mageops · Szpadel · Nov 3, 2022 · Nov 22, 2022 · krisdante · Nov 24, 2022
diff --git a/ansible.cfg b/ansible.cfg
@@ -1,6 +1,4 @@
 [defaults]
-ansible_python_interpreter =    python
-
 remote_user =                   root
 host_key_checking =             no
 

diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -220,9 +220,9 @@ aws_tags_kms_database:
 # --------  AMI  --------
 # -----------------------
 
-# AMI Name search pattern matching official CentOS 7 Marketplace AMI
+# AMI Name search pattern matching official Rocky linux 9 Marketplace AMI
 # Warning! You need to be subscribed to it first!
-aws_ami_base_marketplace_name: "*b7ee8a69-ee97-4a49-9e68-afaee216db2e*"
+aws_ami_base_marketplace_name: "Rocky-9-EC2-*"
 
 # Whether to kill previously created builder or reuse it on next run
 aws_ami_build_force_fresh_builder: no
@@ -721,9 +721,7 @@ mageops_language_redirect_enable: no
 mageops_language_redirect_mode: normal
 
 # Configure a vmtouch daemon force-keeping magento sources / compiled opcache in RAM
-mageops_magento_preload_fscache_enable: >-
-  {{ ( ansible_memtotal_mb | default(512, true) | int >= 7168 )
-        and php_cli_opcache_file_cache_enable | default(false, true) }}
+mageops_magento_preload_fscache_enable: no
 
 # Tune Linux Virtual Memory kernel sysctl params for lower disk IO
 mageops_app_node_optimize_kernel_vm_io: yes
@@ -1330,7 +1328,7 @@ php_fpm_pool_name: "{{ mageops_app_type }}"
 
 php_fpm_umask: "{{ mageops_app_umask }}"
 
-php_fpm_run_dir_path: "/var/run/php-fpm"
+php_fpm_run_dir_path: "/run/php-fpm"
 php_fpm_log_dir_path: "/var/log/php-fpm"
 
 php_fpm_pool_conf_dir_path: "/etc/php-fpm.d"
@@ -1556,7 +1554,7 @@ https_termination_proxy_http_port: "{{ https_termination_hide_varnish | default(
 https_termination_proxy_read_timeout: "{{ mageops_http_pipeline_request_timeout_override }}"
 
 # Special logging setup for requests for cacheable HTML pages which were a cache MISS
-https_termination_page_cache_misses_logging: yes
+https_termination_page_cache_misses_logging: no
 https_termination_page_cache_misses_logfile: "{{ nginx_log_dir }}/access.page-cache-misses.json.log"
 
 https_termination_redirect_source_domain_param: _redirect_from
@@ -1772,10 +1770,10 @@ deploy_release_save_info_file_path: "{{ mageops_ansible_temp_dir }}/RELEASE.json
 # --------------------------------------
 
 # Whether to install and enable the earlyoom daemon
-mageops_earlyoom_enable: yes
+mageops_earlyoom_enable: no
 
 earlyoom_ram_min_percent: 7
-earlyoom_swap_min_percent: 40
+earlyoom_swap_min_percent: 10
 mageops_cli_features_dir: /usr/local/lib/mageops/features
 
 # ----------------------------
@@ -1794,11 +1792,8 @@ mageops_packages_banned:
 
 # Basic packages needed for ansible/provisioning
 mageops_packages_base:
-  - python
-  - python2-pip
-  - python2-PyMySQL
-  - yum-utils
-  - yum-plugin-verify
+  - python3-pip
+  - python3-PyMySQL
   - unzip
   - git
   - rsync
@@ -1872,7 +1867,8 @@ packages_remove: "{{ mageops_packages_banned }}"
 # Package locks, for more info, check cs.versionlock role
 
 # Package locks per instance
-versionlock_varnish_packages: []
+versionlock_varnish_packages:
+  - varnish-6.0.*
 versionlock_persistent_packages: []
 versionlock_app_node_packages: []
 

diff --git a/requirements-galaxy.yml b/requirements-galaxy.yml
@@ -1,3 +1,4 @@
+roles:
 - src: geerlingguy.mysql
 - src: geerlingguy.composer
 - src: geerlingguy.ntp
@@ -8,9 +9,7 @@
 - src: pinkeen.postfix-relay
   version: v1.1
 
-- src: pinkeen.selinux-disable
-  version: v1.1
-
-- src: zauberpony.mysql-query
-  version: v0.6.1
-
+collections:
+- name: community.aws
+- name: amazon.aws
+- name: community.mysql
diff --git a/requirements-python.txt b/requirements-python.txt
@@ -1,4 +1,4 @@
-ansible>=2.9.16,<2.10
+ansible>=6,<7
 
 # some tasks call aws command on localhost
 # make sure this is BEFORE boto3 and boto

diff --git a/roles/cs.ansible-plugins/meta/main.yml b/roles/cs.ansible-plugins/meta/main.yml
@@ -1,18 +1,2 @@
 allow_duplicates: no
 dependencies:  []
-
-galaxy_info:
-  author: Filip Sobalski <[email protected]>
-  description: A collection of ansible plugins
-  company: creativestyle Polska
-  license: license (BSD, MIT)
-  min_ansible_version: 2.7
-  galaxy_tags:
-    - plugins
-    - filters
-    - filter_plugins
-    - ansible
-    - meta
-    - library
-
-
diff --git a/roles/cs.aws-ami-facts/defaults/main.yml b/roles/cs.aws-ami-facts/defaults/main.yml
@@ -1,25 +1,33 @@
+ami_facts_instance: ""
+ami_facts_architecture: "{{ ami_facts_architecture_map[ami_facts_instance.split('.')[0]] }}"
+
+ami_facts_architecture_map:
+  t3: x86_64
+  m6a: x86_64
+  m6i: x86_64
+  m6g: arm64
+  t4g: arm64
+  c6g: arm64
+  c5: x86_64
+  c5a: x86_64
+  c6i: x86_64
+  c6a: x86_64
+  c7g: arm64
+  r6a: x86_64
+  r6i: x86_64
+  r6g: arm64
+  r5: x86_64
+  r5a: x86_64
+  r5b: x86_64
+
 ami_facts_common_filters:
   state: "available"
-  architecture: "x86_64"
-
-# Deprecated - CentOS no longer updates the Marketplace AMIs
-# ami_facts_clean_base_filters:
-#   name: "{{ aws_ami_base_marketplace_name }}"
-#   is-public: "true"
-#   owner-alias: "aws-marketplace"
-
-# The image id of CentOS AWS images needs to be hardcoded and manually update now.
-# Warning! The ids are different for each region, for no we use a hardcoded
-# values for eu-central-1.
-# Find the latest CentOS ami ids here: https://www.centos.org/download/aws-images/
-ami_centos7_id:
-#  eu-central-1: ami-08b6d44b4f6f7b279 # original
-  eu-central-1: ami-0e4f9c05326f650df # cs-centos7-update-2022-08-01
-
-ami_base_system_image_id: "{{ ami_centos7_id[aws_region | default('eu-central-1')] }}"
+  architecture: "{{ ami_facts_architecture }}"
 
 ami_facts_clean_base_filters:
-  image-id: "{{ ami_base_system_image_id }}"
+  name: "{{ aws_ami_base_marketplace_name }}"
+  is-public: "true"
+  owner-alias: "aws-marketplace"
 
 ami_facts_app_node_tags: "{{ aws_tags_base | combine(aws_tags_role_app) }}"
 
