From 5d01b68574931435ce7605a8773fc4db0b47b60c Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Mon, 14 Feb 2022 13:40:22 +0000 Subject: [PATCH] Allow some configure-mirrors repositories to be disabled Out-of-the-box installs of centos-8 do not enable the PowerTools or HighAvailability repositories. Debian/Ubuntu do not enable the backports repository by default. Having these repos enabled by default in CI has led to merging broken code for OpenStack deployment tooling which is attempting to also manage the presence/absence of these repositories. It is challenging to remove these repositories on the running node because the repo URL (rather than just the name) is required as input to the apt_repository and yum_repository ansible modules. This patch adds a role default variable to configure-mirrors to allow a job to opt out of these extra repositories. The default is set to 'True' to allow existing jobs to work as before. Change-Id: I74b9de7092f182c942a58ac7a46b9fbd791889de --- roles/configure-mirrors/README.rst | 11 +++++++++++ roles/configure-mirrors/defaults/main.yaml | 1 + roles/configure-mirrors/tasks/mirror/Debian.yaml | 16 +++++++++------- .../templates/apt/etc/apt/sources.list.j2 | 2 +- .../CentOS-Stream-HighAvailability.repo.j2 | 2 +- .../yum.repos.d/CentOS-Stream-PowerTools.repo.j2 | 2 +- 6 files changed, 24 insertions(+), 10 deletions(-) diff --git a/roles/configure-mirrors/README.rst b/roles/configure-mirrors/README.rst index 8152ce499..7d2ce0f9d 100644 --- a/roles/configure-mirrors/README.rst +++ b/roles/configure-mirrors/README.rst @@ -30,3 +30,14 @@ An ansible role to configure services to use mirrors. Set to True in order to tag APT mirrors as trusted, needed when accessing unsigned mirrors with newer releases like Ubuntu Bionic. + +-- zuul:rolevar:: configure_mirrors_extra_repos + :default: True + + Set to False to opt-out of installing extra repositories such + as PowerTools and HighAvailability on centos-8-stream and + backports for Debian/Ubuntu. The intent is to match the upstream + distro state when this variable is set to False. Note that this + role is not necessarily consistent with the repos that are + enabled by default between distribution versions (centos stream + 8 vs. 9 for example). diff --git a/roles/configure-mirrors/defaults/main.yaml b/roles/configure-mirrors/defaults/main.yaml index 7cd665bb7..188c21161 100644 --- a/roles/configure-mirrors/defaults/main.yaml +++ b/roles/configure-mirrors/defaults/main.yaml @@ -10,3 +10,4 @@ http_or_https: >- {%- endif -%} pypi_mirror: "{{ http_or_https }}://{{ pypi_fqdn }}/pypi/simple" wheel_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/wheel/{{ ansible_distribution | lower }}-{{ ansible_distribution_version }}-{{ ansible_architecture | lower }}" +configure_mirrors_extra_repos: True diff --git a/roles/configure-mirrors/tasks/mirror/Debian.yaml b/roles/configure-mirrors/tasks/mirror/Debian.yaml index f6f4f0a66..33a72164b 100644 --- a/roles/configure-mirrors/tasks/mirror/Debian.yaml +++ b/roles/configure-mirrors/tasks/mirror/Debian.yaml @@ -1,18 +1,20 @@ - name: Install Debian repository files become: yes template: - dest: "/{{ zj_repo }}" + dest: "/{{ zj_repo.repo }}" group: root mode: 0644 owner: root - src: "apt/{{ zj_repo }}.j2" + src: "apt/{{ zj_repo.repo }}.j2" with_items: - - etc/apt/sources.list.d/default.list - - etc/apt/sources.list.d/updates.list - - etc/apt/sources.list.d/backports.list - - etc/apt/sources.list.d/security.list - - etc/apt/apt.conf.d/99unauthenticated + - repo: etc/apt/sources.list.d/default.list + - repo: etc/apt/sources.list.d/updates.list + - repo: etc/apt/sources.list.d/backports.list + condition: "{{ configure_mirrors_extra_repos }}" + - repo: etc/apt/sources.list.d/security.list + - repo: etc/apt/apt.conf.d/99unauthenticated loop_control: loop_var: zj_repo + when: zj_repo.condition | default(True) | bool notify: - Update apt cache diff --git a/roles/configure-mirrors/templates/apt/etc/apt/sources.list.j2 b/roles/configure-mirrors/templates/apt/etc/apt/sources.list.j2 index 8461d4046..2d6444aaa 100644 --- a/roles/configure-mirrors/templates/apt/etc/apt/sources.list.j2 +++ b/roles/configure-mirrors/templates/apt/etc/apt/sources.list.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }} main universe deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-updates main universe -deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-backports main universe +{% if configure_mirrors_extra_repos | bool %}deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-backports main universe{% endif %} deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-security main universe diff --git a/roles/configure-mirrors/templates/centos8-stream/etc/yum.repos.d/CentOS-Stream-HighAvailability.repo.j2 b/roles/configure-mirrors/templates/centos8-stream/etc/yum.repos.d/CentOS-Stream-HighAvailability.repo.j2 index 5d654cb37..ce76c34f2 100644 --- a/roles/configure-mirrors/templates/centos8-stream/etc/yum.repos.d/CentOS-Stream-HighAvailability.repo.j2 +++ b/roles/configure-mirrors/templates/centos8-stream/etc/yum.repos.d/CentOS-Stream-HighAvailability.repo.j2 @@ -3,5 +3,5 @@ name=CentOS-Stream - HighAvailability baseurl={{ package_mirror }}/$stream/HighAvailability/$basearch/os/ gpgcheck=1 -enabled=1 +enabled="{{ configure_mirrors_extra_repos | bool | ternary('1', '0') }}" gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial diff --git a/roles/configure-mirrors/templates/centos8-stream/etc/yum.repos.d/CentOS-Stream-PowerTools.repo.j2 b/roles/configure-mirrors/templates/centos8-stream/etc/yum.repos.d/CentOS-Stream-PowerTools.repo.j2 index c2ec7caa4..41f86cdd8 100644 --- a/roles/configure-mirrors/templates/centos8-stream/etc/yum.repos.d/CentOS-Stream-PowerTools.repo.j2 +++ b/roles/configure-mirrors/templates/centos8-stream/etc/yum.repos.d/CentOS-Stream-PowerTools.repo.j2 @@ -3,5 +3,5 @@ name=CentOS-Stream - PowerTools baseurl={{ package_mirror }}/$stream/PowerTools/$basearch/os/ gpgcheck=1 -enabled=1 +enabled="{{ configure_mirrors_extra_repos | bool | ternary('1', '0') }}" gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial