{"id":27389155,"url":"https://github.com/release-engineering/errata-tool-ansible","last_synced_at":"2025-04-13T19:12:41.933Z","repository":{"id":42524426,"uuid":"240126521","full_name":"release-engineering/errata-tool-ansible","owner":"release-engineering","description":"Ansible modules to manage Red Hat Errata Tool resources","archived":false,"fork":false,"pushed_at":"2025-04-11T07:23:11.000Z","size":437,"stargazers_count":4,"open_issues_count":34,"forks_count":15,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-04-11T09:27:13.283Z","etag":null,"topics":["ansible"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/release-engineering.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-02-12T22:15:40.000Z","updated_at":"2025-04-11T07:23:13.000Z","dependencies_parsed_at":"2024-11-07T22:46:09.338Z","dependency_job_id":"ff95dbcc-f288-4982-8cb7-bbe0960adb3c","html_url":"https://github.com/release-engineering/errata-tool-ansible","commit_stats":null,"previous_names":["release-engineering/errata-tool-ansible"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-engineering%2Ferrata-tool-ansible","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-engineering%2Ferrata-tool-ansible/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-engineering%2Ferrata-tool-ansible/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-engineering%2Ferrata-tool-ansible/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/release-engineering","download_url":"https://codeload.github.com/release-engineering/errata-tool-ansible/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248766745,"owners_count":21158301,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible"],"created_at":"2025-04-13T19:12:41.269Z","updated_at":"2025-04-13T19:12:41.920Z","avatar_url":"https://github.com/release-engineering.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"errata-tool-ansible\n===================\n\n.. image:: https://github.com/ktdreyer/errata-tool-ansible/workflows/tests/badge.svg\n :target: https://github.com/ktdreyer/errata-tool-ansible/actions\n\n.. image:: https://codecov.io/gh/ktdreyer/errata-tool-ansible/branch/master/graph/badge.svg\n :target: https://codecov.io/gh/ktdreyer/errata-tool-ansible\n\n.. image:: https://img.shields.io/badge/dynamic/json?style=flat\u0026label=galaxy\u0026prefix=v\u0026url=https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/index/ktdreyer/errata_tool_ansible/\u0026query=highest_version.version\n :target: https://galaxy.ansible.com/ui/repo/published/ktdreyer/errata_tool_ansible/\n\nAnsible modules to manage Errata Tool resources.\n\nThis is not about installing the Errata Tool. Instead, it is a way to\ndeclaratively define things within Errata Tool, where you might normally use\nthe Errata Tool UI.\n\nerrata_tool_product\n-------------------\n\nThe ``errata_tool_product`` module can create or update products within the\nErrata Tool.\n\n.. code-block:: yaml\n\n - name: Add RHCEPH product\n errata_tool_product:\n short_name: RHCEPH\n name: Red Hat Ceph Storage\n description: Red Hat Ceph Storage\n bugzilla_product_name: \"\"\n valid_bug_states:\n - ASSIGNED\n - MODIFIED\n - NEW\n - ON_DEV\n - ON_QA\n - POST\n - VERIFIED\n active: true\n ftp_subdir: RHCEPH\n internal: false\n default_docs_reviewer: docs-errata-list@redhat.com\n push_targets:\n - ftp\n - cdn_stage\n - cdn_docker_stage\n - cdn_docker\n - cdn\n default_solution: enterprise\n state_machine_rule_set: Default\n move_bugs_on_qe: false\n show_bug_package_mismatch_warning: true\n suppress_push_request_jira: false\n\n\nerrata_tool_product_version\n---------------------------\n\nThe ``errata_tool_product_version`` module can create or update Product\nVersions within the Errata Tool.