ansible: stop using `with_items` to install packages via `yum` r=mhentges
authorConnor Sheehan <sheehan@mozilla.com>
Mon, 20 Jan 2020 17:50:22 +0000
changeset 7436 7bc5a0f3afda8f9136c6df0e8a95177386a322aa
parent 7435 548ae9caadb16ff054d1753cc5f4b34055c9821e
child 7437 b3b26605f232c8d7bf12799ec52d3b1797627ab3
push id3700
push usercosheehan@mozilla.com
push dateMon, 20 Jan 2020 17:51:47 +0000
treeherderversion-control-tools@7bc5a0f3afda [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmhentges
ansible: stop using `with_items` to install packages via `yum` r=mhentges When creating the `docker` role, Mitch noticed that using `with_items` on newer Ansible versions caused warnings and recommended passing a list of items as the `name` argument directly. We assume this optimizes `yum`, which can better calculate the set of required dependencies when all packages are specified up front. Differential Revision: https://phabricator.services.mozilla.com/D60433
ansible/roles/hg-ssh-server/tasks/main.yml
ansible/roles/hg-ssh/tasks/main.yml
ansible/roles/hg-web/tasks/main.yml
--- a/ansible/roles/hg-ssh-server/tasks/main.yml
+++ b/ansible/roles/hg-ssh-server/tasks/main.yml
@@ -22,26 +22,27 @@
 - name: Create hg user
   user: name=hg
         group=hg
         uid=500
         shell=/bin/bash
         comment='Hg user'
 
 - name: Install packages required to run a Mercurial server
-  yum: name={{ item }} state=present
-  with_items:
-    # Needed to build python-ldap package for virtualenv.
-    - openldap-devel
-    - python-devel
-    - python
-    - python3
-    - python3-pip
-    - python3-devel
-    - rsyslog
+  yum:
+    state: present
+    name:
+      # Needed to build python-ldap package for virtualenv.
+      - openldap-devel
+      - python-devel
+      - python
+      - python3
+      - python3-pip
+      - python3-devel
+      - rsyslog
 
 - name: mercurial config directory is present
   file: path=/etc/mercurial state=directory mode=0755
 
 - name: directory for hg sshd files
   file: path=/etc/mercurial/ssh
         state=directory
         owner=root
--- a/ansible/roles/hg-ssh/tasks/main.yml
+++ b/ansible/roles/hg-ssh/tasks/main.yml
@@ -1,18 +1,19 @@
 ---
 - include: ../../../tasks/systemd-mail-unit-output.yml
   when: is_testing is not defined
 
 - name: Install packages required to run a Mercurial server
-  yum: name={{ item }} state=present
-  with_items:
-    - sudo
-    - tar
-    - yum-plugin-versionlock
+  yum:
+    state: present
+    name:
+      - sudo
+      - tar
+      - yum-plugin-versionlock
 
 - name: ensure critical system packages are locked so they aren't auto-upgraded
   command: /usr/bin/yum versionlock add {{ item }}
   warn: False
   with_items:
     # Important server functionality uses Python 2 and upgrading the Python
     # package can be sensitive. So we lock the package version so it isn't
     # upgraded as part of upgrading other system packages.
--- a/ansible/roles/hg-web/tasks/main.yml
+++ b/ansible/roles/hg-web/tasks/main.yml
@@ -1,41 +1,40 @@
 ---
 - name: install system packages
-  yum: name={{ item }} state=present
-  with_items:
-    # This is likely already installed, but needed for Docker.
-    - cronie
-    - gcc
-    - httpd
-    # To build mod_wsgi from source so it can be placed in virtualenvs.
-    - httpd-devel
-    # Provides `setcap` utility.
-    - libcap
-    # Secures processes, especially moz.build evaluation.
-    - libcgroup
-    # We use logrotate to control log files
-    - logrotate
-    - openssh-clients
-    - openssh-server
-    - python-devel
-    - python3
-    - python3-pip
-    - python3-devel
-    - rsync
-    # Needed for hg user to execute mozbuild-eval as root.
-    - rsyslog
-    - sudo
-    - tar
-    - yum-plugin-versionlock
+  yum:
+    state: present
+    name:
+      # This is likely already installed, but needed for Docker.
+      - cronie
+      - gcc
+      - httpd
+      # To build mod_wsgi from source so it can be placed in virtualenvs.
+      - httpd-devel
+      # Provides `setcap` utility.
+      - libcap
+      # Secures processes, especially moz.build evaluation.
+      - libcgroup
+      # We use logrotate to control log files
+      - logrotate
+      - openssh-clients
+      - openssh-server
+      - python-devel
+      - python3
+      - python3-pip
+      - python3-devel
+      - rsync
+      # Needed for hg user to execute mozbuild-eval as root.
+      - rsyslog
+      - sudo
+      - tar
+      - yum-plugin-versionlock
 
 - name: install system packages
-  yum: name={{ item }} state=present
-  with_items:
-    - libcgroup-tools
+  yum: name=libcgroup-tools state=present
 
 - name: ensure critical system packages are locked so they aren't auto-upgraded
   command: /usr/bin/yum versionlock add {{ item }}
   warn: False
   with_items:
     # Important server functionality uses Python 2 and upgrading the Python
     # package can be sensitive. So we lock the package version so it isn't
     # upgraded as part of upgrading other system packages.