ansible-vault
ansible-vault copied to clipboard
ansible-community
Collaborating with the hashi_vault Ansible collection ?
Hi @briantist and @ansible-community/hashicorp-tools o/
We recently bootstrapped a new community Ansible collection for hashicorp vault here: https://github.com/ansible-collections/community.hashi_vault
CI is in place with the help of GitHub actions for testing new PRs and release to galaxy can also be handled automatically whenever tagging a new release.
Would it make sense to include this role in the collection so users could get both the role and the plugin from the same location ? The Ansible community team can help get things started if you'd like to collaborate.
Oh that is great news! Thanks to all who helped with this!! And it makes sense to add this. Could you do something similar for the Consul content?
The collection currently only contains the hashi_vault plugin (moved there from community.general).
Also note that the collection requires at least Ansible 2.9.10, so you'd (officially) drop support of Ansible 2.8. (Ansible 2.8 and 2.9 ignore the minimum version field though, so in practice it can still be used, assuming no 2.9.10+ features are used.)
Also note that the collection requires at least Ansible 2.9.10, so you'd (officially) drop support of Ansible 2.8. (Ansible 2.8 and 2.9 ignore the minimum version field though, so in practice it can still be used, assuming no 2.9.10+ features are used.)
@felixfontein: thanks for pointing that out, you're right.
Hmm, I rather support Ansible 2.8.
@bbaassssiiee Ansible 2.8 is currently scheduled for EOL January 2021:
This also roughly coincides with the tentative schedule to release Ansible 3.0 in February:
I believe that leaves us plenty of time (even considering the upcoming holidays) to get the role in the collection without necessarily dropping anything here just yet.
Oh that is great news! Thanks to all who helped with this!! And it makes sense to add this. Could you do something similar for the Consul content?
I'm assuming you are talking about https://github.com/ansible-community/ansible-consul ?
Looking at the community.general collection, there's a few consul modules and plugins like:
- https://github.com/ansible-collections/community.general/tree/main/plugins/modules/clustering/consul
- https://github.com/ansible-collections/community.general/blob/main/plugins/lookup/consul_kv.py
With that in mind, it could make sense to regroup the role along with the different plugins from community.general into a collection and yes, we can help bootstrapping.
So if 2.8 has an EOL date in the near future, and 2.10 introduces breaking changes, will 2.9 be an LTS version given the billions of lines of Yaml out there?
Why do you say that 2.10 has a breaking change? It has as much (or little) breaking changes as any other Ansible release.
So if 2.8 has an EOL date in the near future, and 2.10 introduces breaking changes, will 2.9 be an LTS version given the billions of lines of Yaml out there?
@bbaassssiiee no official date is written for 2.9 that I know of but it is indeed planned to be supported longer (>= 2023). 2.10 is not so much about breaking changes -- it should "just work" in most cases -- it's more about the underlying changes in how Ansible is maintained and packaged.
2.9 is the release before these changes took place.
I test many repo's with tox and they are all broken by 2.10. Example tox.ini https://github.com/dockpack/base_boost/blob/master/tox.ini
@bbaassssiiee what exactly fails with Ansible 2.10 that does work with 2.9?
Dunno, too many parts are moving lately, integration is getting harder by developer entropy. So 2.10 might not be the cause.
So if 2.8 has an EOL date in the near future, and 2.10 introduces breaking changes, will 2.9 be an LTS version given the billions of lines of Yaml out there?
Based on feedback I got from an insider, 2.9 will effectively be an LTS.
Most breaking changes are going to be around add-on python based modules/plugins that link to ansible code... an example is their ec2.py inventory script doesn't work. Also with 2.10 there's a few means of distribution, but more raw packaging like pip or git require you to follow the new module storage model and download the module packages seperately (its easy with galaxy)
The new module model and naming conventions used in 2.10+ ARE supported in 2.9, just less enforced.
TLDR; if code is refactored for 2.10, it should work with 2.9 (which will be an LTS), but not 2.8
Most breaking changes are going to be around add-on python based modules/plugins that link to ansible code... an example is their ec2.py inventory script doesn't work. Also with 2.10 there's a few means of distribution, but more raw packaging like pip or git require you to follow the new module storage model and download the module packages seperately (its easy with galaxy)
I don't think there are any breaking changes for modules or plugins (except removals of deprecated things, and fixes for bugs which some code might rely on). Inventory scripts or scripts that run outside of Ansible are another story - if they rely on internals that have been moved out of ansible-base, they will stop working if not adjusted correctly.
Hate to restart an idle topic, but would love to see these integrated as this role would make an excellent addition to the collection.