\n\n.. code-block:: yaml\n\n - name: Add RHCEPH 4.0 RHEL 8 Product Version\n errata_tool_product_version:\n product: RHCEPH\n name: RHCEPH-4.0-RHEL-8\n description: Red Hat Ceph Storage 4.0\n default_brew_tag: ceph-4.0-rhel-8-candidate\n allow_rhn_debuginfo: false\n is_oval_product: false\n is_rhel_addon: false\n is_server_only: false\n rhel_release_name: RHEL-8\n sig_key_name: redhatrelease2\n container_sig_key_name: redhatrelease2\n allow_buildroot_push: false\n push_targets:\n - ftp\n - cdn_stage\n - cdn_docker_stage\n - cdn_docker\n - cdn\n suppress_push_request_jira: false\n allow_unreleased_rpms: false\n\nerrata_tool_release\n-------------------\n\nThe ``errata_tool_release`` module can create or update Releases within the\nErrata Tool.\n\n.. code-block:: yaml\n\n - name: Add rhceph-4.0 release\n errata_tool_release:\n product: RHCEPH\n name: rhceph-4.0\n type: QuarterlyUpdate\n description: Red Hat Ceph Storage 4.0\n product_versions:\n - RHCEPH-4.0-RHEL-8\n - RHEL-7-RHCEPH-4.0\n enabled: true\n active: true\n enable_batching: false\n program_manager: coolmanager@redhat.com\n blocker_flags:\n - ceph-4\n internal_target_release: \"\"\n zstream_target_release: null\n ship_date: '2020-01-31'\n allow_shadow: false\n allow_blocker: false\n allow_exception: false\n allow_pkg_dupes: true\n supports_component_acl: true\n limit_bugs_by_product: false\n state_machine_rule_set: null\n brew_tags: []\n is_silent: false\n\n\nerrata_tool_variant\n-------------------\n\nThe ``errata_tool_variant`` module can create or update Variants within the\nErrata Tool.\n\n.. code-block:: yaml\n\n - name: Add RHCEPH 4.0 Tools variant\n errata_tool_variant:\n name: 8Base-RHCEPH-4.0-Tools\n description: Red Hat Ceph Storage 4.0 Tools\n cpe: \"cpe:/a:redhat:ceph_storage:4::el8\"\n enabled: true\n buildroot: false\n product_version: RHCEPH-4.0-RHEL-8\n rhel_variant: 8Base\n push_targets: []\n override_ftp_base_folder: \"8Base\"\n\nerrata_tool_cdn_repo\n--------------------\n\nThe ``errata_tool_cdn_repo`` module can create or update CDN Repos within the\nErrata Tool.\n\n.. code-block:: yaml\n\n - name: Add rhceph/rhceph-4-rhel8 cdn repo\n errata_tool_cdn_repo:\n name: rhceph/rhceph-4-rhel8\n external_name: rhceph/rhceph-4-rhel8\n release_type: Primary\n content_type: Docker\n variants:\n - 8Base-RHCEPH-4.0-Tools\n packages:\n rhceph-container:\n - latest\n - \"{% raw %}{{version}}{% endraw %}\"\n - \"{% raw %}{{version}}-{{release}}{% endraw %}\"\n\nNote that if you want to use a tag string like ``{{version}}`` for your\npackage, you must escape the double brackets for Ansible with the\n``{% raw %} ... {% endraw %}`` syntax. If you pass the values into Ansible\nTower's REST API, you may not need to escape the values like this.\n\nerrata_tool_rhel_release\n------------------------\n\nThe ``errata_tool_rhel_release`` module can create or update Rhel Releases within the Errata\nTool.\n\n.. code-block:: yaml\n\n - name: Add RHEL-2.1 rhel release\n errata_tool_rhel_release:\n name: RHEL-2.1\n description: Red Hat Advanced Server 2.1\n exclude_ftp_debuginfo: true\n\nerrata_tool_user\n----------------\n\nThe ``errata_tool_user`` module can create or update Users within the Errata\nTool.\n\n.. code-block:: yaml\n\n - name: Add program manager Errata Tool account\n errata_tool_user:\n login_name: coolprogrammanager@redhat.com\n realname: Cool ProgramManager\n organization: Program Management\n receives_mail: false\n roles:\n - pm\n\n\nerrata_tool_request\n-------------------\n\nThe ``errata_tool_request`` module can perform low-level HTTP requests to\nErrata Tool. This exposes the entire Errata Tool REST API to you directly.\nIt is like Ansible's core `uri\n\u003chttps://docs.ansible.com/ansible/latest/modules/uri_module.html\u003e`_\nmodule, except this respects the ``ERRATA_TOOL_URL`` and ``ERRATA_TOOL_AUTH``\nvariables and can perform SPENEGO (GSSAPI) authentication.