Update freeipa-setup role for centos-8 - ansible_pkg_mgr and packages

As seen in testing at v6 of [1] the fs39 job fails during the
free-ipa role deploy_freeipa.sh. This adds some centos8
specific fixes and replaces yum with {{ ansible_pkg_mgr }}. Also
adds the iptables package that is missing in the rdo centos cloud image.
Finally this also disables the epel repo after we're done with dependencies in the
deploy_freeipa.sh. Tracked by tripleo-ci team at [2].

[1] https://review.rdoproject.org/r/#/c/25796/6
[2] https://hackmd.io/7MBqFHurTA2e5H8kYRwgag#Reviews-still-in-play-to-addmove-jobs
Change-Id: Ib745d303b438a0a715ff911a2466c8cabeb88ecf
This commit is contained in:
Marios Andreou 2020-03-18 15:37:58 +02:00
parent 69f0b4a616
commit 103c6bed13

@ -27,20 +27,37 @@ hostnamectl set-hostname --static $CA_SERVER_HOSTNAME
sed -i "1i$IPA_SERVER_IP $CA_SERVER_HOSTNAME" /etc/hosts
## * Install required system packages::
DISABLE_REPO_CMD="yum-config-manager --disable"
yum install -yq ipa-server ipa-server-dns curl epel-release
{% if ansible_distribution_major_version is version("8", ">=") -%}
DISABLE_REPO_CMD="dnf config-manager --set-disabled"
dnf module enable -y idm:DL1/{dns,adtrust,client,server,common}
{% endif %}
{{ ansible_pkg_mgr }} install -yq ipa-server \
ipa-server-dns curl epel-release iptables
## * Update NSS (required for CA server to launch during deploy)
yum update -y nss
{{ ansible_pkg_mgr }} update -y nss
## * Increase system entropy (to prevent slow down during IPA installation)::
{% if ansible_distribution_major_version is version("7", "<=") -%}
curl -Lo ius-release.rpm https://centos7.iuscommunity.org/ius-release.rpm
rpm -Uvh ius-release*.rpm
yum install -y haveged
{% endif %}
{{ ansible_pkg_mgr }} install -y haveged
systemctl start haveged.service
## * Lets now disable epel since we got required packages already
$DISABLE_REPO_CMD epel
## * Install FreeIPA::
ipa-server-install -U \