ansible: drop Amazon Linux 2 / RedHat support after Ubuntu migration

ansible/README.md

@@ -1,7 +1,7 @@
 ## Install `ansible`
 
 ```
-sudo dnf install -y ansible
+sudo apt install -y ansible
 ```
 
 

ansible/roles/base/README.md

@@ -2,13 +2,13 @@
 
 ## Description
 
-This role is used to install basic packages that may be required by any deployment.
+This role installs the basic packages required by any deployment on our
+Debian-family (Ubuntu / s390x LinuxONE) hosts, starts docker, and performs
+common host setup (disabling auditd, and configuring swap on s390x).
 
-Some default packages that apply to both RedHat based and Debian based is set in [defaults/main.yml](defaults/main.yml) file.
+The package list lives in [defaults/main.yml](defaults/main.yml).
 
-Each specific distro that has different package name has a file under [vars/](vars/) with a list of packages (example: `docker.io` for Debian, `podman-docker` for RedHat).
-
-It also provides handler that can be useful to any other roles, such as
+It also provides handlers that can be useful to any other roles, such as
 - `"reset systemd failed"`: runs `systemctl reset-failed`
 - `"reload systemd daemon"`: essentially runs `systemctl daemon-reload`
 

ansible/roles/base/defaults/main.yml

@@ -1,10 +1,11 @@
 ---
-__base_packages:
+base_packages:
   - curl
   - git
   - jq
   - python3-pip
   - vim
+  - docker.io
 
 # swap config for s390x
 swap_file_path: /swapfile

ansible/roles/base/tasks/main.yml

@@ -1,9 +1,76 @@
 ---
-- name: Include OS-specific variables.
-  include_vars: "{{ ansible_os_family }}.yml"
+- name: Install base packages
+  become: true
+  apt:
+    state: present
+    name: "{{ base_packages }}"
+    update_cache: yes
+    lock_timeout: 300
+  register: base_packages_install
+  until: base_packages_install is succeeded
+  retries: 30
+  delay: 10
+  tags: [install]
 
-- name: Build package list
-  set_fact:
-    base_packages: "{{ __base_packages + __base_distro_packages }}"
+- name: Start docker
+  become: true
+  service:
+    name: docker
+    state: started
+    enabled: true
 
-- include_tasks: "setup-{{ ansible_os_family }}.yml"
+- name: Gather the package facts
+  ansible.builtin.package_facts:
+
+# Auditd is spamming the logs when the workers are busy.
+# Disable for now
+- name: Disable auditd
+  become: true
+  ansible.builtin.systemd:
+    name: auditd
+    state: stopped
+    enabled: no
+    masked: yes
+  when: "'auditd' in ansible_facts.packages"
+
+- name: Set up swap space on s390x
+  when: ansible_architecture == "s390x"
+  block:
+    - name: Check if swap file exists
+      ansible.builtin.stat:
+        path: "{{ swap_file_path }}"
+      register: swap_file
+
+    - name: Create swap file
+      become: true
+      ansible.builtin.command:
+        cmd: "fallocate -l {{ swap_file_size }} {{ swap_file_path }}"
+        creates: "{{ swap_file_path }}"
+      when: not swap_file.stat.exists
+
+    - name: Set swap file permissions
+      become: true
+      ansible.builtin.file:
+        path: "{{ swap_file_path }}"
+        mode: "0600"
+
+    - name: Make swap file
+      become: true
+      ansible.builtin.command:
+        cmd: "mkswap {{ swap_file_path }}"
+      when: not swap_file.stat.exists
+
+    - name: Enable swap file
+      become: true
+      ansible.builtin.command:
+        cmd: "swapon {{ swap_file_path }}"
+      register: swapon_result
+      changed_when: swapon_result.rc == 0
+      failed_when: false
+
+    - name: Add swap to fstab
+      become: true
+      ansible.builtin.lineinfile:
+        path: /etc/fstab
+        line: "{{ swap_file_path }} none swap sw 0 0"
+        state: present

ansible/roles/runner/tasks/main.yml

@@ -1,18 +1,7 @@
 ---
 
-# Used by ansible modules later
-- name: Install docker pip on Amazon Linux
-  become: yes
-  ansible.builtin.pip:
-    name:
-      # AL2 python's version is compiled against openssl 1.0, urllib3>=2.0 needs openssl 1.1.1
-      - urllib3<2.0
-      - docker
-    extra_args: --user
-    executable: pip3
-  when: ansible_distribution == 'Amazon'
-
-- name: Install python3-docker on Ubuntu
+# Used by ansible modules later (docker_login)
+- name: Install python3-docker
   become: yes
   ansible.builtin.apt:
     state: present
@@ -23,7 +12,6 @@
   until: python3_docker_install is succeeded
   retries: 30
   delay: 10
-  when: ansible_os_family == 'Debian'
 
 - name: Create runner directory
   become: yes
@@ -80,11 +68,11 @@
   set_fact:
     runner_name_prefix: "{{ '%s-' | format(runner_prefix) if runner_prefix }}{{ ansible_hostname }}"
 
-# On EC2 hosts (Amazon Linux metal and Ubuntu metal alike) we override the runner_name_prefix
-# with the ec2's instance ID for stable, collision-free runner names. Non-EC2 hosts (e.g. s390x
-# LinuxONE, vendor "IBM") are skipped so we never block on the 169.254.169.254 metadata endpoint.
-# If amazon.aws is missing or the metadata endpoint is unreachable, `ignore_errors` lets us fall
-# back to the hostname-based prefix set above.
+# On EC2 hosts we override the runner_name_prefix with the ec2's instance ID for stable,
+# collision-free runner names. Non-EC2 hosts (e.g. s390x LinuxONE, vendor "IBM") are skipped so
+# we never block on the 169.254.169.254 metadata endpoint. If amazon.aws is missing or the
+# metadata endpoint is unreachable, `ignore_errors` lets us fall back to the hostname-based
+# prefix set above.
 - name: Set runner_name_prefix to instance ID for EC2 hosts
   block:
     - name: Load ec2 metadata facts
@@ -93,7 +81,7 @@
     - name: Set runner name prefix with instance ID
       set_fact:
         runner_name_prefix: "{{ '%s-' | format(runner_prefix) if runner_prefix }}{{ ansible_ec2_instance_id }}"
-  when: ansible_system_vendor == 'Amazon EC2' or ansible_distribution == 'Amazon'
+  when: ansible_system_vendor == 'Amazon EC2'
   ignore_errors: yes
 
 - name: Generate runner env