@@ -35,3 +43,4 @@ ami_facts_app_node_base_filters: >-
   }}
 
 ami_facts_app_node_filters: {}
+aws_ami_clean_base_info: {}
diff --git a/roles/cs.aws-ami-facts/tasks/find-app-node-ami.yml b/roles/cs.aws-ami-facts/tasks/find-app-node-ami.yml
@@ -1,10 +1,10 @@
 - name: Find app node AMIs
-  ec2_ami_facts:
+  amazon.aws.ec2_ami_info:
     region: "{{ aws_region }}"
     filters: >-
       {{ ami_facts_common_filters | combine(
-          ami_facts_app_node_base_filters, 
-          ami_facts_app_node_filters, 
+          ami_facts_app_node_base_filters,
+          ami_facts_app_node_filters,
           ami_facts_app_node_tag_filters) }}
   vars:
     ami_facts_app_node_tag_filters: "{{ ami_facts_app_node_tags | prefix_keys('tag:') }}"
@@ -22,7 +22,7 @@
         aws_ami_app_node_id: "{{ aws_ami_app_node_info.image_id }}"
         aws_ami_app_node_name: "{{ aws_ami_app_node_info.name }}"
         aws_ami_app_node_location: "{{ aws_ami_app_node_info.image_location }}"
-        aws_ami_app_node_needs_db_migrations: "{{ aws_ami_app_node_info.tags.NeedsDbMigrations | default('true') | from_json }}"          
+        aws_ami_app_node_needs_db_migrations: "{{ aws_ami_app_node_info.tags.NeedsDbMigrations | default('true') | from_json }}"
         aws_ami_app_node_artifact_build_nr: "{{ aws_ami_app_node_info.tags.ArtifactBuildNr | default('null') | from_json }}"
 
 - name: Print information about newest app node AMI found
@@ -31,10 +31,10 @@
     msg: |
       ===============================================================
       =                     Found App Node AMI                      =
-      =============================================================== 
+      ===============================================================
 
       {% if ami_facts_app_node_force_id %}Note: Using forced specific AMI id.{% endif %}
-      
+
       {{ aws_ami_app_node_name }} ({{ aws_ami_app_node_id }})
 
       Baked App artifact build: #{{ aws_ami_app_node_artifact_build_nr | default('unknown', true) }}
@@ -50,4 +50,4 @@
 - name: Print information if no images were found
   when: ami_app_node_facts.images | length == 0
   debug:
-    msg: "No previous app node AMI was found! Clean build is coming..."
+    msg: "No previous app node AMI was found! Clean build is coming..."
diff --git a/roles/cs.aws-ami-facts/tasks/find-clean-base-ami.yml b/roles/cs.aws-ami-facts/tasks/find-clean-base-ami.yml
@@ -1,34 +1,32 @@
-- name: Find clean base AMIs
-  ec2_ami_facts:
-    region: "{{ aws_region }}"
-    filters: "{{ ami_facts_common_filters | combine(ami_facts_clean_base_filters) }}"
-  register: ami_clean_base_facts
+- block:
+  - name: Find clean base AMIs
+    amazon.aws.ec2_ami_info:
+      region: "{{ aws_region }}"
+      filters: "{{ ami_facts_common_filters | combine(ami_facts_clean_base_filters) }}"
+    register: ami_clean_base_facts
 
-- name: Fail if no clean base AMI is found
-  fail:
-    msg: Error! No clean base AMI found!
-  when: ami_clean_base_facts.images | length == 0
+  - name: Fail if no clean base AMI is found
+    fail:
+      msg: Error! No clean base AMI found!
+    when: ami_clean_base_facts.images | length == 0
 
-- name: Set latest clean base AMI info fact
-  set_fact:
-    aws_ami_clean_base_info: "{{ ami_clean_base_facts.images | sort(attribute='creation_date') | last }}"
+  - name: Set latest clean base AMI info fact
+    set_fact:
+      aws_ami_clean_base_info_best: "{{ ami_clean_base_facts.images | sort(attribute='creation_date') | last }}"
+
+  - name: Set base clean AMI facts
+    set_fact:
+      aws_ami_clean_base_info: "{{ aws_ami_clean_base_info | combine( {ami_facts_architecture: aws_ami_clean_base_info_best} ) }}"
+  when: aws_ami_clean_base_info[ami_facts_architecture] is not defined
 
