diff --git a/tasks/pre_install_yum.yml b/tasks/pre_install_yum.yml index d3bd5e9..3be24f9 100644 --- a/tasks/pre_install_yum.yml +++ b/tasks/pre_install_yum.yml @@ -18,32 +18,6 @@ # checking for local packages. The RDO repository package isn't signed, but the # repos it installs have GPG checking enabled. # Under CentOS, this will add the RDO repo and its key to the keyring -- name: Install RDO repository and key - package: - name: "{{ pip_install_external_repo_key_package }}" - state: "{{ pip_install_external_repo_key_package_state | default('present') }}" - disable_gpg_check: yes - when: - - user_external_repo_key is not defined - tags: - - add-repo-keys - -- name: Ensure RDO repositories are using the correct CentOS mirror - command: | - yum-config-manager - --save - --setopt="{{ item.repo_name }}.baseurl={{ item.baseurl }}" - changed_when: false - with_items: - - repo_name: rdo-qemu-ev - baseurl: "{{ pip_install_centos_mirror_url }}/7/virt/$basearch/kvm-common/" - - repo_name: openstack-pike - baseurl: "{{ pip_install_centos_mirror_url }}/7/cloud/$basearch/openstack-pike/" - when: - - user_external_repo_key is not defined - - pip_install_centos_mirror_url is defined - tags: - - add-repo-keys - name: Install EPEL and yum priorities plugin package: @@ -54,37 +28,95 @@ tags: - add-repo-keys -- name: Enable and set repo priorities - command: | - yum-config-manager - --enable {{ item.name }} - --setopt="{{ item.name }}.priority={{ item.priority }}" - --setopt="{{ item.name }}.keepcache={{ item.keepcache }}" - changed_when: false - with_items: - - name: base - priority: 50 - keepcache: 1 - - name: epel - priority: 99 - keepcache: 1 - - name: extras - priority: 50 - keepcache: 1 - - name: openstack-pike - priority: 50 - keepcache: 1 - - name: rdo-qemu-ev - priority: 50 - keepcache: 1 - - name: updates - priority: 50 - keepcache: 1 +- name: Get a list of RPM GPG keys + shell: "rpm -vv -q centos-release 2>&1 | grep 'to keyring'" + args: + warn: no + changed_when: False + register: current_rpm_keys when: - user_external_repo_key is not defined tags: - add-repo-keys +- block: + - name: Import GPG keys for repositories if needed + shell: "rpm --import 0x{{ item.keyid }}" + args: + warn: no + with_items: + - "{{ pip_install_rdo_repos_keys }}" + when: + - item.keyid | lower not in current_rpm_keys.stdout + - user_external_repo_key is not defined + tags: + - add-repo-keys + + rescue: + - name: Import GPG keys for repositories if needed + shell: "rpm --define'%_hkp_keyserver http://pool.sks-keyservers.net' --import 0x{{ item.keyid }}" + args: + warn: no + with_items: + - "{{ pip_install_rdo_repos_keys }}" + when: + - item.keyid | lower not in current_rpm_keys.stdout + - user_external_repo_key is not defined + tags: + - add-repo-keys + +- name: Check for existing yum repositories + shell: "yum-config-manager | grep 'repo:'" + changed_when: False + register: existing_yum_repos + when: + - user_external_repo_key is not defined + tags: + - add-repo-keys + +- name: Add yum repositories if they do not exist + yum_repository: + name: "{{ item.name }}" + description: "{{ item.description }}" + baseurl: "{{ item.baseurl }}" + file: "{{ item.file }}" + gpgcheck: "{{ item.gpgcheck }}" + enabled: "{{ item.enabled }}" + with_items: + - "{{ pip_install_rdo_repos }}" + when: + - item.name not in existing_yum_repos.stdout + - user_external_repo_key is not defined + tags: + - add-repo-keys + +- name: Update yum repositories if they already exist + command: > + yum-config-manager + --enable {{ item.name }} + {% for key in item.keys() if key != 'file' %} + --setopt="{{ item.name }}.{{ key }}={{ item[key] }}" + {% endfor %} + changed_when: False + with_items: + - "{{ pip_install_rdo_repos }}" + when: + - item.name in existing_yum_repos.stdout + - user_external_repo_key is not defined + tags: + - add-repo-keys + +- name: Enable and set repo priorities + command: > + yum-config-manager + {% for repo_priority in pip_install_repo_priorities %} + --enable {{ repo_priority['name'] }} \ + --setopt="{{ repo_priority['name'] }}.priority={{ repo_priority['priority'] }}" + {% endfor %} + changed_when: False + tags: + - add-repo-keys + - name: Install external repo key manually rpm_key: key: "{{ item.key }}" diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index 3a01789..f625c15 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -32,3 +32,37 @@ pip_install_remove_distro_packages: - centos-release-ceph-jewel - centos-release-qemu-ev - centos-release-storage-common + +pip_install_rdo_repos_keys: + - repo: openstack-pike + keyid: 764429E6 + - repo: rdo-qemu-ev + keyid: 61E8806C + +pip_install_rdo_repos: + - file: rdo-qemu-ev + name: rdo-qemu-ev + description: "RDO CentOS-7 - QEMU EV" + baseurl: "{{ openstack_hosts_centos_mirror_url | default('http://mirror.centos.org') }}/centos/7/virt/x86_64/kvm-common/" + gpgcheck: yes + enabled: yes + - file: rdo-release + name: openstack-ocata + description: "OpenStack Pike Repository" + baseurl: "{{ openstack_hosts_centos_mirror_url | default('http://mirror.centos.org') }}/centos/7/cloud/$basearch/openstack-pike/" + gpgcheck: yes + enabled: yes + +pip_install_repo_priorities: + - name: base + priority: 50 + - name: epel + priority: 99 + - name: extras + priority: 50 + - name: openstack-pike + priority: 50 + - name: rdo-qemu-ev + priority: 50 + - name: updates + priority: 50