HOTFIX: workaround for bug in yum_versionlock

See ansible-collections/community.general#4470
for details about the bug.  Previously, holding back the version of the
community.general collection to version 3.2 prevented the bug from
impacting us, but now this version can no longer be installed. Since the
bug only impacts idempotency, we decided to switch to the most recent
version of community.general and mark all yum_versionlock tasks as
non_idempotent.

init-ansible

@@ -5,21 +5,23 @@
 # Usage:
 #  init-ansible
 
-set -e
+set -o errexit
 
 if [[ "$OSTYPE" == "darwin"* ]]
 then
-  readonly ExecName=$(greadlink -f "$0")
+  ExecName=$(greadlink -f "$0")
 else
-  readonly ExecName=$(readlink --canonicalize "$0")
+  ExecName=$(readlink --canonicalize "$0")
 fi
+readonly ExecName
 
-readonly PlaybooksDir=$(dirname "$ExecName")
+PlaybooksDir=$(dirname "$ExecName")
+readonly PlaybooksDir
 
 
 main()
 {
-  ansible-galaxy install -r "$PlaybooksDir"/requirements.yml
+  ansible-galaxy install --force -r "$PlaybooksDir"/requirements.yml
 
   local roleDir
 

irods/create_catalog_provider.yml

@@ -3,31 +3,31 @@
   hosts: dbms
   become: true
   tasks:
-    - name: enable notifications when not testing
-      set_fact:
+    - name: Enable notifications when not testing
+      ansible.builtin.set_fact:
         notifications_enabled: true
       tags:
         - no_testing
 
-    - name: allow communication with Postgres DBMS
-      blockinfile:
+    - name: Allow communication with Postgres DBMS
+      ansible.builtin.blockinfile:
         path: "{{ _irods_dbms_pg_hba }}"
         marker: "# {mark} DS IRODS MANAGED BLOCK"
         block: |
           {% for i in groups['irods_catalog'] %}
-          {%   set addr = i if i|ansible.utils.ipaddr else lookup('dig', i) %}
+          {% set addr = i if i | ansible.utils.ipaddr else lookup('dig', i) %}
           {{ '%-7s %-15s %-15s %-23s %s'
             | format('host', 'ICAT', hostvars[i]._irods_db_user, addr ~ '/32', 'md5') }}
           {% endfor %}
       notify:
-        - reload postgresql
+        - Reload postgresql
       tags:
         - postgres
 
   handlers:
-    - name: reload postgresql
+    - name: Reload postgresql
       when: notifications_enabled | default(false)
-      service:
+      ansible.builtin.service:
         name: postgresql
         state: reloaded
 
@@ -49,50 +49,51 @@
     odbc_setup: >-
       {{ lookup('ini', 'Setup file=files/postgresql-odbc-tmpl.ini section=PostgreSQL') }}
   tasks:
-    - name: configure linux kernel
+    - name: Configure linux kernel
       sysctl:
         name: kernel.{{ item.name }}
         value: "{{ item.value }}"
       with_items: "{{ _sysctl_kernel }}"
       tags:
         - no_testing
 
-    - name: verify PostgreSQL client version is 9.3 or 12
+    - name: Verify PostgreSQL client version is 9.3 or 12
       when: _irods_dbms_pg_version != '9.3' and _irods_dbms_pg_version != '12'
-      fail:
+      ansible.builtin.fail:
         msg: Only PostgreSQL client versions 9.3 and 12 are supported
 
-    - name: ensure PostgreSQL 9.3 clients are installed
+    - name: Ensure PostgreSQL 9.3 clients are installed
       when: _irods_dbms_pg_version == '9.3'
-      yum:
+      ansible.builtin.yum:
         name:
           - https://download.postgresql.org/pub/repos/yum/9.3/redhat/rhel-7-x86_64/postgresql93-libs-9.3.25-1PGDG.rhel7.x86_64.rpm
           - https://download.postgresql.org/pub/repos/yum/9.3/redhat/rhel-7-x86_64/postgresql93-9.3.25-1PGDG.rhel7.x86_64.rpm
           - https://download.postgresql.org/pub/repos/yum/9.3/redhat/rhel-7-x86_64/postgresql93-odbc-10.03.0000-1PGDG.rhel7.x86_64.rpm
 
-    - when: _irods_dbms_pg_version == '12'
+    - name: Handle PostgreSQL 12
+      when: _irods_dbms_pg_version == '12'
       block:
-        - name: ensure PostgreSQL 12 repo is installed
-          yum:
+        - name: Ensure PostgreSQL 12 repo is installed
+          ansible.builtin.yum:
             name: https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
 
-        - name: ensure PostgreSQL 12 clients are installed
-          package:
+        - name: Ensure PostgreSQL 12 clients are installed
+          ansible.builtin.package:
             name:
               - postgresql12
               - postgresql12-odbc
             state: present
 
-        - name: add postgres 12 clients to path
-          copy:
+        - name: Add postgres 12 clients to path
+          ansible.builtin.copy:
             src: "{{ item }}"
             dest: /etc/profile.d
             mode: a+r
           with_fileglob:
             - "files/profile.d/*"
 
-        - name: define PostgreSQL 12 ODBC Driver
-          shell: |
+        - name: Define PostgreSQL 12 ODBC Driver
+          ansible.builtin.shell: |
             if driverDef="$(odbcinst -q -d -n PostgreSQL)"; then
               description="$(sed --quiet 's/^Description=//p' <<< "$driverDef")"
               driver="$(sed --quiet 's/^Driver=//p' <<< "$driverDef")"
@@ -113,27 +114,31 @@
           register: result
           changed_when: result.stdout == 'changed'
 
-    - name: ensure required packages are installed
-      package:
+    - name: Ensure required packages are installed
+      ansible.builtin.package:
         name: "{{ item }}"
         state: present
       with_items:
         - mailx
         - parallel
 
-    - name: ensure pika installed
-      pip:
+    - name: Ensure pika installed
+      ansible.builtin.pip:
         name: pika<1.2
         state: present
 
-    - name: lock irods-database-plugin-postgres to required version
+    - name: Lock irods-database-plugin-postgres to required version
       yum_versionlock:
         name:
           - irods-database-plugin-postgres-{{ _irods_version }}
         state: present
+# XXX - Due to https://github.com/ansible-collections/community.general/issues/4470, this isn't
+# idempotent.
+      tags: non_idempotent
+# XXX - ^^^
 
-    - name: install irods server packages
-      package:
+    - name: Install irods server packages
+      ansible.builtin.package:
         name:
           - irods-database-plugin-postgres
         state: present
@@ -153,10 +158,10 @@
   become_flags: '-i'
   gather_facts: false
   tasks:
-    - name: start iRODS
+    - name: Start iRODS
       irods_ctl:
 
-    - name: authenticate clerver
+    - name: Authenticate clerver
       irods_clerver_auth:
         provider: "{{ inventory_hostname }}"
         password: "{{ _irods_clerver_password }}"

irods/provision.yml

@@ -5,19 +5,21 @@
   collections:
     - community.general
   tasks:
-    - when: ansible_distribution == 'CentOS'
+    - name: Provision CentOS
+      when: ansible_distribution == 'CentOS'
       block:
         - name: CentOS | install iRODS package repository signing key
-          rpm_key:
+          ansible.builtin.rpm_key:
             key: https://packages.irods.org/irods-signing-key.asc
 
         - name: CentOS | install iRODS repository
-          get_url:
+          ansible.builtin.get_url:
             url: https://packages.irods.org/renci-irods.yum.repo
             dest: /etc/yum.repos.d/renci-irods.yum.repo
+            mode: u+r
 
         - name: CentOS | force import of GPG key
-          shell: |
+          ansible.builtin.shell: |
             if ! resp="$(yum --assumeyes updateinfo)"; then
               exit 1
             fi
@@ -34,41 +36,46 @@
               - irods-runtime-{{ _irods_version }}
               - irods-server-{{ _irods_version }}
             state: present
+# XXX - Due to https://github.com/ansible-collections/community.general/issues/4470, this isn't
+# idempotent.
+          tags: non_idempotent
+# XXX - ^^^
 
         - name: CentOS | install OS specific required packages
-          package:
+          ansible.builtin.package:
             name:
               - uuidd
               - which
             state: present
 
           # TODO: When upgrading to iRODS 4.2.9, remove this task.
-        - name: ensure unixODBC is installed (irods issue 5389)
-          package:
+        - name: CentOS | ensure unixODBC is installed (irods issue 5389)
+          ansible.builtin.package:
             name: unixODBC
             state: present
 
-    - when: ansible_distribution == 'Ubuntu'
+    - name: Provision Ubuntu
+      when: ansible_distribution == 'Ubuntu'
       block:
         - name: Ubuntu | install iRODS package repository signing key
-          apt_key:
+          ansible.builtin.apt_key:
             url: https://packages.irods.org/irods-signing-key.asc
 
         - name: Ubuntu | install iRODS repository
-          copy:
+          ansible.builtin.copy:
             dest: /etc/apt/sources.list.d/renci-irods.list
             mode: u+rw
             content: |
               deb [arch=amd64] https://packages.irods.org/apt/ {{ ansible_lsb.codename }} main
 
         - name: Ubuntu | update apt cache
-          apt:
+          ansible.builtin.apt:
             update_cache: true
           tags:
             - non_idempotent
 
         - name: Ubuntu | lock iRODS packages to required version
-          copy:
+          ansible.builtin.copy:
             dest: /etc/apt/preferences.d/irods
             mode: u+rw
             content: |
@@ -77,24 +84,24 @@
               Pin-Priority: 1001
 
         - name: Ubuntu | install OS specific required packages
-          package:
+          ansible.builtin.package:
             name:
               - debianutils
               - uuid-runtime
             state: present
 
-    - name: install iRODS server
-      package:
+    - name: Install iRODS server
+      ansible.builtin.package:
         name: irods-server
         state: present
 
-    - name: create service group
-      group:
+    - name: Create service group
+      ansible.builtin.group:
         name: "{{ _irods_service_group_name }}"
         system: true
 
-    - name: create service account
-      user:
+    - name: Create service account
+      ansible.builtin.user:
         name: "{{ _irods_service_account_name }}"
         system: true
         home: /var/lib/irods
@@ -106,8 +113,8 @@
 
     - import_tasks: tasks/ensure_irods_ownership.yml
 
-    - name: ensure default policy files are up-to-date
-      copy:
+    - name: Ensure default policy files are up-to-date
+      ansible.builtin.copy:
         dest: /etc/irods/{{ item }}
         src: /var/lib/irods/packaging/{{ item }}.template
         remote_src: true

irods/tasks/install_plugins.yml

@@ -1,38 +1,37 @@
 ---
-- name: ensure netcdf plugins not installed
-  package:
+- name: Ensure netcdf plugins not installed
+  ansible.builtin.package:
     name:
       - irods-icommands-netcdf
       - irods-microservice-plugin-netcdf
       - irods-api-plugin-netcdf
     state: absent
 
-- name: ensure netcdf rpms removed
-  file:
+- name: Ensure netcdf rpms removed
+  ansible.builtin.file:
     path: /root/{{ item }}-1.0-centos{{ ansible_distribution_major_version }}.rpm
     state: absent
   with_items:
     - irods-icommands-netcdf
     - irods-microservice-plugin-netcdf
     - irods-api-plugin-netcdf
 
-- name: install NetCDF plugins
-  yum:
+- name: Install NetCDF plugins
+  ansible.builtin.yum:
     name:
       - http://people.renci.org/~dmoore/irods_netcdf/packages_2021_03_24/irods-netcdf-client_modules-4.2.8.0-centos-7-x86_64.rpm
       - http://people.renci.org/~dmoore/irods_netcdf/packages_2021_03_24/irods-netcdf-icommands-4.2.8.0-centos-7-x86_64.rpm
       - http://people.renci.org/~dmoore/irods_netcdf/packages_2021_03_24/irods-netcdf-server_modules-4.2.8.0-centos-7-x86_64.rpm
     state: present
 
-- name: lock NetCDF plugins to 4.2.8.0
-  yum_versionlock:
+- name: Lock NetCDF plugins to 4.2.8.0
+  community.general.yum_versionlock:
     name:
       - irods-netcdf-client_modules-4.2.8.0
       - irods-netcdf-icommands-4.2.8.0
       - irods-netcdf-server_modules-4.2.8.0
     state: present
-
-- name: ensure msiSetAVU microservice is absent
-  file:
-    path: /var/lib/irods/plugins/microservices/libmsiSetAVU.so
-    state: absent
+# XXX - Due to https://github.com/ansible-collections/community.general/issues/4470, this isn't
+# idempotent.
+  tags: non_idempotent
+# XXX - ^^^