majic-ansible-roles Changeset

Changeset - 956d7705c012

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 20 months ago 2024-03-17 12:39:35
branko@majic.rs

MAR-234: Use the pipreqcheck user when checking the Python version and prompt:

- Using the root account can result in incorrect permissions being set
on the Python cache (__pycache__) directories, which can further
cause permission issues for the pirpeqcheck user itself.
- The prompt also makes more sense to check in context of the virtual
environment user (since that's the one that will normally get used
with the virtual environment itself).

2 files changed with 14 insertions and 0 deletions:

docs/releasenotes.rst

roles/common/tasks/main.yml

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

 Release notes
 =============
 x.y.z
 -----
 * ``common`` role
   * Fixed permission errors with Python cache directories in the pip
     requirements upgrade checks virtual environment that can happen if
     the initial virtual environment set-up fails.
 .0.0
 -----
 Dropped support for Python 2.7 and Debian 10 Buster. Added support for
 Debian 12 Bookworm. Numerous minor improvements and fixes.
 **Breaking changes:**
 * All roles
   * Dropped support for Debian 10 (Buster).
   * Added support for Debian 12 (Bookworm).
   * ``netaddr`` Python package is now required for using the roles.
   * ``dnspython`` Python package is no longer required for using the
     roles.
 * ``backup_client`` role
   * Previously the backup would run even if pre-backup scripts would
     fail. This is no longer the case, and all pre-backup scripts must
     exit with non-zero exit code in order for backup process to
     kick-in.
   * Old backups are now automatically purged after successful
     backup. This could lead to longer runtimes for entire backup

roles/common/tasks/main.yml

➞

Show inline comments

@@ @@ -353,59 +353,63 @@ @@
 - name: Create user for running pip requirements checks
   user:
     name: "pipreqcheck"
     uid: "{{ pipreqcheck_uid | default(omit) }}"
     group: "pipreqcheck"
     home: "/var/lib/pipreqcheck"
     state: present
 - name: Retrieve system Python interpreter version
   command:
     argv:
       - "/usr/bin/python3"
       - "-c"
       - "import sys; print(sys.version.split(' ')[0])"
   changed_when: false
   register: python_interpreter_version
 - name: Retrieve virtual environment Python interpreter version (if initialised)
   command:
     argv:
       - "/var/lib/pipreqcheck/virtualenv/bin/python"
       - "-c"
       - "import sys; print(sys.version.split(' ')[0])"
   become: true
   become_user: "pipreqcheck"
   # Virtual environment perhaps does not exist.
   failed_when: false
   changed_when: false
   register: virtualenv_python_version
 - name: Retrieve virtual environment prompt
   command:
     argv:
       - "bash"
       - "-c"
       - "source '/var/lib/pipreqcheck/virtualenv/bin/activate'; printenv PS1"
   become: true
   become_user: "pipreqcheck"
   failed_when: false
   changed_when: false
   register: current_virtualenv_prompt
 - name: Remove virtual environment in case of mismatches
   file:
     path: "/var/lib/pipreqcheck/virtualenv"
     state: absent
   when: |
     virtualenv_python_version.rc != 0 or
     virtualenv_python_version.stdout.strip() != python_interpreter_version.stdout.strip() or
     current_virtualenv_prompt.stdout != "(pipreqcheck) "
 - name: Create directory for Python virtual environment used for installing/running pip-tools
   file:
     path: "{{ item }}"
     state: directory
     owner: pipreqcheck
     group: pipreqcheck
     mode: 0750
   with_items:
     - "/var/lib/pipreqcheck"
     - "/var/lib/pipreqcheck/virtualenv"

0 comments (0 inline, 0 general)