Allow some configure-mirrors repositories to be disabled

Out-of-the-box installs of centos-8 do not enable the PowerTools
or HighAvailability repositories. Debian/Ubuntu do not enable
the backports repository by default.

Having these repos enabled by default in CI has led to merging
broken code for OpenStack deployment tooling which is attempting
to also manage the presence/absence of these repositories. It
is challenging to remove these repositories on the running node
because the repo URL (rather than just the name) is required as
input to the apt_repository and yum_repository ansible modules.

This patch adds a role default variable to configure-mirrors to
allow a job to opt out of these extra repositories. The default
is set to 'True' to allow existing jobs to work as before.

Change-Id: I74b9de7092f182c942a58ac7a46b9fbd791889de
This commit is contained in:
Jonathan Rosser 2022-02-14 13:40:22 +00:00
parent e3b7e0dcf6
commit 5d01b68574
6 changed files with 24 additions and 10 deletions

View File

@ -30,3 +30,14 @@ An ansible role to configure services to use mirrors.
Set to True in order to tag APT mirrors as trusted, needed Set to True in order to tag APT mirrors as trusted, needed
when accessing unsigned mirrors with newer releases like when accessing unsigned mirrors with newer releases like
Ubuntu Bionic. Ubuntu Bionic.
-- zuul:rolevar:: configure_mirrors_extra_repos
:default: True
Set to False to opt-out of installing extra repositories such
as PowerTools and HighAvailability on centos-8-stream and
backports for Debian/Ubuntu. The intent is to match the upstream
distro state when this variable is set to False. Note that this
role is not necessarily consistent with the repos that are
enabled by default between distribution versions (centos stream
8 vs. 9 for example).

View File

@ -10,3 +10,4 @@ http_or_https: >-
{%- endif -%} {%- endif -%}
pypi_mirror: "{{ http_or_https }}://{{ pypi_fqdn }}/pypi/simple" pypi_mirror: "{{ http_or_https }}://{{ pypi_fqdn }}/pypi/simple"
wheel_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/wheel/{{ ansible_distribution | lower }}-{{ ansible_distribution_version }}-{{ ansible_architecture | lower }}" wheel_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/wheel/{{ ansible_distribution | lower }}-{{ ansible_distribution_version }}-{{ ansible_architecture | lower }}"
configure_mirrors_extra_repos: True

View File

@ -1,18 +1,20 @@
- name: Install Debian repository files - name: Install Debian repository files
become: yes become: yes
template: template:
dest: "/{{ zj_repo }}" dest: "/{{ zj_repo.repo }}"
group: root group: root
mode: 0644 mode: 0644
owner: root owner: root
src: "apt/{{ zj_repo }}.j2" src: "apt/{{ zj_repo.repo }}.j2"
with_items: with_items:
- etc/apt/sources.list.d/default.list - repo: etc/apt/sources.list.d/default.list
- etc/apt/sources.list.d/updates.list - repo: etc/apt/sources.list.d/updates.list
- etc/apt/sources.list.d/backports.list - repo: etc/apt/sources.list.d/backports.list
- etc/apt/sources.list.d/security.list condition: "{{ configure_mirrors_extra_repos }}"
- etc/apt/apt.conf.d/99unauthenticated - repo: etc/apt/sources.list.d/security.list
- repo: etc/apt/apt.conf.d/99unauthenticated
loop_control: loop_control:
loop_var: zj_repo loop_var: zj_repo
when: zj_repo.condition | default(True) | bool
notify: notify:
- Update apt cache - Update apt cache

View File

@ -1,5 +1,5 @@
# {{ ansible_managed }} # {{ ansible_managed }}
deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }} main universe deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }} main universe
deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-updates main universe deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-updates main universe
deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-backports main universe {% if configure_mirrors_extra_repos | bool %}deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-backports main universe{% endif %}
deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-security main universe deb {% if set_apt_mirrors_trusted %}[ trusted=yes ] {% endif %}{{ package_mirror }} {{ ansible_distribution_release }}-security main universe

View File

@ -3,5 +3,5 @@
name=CentOS-Stream - HighAvailability name=CentOS-Stream - HighAvailability
baseurl={{ package_mirror }}/$stream/HighAvailability/$basearch/os/ baseurl={{ package_mirror }}/$stream/HighAvailability/$basearch/os/
gpgcheck=1 gpgcheck=1
enabled=1 enabled="{{ configure_mirrors_extra_repos | bool | ternary('1', '0') }}"
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

View File

@ -3,5 +3,5 @@
name=CentOS-Stream - PowerTools name=CentOS-Stream - PowerTools
baseurl={{ package_mirror }}/$stream/PowerTools/$basearch/os/ baseurl={{ package_mirror }}/$stream/PowerTools/$basearch/os/
gpgcheck=1 gpgcheck=1
enabled=1 enabled="{{ configure_mirrors_extra_repos | bool | ternary('1', '0') }}"
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial