From e0dec91689aaa867d407f02264dced5677d84f84 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 22 Dec 2021 18:08:42 +0000 Subject: [PATCH] Disable EPEL by default EPEL is no longer required for a default installation. Let's disable it. Also clean up the install_epel variable from Kolla Ansible globals.yml template, since it never existed. Story: 2009757 Task: 44227 Change-Id: I96eb4685f997e85ad2ee5318640d58d0287a016d --- ansible/group_vars/all/dnf | 4 ++-- ansible/roles/dnf/defaults/main.yml | 2 +- ansible/roles/kolla-ansible/defaults/main.yml | 2 +- .../kolla-ansible/templates/kolla/globals.yml | 2 -- ansible/roles/kolla/defaults/main.yml | 2 +- doc/source/configuration/reference/hosts.rst | 15 +++++++++++---- etc/kayobe/dnf.yml | 2 +- .../overrides.yml.j2 | 2 ++ .../notes/disable-epel-cef798b3708840d0.yaml | 9 +++++++++ roles/kayobe-ci-prep/tasks/main.yml | 6 +++--- 10 files changed, 31 insertions(+), 15 deletions(-) create mode 100644 releasenotes/notes/disable-epel-cef798b3708840d0.yaml diff --git a/ansible/group_vars/all/dnf b/ansible/group_vars/all/dnf index 31145f1a4..cea135a14 100644 --- a/ansible/group_vars/all/dnf +++ b/ansible/group_vars/all/dnf @@ -33,8 +33,8 @@ dnf_epel_mirror_directory: 'pub/epel' dnf_custom_repos: {} # Whether to install the epel-release package. This affects RedHat-based -# systems only. Default value is 'true'. -dnf_install_epel: true +# systems only. Default value is 'false'. +dnf_install_epel: false ############################################################################### # DNF Automatic configuration. diff --git a/ansible/roles/dnf/defaults/main.yml b/ansible/roles/dnf/defaults/main.yml index aee355b51..99c075d31 100644 --- a/ansible/roles/dnf/defaults/main.yml +++ b/ansible/roles/dnf/defaults/main.yml @@ -32,4 +32,4 @@ dnf_epel_mirror_directory: 'pub/epel' dnf_custom_repos: {} # Whether to install the epel-release package. -dnf_install_epel: true +dnf_install_epel: false diff --git a/ansible/roles/kolla-ansible/defaults/main.yml b/ansible/roles/kolla-ansible/defaults/main.yml index 0ef793f5b..b5fb4933b 100644 --- a/ansible/roles/kolla-ansible/defaults/main.yml +++ b/ansible/roles/kolla-ansible/defaults/main.yml @@ -30,7 +30,7 @@ kolla_ansible_target_venv: kolla_upper_constraints_file: # Whether to install the epel-release package. -kolla_ansible_install_epel: true +kolla_ansible_install_epel: false # Password to use to encrypt the passwords.yml file. kolla_ansible_vault_password: diff --git a/ansible/roles/kolla-ansible/templates/kolla/globals.yml b/ansible/roles/kolla-ansible/templates/kolla/globals.yml index f5c201ab8..b72f9cbae 100644 --- a/ansible/roles/kolla-ansible/templates/kolla/globals.yml +++ b/ansible/roles/kolla-ansible/templates/kolla/globals.yml @@ -527,8 +527,6 @@ grafana_admin_username: "{{ grafana_local_admin_user_name }}" selinux_state: {{ kolla_selinux_state }} {% endif %} -install_epel: {{ kolla_ansible_install_epel | bool }} - {% if kolla_enable_host_ntp is not none %} enable_host_ntp: {{ kolla_enable_host_ntp | bool }} {% endif %} diff --git a/ansible/roles/kolla/defaults/main.yml b/ansible/roles/kolla/defaults/main.yml index f0ca0c57e..6cee31ba5 100644 --- a/ansible/roles/kolla/defaults/main.yml +++ b/ansible/roles/kolla/defaults/main.yml @@ -20,7 +20,7 @@ kolla_venv: "{{ ansible_facts.env['PWD'] }}/kolla-venv" kolla_upper_constraints_file: # Whether to install the epel-release package. -kolla_install_epel: true +kolla_install_epel: false # Directory where Kolla config files will be installed. kolla_build_config_path: diff --git a/doc/source/configuration/reference/hosts.rst b/doc/source/configuration/reference/hosts.rst index 9f42e12c9..547a43225 100644 --- a/doc/source/configuration/reference/hosts.rst +++ b/doc/source/configuration/reference/hosts.rst @@ -276,11 +276,18 @@ For example, the following configuration defines a single DNF repository called gpgkey: http://example.com/gpgkey gpgcheck: yes -Disabling EPEL --------------- +Enabling or disabling EPEL +-------------------------- -It is possible to disable the EPEL DNF repository by setting -``dnf_install_epel`` to ``false``. +Prior to the Yoga release, the EPEL DNF repository was enabled by default +(``dnf_install_epel: true``). Since Yoga, it is disabled by default +(``dnf_install_epel: false``). + +Previously, EPEL was required to install some packages such as ``python-pip``, +however this is no longer the case. + +It is possible to enable or disable the EPEL DNF repository by setting +``dnf_install_epel`` to ``true`` or ``false`` respectively. DNF Automatic ------------- diff --git a/etc/kayobe/dnf.yml b/etc/kayobe/dnf.yml index cf09b86fd..1af08f622 100644 --- a/etc/kayobe/dnf.yml +++ b/etc/kayobe/dnf.yml @@ -38,7 +38,7 @@ #dnf_custom_repos: # Whether to install the epel-release package. This affects RedHat-based -# systems only. Default value is 'true'. +# systems only. Default value is 'false'. #dnf_install_epel: ############################################################################### diff --git a/playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2 b/playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2 index 881d74938..e544e89bc 100644 --- a/playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2 +++ b/playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2 @@ -124,6 +124,8 @@ dnf_custom_repos: baseurl: http://packages.treasuredata.com/4/redhat/$releasever/$basearch gpgkey: https://packages.treasuredata.com/GPG-KEY-td-agent gpgcheck: yes +# Install EPEL local mirror. +dnf_install_epel: true # Enable DNF Automatic. dnf_automatic_enabled: true {% endif %} diff --git a/releasenotes/notes/disable-epel-cef798b3708840d0.yaml b/releasenotes/notes/disable-epel-cef798b3708840d0.yaml new file mode 100644 index 000000000..8c5dda401 --- /dev/null +++ b/releasenotes/notes/disable-epel-cef798b3708840d0.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + The default value of ``dnf_install_epel`` has been changed to ``false``. + This means that the EPEL DNF repository is no longer installed by default. + Neither existing EPEL repositories nor the ``epel-release`` package will be + removed. If necessary, EPEL may be enabled by setting ``dnf_install_epel`` + to ``true`` in ``dnf.yml``. See `story 2009757 + `__ for details. diff --git a/roles/kayobe-ci-prep/tasks/main.yml b/roles/kayobe-ci-prep/tasks/main.yml index c2cb2af14..c90741b7a 100644 --- a/roles/kayobe-ci-prep/tasks/main.yml +++ b/roles/kayobe-ci-prep/tasks/main.yml @@ -8,14 +8,14 @@ - block: # NOTE(mgoddard): The CentOS image used in CI has epel-release installed, - # but the configure-mirrors role used by Zuul disables epel. Since we - # install epel-release and expect epel to be enabled, enable it here. + # but the configure-mirrors role used by Zuul disables epel. We no longer + # install EPEL by default, but let's just be sure it's disabled. - name: Ensure dnf-plugins-core is installed package: name: dnf-plugins-core state: present - name: Enable the EPEL repository - command: dnf config-manager --enable epel + command: dnf config-manager --disable epel when: ansible_os_family == 'RedHat' become: true