-
Notifications
You must be signed in to change notification settings - Fork 30
feat: add Ubuntu 22.04 and 24.04 support #412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
0b5cb86
ecb4db3
e816e05
3edee4f
b7009d5
f674a05
c981a7b
d7dee7d
f1b2514
5bb5c12
cc8e201
7050791
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -93,6 +93,24 @@ | |
| - ansible_facts["distribution"] in ['CentOS', 'RedHat'] | ||
| - ansible_facts["distribution_major_version"] is version('10', '=') | ||
|
|
||
| - name: Fail on Ubuntu when mssql_ha_configure is requested because it is not supported | ||
| fail: | ||
| msg: >- | ||
| This role does not support mssql_ha_configure on Ubuntu. HA configuration | ||
| is only supported on RHEL, CentOS, Fedora, and SLES platforms. | ||
| when: | ||
| - mssql_ha_configure | bool | ||
| - ansible_facts["distribution"] == 'Ubuntu' | ||
|
|
||
| - name: Fail on Ubuntu when mssql_ad_configure is requested because it is not supported | ||
| fail: | ||
| msg: >- | ||
| This role does not support mssql_ad_configure on Ubuntu. AD configuration | ||
| is only supported on RHEL platforms. | ||
| when: | ||
| - mssql_ad_configure | bool | ||
| - ansible_facts["distribution"] == 'Ubuntu' | ||
|
|
||
| - name: Verify that the user accepts EULA variables | ||
| assert: | ||
| that: | ||
|
|
@@ -249,6 +267,49 @@ | |
| state: present | ||
| register: __mssql_gpg | ||
| until: __mssql_gpg is success | ||
| when: ansible_facts["pkg_mgr"] != 'apt' | ||
|
|
||
| - name: Deploy the GPG key for Microsoft repositories on Ubuntu | ||
| when: ansible_facts["pkg_mgr"] == 'apt' | ||
| block: | ||
| - name: Ensure gnupg is installed for key conversion | ||
| apt: | ||
| name: gnupg | ||
| state: present | ||
| update_cache: true | ||
|
|
||
| - name: Download Microsoft GPG key | ||
| get_url: | ||
| url: "{{ mssql_rpm_key }}" | ||
| dest: /tmp/microsoft.asc | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please use |
||
| mode: '0644' | ||
| register: __mssql_gpg_download | ||
| until: __mssql_gpg_download is success | ||
| retries: 3 | ||
| delay: 5 | ||
|
|
||
| - name: Check if Microsoft GPG keyring already exists | ||
| stat: | ||
| path: "{{ __mssql_gpg_key_dest }}" | ||
| register: __mssql_gpg_key_stat | ||
|
|
||
| - name: Convert Microsoft GPG key to binary keyring format | ||
| command: >- | ||
| gpg --batch --no-tty --yes --dearmor -o {{ __mssql_gpg_key_dest }} /tmp/microsoft.asc | ||
| when: __mssql_gpg_download is changed or not __mssql_gpg_key_stat.stat.exists | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. if this stat exists this whole block can be skipped. So put this task above the block and make the block run if this doesn't exist.
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
| changed_when: __mssql_gpg_download is changed or not __mssql_gpg_key_stat.stat.exists | ||
|
|
||
| - name: Ensure correct permissions on Microsoft GPG keyring | ||
| file: | ||
| path: "{{ __mssql_gpg_key_dest }}" | ||
| owner: root | ||
| group: root | ||
| mode: '0644' | ||
|
|
||
| - name: Remove temporary Microsoft GPG key file | ||
| file: | ||
| path: /tmp/microsoft.asc | ||
| state: absent | ||
|
|
||
| - name: Prepare for the upgrade on RedHat | ||
| when: | ||
|
|
@@ -345,6 +406,63 @@ | |
| failed_when: not __zypper_addrepo_server_output.rc in [0, 4] | ||
| changed_when: __zypper_addrepo_server_output.rc != 4 | ||
|
|
||
| - name: Prepare for the upgrade on Ubuntu | ||
| when: | ||
| - __mssql_current_version is defined | ||
| - mssql_upgrade | bool | ||
| - ansible_facts["pkg_mgr"] == 'apt' | ||
| - __mssql_server_repository_list_url is defined | ||
| - __mssql_current_version | int != mssql_version | int | ||
| file: | ||
| path: /etc/apt/sources.list.d/mssql-server-{{ __mssql_current_version | int }}.list | ||
| state: absent | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This task is not idempotent and will run each role invocation. So each time it will remove this file and download it again. Is it possible to verify e.g. checksums of this file and the file to be installed?
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fixed by downloading to a temp file first, then using copy with remote_src: true to compare checksums before writing subsequent runs report ok when the .list content hasn't changed. Temp file is cleaned up after. |
||
|
|
||
| - name: Configure the Microsoft SQL Server repositories on Ubuntu | ||
| when: | ||
| - ansible_facts["pkg_mgr"] == 'apt' | ||
| - >- | ||
| (__mssql_server_packages not in ansible_facts.packages) or | ||
| (mssql_upgrade | bool) | ||
| block: | ||
| - name: Download packages-microsoft-prod.deb | ||
| get_url: | ||
| url: "{{ __mssql_prod_pkg_url }}" | ||
| dest: /tmp/packages-microsoft-prod.deb | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. use tempfile too. That's for safety to not overwrite files that might exist in users' environment |
||
| mode: '0644' | ||
| when: __mssql_prod_pkg_url is defined | ||
|
|
||
| - name: Install packages-microsoft-prod.deb | ||
| apt: | ||
| deb: /tmp/packages-microsoft-prod.deb | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Actually, ansible-doc for |
||
| when: __mssql_prod_pkg_url is defined | ||
|
|
||
| - name: Download SQL Server repository list file to temp location | ||
| get_url: | ||
| url: "{{ __mssql_server_repository_list_url }}" | ||
| dest: /tmp/mssql-server-{{ mssql_version | int }}.list | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. here tempfile too |
||
| mode: '0644' | ||
| force: true | ||
| when: __mssql_server_repository_list_url is defined | ||
|
|
||
| - name: Install SQL Server repository list file only if content changed | ||
| copy: | ||
| src: /tmp/mssql-server-{{ mssql_version | int }}.list | ||
| dest: /etc/apt/sources.list.d/mssql-server-{{ mssql_version | int }}.list | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please make this idempotent by first identifying if this file exists and has a correct content. If not exist the role can download directly to this path. If exists - check if content is correct. If not correct - move the original file to a backup location and download a new file here. |
||
| remote_src: true | ||
| mode: '0644' | ||
| when: __mssql_server_repository_list_url is defined | ||
|
|
||
| - name: Remove temporary SQL Server repository list file | ||
| file: | ||
| path: /tmp/mssql-server-{{ mssql_version | int }}.list | ||
| state: absent | ||
| when: __mssql_server_repository_list_url is defined | ||
|
|
||
| - name: Update apt cache after configuring Microsoft SQL Server repository | ||
| apt: | ||
| update_cache: true | ||
| when: ansible_facts["pkg_mgr"] == 'apt' | ||
|
|
||
| - name: Configure to run as a confined application with SELinux | ||
| package: | ||
| name: "{{ __mssql_server_selinux_packages }}" | ||
|
|
@@ -367,6 +485,8 @@ | |
| else | ||
| echo "" | ||
| fi | ||
| args: | ||
| executable: /bin/bash | ||
| changed_when: false | ||
| register: __mssql_errorlog | ||
| check_mode: false | ||
|
|
@@ -570,6 +690,21 @@ | |
| failed_when: not __zypper_addrepo_tools_output.rc in [0, 4] | ||
| changed_when: __zypper_addrepo_tools_output.rc != 4 | ||
|
|
||
| - name: Configure the Microsoft SQL Server Tools repository on Ubuntu 22 using list file | ||
| get_url: | ||
| url: "{{ __mssql_client_repository_list_url }}" | ||
| dest: /etc/apt/sources.list.d/mssql-release.list | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can you make this idempotent too? |
||
| mode: '0644' | ||
| when: | ||
| - ansible_facts["pkg_mgr"] == 'apt' | ||
| - __mssql_client_repository_list_url is defined | ||
|
|
||
| - name: Update apt cache after configuring Microsoft SQL Server Tools repository | ||
| apt: | ||
| update_cache: true | ||
| cache_valid_time: 3600 | ||
| when: ansible_facts["pkg_mgr"] == 'apt' | ||
|
|
||
| - name: Ensure that SQL Server client tools are installed | ||
| package: | ||
| name: "{{ __mssql_client_packages }}" | ||
|
|
@@ -580,6 +715,15 @@ | |
| - name: Configure TLS encryption | ||
| when: mssql_tls_enable is not none | ||
| block: | ||
| - name: Ensure TLS private key directory exists | ||
| file: | ||
| path: "{{ __mssql_tls_private_key_dest_dir }}" | ||
| state: directory | ||
| owner: mssql | ||
| group: mssql | ||
| mode: "0700" | ||
| when: mssql_tls_enable | bool | ||
|
|
||
| - name: >- | ||
| Create certificate and private_key files and set mssql_tls_cert | ||
| and _private_key | ||
|
|
@@ -621,8 +765,8 @@ | |
| src: "{{ item }}" | ||
| remote_src: "{{ mssql_tls_remote_src }}" | ||
| dest: >- | ||
| /etc/pki/tls/{{ 'certs' if item == mssql_tls_cert | ||
| else 'private' }}/{{ item | basename }} | ||
| {{ __mssql_tls_cert_dest_dir if item == mssql_tls_cert | ||
| else __mssql_tls_private_key_dest_dir }}/{{ item | basename }} | ||
| owner: mssql | ||
| group: mssql | ||
| mode: "0600" | ||
|
|
@@ -635,7 +779,7 @@ | |
| include_tasks: mssql_conf_setting.yml | ||
| vars: | ||
| __mssql_tls_cert_dest: >- | ||
| /etc/pki/tls/certs/{{ mssql_tls_cert | basename }} | ||
| {{ __mssql_tls_cert_dest_dir }}/{{ mssql_tls_cert | basename }} | ||
| __mssql_conf_setting: "network tlscert" | ||
| __mssql_conf_setting_value: >- | ||
| {{ __mssql_tls_cert_dest if mssql_tls_enable else 'unset' }} | ||
|
|
@@ -644,7 +788,7 @@ | |
| include_tasks: mssql_conf_setting.yml | ||
| vars: | ||
| __mssql_tls_private_key_dest: >- | ||
| /etc/pki/tls/private/{{ mssql_tls_private_key | basename }} | ||
| {{ __mssql_tls_private_key_dest_dir }}/{{ mssql_tls_private_key | basename }} | ||
| __mssql_conf_setting: "network tlskey" | ||
| __mssql_conf_setting_value: >- | ||
| {{ __mssql_tls_private_key_dest if mssql_tls_enable else 'unset' }} | ||
|
|
@@ -670,6 +814,8 @@ | |
| set -euo pipefail; | ||
| grep '^forceencryption' {{ __mssql_conf_path }} | ||
| | sed 's/forceencryption = //g' | ||
| args: | ||
| executable: /bin/bash | ||
| changed_when: false | ||
| failed_when: false | ||
| register: __mssql_forceencryption_val | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| # SPDX-License-Identifier: MIT | ||
| --- | ||
| __mssql_supported_versions: | ||
| - 2022 | ||
| - 2025 | ||
| __mssql_confined_supported: false | ||
| __mssql_tuned_supported: false | ||
| __mssql_gpg_key_dest: /usr/share/keyrings/microsoft-prod.gpg | ||
| __mssql_tls_cert_dest_dir: /etc/ssl/certs | ||
| __mssql_tls_private_key_dest_dir: /etc/ssl/mssql | ||
| __mssql_server_repository: '' | ||
| __mssql_client_repository: '' | ||
| __mssql_client_packages: | ||
| - "mssql-tools{{ '' if __sqlcmd_ver | int == 17 else __sqlcmd_ver }}" | ||
| - unixodbc-dev |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| # SPDX-License-Identifier: MIT | ||
| --- | ||
| __mssql_server_repository_list_url: >- | ||
| https://packages.microsoft.com/config/ubuntu/22.04/mssql-server-{{ mssql_version | int }}.list | ||
| __mssql_client_repository_list_url: >- | ||
| https://packages.microsoft.com/config/ubuntu/22.04/prod.list |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # SPDX-License-Identifier: MIT | ||
| --- | ||
| __mssql_prod_pkg_url: >- | ||
| https://packages.microsoft.com/config/ubuntu/24.04/packages-microsoft-prod.deb | ||
| __mssql_server_repository_list_url: >- | ||
| https://packages.microsoft.com/config/ubuntu/24.04/mssql-server-{{ mssql_version | int }}.list | ||
| __mssql_supported_versions: | ||
| - 2025 |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -33,6 +33,9 @@ __mssql_version_package_mapping: | |
| - 2017: 14 | ||
| - 2019: 15 | ||
| - 2022: 16 | ||
| - 2025: 17 | ||
|
Collaborator
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I didn't know there is a new version. Is it fully supported?
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes 2025 version is supported, just configured using this branch of mine in Ubuntu 24.04 |
||
| __mssql_tls_cert_dest_dir: /etc/pki/tls/certs | ||
| __mssql_tls_private_key_dest_dir: /etc/pki/tls/private | ||
| __mssql_keytab_path: /var/opt/mssql/secrets/mssql.keytab | ||
| __mssql_conf_path: /var/opt/mssql/mssql.conf | ||
| __mssql_conf_cli: /opt/mssql/bin/mssql-conf | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ansible-lint doesn't work well with these definitions. You can define ubunthu versions in galaxy_tags below