Add possibility to overwrite public repo

For Centos, we use by default public repo for nginx and shibboleth. You can change this behaviour with these role-wide variables: - keystone_centos_nginx_mirror - keystone_centos_nginx_key - keystone_centos_shibboleth_mirror - keystone_centos_shibboleth_key Or with these osa-wide variables: - centos_nginx_mirror - centos_nginx_key Change-Id: Icb21c31141d1d78e5a2e23b35378ffb0520c0d1d
2019-11-04 20:04:05 +01:00 · 2019-11-04 20:04:05 +01:00 · 33b165bcc4
parent 3b59402541
commit 33b165bcc4
3 changed files with 13 additions and 7 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -31,6 +31,10 @@ keystone_pip_package_state: "latest"
 keystone_install_method: "source"
 keystone_venv_python_executable: "{{ openstack_venv_python_executable | default('python2') }}"

+# Centos shibboleth repository options
+keystone_centos_shibboleth_mirror: "http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/"
+keystone_centos_shibboleth_key: "http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7//repodata/repomd.xml.key"
+
 # Role standard API override this option in the OS variable files
 keystone_shibboleth_repo: {}

@ -204,6 +208,10 @@ keystone_httpd_mpm_thread_child: 25
 keystone_httpd_mpm_max_requests: 150
 keystone_httpd_mpm_max_conn_child: 0

+## Centos NGINX repository options
+keystone_centos_nginx_mirror: "{{ centos_nginx_mirror | default('http://nginx.org/packages/centos/7/$basearch/') }}"
+keystone_centos_nginx_key: "{{ centos_nginx_key | default('http://nginx.org/keys/nginx_signing.key') }}"
+
 ## Nginx setup
 keystone_nginx_access_log_format_combined: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
 keystone_nginx_access_log_format_extras: '$request_time $upstream_response_time'
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@ -44,8 +44,8 @@
  yum_repository:
    name: "shibboleth"
    description: "shibboleth Repo"
-    baseurl: "http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/"
-    gpgkey: "http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7//repodata/repomd.xml.key"
+    baseurl: "{{ keystone_centos_shibboleth_mirror }}"
+    gpgkey: "{{ keystone_centos_shibboleth_key }}"
    gpgcheck: yes
  when:
    - ansible_pkg_mgr in ['yum', 'dnf']
@ -53,7 +53,7 @@

 - name: Add NGINX repository keys
  rpm_key:
-    key: "{{ keystone_nginx_gpg_key }}"
+    key: "{{ keystone_centos_nginx_key }}"
    state: present
  when:
    - ansible_pkg_mgr in ['yum', 'dnf']
@ -67,7 +67,7 @@
  yum_repository:
    name: nginx
    description: 'nginx repo'
-    baseurl: "{{ keystone_nginx_repo }}"
+    baseurl: "{{ keystone_centos_nginx_mirror }}"
  when:
    - ansible_pkg_mgr in ['yum', 'dnf']
    - keystone_web_server == 'nginx'
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -43,8 +43,6 @@ keystone_apache_distro_packages:
  - mod_ssl
  - mod_proxy_uwsgi

-keystone_nginx_repo: http://nginx.org/packages/centos/7/$basearch/
-keystone_nginx_gpg_key: http://nginx.org/keys/nginx_signing.key
 keystone_nginx_distro_packages:
  - nginx

@ -84,4 +82,4 @@ keystone_system_service_name: httpd

 keystone_uwsgi_bin: '/usr/sbin'

-keystone_sshd: sshd
+keystone_sshd: sshd