Optimize pip_install for CentOS

This patch does quite a few things to improve the performance of the
CentOS tasks:

1) Configures RDO repos as repositories rather than reinstalling an
   RPM each time.
2) GPG keys are only installed if they're needed.
3) Yum repo configs are carefully modified if they already exist
   which avoids removing deployer configurations.
4) Repo priorities are now set in one shot.

Change-Id: I0fe7f7ee0a9b580280c59f950277d2b9474e4210

tasks/pre_install_yum.yml

@@ -18,32 +18,6 @@
 # checking for local packages. The RDO repository package isn't signed, but the
 # repos it installs have GPG checking enabled.
 # Under CentOS, this will add the RDO repo and its key to the keyring
-- name: Install RDO repository and key
-  package:
-    name: "{{ pip_install_external_repo_key_package }}"
-    state: "{{ pip_install_external_repo_key_package_state | default('present') }}"
-    disable_gpg_check: yes
-  when:
-    - user_external_repo_key is not defined
-  tags:
-    - add-repo-keys
-
-- name: Ensure RDO repositories are using the correct CentOS mirror
-  command: |
-    yum-config-manager
-      --save
-      --setopt="{{ item.repo_name }}.baseurl={{ item.baseurl }}"
-  changed_when: false
-  with_items:
-    - repo_name: rdo-qemu-ev
-      baseurl: "{{ pip_install_centos_mirror_url }}/7/virt/$basearch/kvm-common/"
-    - repo_name: openstack-pike
-      baseurl: "{{ pip_install_centos_mirror_url }}/7/cloud/$basearch/openstack-pike/"
-  when:
-    - user_external_repo_key is not defined
-    - pip_install_centos_mirror_url is defined
-  tags:
-    - add-repo-keys
 
 - name: Install EPEL and yum priorities plugin
   package:
@@ -54,37 +28,95 @@
   tags:
     - add-repo-keys
 
-- name: Enable and set repo priorities
-  command: |
-    yum-config-manager
-      --enable {{ item.name }}
-      --setopt="{{ item.name }}.priority={{ item.priority }}"
-      --setopt="{{ item.name }}.keepcache={{ item.keepcache }}"
-  changed_when: false
-  with_items:
-    - name: base
-      priority: 50
-      keepcache: 1
-    - name: epel
-      priority: 99
-      keepcache: 1
-    - name: extras
-      priority: 50
-      keepcache: 1
-    - name: openstack-pike
-      priority: 50
-      keepcache: 1
-    - name: rdo-qemu-ev
-      priority: 50
-      keepcache: 1
-    - name: updates
-      priority: 50
-      keepcache: 1
+- name: Get a list of RPM GPG keys
+  shell: "rpm -vv -q centos-release 2>&1 | grep 'to keyring'"
+  args:
+    warn: no
+  changed_when: False
+  register: current_rpm_keys
   when:
     - user_external_repo_key is not defined
   tags:
     - add-repo-keys
 
+- block:
+    - name: Import GPG keys for repositories if needed
+      shell: "rpm --import 0x{{ item.keyid  }}"
+      args:
+        warn: no
+      with_items:
+        - "{{ pip_install_rdo_repos_keys }}"
+      when:
+        - item.keyid | lower not in current_rpm_keys.stdout
+        - user_external_repo_key is not defined
+      tags:
+        - add-repo-keys
+
+  rescue:
+    - name: Import GPG keys for repositories if needed
+      shell: "rpm --define'%_hkp_keyserver http://pool.sks-keyservers.net' --import 0x{{ item.keyid  }}"
+      args:
+        warn: no
+      with_items:
+        - "{{ pip_install_rdo_repos_keys }}"
+      when:
+        - item.keyid | lower not in current_rpm_keys.stdout
+        - user_external_repo_key is not defined
+      tags:
+        - add-repo-keys
+
+- name: Check for existing yum repositories
+  shell: "yum-config-manager | grep 'repo:'"
+  changed_when: False
+  register: existing_yum_repos
+  when:
+    - user_external_repo_key is not defined
+  tags:
+    - add-repo-keys
+
+- name: Add yum repositories if they do not exist
+  yum_repository:
+    name: "{{ item.name }}"
+    description: "{{ item.description }}"
+    baseurl: "{{ item.baseurl }}"
+    file: "{{ item.file }}"
+    gpgcheck: "{{ item.gpgcheck }}"
+    enabled: "{{ item.enabled }}"
+  with_items:
+    - "{{ pip_install_rdo_repos }}"
+  when:
+    - item.name not in existing_yum_repos.stdout
+    - user_external_repo_key is not defined
+  tags:
+    - add-repo-keys
+
+- name: Update yum repositories if they already exist
+  command: >
+    yum-config-manager
+    --enable {{ item.name }}
+    {% for key in item.keys() if key != 'file' %}
+    --setopt="{{ item.name }}.{{ key }}={{ item[key] }}"
+    {% endfor %}
+  changed_when: False
+  with_items:
+    - "{{ pip_install_rdo_repos }}"
+  when:
+    - item.name in existing_yum_repos.stdout
+    - user_external_repo_key is not defined
+  tags:
+    - add-repo-keys
+
+- name: Enable and set repo priorities
+  command: >
+    yum-config-manager
+    {% for repo_priority in pip_install_repo_priorities %}
+    --enable {{ repo_priority['name'] }} \
+    --setopt="{{ repo_priority['name'] }}.priority={{ repo_priority['priority'] }}"
+    {% endfor %}
+  changed_when: False
+  tags:
+    - add-repo-keys
+
 - name: Install external repo key manually
   rpm_key:
     key: "{{ item.key }}"

vars/redhat-7.yml

@@ -32,3 +32,37 @@ pip_install_remove_distro_packages:
   - centos-release-ceph-jewel
   - centos-release-qemu-ev
   - centos-release-storage-common
+
+pip_install_rdo_repos_keys:
+  - repo: openstack-pike
+    keyid: 764429E6
+  - repo: rdo-qemu-ev
+    keyid: 61E8806C
+
+pip_install_rdo_repos:
+  - file: rdo-qemu-ev
+    name: rdo-qemu-ev
+    description: "RDO CentOS-7 - QEMU EV"
+    baseurl: "{{ openstack_hosts_centos_mirror_url | default('http://mirror.centos.org') }}/centos/7/virt/x86_64/kvm-common/"
+    gpgcheck: yes
+    enabled: yes
+  - file: rdo-release
+    name: openstack-ocata
+    description: "OpenStack Pike Repository"
+    baseurl: "{{ openstack_hosts_centos_mirror_url | default('http://mirror.centos.org') }}/centos/7/cloud/$basearch/openstack-pike/"
+    gpgcheck: yes
+    enabled: yes
+
+pip_install_repo_priorities:
+  - name: base
+    priority: 50
+  - name: epel
+    priority: 99
+  - name: extras
+    priority: 50
+  - name: openstack-pike
+    priority: 50
+  - name: rdo-qemu-ev
+    priority: 50
+  - name: updates
+    priority: 50