From 295c3c0a935b72d15211882fc5253ba44c26d917 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Tue, 16 Jun 2020 09:06:08 +0100 Subject: [PATCH] Download yum keys to host before installing The LXC image prep script copies the contents of /etc/pki/rpm-gpg to the container image so that these keys can be used inside the container. Importantly, /etc/pki/rpm-gpg is only a staging area where keys are kept on the filesystem and is not the actual set of keys imported into the package manager database. For the EPEL key to be properly copied into the LXC container image it must first be staged into the host /etc/pki/rpm-gpg directory and then installed using the rpm_key module. If the key is installed directly using rpm_key then it is not available as a file to copy into the container image. Depends-On: https://review.opendev.org/735289 Change-Id: Ifdeb447e1ef000dbe83394f6e5b0ed3c7afc84c5 --- defaults/main.yml | 5 +++-- tasks/lxc_install_dnf.yml | 11 ++++++++++- tasks/lxc_install_yum.yml | 17 +++++++++++------ 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index c1dde028..9c6fcc94 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -246,13 +246,14 @@ lxc_cache_locales: "{{ _lxc_cache_locales | default(['en_US.UTF-8']) }}" # Centos EPEL repository options lxc_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}" -lxc_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7') }}" +lxc_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_distribution_major_version) }}" -# LXC must be installed from a COPR repository on CentOS 7 since the version +# LXC must be installed from a COPR repository on CentOS since the version # provided in EPEL is much too old (1.x). lxc_centos_package_baseurl: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/epel-7-x86_64/ lxc_centos_package_key: https://copr-be.cloud.fedoraproject.org/results/thm/lxc2.0/pubkey.gpg + ## Set default mirror for openSUSE repositories # NOTE(hwoarang): Ensure that the full path to the 'opensuse' directory is used. # Additionally, set 'lxc_hosts_opensuse_mirror_obs_url' to a mirror which also mirrors diff --git a/tasks/lxc_install_dnf.yml b/tasks/lxc_install_dnf.yml index 221605ff..399d4c4a 100644 --- a/tasks/lxc_install_dnf.yml +++ b/tasks/lxc_install_dnf.yml @@ -76,9 +76,18 @@ - "rsync -a --delete /tmp/thm-lxc2.0/ /opt/thm-lxc2.0/" - "yum-config-manager --enable thm-lxc2.0-local" +- name: Download EPEL gpg keys + get_url: + url: "{{ lxc_centos_epel_key }}" + dest: /etc/pki/rpm-gpg + register: _get_yum_keys + until: _get_yum_keys is success + retries: 5 + delay: 2 + - name: Install EPEL gpg keys rpm_key: - key: "http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7" + key: "/etc/pki/rpm-gpg/{{ lxc_centos_epel_key.split('/')[-1] }}" state: present register: _add_yum_keys until: _add_yum_keys is success diff --git a/tasks/lxc_install_yum.yml b/tasks/lxc_install_yum.yml index 43e6575f..11155120 100644 --- a/tasks/lxc_install_yum.yml +++ b/tasks/lxc_install_yum.yml @@ -34,15 +34,20 @@ retries: 5 delay: 2 -- name: Install EPEL gpg keys - rpm_key: - key: "{{ lxc_centos_epel_key }}" - state: present - register: _add_yum_keys - until: _add_yum_keys is success +- name: Download EPEL gpg keys + get_url: + url: "{{ lxc_centos_epel_key }}" + dest: /etc/pki/rpm-gpg + register: _get_yum_keys + until: _get_yum_keys is success retries: 5 delay: 2 +- name: Install EPEL gpg keys + rpm_key: + key: "/etc/pki/rpm-gpg/{{ lxc_centos_epel_key.split('/')[-1] }}" + state: present + - name: Install the EPEL repository yum_repository: name: epel-lxc_hosts