Bug #34738
open
Foreman Ansible should not offer Ansible content management jobs
Description
Ohai,
today, foreman_ansible offers several Job Templates that allow installing Ansible content on systems:app/views/foreman_ansible/job_templates/ansible_collections_-_install_from_galaxy.erbapp/views/foreman_ansible/job_templates/ansible_roles_-_install_from_galaxy.erbapp/views/foreman_ansible/job_templates/ansible_roles_-_install_from_git.erb
I think we should not offer these and let the user decide on a proper way to deploy content on their nodes (much like we do with Puppet these days).
Let me elaborate on the reasoning:
1. The behavior of ansible-galaxy if configured with multiple content sources is irritating at best (see https://www.die-welt.net/2021/12/dependency-confusion-in-the-ansible-galaxy-cli/ and https://github.com/ansible/ansible/issues/76402)
2. Besides audit log and tasks history there is no trace who/when a certain content item was deployed.
3. If you have collectionA installed, that depends on collectionB version 1.0.0, and now ask to install collectionC that depends on collectionB version 2.0.0, B will be updated to 2.0.0, breaking collectionA.
4. The best practice is to use a requirements.yml in Git and let some automation deploy it. Much like you'd use a Puppetfile/Puppetfile.lock and r10k/g10k/librarian in the Puppet world.
All in all, I think we should drop these jobs and point users at Ansible best practices instead.
No data to display