{{ _docker_repository_key }}"
+    gpgcheck: true
+  become: yes
+  register: result
+  retries: "{{ number_of_retries }}"
+  until: result is succeeded
+  delay: "{{ retry_delay }}"
+
+- name: install Docker CE
+  package:
+    name: "docker-ce-19.03.15-3.el8"
+    state: present
+  notify:
+    - enable and start docker service
+  become: yes
+
+- name: install docker python package
+  pip:
+    name: docker
+    version: "6.1.0"
+    state: present

roles/infrastructure/docker/tasks/main.yml

@@ -12,6 +12,11 @@
 
 - name: install docker
   include_tasks: install.yml
+  when: ansible_distribution != "openEuler"
+
+- name: install docker
+  include_tasks: install_openEuler.yml
+  when: ansible_distribution == "openEuler"
 
 - name: mange docker group
   include_tasks: manage_group.yml
@@ -21,6 +26,7 @@
 
 - name: install pip dependencies
   include_tasks: install_pip_dep.yml
+  when: ansible_distribution != "openEuler"
 
 - name: set up proxy
   include_tasks: proxy.yml
@@ -49,3 +55,4 @@
 
 - name: set audit rules for docker
   include_tasks: audit.yml
+  when: ansible_distribution != "openEuler"

roles/infrastructure/docker/tasks/proxy.yml

@@ -22,7 +22,9 @@
 - name: add proxy to already existing config.json
   block:
     - name: add proxy to already existing config.json
-      shell: "jq -s '.[0] + .[1]' .docker/config.json .docker/temp-proxy.json | sponge .docker/config.json"
+      shell: "jq -s '.[0] + .[1]' .docker/config.json .docker/temp-proxy.json > .docker/merged-config.json"
+    - name: rename merged config.json
+      shell: "mv .docker/merged-config.json .docker/config.json"
     - name: remove temporary .docker/temp-proxy.json
       file:
         path: .docker/temp-proxy.json

roles/kubernetes/cni/calico/common/tasks/firewall_rules.yml

@@ -30,7 +30,7 @@
     - firewall-cmd --reload
   changed_when: true
   become: yes
-  when: ansible_os_family == "RedHat"
+  when: ansible_os_family == "RedHat" and ansible_distribution != "openEuler"
 
 # Due to the fact that the NFTables is used as IPTables backend in RedHat 8, the firewalld performs
 # additional packet filtering (in a 'inet firewalld filter_FORWARD' chain) on top of the calico
@@ -47,3 +47,4 @@
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_version >= '8'
+    - ansible_distribution != "openEuler"