Add EPEL repo for distro-based installs

python3-cinder is dependent on python3-zstd which requires to have libzstd(x86-64) >= 1.5.5 present. Older python3-zstd can be installed from EPEL, but this needs EPEL repo to be present on the host. As we are adding code for handling extra repos for Cinder - I made it more universal, to handle not only EPEL, but any arbitrary repo in more clear way. This might be helpful as well in case of adding some 3rd party storage requirements. Change-Id: I3039e84740da9c3684293b8e76792659136abf79
2025-04-14 19:08:10 +02:00
parent d1f662225d
commit 84dda235b1
5 changed files with 142 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -486,6 +486,14 @@ cinder_pki_install_certificates:
    group: "{{ cinder_system_user_name }}"
    mode: "0600"

+# EPEL repo for EL distro path
+cinder_centos_epel_key: >-
+  {{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_facts['distribution_major_version']) }}
+cinder_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}"
+
+cinder_extra_gpg_keys: "{{ _cinder_extra_gpg_keys }}"
+cinder_extra_repos: "{{ _cinder_extra_repos }}"
+
 # Define user-provided SSL certificates
 # cinder_user_ssl_cert: <path to cert on ansible deployment host>
 # cinder_user_ssl_key: <path to cert on ansible deployment host>
--- a/tasks/cinder_install.yml
+++ b/tasks/cinder_install.yml
@@ -26,6 +26,11 @@
    filter: ansible_local
    gather_subset: "!all"

+- name: Include cinder_install_distro tasks
+  ansible.builtin.include_tasks: cinder_install_distro.yml
+  when:
+    - cinder_extra_repos or cinder_extra_gpg_keys
+
 - name: Install distro packages
  ansible.builtin.package:
    name: "{{ cinder_package_list }}"
--- a/tasks/cinder_install_distro.yml
+++ b/tasks/cinder_install_distro.yml
@@ -0,0 +1,109 @@
+---
+# Copyright 2025, Cleura AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Add repository for EL
+  when:
+    - ansible_facts['os_family'] | lower == 'redhat'
+  block:
+    - name: Download EPEL gpg keys
+      ansible.builtin.get_url:
+        url: "{{ item.url }}"
+        dest: "{{ item.key }}"
+        mode: "0640"
+      with_items: "{{ cinder_extra_gpg_keys | selectattr('url', 'defined') }}"
+      register: _get_yum_keys
+      until: _get_yum_keys is success
+      retries: 5
+      delay: 2
+
+    - name: Copy EPEL gpg keyfile to the key location
+      ansible.builtin.copy:
+        src: "{{ item.src }}"
+        dest: "{{ item.key }}"
+        mode: "0640"
+      with_items: "{{ cinder_extra_gpg_keys | selectattr('src', 'defined') }}"
+
+    - name: Install EPEL gpg keys
+      ansible.builtin.rpm_key:
+        key: "{{ key['key'] }}"
+        fingerprint: "{{ key['fingerprint'] | default(omit) }}"
+        state: "{{ key['state'] | default('present') }}"
+      with_items: "{{ cinder_extra_gpg_keys }}"
+      loop_control:
+        loop_var: key
+      register: _add_ceph_keys
+      until: _add_ceph_keys is success
+      retries: 5
+      delay: 2
+
+    - name: Install required repositories
+      ansible.builtin.yum_repository:
+        baseurl: "{{ item.baseurl }}"
+        description: "{{ item.description | default(omit) }}"
+        enabled: "{{ item.enabled | default(True) }}"
+        file: "{{ item.file | default(omit) }}"
+        includepkgs: "{{ item.includepkgs | default(omit) }}"
+        gpgcheck: "{{ item.gpgcheck | default(omit) }}"
+        gpgkey: "{{ item.gpgkey | default(omit) }}"
+        name: "{{ item.name }}"
+        priority: "{{ item.priority | default(omit) }}"
+        state: "{{ item.state | default('present') }}"
+      with_items: "{{ cinder_extra_repos }}"
+      register: install_repo
+      until: install_repo  is success
+      retries: 5
+      delay: 2
+
+- name: Add repository for Debian/Ubuntu
+  when:
+    - ansible_facts['os_family'] | lower == 'debian'
+  block:
+    - name: Manage apt repositories
+      ansible.builtin.deb822_repository:
+        allow_downgrade_to_insecure: "{{ item.allow_downgrade_to_insecure | default(omit) }}"
+        allow_insecure: "{{ item.allow_insecure | default(omit) }}"
+        allow_weak: "{{ item.allow_weak | default(omit) }}"
+        architectures: "{{ item.architectures | default(omit) }}"
+        by_hash: "{{ item.by_hash | default(omit) }}"
+        check_date: "{{ item.check_date | default(omit) }}"
+        check_valid_until: "{{ item.check_valid_until | default(omit) }}"
+        components: "{{ item.components | default(omit) }}"
+        date_max_future: "{{ item.date_max_future | default(omit) }}"
+        enabled: "{{ item.enabled | default(omit) }}"
+        inrelease_path: "{{ item.inrelease_path | default(omit) }}"
+        languages: "{{ item.languages | default(omit) }}"
+        mode: "{{ item.mode | default(omit) }}"
+        name: "{{ item.name }}"
+        pdiffs: "{{ item.pdiffs | default(omit) }}"
+        signed_by: "{{ item.signed_by | default(omit) }}"
+        state: "{{ item.state | default(omit) }}"
+        suites: "{{ item.suites | default(omit) }}"
+        targets: "{{ item.targets | default(omit) }}"
+        trusted: "{{ item.trusted | default(omit) }}"
+        types: "{{ item.types | default(omit) }}"
+        uris: "{{ item.uris | default(omit) }}"
+      with_items: "{{ cinder_extra_repos }}"
+      register: _manage_apt_repositories
+
+    - name: Update Apt cache # noqa: no-handler
+      ansible.builtin.apt:
+        update_cache: true
+      when:
+        - _manage_apt_repositories is changed
+      register: _update_apt_cache
+      until: _update_apt_cache  is success
+      changed_when: false
+      retries: 5
+      delay: 2
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -64,3 +64,6 @@ cinder_backup_distro_packages:
  - open-iscsi
  - nfs-common
  - rpcbind
+
+_cinder_extra_gpg_keys: []
+_cinder_extra_repos: []
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -59,3 +59,20 @@ cinder_backup_distro_packages:
  - iscsi-initiator-utils
  - nfs-utils
  - rpcbind
+
+_cinder_epel_gpg:
+  - key: "/etc/pki/rpm-gpg/{{ cinder_centos_epel_key | basename }}"
+    url: "{{ cinder_centos_epel_key }}"
+
+_cinder_epel_repo:
+  - name: cinder-epel
+    baseurl: "{{ cinder_centos_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ '/Everything/' ~ ansible_facts['architecture'] }}"
+    description: "Extra Packages for Enterprise Linux {{ ansible_facts['distribution_major_version'] }} - $basearch"
+    gpgcheck: true
+    gpgkey: "file:///etc/pki/rpm-gpg/{{ cinder_centos_epel_key.split('/')[-1] }}"
+    enabled: true
+    includepkgs:
+      - python3-zstd
+
+_cinder_extra_gpg_keys: "{{ (cinder_install_method == 'distro') | ternary(_cinder_epel_gpg, []) }}"
+_cinder_extra_repos: "{{ (cinder_install_method == 'distro') | ternary(_cinder_epel_repo, []) }}"