 - name: Set base clean AMI facts
   set_fact:
-    aws_ami_clean_base_id: "{{ aws_ami_clean_base_info.image_id }}"
-    aws_ami_clean_base_name: "{{ aws_ami_clean_base_info.name }}"
-    aws_ami_clean_base_location: "{{ aws_ami_clean_base_info.image_location }}"
-    aws_ami_root_device: "{{ aws_ami_clean_base_info.root_device_name }}"
+    aws_ami_clean_base_info: "{{ aws_ami_clean_base_info | combine( {ami_facts_instance: aws_ami_clean_base_info[ami_facts_architecture]} ) }}"
 
 - name: Print information about base AMI found
   debug:
     msg: |
       Clean base AMI information
       ==========================
 
-      {{ aws_ami_clean_base_name }} [{{ aws_ami_clean_base_id }}]
-      ({{ aws_ami_clean_base_location }})
-
-      --- Details ---
-
-      {{ aws_ami_clean_base_info | to_nice_yaml }}
+      {{ aws_ami_clean_base_info | to_nice_yaml }}
diff --git a/roles/cs.aws-autoscaling/meta/main.yml b/roles/cs.aws-autoscaling/meta/main.yml
@@ -2,4 +2,3 @@ dependencies:
   - role: cs.ansible-plugins
   - role: cs.aws-vpc-facts
   - role: cs.aws-security-group-facts
-  - role: cs.aws-ami-facts
diff --git a/roles/cs.aws-cli/tasks/main.yml b/roles/cs.aws-cli/tasks/main.yml
@@ -1,17 +1,16 @@
-- name: Make sure pip aws is not installed
-  pip:
-    name: awscli
-    state: absent
+# - name: Make sure pip aws is not installed
+#   pip:
+#     name: awscli
+#     state: absent
 
 - name: Install awscli
-  yum:
+  dnf:
     name: awscli
-    enablerepo: mageops
     state: latest
 
 - name: Ensure default AWS Region is set
   ini_file:
     path: /root/.aws/credentials
     section: default
     option: region
-    value: "{{ aws_region }}"
+    value: "{{ aws_region }}"
diff --git a/roles/cs.aws-cloudfront-facts/tasks/main.yml b/roles/cs.aws-cloudfront-facts/tasks/main.yml
@@ -1,18 +1,19 @@
 - name: Get list of cloudfront distributions
-  cloudfront_facts:
+  community.aws.cloudfront_info:
     region: "{{ aws_region }}"
+    summary: yes
   register: cloudfront_distributions_info
 
 - name: Set list of cloudfront distributions
   set_fact:
-    aws_cloudfront_distributions: "{{ cloudfront_distributions_info.ansible_facts.cloudfront.summary.distributions }}"
-   
+    aws_cloudfront_distributions: "{{ cloudfront_distributions_info.cloudfront.summary.distributions }}"
+
 - name: Filter cloudfront distribution list by tags
   set_fact:
     aws_cloudfront_distributions: "{{ aws_cloudfront_distributions | json_query(distributions_tag_filter_query) }}"
   vars:
     distributions_tag_filter_query: "[?{% for k, v in aws_cloudfront_distribution_tags.items() -%}Tags.{{ k }} == '{{ v }}'{% if not loop.last %} && {% endif %}{% endfor %}]"
-  
+
 - name: Warn when more than one distribution has been found
   debug:
     msg: |
@@ -31,4 +32,4 @@
   debug:
     msg: |
       Using Cloudfront Distribution: {{ aws_cloudfront_distribution_id }} with domain {{ aws_cloudfront_distribution_domain }}
-  when: aws_cloudfront_distributions | length > 0
+  when: aws_cloudfront_distributions | length > 0
diff --git a/roles/cs.aws-ebs-vol/tasks/main.yml b/roles/cs.aws-ebs-vol/tasks/main.yml
@@ -90,4 +90,4 @@
       loop_control:
         loop_var: volume
         label: "{{ volume.VolumeId }} / {{ volume | pick_keys(aws_ebs_volume_modify_params.keys()) | to_yaml | trim }} -> {{ aws_ebs_volume_modify_params | to_yaml| trim }}"
-      loop: "{{ ( aws_ebs_volume_describe.stdout | from_json ).Volumes }}"
+      loop: "{{ ( aws_ebs_volume_describe.stdout | from_json ).Volumes }}"
diff --git a/roles/cs.aws-ec2-cleanup/tasks/main.yml b/roles/cs.aws-ec2-cleanup/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: Get available Lauch Configurations
-  ec2_lc_facts:
+  community.aws.ec2_lc_info:
     region: "{{ aws_region }}"
     sort: created_time
     sort_order: descending