\n\nWhy would you use this module instead of the higher level modules like\n``errata_tool_product``, ``errata_tool_user``, etc? This\n``errata_tool_request`` module has two main uses-cases.\n\n1. You may want to do something that the higher level modules do not yet\n support. It can be easier to use this module to quickly prototype out\n your ideas for what actions you need, and then write the Python code to\n do it in a better way later. If you find that you need to use\n ``errata_tool_request`` to achieve functionality that is not yet present in\n the other errata-tool-ansible modules, please file a Feature Request\n issue in GitHub with your use case.\n2. You want to write some tests that verify ET's data at a very low\n level. For example, you may want to write an integration test to verify\n that you've set up your ET configuration in the way you expect.\n\nNote that this module will always report \"changed: true\" every time, because\nit simply sends the request to the ET server on every ansible run. This\nmodule cannot understand if your chosen request actually \"changes\" anything.\n\n.. code-block:: yaml\n\n - name: Make a raw HTTP API call\n errata_tool_request:\n path: /api/v1/user/cooldeveloper\n register: response\n\n - name: show the parsed JSON in the HTTP response\n debug:\n var: response.json\n\n - name: check one of the values in the JSON response\n assert:\n that:\n - response.json.login_name == 'cooldeveloper@redhat.com'\n\nInstalling errata-tool-ansible from Ansible Galaxy\n--------------------------------------------------\n\nWe distribute errata-tool-ansible through the `Ansible Galaxy\n\u003chttps://galaxy.ansible.com/ktdreyer/errata_tool_ansible\u003e`_.\n\nIf you are using Ansible 2.9 or greater, you can `install\n\u003chttps://docs.ansible.com/ansible/latest/user_guide/collections_using.html\u003e`_\nerrata-tool-ansible like so::\n\n ansible-galaxy collection install ktdreyer.errata_tool_ansible\n\nThis will install the latest Git snapshot automatically. Use ``--force``\nupgrade your installed version to the latest version.\n\nPython dependencies\n-------------------\n\nThese Ansible modules require the `requests-gssapi\n\u003chttps://pypi.org/project/requests-gssapi/\u003e`_ and `lxml\n\u003chttps://pypi.org/project/lxml/\u003e`_ Python libraries. You must install these\nlibraries on the host where Ansible will execute (typically localhost).\n\nOn RHEL 7::\n\n yum -y install python-requests-gssapi python-lxml\n\nOn RHEL 8 and 9::\n\n dnf copr enable -y ktdreyer/python3.11\n yum -y install python3.11-requests-gssapi python3.11-lxml\n\nOn Fedora::\n\n yum -y install python3-requests-gssapi python3-lxml\n\nPython versions\n---------------\n\nThe errata-tool-ansible modules support RHEL 7 (Python 2.7), RHEL 8 (Python\n3.6), and Fedora (latest Python 3). If you are writing a patch, you can test\nthese Python versions by running ``tox`` locally.\n\nIf you're using RHEL 7, please upgrade to RHEL 8, because it provides a much\nbetter user experience. For example, ``python-requests-2.6.0-10.el7`` does not\n`show URLs \u003chttps://github.com/psf/requests/pull/2648\u003e`_ on failures, so it's\nharder to debug when things break.\n\nErrata Tool environment\n-----------------------\nThese modules operate on the production Errata Tool environment by default.\nYou must have a valid Kerberos ticket.\n\nYou can select another environment with the ``ERRATA_TOOL_URL`` environment\nvariable, like so::\n\n ERRATA_TOOL_URL=https://other.env/ ansible-playbook -v my-et-playbook.yml\n\nYou can disable GSSAPI (Kerberos) authentication with the ``ERRATA_TOOL_AUTH``\nenvironment variable::\n\n ERRATA_TOOL_URL=https://other.env/ ERRATA_TOOL_AUTH=notkerberos ansible-playbook ...