From cfc8423bfd5ad5869da4156768bc66f8c6fb77a2 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Wed, 7 Nov 2018 13:45:40 +0100 Subject: [PATCH] Ensure that RedHat/SUSE only use a distro install Previously the 'distro' install method was implemented as the default for CentOS and SUSE, however, some remnants were left behind, making the configuration confusing and causing some issues due to the gpg verification on RedHat trying to use the RabbitMQ gpg check. Rather than try and keep the many confusing installation methods for these distributions, we simply remove the other options and all the config entries related to it. As part of this, we need to clean up the functional tests which previously implemented checks based on the 'file' install type which is no longer used by any distribution. Change-Id: I28199ce149f6893d688d11177ec950b17dbf0886 --- defaults/main.yml | 10 +-- tasks/install_yum.yml | 118 +---------------------------- tasks/install_zypper.yml | 47 +----------- tests/test-rabbitmq-functional.yml | 32 -------- vars/redhat.yml | 33 -------- vars/suse.yml | 14 ---- 6 files changed, 11 insertions(+), 243 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 1b39a5ed..7deb8d1a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -51,19 +51,19 @@ rabbitmq_release_version: "{{ _rabbitmq_release_version }}" rabbitmq_package_sha256: "{{ _rabbitmq_package_sha256 }}" rabbitmq_package_path: "{{ _rabbitmq_package_path }}" -rabbitmq_gpg_keys: "{{ _rabbitmq_gpg_keys }}" +rabbitmq_gpg_keys: "{{ _rabbitmq_gpg_keys | default([]) }}" # Set the URL for the RabbitMQ repository -rabbitmq_repo_url: "{{ _rabbitmq_repo_url }}" +rabbitmq_repo_url: "{{ _rabbitmq_repo_url | default(null) }}" # Set the repo information for the RabbitMQ repository -rabbitmq_repo: "{{ _rabbitmq_repo }}" +rabbitmq_repo: "{{ _rabbitmq_repo | default({}) }}" # Set the URL for the Erlang repository -rabbitmq_erlang_repo_url: "{{ _rabbitmq_erlang_repo_url }}" +rabbitmq_erlang_repo_url: "{{ _rabbitmq_erlang_repo_url | default(null) }}" # Set the repo information for the Erlang repository -rabbitmq_erlang_repo: "{{ _rabbitmq_erlang_repo }}" +rabbitmq_erlang_repo: "{{ _rabbitmq_erlang_repo | default({}) }}" # Set the elang version used on the deployment rabbitmq_erlang_version_spec: "{{ _rabbitmq_erlang_version_spec | default(null) }}" diff --git a/tasks/install_yum.yml b/tasks/install_yum.yml index 4204fb25..83974a48 100644 --- a/tasks/install_yum.yml +++ b/tasks/install_yum.yml @@ -13,121 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -- block: - - name: Add rabbitmq gpg-keys - rpm_key: - state: present - key: "{{ item.keyserver }}/{{ item.key_name }}" - register: add_keys - until: add_keys is success - retries: 5 - delay: 2 - with_items: "{{ rabbitmq_gpg_keys }}" - tags: - - rabbitmq-gpg-keys - - rescue: - - name: Add rabbitmq gpg-keys using fallback keyserver - rpm_key: - state: present - key: "{{ item.fallback_keyserver }}/{{ item.key_name }}" - register: add_keys_fallback - until: add_keys_fallback is success - retries: 5 - delay: 2 - with_items: "{{ rabbitmq_gpg_keys }}" - when: - - item.fallback_keyserver is defined - tags: - - rabbitmq-gpg-keys - +- name: Fail if installation method is not 'distro' + fail: + msg: "The only supported rabbitmq_install_method for RedHat is 'distro'." when: rabbitmq_install_method != 'distro' -- name: Install RabbitMQ yum mirror - yum_repository: - name: "{{ rabbitmq_repo.name }}" - file: "{{ rabbitmq_repo.filename | default(omit) }}" - description: "{{ rabbitmq_repo.description | default(omit) }}" - baseurl: "{{ rabbitmq_repo.baseurl }}" - repo_gpgcheck: "{{ rabbitmq_repo.repo_gpgcheck | default(omit) }}" - gpgcheck: "{{ rabbitmq_repo.gpgcheck | default(omit) }}" - state: "{{ rabbitmq_repo.state }}" - gpgkey: "{{ rabbitmq_repo.gpgkey | default(omit) }}" - sslverify: "{{ rabbitmq_repo.sslverify | default(omit) }}" - sslcacert: "{{ rabbitmq_repo.sslcacert | default(omit) }}" - when: - - rabbitmq_install_method == 'external_repo' - tags: - - rabbitmq-repos - -- name: Install erlang yum mirror - yum_repository: - name: "{{ rabbitmq_erlang_repo.name }}" - file: "{{ rabbitmq_erlang_repo.filename | default(omit) }}" - description: "{{ rabbitmq_erlang_repo.description | default(omit) }}" - baseurl: "{{ rabbitmq_erlang_repo.baseurl }}" - repo_gpgcheck: "{{ rabbitmq_erlang_repo.repo_gpgcheck | default(omit) }}" - gpgcheck: "{{ rabbitmq_erlang_repo.gpgcheck | default(omit) }}" - state: "{{ rabbitmq_erlang_repo.state }}" - gpgkey: "{{ rabbitmq_erlang_repo.gpgkey | default(omit) }}" - sslverify: "{{ rabbitmq_erlang_repo.sslverify | default(omit) }}" - sslcacert: "{{ rabbitmq_erlang_repo.sslcacert | default(omit) }}" - when: - - rabbitmq_install_method == 'external_repo' - tags: - - rabbitmq-repos - -- name: Enable and set erlang repo priority - command: | - yum-config-manager - --enable {{ item.name }} - --setopt="{{ item.name }}.priority={{ item.priority }}" - changed_when: false - when: - - rabbitmq_install_method != 'distro' - with_items: - - name: "{{ rabbitmq_repo.name }}" - priority: 40 - - name: "{{ rabbitmq_erlang_repo.name }}" - priority: 40 - tags: - - rabbitmq-repos - -- name: Install yum versionlock plugin - package: - name: "yum-plugin-versionlock" - state: "{{ rabbitmq_package_state }}" - tags: - - rabbitmq-yum-packages - -- name: Gather a list of the currently locked versions - command: yum versionlock list - args: - warn: no - register: yum_versionlock_list - tags: - - rabbitmq-yum-packages - -- name: Lock package versions - shell: | - yum versionlock delete {{ item.pkg_name }} - yum versionlock add {{ item.pkg_spec }} - args: - warn: no - when: - - item.pkg_spec not in yum_versionlock_list.stdout - with_items: - - pkg_name: 'erlang' - pkg_spec: "{{ rabbitmq_erlang_version_spec }}" - - pkg_name: 'rabbitmq-server' - pkg_spec: "rabbitmq-server-{{ rabbitmq_release_version }}*" - tags: - - rabbitmq-yum-packages - -# NOTE(mhayden): With the version locks applied, this step will install -# the correct version of RabbitMQ along with the correct version of the -# all-in-one erlang package. Also, the version of dnf that comes with CentOS -# 7 doesn't have version lock support, so we must use yum here. - name: Install RabbitMQ packages yum: name: "{{ rabbitmq_distro_packages }}" @@ -149,7 +39,7 @@ # rabbitmq_install_method == 'distro'. However, the upstream package # does not contain a systemd file and as such we need to provide one. # This should be reverted once https://github.com/rabbitmq/rabbitmq-server-release/pull/31 - # is merged and new builds of rabbimq-server are available. + # is merged and new builds of rabbitmq-server are available. tags: - rabbitmq-config diff --git a/tasks/install_zypper.yml b/tasks/install_zypper.yml index 81869668..65f050dc 100644 --- a/tasks/install_zypper.yml +++ b/tasks/install_zypper.yml @@ -13,53 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Fail if installation method is set to 'external_repo' on openSUSE +- name: Fail if installation method is not 'distro' fail: - msg: "rabbitmq_install_method='external_repo' is not supported on openSUSE" - when: rabbitmq_install_method == 'external_repo' - -- block: - - name: Add rabbitmq gpg-keys - rpm_key: - state: present - key: "{{ item.keyserver }}/{{ item.key_name }}" - register: add_keys - until: add_keys is success - retries: 5 - delay: 2 - with_items: "{{ rabbitmq_gpg_keys }}" - tags: - - rabbitmq-gpg-keys - - rescue: - - name: Add rabbitmq gpg-keys using fallback keyserver - rpm_key: - state: present - key: "{{ item.fallback_keyserver }}/{{ item.key_name }}" - register: add_keys_fallback - until: add_keys_fallback is success - retries: 5 - delay: 2 - with_items: "{{ rabbitmq_gpg_keys }}" - when: - - item.fallback_keyserver is defined - tags: - - rabbitmq-gpg-keys + msg: "The only supported rabbitmq_install_method for openSUSE is 'distro'." when: rabbitmq_install_method != 'distro' -# NOTE(hwoarang) For the upgrade job we fetch the old version from upstream and the new one from OBS. zypper gets upset if you -# get the updaded package during an update so you need to pass --force to actually force such a change. However, --force forces a -# re-install independent of repo changes but it's not the end of the world. -- name: Install the RabbitMQ package RPM - zypper: - name: "{{ rabbitmq_package_path }}" - state: "{{ rabbitmq_package_state }}" - register: install_rabbitmq - tags: - - rabbitmq-package-rpm - - rabbitmq-zypper-packages - when: rabbitmq_install_method == 'file' - - block: - name: Install the RabbitMQ package zypper: @@ -76,7 +34,6 @@ tags: - rabbitmq-package-rpm - rabbitmq-zypper-packages - when: rabbitmq_install_method == 'distro' # NOTE(hwoarang) on openSUSE, rabbitmq-server depends on epmd.service which # depends on epmd.socket which runs on localhost. It is just easier to let diff --git a/tests/test-rabbitmq-functional.yml b/tests/test-rabbitmq-functional.yml index 5504b0b2..3d171ef8 100644 --- a/tests/test-rabbitmq-functional.yml +++ b/tests/test-rabbitmq-functional.yml @@ -20,32 +20,6 @@ gather_facts: true become: true tasks: - - - name: Gather variables for each operating system - include_vars: "{{ item }}" - with_first_found: - - "{{ playbook_dir }}/../vars/{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" - - "{{ playbook_dir }}/../vars/{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - - "{{ playbook_dir }}/../vars/{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" - - "{{ playbook_dir }}/../vars/{{ ansible_distribution | lower }}.yml" - - "{{ playbook_dir }}/../vars/{{ ansible_os_family | lower }}.yml" - - - name: Set rabbitmq_package_url - set_fact: - rabbitmq_package_url: "{{ _rabbitmq_package_url }}" - - - name: Set rabbitmq_package_version - set_fact: - rabbitmq_package_version: "{{ _rabbitmq_package_version }}" - - - name: Set rabbitmq_release_version - set_fact: - rabbitmq_release_version: "{{ _rabbitmq_release_version }}" - - - name: Set rabbitmq_install_method - set_fact: - rabbitmq_install_method: "{{ _rabbitmq_install_method }}" - - name: Check rabbitmq is running command: "pgrep -f rabbit" delegate_to: "{{ item }}" @@ -102,12 +76,6 @@ - hostvars['container1']['rabbitmq_ssl_cert_checksum'] == hostvars['container2']['rabbitmq_ssl_cert_checksum'] == hostvars['container3']['rabbitmq_ssl_cert_checksum'] - hostvars['container1']['rabbitmq_ssl_key_checksum'] == hostvars['container2']['rabbitmq_ssl_key_checksum'] == hostvars['container3']['rabbitmq_ssl_key_checksum'] - - name: Ensure expected version of rabbitmq is running - assert: - that: rabbitmqctl_status.stdout | search ("rabbit,\"RabbitMQ\",\"{{ _rabbitmq_release_version }}\"") - when: - - "rabbitmq_install_method == 'file'" - - name: Get the policy list command: rabbitmqctl -q list_policies register: rabbitmq_policies_output diff --git a/vars/redhat.yml b/vars/redhat.yml index a389ee43..ce954866 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -14,39 +14,6 @@ # limitations under the License. _rabbitmq_install_method: distro -_rabbitmq_package_url: "https://packagecloud.io/rabbitmq/rabbitmq-server/packages/el/7/rabbitmq-server-3.7.5-1.el7.noarch.rpm/download.rpm" -_rabbitmq_package_version: "{{ rabbitmq_package_url.split('/')[-2].rsplit('.', 1)[0] }}" -_rabbitmq_release_version: "{{ rabbitmq_package_version.split('-')[2] }}" -_rabbitmq_package_sha256: "1a40596279f901e31d1ebc4f75b1360b603745f3bed79d4260f70a81db565f16" -_rabbitmq_package_path: "/opt/rabbitmq-server.rpm" - -_rabbitmq_gpg_keys: - - key_name: 'rabbitmq-release-signing-key.asc' - keyserver: 'https://www.rabbitmq.com' - - key_name: 'gpgkey' - keyserver: 'https://packagecloud.io/rabbitmq/rabbitmq-server/' - -_rabbitmq_repo_url: "https://packagecloud.io/rabbitmq/rabbitmq-server/el/7/$basearch" -_rabbitmq_repo: - name: rabbitmq_rabbitmq-server - description: "RabbitMQ Server Rolling Repository" - baseurl: "{{ rabbitmq_repo_url }}" - state: "present" - gpgkey: "https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey" - filename: RabbitMQ - # TODO(evrardjp) Move to ssl verify yes - #sslverify: no - #sslcacert: /etc/pki/tls/certs/ca-bundle.crt - -_rabbitmq_erlang_repo_url: "https://dl.bintray.com/rabbitmq/rpm/erlang/20/el/7" -_rabbitmq_erlang_repo: - name: rabbitmq_els-erlang - description: "RabbitMQ Erlang Packages from Bintray" - baseurl: "{{ rabbitmq_erlang_repo_url }}" - state: "present" - filename: els-erlang - -_rabbitmq_erlang_version_spec: "erlang-20.3*" rabbitmq_distro_packages: - openssl diff --git a/vars/suse.yml b/vars/suse.yml index 599a22fb..798d944d 100644 --- a/vars/suse.yml +++ b/vars/suse.yml @@ -15,20 +15,6 @@ _rabbitmq_install_method: distro -# These are all here as alternative ways to get the required packages either by -# installing the package directly or getting it from the CentOS mirror -_rabbitmq_package_url: "https://packagecloud.io/rabbitmq/rabbitmq-server/packages/opensuse/{{ ansible_distribution_major_version }}/rabbitmq-server-3.7.5-1.suse.noarch.rpm/download.rpm" -_rabbitmq_package_version: "{{ rabbitmq_package_url.split('/')[-2].rsplit('.', 1)[0] }}" -_rabbitmq_release_version: "{{ rabbitmq_package_version.split('-')[2] }}" -_rabbitmq_package_sha256: "58a1d5242c84cae1752f149eaf2f4d26d2d886eb5812c8eaf4c985494be2eabb" -_rabbitmq_package_path: "/opt/rabbitmq-server.rpm" - -_rabbitmq_gpg_keys: - - key_name: 'rabbitmq-release-signing-key.asc' - keyserver: 'https://www.rabbitmq.com' - - key_name: 'erlang_solutions.asc' - keyserver: 'https://packages.erlang-solutions.com/ubuntu' - rabbitmq_distro_packages: - rabbitmq-server - rabbitmq-server-plugins