diff --git a/roles/cs.aws-efs/tasks/main.yml b/roles/cs.aws-efs/tasks/main.yml
@@ -39,7 +39,7 @@
           --lifecycle-policies '{{ efs_lifecycle_policies | to_json }}'
 
 - name: Install AWS EFS utils
-  yum:
+  dnf:
     name:
         - stunnel
         - nfs-utils

diff --git a/roles/cs.aws-facts-all/meta/main.yml b/roles/cs.aws-facts-all/meta/main.yml
@@ -14,4 +14,4 @@ dependencies:
   - role: cs.aws-ami-facts
     when: aws_facts_gather_ami
   - role: cs.aws-autoscaling-facts
-    when: aws_facts_autoscaling
+    when: aws_facts_autoscaling
diff --git a/roles/cs.aws-lambda-import/defaults/main.yml b/roles/cs.aws-lambda-import/defaults/main.yml
@@ -3,6 +3,6 @@ aws_import_scaling_lambda_schedule: rate(5 minutes)
 aws_lambda_handle_import_scaling_name: "handleImportScaling-{{ mageops_app_name }}"
 aws_lambda_handle_import_scaling_runtime: python3.7
 
-aws_lambda_import_scaling_deploy_package_version: "1.7.0"
+aws_lambda_import_scaling_deploy_package_version: "1.7.1"
 aws_lambda_import_scaling_deploy_package_url: "https://github.com/mageops/aws-lambdas-autoscaling/releases/download/{{ aws_lambda_import_scaling_deploy_package_version }}/autoscaling-lambdas-deploy-package.python3.7.zip"
-aws_lambda_import_scaling_deploy_package_path: "{{ mageops_ansible_temp_dir }}/import-scaling-lambda-deploy-package-{{ aws_lambda_import_scaling_deploy_package_version }}.zip"
+aws_lambda_import_scaling_deploy_package_path: "{{ mageops_ansible_temp_dir }}/import-scaling-lambda-deploy-package-{{ aws_lambda_import_scaling_deploy_package_version }}.zip"
diff --git a/roles/cs.aws-lambda-varnish/defaults/main.yml b/roles/cs.aws-lambda-varnish/defaults/main.yml
@@ -1,5 +1,5 @@
-aws_lambda_varnish_deploy_package_url: "https://github.com/mageops/aws-lambdas-autoscaling/releases/download/1.6.0/autoscaling-lambdas-deploy-package.python3.7.zip"
-aws_lambda_varnish_deploy_package_path: "{{ mageops_ansible_temp_dir }}/varnish-lambda-deploy-package.zip"
+aws_lambda_varnish_deploy_package_url: "https://github.com/mageops/aws-lambdas-autoscaling/releases/download/1.7.1/autoscaling-lambdas-deploy-package.python3.7.zip"
+aws_lambda_varnish_deploy_package_path: "{{ mageops_ansible_temp_dir }}/varnish-lambda-deploy-package-f44a1b91479964bca0e73e222c1c004f08e87a3c.zip"
 aws_lambda_varnish_runtime: python3.7
 
 aws_lambda_handle_varnish_autoscaling_event_name: "handleVarnishAutoscalingEvent-{{ mageops_app_name }}"
-Original file line number
+Diff line change
@@ Expand Up / @@ -39,7 +39,7 @@ @@
               --lifecycle-policies '{{ efs_lifecycle_policies | to_json }}'
     - name: Install AWS EFS utils
-      yum:
+      dnf:
         name:
             - stunnel
             - nfs-utils
@@ Expand Down @@