From 5b09e09c603568cc2b51f7cc3e94de22d83925ea Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 23 Jan 2020 11:12:28 +1100 Subject: [PATCH] kerberos-client: remove kstart requirement on CentOS All our AFS release roles use "kinit" for authentication. The only scripts using k5start are the mirror scripts, but since that doesn't run on CentOS we don't need it there. This avoids us having to use EPEL or, on 8, an unsupported build. Anything needing to be portable should use kinit from now on. Change-Id: I6323cb835cedf9974cf8d96faa7eb55b8aaafd9a --- roles/kerberos-client/README.rst | 3 +++ .../tasks/install-packages/CentOS.yaml | 26 ------------------- .../tasks/install-packages/default.yaml | 5 ---- roles/kerberos-client/tasks/main.yaml | 18 ++++--------- roles/kerberos-client/vars/RedHat.yaml | 1 - 5 files changed, 8 insertions(+), 45 deletions(-) delete mode 100644 roles/kerberos-client/tasks/install-packages/CentOS.yaml delete mode 100644 roles/kerberos-client/tasks/install-packages/default.yaml diff --git a/roles/kerberos-client/README.rst b/roles/kerberos-client/README.rst index c2a72a81e1..8255d3de8d 100644 --- a/roles/kerberos-client/README.rst +++ b/roles/kerberos-client/README.rst @@ -1,5 +1,8 @@ An ansible role to configure a kerberos client +Note ```k5start`` is installed on Debuntu distributions, but is not +part of RedHat distributions. + **Role Variables** .. zuul:rolevar:: kerberos_realm diff --git a/roles/kerberos-client/tasks/install-packages/CentOS.yaml b/roles/kerberos-client/tasks/install-packages/CentOS.yaml deleted file mode 100644 index 2a4a3332ec..0000000000 --- a/roles/kerberos-client/tasks/install-packages/CentOS.yaml +++ /dev/null @@ -1,26 +0,0 @@ -- name: Ensure EPEL is pre-installed - package: - name: - - epel-release - state: present - become: yes - -# Until in EPEL8; see: -# https://bugzilla.redhat.com/show_bug.cgi?id=1791168 -- name: Install kstart copr repo for CentOS8 - command: dnf copr enable -y iwienand/kstart - become: yes - when: ansible_distribution_major_version == '8' - -- name: Install kerberos client packages - yum: - name: '{{ kerberos_client_packages }}' - enablerepo: epel - state: present - become: yes - -- name: Remove kstart copr repo for CentOS8 - command: dnf copr remove -y iwienand/kstart - become: yes - when: ansible_distribution_major_version == '8' - diff --git a/roles/kerberos-client/tasks/install-packages/default.yaml b/roles/kerberos-client/tasks/install-packages/default.yaml deleted file mode 100644 index e93dabdd79..0000000000 --- a/roles/kerberos-client/tasks/install-packages/default.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Install kerberos client packages - package: - name: '{{ kerberos_client_packages }}' - state: present - become: yes diff --git a/roles/kerberos-client/tasks/main.yaml b/roles/kerberos-client/tasks/main.yaml index c71cedbae1..eef58302ec 100644 --- a/roles/kerberos-client/tasks/main.yaml +++ b/roles/kerberos-client/tasks/main.yaml @@ -24,16 +24,8 @@ src: etc/krb5.conf.j2 become: yes -# NOTE(ianw): urgh, we have to install with yum directly to enable -# epel on CentOS for kstart, which is a pretty hard dependency for -# useful automation. If this ever changes, remove this and we can -# just go back to generic package: installer. -- name: Distro install kerberos client packages - include_tasks: "{{ lookup('first_found', params) }}" - vars: - params: - files: - - "{{ ansible_distribution }}.yaml" - - "default.yaml" - paths: - - install-packages \ No newline at end of file +- name: Install kerberos client packages + package: + name: '{{ kerberos_client_packages }}' + state: present + become: yes diff --git a/roles/kerberos-client/vars/RedHat.yaml b/roles/kerberos-client/vars/RedHat.yaml index 764bf347fb..eadf5df02c 100644 --- a/roles/kerberos-client/vars/RedHat.yaml +++ b/roles/kerberos-client/vars/RedHat.yaml @@ -1,3 +1,2 @@ kerberos_client_packages: - krb5-workstation - - kstart