INFRA-130: Improve yumrepo role

Metadata

Source
INFRA-130
Type
Task
Priority
Major
Status
Closed
Resolution
Done
Assignee
Giovanni Tirloni
Reporter
Giovanni Tirloni
Created
2018-03-05T08:52:45.994-0500
Updated
2018-03-28T14:15:21.566-0400
Versions
N/A
Fixed Versions
N/A
Component
N/A

Description

The yumrepo role was used in the past to specify a definitive list of Yum repositories. It was retired because it was cumbersome to keep track of official repositories and it didn't provide much value at the time.

With the introduction of private Mirrors (see INFRA-123), it makes sense to use it again. The only downside is that it's not very idempotent and some work needs to be done to improve that. Ideally, the role should remove everything that is not specified in host_vars/group_vars.

It also needs to be tested with Molecule and pass basic tests.

Comments

  • Giovanni Tirloni commented 2018-03-05T14:07:14.633-0500

    So I ended up not resurrecting the yumrepo role but instead changed the common role to accept a list of yum repositories (and the ability to enforce that only those exist).

    The yumrepo role had a mapping of all the parameters accepted by the yum_repository module. This was fragile and hard to maintain (no way to know when changes should be made to keep in sync besides look every other while).

    The common role only accepts name, baseurl, gpgcheck, gpgkey and exclude parameters. Those are the only parameters in use by IDRC servers at the moment. If a new parameter needs to be accepted, the common role`s tasks/main.yml file can be changed to accommodate that and we avoid overengineering.

    I've elected the following repositories as being global/basic for our infrastructure: CentOS-Base, CentOS-Updates, CentOS-Extras, EPEL and our own IDI repo. If a host or group needs to modify this list, it should be completely redefined (that is, include all these repos plus the additional ones) in the appropriate host_vars/group_vars file. Unfortunately, Ansible throws a "loop detected" error if you try to re-use the common_yum_repositories variables to specialize it in a host_vars/group_vars file so we're left with duplicated code (but that should be rare). I've left out the Prometheus repo even though it could be considered one of the basic repos because there's some automation work left to do on it (actually, a lot).

    The repo definitions can be found here: https://github.com/inclusive-design/ops/commit/20b592962afe3bac66b46c166889f7db3c8c6601

    I'll work on applying the common role to all servers and making sure the repositories are defined correctly for each subset now.

  • Giovanni Tirloni commented 2018-03-28T14:15:21.564-0400

    Configuration applied to all hosts.