[Spec] Use dnf with CentOS
Change-Id: I43a99ac38b5e020e730e366e7e3dfdf39c37d36b
This commit is contained in:
parent
2288400a1e
commit
9390857f84
|
@ -0,0 +1,156 @@
|
|||
Use dnf with CentOS
|
||||
###################
|
||||
:date: 2017-07-28 00:00
|
||||
:tags: centos, dnf, packaging
|
||||
|
||||
Blueprint: `Use dnf with CentOS`_
|
||||
|
||||
.. _Use dnf with CentOS: https://blueprints.launchpad.net/openstack-ansible/+spec/centos-and-dnf
|
||||
|
||||
CentOS 7 currently uses ``yum`` as its default package manager. However,
|
||||
Fedora has moved to ``dnf`` for several releases and it provides significant
|
||||
performance benefits. It can make the metadata cache, evaluate dependencies,
|
||||
and handle fastest mirror checks much more efficiently.
|
||||
|
||||
The ``dnf`` and ``yum`` package managers can co-exist together without causing
|
||||
conflicts. Several Fedora releases ran both of these simultaneously. The
|
||||
``dnf`` packages are available in the EPEL repositories (which we currently
|
||||
enable). It uses all of the existing ``yum`` repositories and GPG keys as well.
|
||||
|
||||
Problem description
|
||||
===================
|
||||
|
||||
The CentOS gate jobs are notoriously slow and the integrated gate times out on
|
||||
tempest runs frequently. The longest running tasks in each role involve the
|
||||
installation of distro packages because these tasks use ``state: latest`` the
|
||||
``yum`` tasks.
|
||||
|
||||
When Ansible sees ``state: latest``, it goes through a fairly tedious process:
|
||||
|
||||
* Run ``check-update``, which checks the **entire** system for updates.
|
||||
* If some packages are returned (they need updates), Ansible searches the list
|
||||
to see if any packages from the ``yum`` task are in that list.
|
||||
* If some packages need updates, Ansible calls ``yum`` to install those
|
||||
packages.
|
||||
|
||||
This process can take 5-8 seconds even for *one* package. In comparison,
|
||||
``dnf`` completes the task in 0.8-1.6 seconds. This should give us some wiggle
|
||||
room to get CI jobs completed sooner and convert more of the CentOS jobs from
|
||||
non-voting to voting.
|
||||
|
||||
Proposed change
|
||||
===============
|
||||
|
||||
On CentOS systems, we should install ``dnf`` and ``python-dnf`` (for Ansible
|
||||
compatibility). Ansible will prefer ``dnf`` over ``yum``, so we would need to
|
||||
ensure that each role has support for ``dnf`` tasks. Since both package
|
||||
managers are interchangeable, this could be done by symlinking the
|
||||
``*_install_dnf.yml`` task files to ``*_install_yum.yml`` and using the
|
||||
``package`` module in those task files.
|
||||
|
||||
Alternatives
|
||||
------------
|
||||
|
||||
If ``dnf`` isn't preferred, we could avoid using ``state: latest`` for CentOS
|
||||
installations. This would cause CentOS deployments to diverge from Ubuntu
|
||||
and OpenSUSE deployments and it would make bug triage more challenging.
|
||||
|
||||
Another option is to update the entire system when ``state: latest`` is
|
||||
provided but switch all of the package installation tasks to use ``state:
|
||||
present``. This will save us a small amount of time since Ansible will skip the
|
||||
``check-update`` step and go straight into updating all packages. This would
|
||||
be another diversion from the Ubuntu/OpenSUSE process, however.
|
||||
|
||||
Playbook/Role impact
|
||||
--------------------
|
||||
|
||||
Each role with a set of ``yum`` tasks would need to be converted to use
|
||||
``package``. A symlink would be needed so that CentOS systems with ``dnf``
|
||||
installed would use the same tasks.
|
||||
|
||||
Upgrade impact
|
||||
--------------
|
||||
|
||||
During the upgrade process, ``dnf`` would be installed on CentOS systems.
|
||||
Ansible would begin to use ``dnf``, but the deployer could continue using
|
||||
``yum`` for their own administration tasks if they prefer it.
|
||||
|
||||
Security impact
|
||||
---------------
|
||||
|
||||
The ``dnf`` package manager supports the same configuration options as yum for
|
||||
checking GPG keys of packages and repositories.
|
||||
|
||||
Performance impact
|
||||
------------------
|
||||
|
||||
The ``dnf`` package manager will provide better performance when managing
|
||||
packages, but the rest of the system will perform at the same levels.
|
||||
|
||||
End user impact
|
||||
---------------
|
||||
|
||||
End users will not notice this change or gain any benefits from it.
|
||||
|
||||
Deployer impact
|
||||
---------------
|
||||
|
||||
Deployers may notice that some roles use ``dnf`` while others use ``yum`` until
|
||||
all of the patches have merged. This won't affect the running system, but it
|
||||
may make some playbooks faster than others.
|
||||
|
||||
Deployers would continue to deploy in the same ways that they currently do
|
||||
today.
|
||||
|
||||
Developer impact
|
||||
----------------
|
||||
|
||||
Developers must be aware that ``dnf`` is present on CentOS systems and that
|
||||
Ansible will prefer it over ``yum``. Any new roles/playbooks or updates to
|
||||
existing ones will need to include support for ``dnf`` via the ``dnf`` module
|
||||
or the ``package`` module (which selects ``dnf`` over ``yum`` already).
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
This spec is not dependent on any other spec or blueprint.
|
||||
|
||||
Implementation
|
||||
==============
|
||||
|
||||
Assignee(s)
|
||||
-----------
|
||||
|
||||
Primary assignee:
|
||||
Major Hayden (IRC: mhayden, Launchpad: rackerhacker)
|
||||
|
||||
Work items
|
||||
----------
|
||||
|
||||
* Add ``dnf`` patches to the base roles first (openstack_hosts, lxc_hosts, etc)
|
||||
* Continue moving up the dependent roles until all roles include
|
||||
``dnf``-compatible tasks
|
||||
* Ensure that the integrated repository and openstack-ansible-tasks use ``dnf``
|
||||
|
||||
Testing
|
||||
=======
|
||||
|
||||
The existing testing done in the OpenStack CI jobs will be sufficient for this
|
||||
work. If ``dnf`` is not installing packages properly or efficiently, we will
|
||||
see that reflected in the testing playbooks.
|
||||
|
||||
Documentation impact
|
||||
====================
|
||||
|
||||
This work will require some release notes to notify developers and deployers of
|
||||
the ``dnf`` change. However, there's no need for extensive documentation since
|
||||
``dnf`` supports the same configurations and arguments as ``yum``.
|
||||
|
||||
References
|
||||
==========
|
||||
|
||||
* Test patch for openstack-ansible-openstack_hosts:
|
||||
https://review.openstack.org/488268
|
||||
|
||||
* Vultr docs for dnf on CentOS 7:
|
||||
https://www.vultr.com/docs/use-dnf-to-manage-software-packages-on-centos-7
|
Loading…
Reference in New Issue