From dc32b52f08da551f23070d0915d78da0627aec3c Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Tue, 3 Mar 2020 15:07:31 +0000 Subject: [PATCH] CentOS 8: Support DNF Adds support for configuration of DNF repo mirrors for CentOS and EPEL repositories, as well as custom repositories. Adds support for DNF automatic, which is a replacement for yum-cron. Configuration is backwards compatible, falling back to the equivalent yum variables when DNF variables have not been overridden. Change-Id: I8bef5e9c8e1c77c25d6077ff690da8f2cde6a643 Story: 2006574 Task: 38922 --- ansible/dnf.yml | 16 +++ ansible/group_vars/all/dnf | 52 +++++++++ ansible/group_vars/all/yum | 28 +++++ ansible/group_vars/all/yum-cron | 6 ++ ansible/roles/dnf-automatic/defaults/main.yml | 6 ++ ansible/roles/dnf-automatic/tasks/main.yml | 27 +++++ ansible/roles/dnf/defaults/main.yml | 35 ++++++ ansible/roles/dnf/tasks/custom-repo.yml | 27 +++++ ansible/roles/dnf/tasks/local-mirror.yml | 46 ++++++++ ansible/roles/dnf/tasks/main.yml | 14 +++ .../dnf/templates/CentOS-AppStream.repo.j2 | 19 ++++ .../roles/dnf/templates/CentOS-Base.repo.j2 | 19 ++++ .../roles/dnf/templates/CentOS-Extras.repo.j2 | 20 ++++ .../roles/dnf/templates/epel-modular.repo.j2 | 23 ++++ ansible/roles/dnf/templates/epel.repo.j2 | 23 ++++ ansible/yum.yml | 17 +-- doc/source/configuration/hosts.rst | 102 +++++++++++++++++- etc/kayobe/dnf.yml | 67 ++++++++++++ etc/kayobe/yum-cron.yml | 2 + etc/kayobe/yum.yml | 3 + kayobe/cli/commands.py | 8 +- kayobe/tests/unit/cli/test_commands.py | 3 + releasenotes/notes/dnf-2071fc40b0d783b6.yaml | 20 ++++ 23 files changed, 570 insertions(+), 13 deletions(-) create mode 100644 ansible/dnf.yml create mode 100644 ansible/group_vars/all/dnf create mode 100644 ansible/group_vars/all/yum-cron create mode 100644 ansible/roles/dnf-automatic/defaults/main.yml create mode 100644 ansible/roles/dnf-automatic/tasks/main.yml create mode 100644 ansible/roles/dnf/defaults/main.yml create mode 100644 ansible/roles/dnf/tasks/custom-repo.yml create mode 100644 ansible/roles/dnf/tasks/local-mirror.yml create mode 100644 ansible/roles/dnf/tasks/main.yml create mode 100644 ansible/roles/dnf/templates/CentOS-AppStream.repo.j2 create mode 100644 ansible/roles/dnf/templates/CentOS-Base.repo.j2 create mode 100644 ansible/roles/dnf/templates/CentOS-Extras.repo.j2 create mode 100644 ansible/roles/dnf/templates/epel-modular.repo.j2 create mode 100644 ansible/roles/dnf/templates/epel.repo.j2 create mode 100644 etc/kayobe/dnf.yml create mode 100644 releasenotes/notes/dnf-2071fc40b0d783b6.yaml diff --git a/ansible/dnf.yml b/ansible/dnf.yml new file mode 100644 index 000000000..bfc187882 --- /dev/null +++ b/ansible/dnf.yml @@ -0,0 +1,16 @@ +--- +- name: Ensure DNF repos are configured + hosts: seed-hypervisor:seed:overcloud + tags: + - dnf + tasks: + - block: + - import_role: + name: dnf + - import_role: + name: dnf-automatic + tags: + - dnf-automatic + when: + - ansible_os_family == 'RedHat' + - ansible_distribution_major_version | int >= 8 diff --git a/ansible/group_vars/all/dnf b/ansible/group_vars/all/dnf new file mode 100644 index 000000000..8ce6193a2 --- /dev/null +++ b/ansible/group_vars/all/dnf @@ -0,0 +1,52 @@ +--- +# NOTE(mgoddard): Use Yum configuration for defaults for backwards +# compatibility. + +# Yum configuration. Dict mapping Yum config option names to their values. +# dnf_config: +# proxy: http://proxy.example.com +dnf_config: "{{ yum_config }}" + +# Whether or not to use a local Yum mirror. Default value is 'false'. +dnf_use_local_mirror: "{{ yum_use_local_mirror }}" + +# Mirror FQDN for Yum repos. Default value is 'mirror.centos.org'. +dnf_centos_mirror_host: "{{ yum_centos_mirror_host }}" + +# Mirror directory for Yum CentOS repos. Default value is 'centos'. +dnf_centos_mirror_directory: "{{ yum_centos_mirror_directory }}" + +# Mirror FQDN for Yum EPEL repos. Default value is +# 'download.fedoraproject.org'. +dnf_epel_mirror_host: "{{ yum_epel_mirror_host }}" + +# Mirror directory for Yum EPEL repos. Default value is 'pub/epel'. +dnf_epel_mirror_directory: "{{ yum_epel_mirror_directory }}" + +# A dict of custom repositories. +# You can see params on +# http://docs.ansible.com/ansible/latest/modules/yum_repository_module.html. +# For example: +# dnf_custom_repos: +# reponame: +# baseurl: http://repo +# file: myrepo +# gpgkey: http://gpgkey +# gpgcheck: yes +dnf_custom_repos: "{{ yum_custom_repos }}" + +# Whether to install the epel-release package. This affects RedHat-based +# systems only. Default value is 'true'. +dnf_install_epel: "{{ yum_install_epel }}" + +############################################################################### +# DNF Automatic configuration. + +# Whether DNF Automatic is enabled. This can be used to regularly apply +# security updates. Default value is 'false'. +dnf_automatic_enabled: "{{ yum_cron_enabled }}" + +# DNF Automatic upgrade type. Default value is 'security'. Note that the +# equivalent yum-cron variable is named slightly differently - +# yum_automatic_update_cmd. +dnf_automatic_upgrade_type: "{{ yum_cron_update_cmd }}" diff --git a/ansible/group_vars/all/yum b/ansible/group_vars/all/yum index 0faa506a8..f3fd955fe 100644 --- a/ansible/group_vars/all/yum +++ b/ansible/group_vars/all/yum @@ -1,8 +1,36 @@ --- +# Yum configuration. Dict mapping Yum config option names to their values. +# yum_config: +# proxy: http://proxy.example.com +yum_config: {} # Whether or not to use a local Yum mirror. yum_use_local_mirror: false +# Mirror FQDN for Yum repos. +yum_centos_mirror_host: 'mirror.centos.org' + +# Mirror directory for Yum CentOS repos. +yum_centos_mirror_directory: 'centos' + +# Mirror FQDN for Yum EPEL repos. +yum_epel_mirror_host: 'download.fedoraproject.org' + +# Mirror directory for Yum EPEL repos. +yum_epel_mirror_directory: 'pub/epel' + +# A dict of custom repositories. +# You can see params on +# http://docs.ansible.com/ansible/latest/modules/yum_repository_module.html. +# For example: +# yum_custom_repos: +# reponame: +# baseurl: http://repo +# file: myrepo +# gpgkey: http://gpgkey +# gpgcheck: yes +yum_custom_repos: {} + # Whether to install the epel-release package. This affects RedHat-based # systems only. yum_install_epel: true diff --git a/ansible/group_vars/all/yum-cron b/ansible/group_vars/all/yum-cron new file mode 100644 index 000000000..173ed1a36 --- /dev/null +++ b/ansible/group_vars/all/yum-cron @@ -0,0 +1,6 @@ +--- +# Whether to enable Yum automatic updates. +yum_cron_enabled: false + +# Command to use for Yum automatic updates. +yum_cron_update_cmd: 'security' diff --git a/ansible/roles/dnf-automatic/defaults/main.yml b/ansible/roles/dnf-automatic/defaults/main.yml new file mode 100644 index 000000000..8cb74be19 --- /dev/null +++ b/ansible/roles/dnf-automatic/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# Whether DNF Automatic is enabled. +dnf_automatic_enabled: false + +# DNF Automatic upgrade type. +dnf_automatic_upgrade_type: "security" diff --git a/ansible/roles/dnf-automatic/tasks/main.yml b/ansible/roles/dnf-automatic/tasks/main.yml