\n\nYou can use Ansible's ``environment`` setting with your tasks or playbooks.\nHere's an example playbook that calls a custom role with those variables set:\n\n.. code-block:: yaml\n\n - name: ensure ET configuration\n gather_facts: no\n hosts: localhost\n connection: local\n environment:\n ERRATA_TOOL_URL: https://other.env/\n ERRATA_TOOL_AUTH: notkerberos\n roles:\n - my-custom-et-role\n\nThere is no support for HTTP Basic auth at this time.\n\nSSL verification\n----------------\n\nThis Ansible module verifies the ET server's HTTPS certificate by default.\nIf you receive an SSL verification error, it's probably because you don't have\nthe Red Hat IT CA set up for your Python environment (particularly if you're\nusing a virtualenv). python-requests defaults to using ``certifi.where()``,\nwhich may not point at a CA bundle that contains the RH IT CA.\n\nYou can use Ansible's ``environment`` setting with your tasks or playbooks.\nHere's an example playbook that calls a custom role with those variables set:\n\n.. code-block:: yaml\n\n - name: ensure ET configuration\n gather_facts: no\n hosts: localhost\n connection: local\n environment:\n REQUESTS_CA_BUNDLE: /etc/pki/ca-trust/source/anchors/RH-IT-Root-CA.crt\n roles:\n - my-custom-et-role\n\n\nWhere ``RH-IT-Root-CA.crt`` is the public cert that signed the ET server's\nHTTPS certificate.\n\nStrict user checking\n--------------------\n\nFor modules operating with Errata user accounts, you can optionally\nuse ``ANSIBLE_STRICT_USER_CHECK_MODE`` environment variable to control\nwhether the module should check that the user account exists or not\nduring a check mode.\n\nIf ``ANSIBLE_STRICT_USER_CHECK_MODE`` is ``False`` or unset (default),\nmodules will not validate user accounts during check mode.\n\nIf ``ANSIBLE_STRICT_USER_CHECK_MODE`` is ``True`` and check mode is on,\nthe modules will check the user account and fail if they don't exist, are not\nenabled, or lack required roles.\n\nExample of using strict user checking::\n\n ANSIBLE_STRICT_USER_CHECK_MODE=1 ansible-playbook my-et-playbook.yml -v --check\n\nIt's also possible to set the environment variable in the playbook itself:\n\n.. code-block:: yaml\n\n - name: test strict user checking\n environment:\n ANSIBLE_STRICT_USER_CHECK_MODE: true\n\nTrying to set ``default_docs_reviewer`` in errata_tool_product, for example,\nfor a non-existing account would produce the following error::\n\n default_docs_reviewer noexist account not found\n\nAnd trying to set ``default_docs_reviewer`` without the ``docs`` role::\n\n User nodocsrole does not have 'docs' role in ET\n\nFile paths\n----------\n\nThese modules import ``common_errata_tool`` from the ``module_utils``\ndirectory.\n\nOne easy way to arrange your Ansible files is to symlink the ``library`` and\n``module_utils`` directories into the directory with your playbook.\n\nFor example, if you have a ``errata-tool.yml`` playbook that you run with\n``ansible-playbook``, it should live alongside these ``library`` and\n``module_utils`` directories::\n\n top\n ├── errata-tool.yml\n ├── module_utils\n └── library\n\nand you should run the playbook like so::\n\n ansible-playbook errata-tool.yml\n\nLicense\n-------\n\nThis errata-tool-ansible project is licensed under the GPLv3-or-later to match\nAnsible's license.\n\n\nTODO\n----\n\n* Unit tests\n\n* Integration tests\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frelease-engineering%2Ferrata-tool-ansible","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frelease-engineering%2Ferrata-tool-ansible","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frelease-engineering%2Ferrata-tool-ansible/lists"}