new file mode 100644 index 000000000..c1e96453e --- /dev/null +++ b/ansible/roles/dnf-automatic/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- block: + - name: Install dnf-automatic + dnf: + name: dnf-automatic + state: present + + - name: Apply configuration for DNF automatic + ini_file: + path: /etc/dnf/automatic.conf + section: commands + option: "{{ item.option }}" + value: "{{ item.value }}" + loop: + - option: apply_updates + value: yes + - option: upgrade_type + value: "{{ dnf_automatic_upgrade_type }}" + + - name: Enable dnf-automatic.timer + service: + name: dnf-automatic.timer + state: "{{ 'started' if dnf_automatic_enabled | bool else 'stopped' }}" + enabled: "{{ dnf_automatic_enabled | bool }}" + + when: dnf_automatic_enabled | bool + become: true diff --git a/ansible/roles/dnf/defaults/main.yml b/ansible/roles/dnf/defaults/main.yml new file mode 100644 index 000000000..aee355b51 --- /dev/null +++ b/ansible/roles/dnf/defaults/main.yml @@ -0,0 +1,35 @@ +--- +# DNF configuration. Dict mapping DNF config option names to their values. +# dnf_config: +# proxy: http://proxy.example.com +dnf_config: {} + +# Whether or not to use a local DNF mirror. +dnf_use_local_mirror: false + +# Mirror FQDN for DNF repos. +dnf_centos_mirror_host: 'mirror.centos.org' + +# Mirror directory for DNF CentOS repos. +dnf_centos_mirror_directory: 'centos' + +# Mirror FQDN for DNF EPEL repos. +dnf_epel_mirror_host: 'download.fedoraproject.org' + +# Mirror directory for DNF EPEL repos. +dnf_epel_mirror_directory: 'pub/epel' + +# A dict of custom repositories. +# You can see params on +# http://docs.ansible.com/ansible/latest/modules/yum_repository_module.html. +# For example: +# dnf_custom_repos: +# reponame: +# baseurl: http://repo +# file: myrepo +# gpgkey: http://gpgkey +# gpgcheck: yes +dnf_custom_repos: {} + +# Whether to install the epel-release package. +dnf_install_epel: true diff --git a/ansible/roles/dnf/tasks/custom-repo.yml b/ansible/roles/dnf/tasks/custom-repo.yml new file mode 100644 index 000000000..e5fdbf2e1 --- /dev/null +++ b/ansible/roles/dnf/tasks/custom-repo.yml @@ -0,0 +1,27 @@ +--- +- name: Install custom repositories + yum_repository: + name: "{{ item.key }}" + description: "{% if 'description' in item.value %}{{ item.value.description }}{% else %}{{ item.key }} repository{% endif %}" + baseurl: "{{ item.value.baseurl }}" + file: "{{ item.value.file | default(omit)}}" + gpgkey: "{{ item.value.gpgkey | default(omit)}}" + gpgcheck: "{{ item.value.gpgcheck | default(omit)}}" + cost: "{{ item.value.cost | default(omit)}}" + enabled: "{{ item.value.enabled | default(omit)}}" + gpgcakey: "{{ item.value.gpgcakey | default(omit)}}" + metadata_expire: "{{ item.value.metadata_expire | default(omit)}}" + mirrorlist: "{{ item.value.mirrorlist | default(omit)}}" + mirrorlist_expire: "{{ item.value.mirrorlist_expire | default(omit)}}" + priority: "{{ item.value.priority | default(omit)}}" + proxy: "{{ item.value.proxy | default(omit)}}" + proxy_password: "{{ item.value.proxy_password | default(omit)}}" + proxy_username: "{{ item.value.proxy_username | default(omit)}}" + repo_gpgcheck: "{{ item.value.repo_gpgcheck | default(omit)}}" + sslverify: "{{ item.value.sslverify | default(omit)}}" + with_dict: "{{ dnf_custom_repos }}" + register: register_dnf_command + retries: 3 + delay: 10 + until: register_dnf_command is success + become: true diff --git a/ansible/roles/dnf/tasks/local-mirror.yml b/ansible/roles/dnf/tasks/local-mirror.yml new file mode 100644 index 000000000..405b5c83a --- /dev/null +++ b/ansible/roles/dnf/tasks/local-mirror.yml @@ -0,0 +1,46 @@ +--- +- name: Copy CentOS repo templates + template: + src: "{{ item }}.j2" + dest: /etc/yum.repos.d/{{ item }} + owner: root + group: root + mode: 0664 + become: True + loop: + - CentOS-AppStream.repo + - CentOS-Base.repo + - CentOS-Extras.repo + +- name: Update cache + dnf: + name: [] + update_cache: yes + become: True + +# NOTE(mgoddard): Install epel-release to ensure it does not get installed +# later and override our repo file. +- name: Install epel-release + dnf: + name: epel-release + state: installed + become: True + when: dnf_install_epel | bool + +- name: Copy EPEL repo templates + template: + src: "{{ item }}.j2" + dest: /etc/yum.repos.d/{{ item }} + owner: root + group: root + mode: 0664 + become: True + loop: + - epel.repo + - epel-modular.repo + +- name: Update cache + dnf: + name: [] + update_cache: yes + become: True diff --git a/ansible/roles/dnf/tasks/main.yml b/ansible/roles/dnf/tasks/main.yml new file mode 100644 index 000000000..1d9d3f310 --- /dev/null +++ b/ansible/roles/dnf/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Ensure dnf.conf configuration exists + ini_file: + path: /etc/dnf/dnf.conf + section: "main" + option: "{{ item.key }}" + value: "{{ item.value }}" + loop: "{{ query('dict', dnf_config) }}" + become: true + +- include_tasks: local-mirror.yml + when: dnf_use_local_mirror | bool + +- include_tasks: custom-repo.yml diff --git a/ansible/roles/dnf/templates/CentOS-AppStream.repo.j2 b/ansible/roles/dnf/templates/CentOS-AppStream.repo.j2 new file mode 100644 index 000000000..a8bd6868f --- /dev/null +++ b/ansible/roles/dnf/templates/CentOS-AppStream.repo.j2 @@ -0,0 +1,19 @@ +# CentOS-AppStream.repo +# +# The mirror system uses the connecting IP address of the client and the +# update status of each mirror to pick mirrors that are updated to and +# geographically close to the client. You should use this for CentOS updates +# unless you are manually picking other mirrors. +# +# If the mirrorlist= does not work for you, as a fall back you can try the +# remarked out baseurl= line instead. +# +# + +[AppStream] +name=CentOS-$releasever - AppStream +baseurl=http://{{ dnf_centos_mirror_host }}/{{ dnf_centos_mirror_directory }}/$releasever/AppStream/$basearch/os/ +gpgcheck=1 +enabled=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial +fastestmirror=0 diff --git a/ansible/roles/dnf/templates/CentOS-Base.repo.j2 b/ansible/roles/dnf/templates/CentOS-Base.repo.j2 new file mode 100644 index 000000000..d0ad69526 --- /dev/null +++ b/ansible/roles/dnf/templates/CentOS-Base.repo.j2 @@ -0,0 +1,19 @@ +# CentOS-Base.repo +# +# The mirror system uses the connecting IP address of the client and the +# update status of each mirror to pick mirrors that are updated to and +# geographically close to the client. You should use this for CentOS updates +# unless you are manually picking other mirrors. +# +# If the mirrorlist= does not work for you, as a fall back you can try the +# remarked out baseurl= line instead. +# +# + +[BaseOS] +name=CentOS-$releasever - Base +baseurl=http://{{ dnf_centos_mirror_host }}/{{ dnf_centos_mirror_directory }}/$releasever/BaseOS/$basearch/os/ +gpgcheck=1 +enabled=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial +fastestmirror=0 diff --git a/ansible/roles/dnf/templates/CentOS-Extras.repo.j2 b/ansible/roles/dnf/templates/CentOS-Extras.repo.j2 new file mode 100644 index 000000000..686eec73d --- /dev/null +++ b/ansible/roles/dnf/templates/CentOS-Extras.repo.j2 @@ -0,0 +1,20 @@ +# CentOS-Extras.repo +# +# The mirror system uses the connecting IP address of the client and the +# update status of each mirror to pick mirrors that are updated to and +# geographically close to the client. You should use this for CentOS updates +# unless you are manually picking other mirrors. +# +# If the mirrorlist= does not work for you, as a fall back you can try the +# remarked out baseurl= line instead. +# +# + +#additional packages that may be useful +[extras] +name=CentOS-$releasever - Extras +baseurl=http://{{ dnf_centos_mirror_host }}/{{ dnf_centos_mirror_directory }}/$releasever/extras/$basearch/os/ +gpgcheck=1 +enabled=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial +fastestmirror=0 diff --git a/ansible/roles/dnf/templates/epel-modular.repo.j2 b/ansible/roles/dnf/templates/epel-modular.repo.j2 new file mode 100644 index 000000000..d48af36b1 --- /dev/null +++ b/ansible/roles/dnf/templates/epel-modular.repo.j2 @@ -0,0 +1,23 @@ +[epel-modular] +name=Extra Packages for Enterprise Linux Modular $releasever - $basearch +baseurl=http://{{ dnf_epel_mirror_host }}/{{ dnf_epel_mirror_directory }}/$releasever/Modular/$basearch +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 +fastestmirror=0 + +[epel-modular-debuginfo] +name=Extra Packages for Enterprise Linux Modular $releasever - $basearch - Debug +baseurl=http://{{ dnf_epel_mirror_host }}/{{ dnf_epel_mirror_directory }}/$releasever/Modular/$basearch/debug +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 +gpgcheck=1 +fastestmirror=0 + +[epel-modular-source] +name=Extra Packages for Enterprise Linux Modular $releasever - $basearch - Source +baseurl=http://{{ dnf_epel_mirror_host }}/{{ dnf_epel_mirror_directory }}/$releasever/Modular/SRPMS +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 +gpgcheck=1 +fastestmirror=0 diff --git a/ansible/roles/dnf/templates/epel.repo.j2 b/ansible/roles/dnf/templates/epel.repo.j2 new file mode 100644 index 000000000..0c924f239 --- /dev/null +++ b/ansible/roles/dnf/templates/epel.repo.j2 @@ -0,0 +1,23 @@ +[epel] +name=Extra Packages for Enterprise Linux $releasever - $basearch +baseurl=http://{{ dnf_epel_mirror_host }}/{{ dnf_epel_mirror_directory }}/$releasever/Everything/$basearch +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 +fastestmirror=0 + +[epel-debuginfo] +name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug +baseurl=http://{{ dnf_epel_mirror_host }}/{{ dnf_epel_mirror_directory }}/$releasever/Everything/$basearch/debug +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 +gpgcheck=1 +fastestmirror=0 + +[epel-source] +name=Extra Packages for Enterprise Linux $releasever - $basearch - Source +baseurl=http://{{ dnf_epel_mirror_host }}/{{ dnf_epel_mirror_directory }}/$releasever/Everything/SRPMS +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 +gpgcheck=1 +fastestmirror=0 diff --git a/ansible/yum.yml b/ansible/yum.yml index e006cc37f..6831311e0 100644 --- a/ansible/yum.yml +++ b/ansible/yum.yml @@ -3,9 +3,14 @@ hosts: seed-hypervisor:seed:overcloud tags: - yum - roles: - - role: yum - - - role: yum-cron - tags: - - yum-cron + tasks: + - block: + - import_role: + name: yum + - import_role: + name: yum-cron + tags: + - yum-cron + when: + - ansible_os_family == 'RedHat' + - ansible_distribution_major_version | int == 7 diff --git a/doc/source/configuration/hosts.rst b/doc/source/configuration/hosts.rst index 09523a0e2..08ea2158e 100644 --- a/doc/source/configuration/hosts.rst +++ b/doc/source/configuration/hosts.rst @@ -202,8 +202,8 @@ added to the Kayobe configuration. ssh_key: - "{{ lookup('file', kayobe_config_path ~ '/ssh-keys/id_rsa_bob.pub') }}" -Package Repositories -==================== +Package Repositories (CentOS 7) +=============================== *tags:* | ``yum`` @@ -256,7 +256,8 @@ Custom Yum Repositories It is also possible to configure a list of custom Yum repositories via the ``yum_custom_repos`` variable. The format is a dict/map, with repository names -mapping to a dict/map of arguments to pass to the Ansible ``yum`` module. +mapping to a dict/map of arguments to pass to the Ansible ``yum_repository`` +module. For example, the following configuration defines a single Yum repository called ``widgets``. @@ -277,6 +278,101 @@ Disabling EPEL It is possible to disable the EPEL Yum repository by setting ``yum_install_epel`` to ``false``. +Package Repositories (CentOS 8) +=============================== +*tags:* + | ``dnf`` + +Kayobe supports configuration of package repositories via DNF, via variables in +``${KAYOBE_CONFIG_PATH}/dnf.yml``. For backwards compatibility, all variables +in this section starting with ``dnf_`` default to the equivalently named Yum +variable starting with ``yum_``. + +Configuration of dnf.conf +------------------------- + +Global configuration of DNF is stored in ``/etc/dnf/dnf.conf``, and options can +be set via the ``dnf_config`` variable. Options are added to the ``[main]`` +section of the file. For example, to configure DNF to use a proxy server: + +.. code-block:: yaml + :caption: ``dnf.yml`` + + dnf_config: + proxy: https://proxy.example.com + +CentOS and EPEL Mirrors +----------------------- + +CentOS and EPEL mirrors can be enabled by setting ``dnf_use_local_mirror`` to +``true``. CentOS repository mirrors are configured via the following +variables: + +* ``dnf_centos_mirror_host`` (default ``mirror.centos.org``) is the mirror + hostname. +* ``dnf_centos_mirror_directory`` (default ``centos``) is a directory on the + mirror in which repositories may be accessed. + +EPEL repository mirrors are configured via the following variables: + +* ``dnf_epel_mirror_host`` (default ``download.fedoraproject.org``) is the + mirror hostname. +* ``dnf_epel_mirror_directory`` (default ``pub/epel``) is a directory on the + mirror in which repositories may be accessed. + +For example, to configure CentOS and EPEL mirrors at mirror.example.com: + +.. code-block:: yaml + :caption: ``dnf.yml`` + + dnf_use_local_mirror: true + dnf_centos_mirror_host: mirror.example.com + dnf_epel_mirror_host: mirror.example.com + +Custom DNF Repositories +----------------------- + +It is also possible to configure a list of custom DNF repositories via the +``dnf_custom_repos`` variable. The format is a dict/map, with repository names +mapping to a dict/map of arguments to pass to the Ansible ``yum_repository`` +module. + +For example, the following configuration defines a single DNF repository called +``widgets``. + +.. code-block:: yaml + :caption: ``dnf.yml`` + + dnf_custom_repos: + widgets: + baseurl: http://example.com/repo + file: widgets + gpgkey: http://example.com/gpgkey + gpgcheck: yes + +Disabling EPEL +-------------- + +It is possible to disable the EPEL DNF repository by setting +``dnf_install_epel`` to ``false``. + +DNF Automatic +------------- + +DNF Automatic provides a mechanism for applying regular updates of packages. +DNF Automatic is disabled by default, and may be enabled by setting +``dnf_automatic_enabled`` to ``true``. + +.. code-block:: yaml + :caption: ``dnf.yml`` + + dnf_automatic_enabled: true + +By default, only security updates are applied. Updates for all packages may be +installed by setting ``dnf_automatic_upgrade_type`` to ``default``. This may +cause the system to be less predictable as packages are updated without +oversight or testing. + SELinux ======= *tags:* diff --git a/etc/kayobe/dnf.yml b/etc/kayobe/dnf.yml new file mode 100644 index 000000000..cf52bb28f --- /dev/null +++ b/etc/kayobe/dnf.yml @@ -0,0 +1,67 @@ +--- +# DNF configuration. + +############################################################################### +# DNF repository configuration. + +# For backwards compatibility, all variables in this section default to the +# equivalently named variables starting with 'yum_' instead of 'dnf_'. +# The yum variables will be removed in a future release. + +# Yum configuration. Dict mapping Yum config option names to their values. +# dnf_config: +# proxy: http://proxy.example.com +#dnf_config: + +# Whether or not to use a local Yum mirror. Default value is 'false'. +#dnf_use_local_mirror: + +# Mirror FQDN for Yum repos. Default value is 'mirror.centos.org'. +#dnf_centos_mirror_host: + +# Mirror directory for Yum CentOS repos. Default value is 'centos'. +#dnf_centos_mirror_directory: + +# Mirror FQDN for Yum EPEL repos. Default value is +# 'download.fedoraproject.org'. +#dnf_epel_mirror_host: + +# Mirror directory for Yum EPEL repos. Default value is 'pub/epel'. +#dnf_epel_mirror_directory: + +# A dict of custom repositories. +# You can see params on +# http://docs.ansible.com/ansible/latest/modules/yum_repository_module.html. +# For example: +# dnf_custom_repos: +# reponame: +# baseurl: http://repo +# file: myrepo +# gpgkey: http://gpgkey +# gpgcheck: yes +#dnf_custom_repos: + +# Whether to install the epel-release package. This affects RedHat-based +# systems only. Default value is 'true'. +#dnf_install_epel: + +############################################################################### +# DNF Automatic configuration. + +# For backwards compatibility, all variables in this section default to the +# equivalently named variables starting with 'yum_cron' instead of +# 'dnf_automatic'. # The yum-cron variables will be removed in a future +# release. + +# Whether DNF Automatic is enabled. This can be used to regularly apply +# security updates. Default value is 'false'. +#dnf_automatic_enabled: + +# DNF Automatic upgrade type. Default value is 'security'. Note that the +# equivalent yum-cron variable is named slightly differently - +# 'yum_cron_update_cmd'. +#dnf_automatic_upgrade_type: + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes diff --git a/etc/kayobe/yum-cron.yml b/etc/kayobe/yum-cron.yml index 7ac502eed..a93e8c4d5 100644 --- a/etc/kayobe/yum-cron.yml +++ b/etc/kayobe/yum-cron.yml @@ -1,4 +1,6 @@ --- +# DEPRECATED: Variables in this file are deprecated and will be removed in a +# future release. Please use dnf.yml instead. # Whether to enable Yum automatic updates. #yum_cron_enabled: false diff --git a/etc/kayobe/yum.yml b/etc/kayobe/yum.yml index 985ab924f..31f16ce84 100644 --- a/etc/kayobe/yum.yml +++ b/etc/kayobe/yum.yml @@ -1,4 +1,7 @@ --- +# DEPRECATED: Variables in this file are deprecated and will be removed in a +# future release. Please use dnf.yml instead. + # Yum configuration. Dict mapping Yum config option names to their values. # yum_config: # proxy: http://proxy.example.com diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py index b1306950d..751234a7a 100644 --- a/kayobe/cli/commands.py +++ b/kayobe/cli/commands.py @@ -377,8 +377,8 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( - "users", "yum", "dev-tools", "network", "sysctl", "ntp", "mdadm", - "lvm", "seed-hypervisor-libvirt-host") + "users", "yum", "dnf", "dev-tools", "network", "sysctl", "ntp", + "mdadm", "lvm", "seed-hypervisor-libvirt-host") self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed-hypervisor") @@ -544,7 +544,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( - "users", "yum", "dev-tools", "disable-selinux", "network", + "users", "yum", "dnf", "dev-tools", "disable-selinux", "network", "sysctl", "ip-routing", "snat", "disable-glean", "ntp", "mdadm", "lvm", "docker-devicemapper") self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed") @@ -944,7 +944,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( - "users", "yum", "dev-tools", "disable-selinux", "network", + "users", "yum", "dnf", "dev-tools", "disable-selinux", "network", "sysctl", "disable-glean", "disable-cloud-init", "ntp", "mdadm", "lvm", "docker-devicemapper") self.run_kayobe_playbooks(parsed_args, playbooks, limit="overcloud") diff --git a/kayobe/tests/unit/cli/test_commands.py b/kayobe/tests/unit/cli/test_commands.py index 748a568b2..1242b17c9 100644 --- a/kayobe/tests/unit/cli/test_commands.py +++ b/kayobe/tests/unit/cli/test_commands.py @@ -322,6 +322,7 @@ class TestCase(unittest.TestCase): "ansible", "kayobe-target-venv.yml"), utils.get_data_files_path("ansible", "users.yml"), utils.get_data_files_path("ansible", "yum.yml"), + utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "dev-tools.yml"), utils.get_data_files_path("ansible", "network.yml"), utils.get_data_files_path("ansible", "sysctl.yml"), @@ -499,6 +500,7 @@ class TestCase(unittest.TestCase): "ansible", "kayobe-target-venv.yml"), utils.get_data_files_path("ansible", "users.yml"), utils.get_data_files_path("ansible", "yum.yml"), + utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "dev-tools.yml"), utils.get_data_files_path( "ansible", "disable-selinux.yml"), @@ -1126,6 +1128,7 @@ class TestCase(unittest.TestCase): "ansible", "kayobe-target-venv.yml"), utils.get_data_files_path("ansible", "users.yml"), utils.get_data_files_path("ansible", "yum.yml"), + utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "dev-tools.yml"), utils.get_data_files_path( "ansible", "disable-selinux.yml"), diff --git a/releasenotes/notes/dnf-2071fc40b0d783b6.yaml b/releasenotes/notes/dnf-2071fc40b0d783b6.yaml new file mode 100644 index 000000000..57dcee603 --- /dev/null +++ b/releasenotes/notes/dnf-2071fc40b0d783b6.yaml @@ -0,0 +1,20 @@ +--- +features: + - | + Adds support for configuration of DNF repositories on CentOS 8. Variables + have been added in a new configuration file, ``dnf.yml``. Backwards + compatibility with the Yum configuration variables is provided. + - | + Adds support for applying regular package updates on CentOS 8 via DNF + Automatic. Variables have been added in a new configuration file, + ``dnf.yml``. Backwards compatibility with the Yum-cron configuration + variables is provided. +deprecations: + - | + The Yum configuration variables in ``yum.yml`` are deprecated and will be + removed in a future release. Adapt any configuration overrides to use the + new DNF variables in ``dnf.yml`` instead. + - | + The yum-cron configuration variables in ``yum-cron.yml`` are deprecated and + will be removed in a future release. Adapt any configuration overrides to + use the new DNF automatic variables in ``dnf.yml``.