# SPDX-FileCopyrightText: 2021 Intel Corporation. # # SPDX-License-Identifier: Apache-2.0 --- - name: enable PowerTools repository on CentOS >= 8 and < 8.3 # noqa 303 - yum is called intenionallly here command: yum config-manager --set-enabled PowerTools when: - ansible_distribution == "CentOS" - ansible_distribution_version >= '8' and ansible_distribution_version < '8.3' - name: enable powertools repository on CentOS >= 8.3 # noqa 303 - yum is called intenionallly here command: yum config-manager --set-enabled powertools when: - ansible_distribution == "CentOS" - ansible_distribution_version >= '8.3' - name: enable CodeReady Linux Builder repository on RHEL 8 rhsm_repository: name: codeready-builder-for-rhel-8-x86_64-rpms when: - ansible_distribution == "RedHat" - ansible_distribution_version >= '8' - name: install epel-release on CentOS package: name: epel-release when: - ansible_distribution == "CentOS" - name: obtain EPEL GPG key on RHEL8 rpm_key: state: present key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 when: - ansible_distribution == "RedHat" - ansible_distribution_version >= '8' - name: install epel-release on RHEL8 package: name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm when: - ansible_distribution == "RedHat" - ansible_distribution_version >= '8' - name: get full distribution versions command: cat /etc/redhat-release register: release changed_when: true - name: set full distribution version set_fact: full_dist_version: "{{ release.stdout | regex_replace('.*(\\d+.\\d+.\\d\\d\\d\\d).*', '\\1') }}" - name: update CentOS Vault yum repository on CentOS 7 yum_repository: name: C{{ full_dist_version }}-base description: CentOS-{{ full_dist_version }} - Base file: CentOS-Vault baseurl: http://vault.centos.org/{{ full_dist_version }}/os/$basearch/ gpgcheck: yes gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-{{ ansible_distribution_major_version }} enabled: yes when: - ansible_distribution == "CentOS" - ansible_distribution_version < '7.9' - not update_kernel #- name: update CentOS Vault yum repository on CentOS 8 # yum_repository: # name: C{{ full_dist_version }}-base # description: CentOS-{{ full_dist_version }} - Base # file: CentOS-Vault # baseurl: http://vault.centos.org/{{ full_dist_version }}/BaseOS/$basearch/os/ # baseurl: http://vault.centos.org/{{ full_dist_version }}/BaseOS/Source/ # gpgcheck: yes # gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial # enabled: yes # when: # - ansible_distribution == "CentOS" # - ansible_distribution_version >= '8' and ansible_distribution_version < '8.3' # - not update_kernel # CentOS-Vault repo not working for CentOS 8, so install kernel headers directly - name: pull matching kernel headers on CentOS 8.2 package: name: "{{ item }}" state: present retries: 5 delay: 10 register: source_status until: source_status is not failed with_items: - "https://vault.centos.org/8.2.2004/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-193.el8.x86_64.rpm" - "https://vault.centos.org/8.2.2004/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-193.el8.x86_64.rpm" when: - ansible_distribution == "CentOS" - ansible_distribution_version == '8.2' - not update_kernel - name: pull matching kernel headers on CentOS 8.3 package: name: "{{ item }}" state: present register: source_status with_items: - "https://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-240.el8.x86_64.rpm" - "https://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-240.el8.x86_64.rpm" when: - ansible_distribution == "CentOS" - ansible_distribution_version == '8.3' - not update_kernel - name: pull matching kernel headers on CentOS 8.4 package: name: "{{ item }}" state: present register: source_status with_items: - "http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-305.3.1.el8.x86_64.rpm" - "http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-305.3.1.el8.x86_64.rpm" # - "https://vault.centos.org/8.4.2105/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-305.el8.x86_64.rpm" # - "https://vault.centos.org/8.4.2105/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-305.el8.x86_64.rpm" when: - ansible_distribution == "CentOS" - ansible_distribution_version == '8.4' - not update_kernel # pull the matching kernel headers if kernel is not updated - name: pull matching kernel headers from configured repos # noqa 503 - more than one condition, can't be a handler package: name: - kernel-headers-{{ ansible_kernel }} - kernel-devel-{{ ansible_kernel }} register: kernel_source retries: 3 until: kernel_source is success when: - not source_status.changed - ansible_os_family == "RedHat" - not update_kernel - name: install the 'Development tools' package group package: name: "@Development tools" when: - ansible_os_family == "RedHat" - name: install pip package: name: python-pip when: - ansible_distribution in ["RedHat", "CentOS"] - ansible_distribution_version < '8' - name: install pip package: name: python3-pip when: - ansible_distribution in ["RedHat", "CentOS"] - ansible_distribution_version >= '8' - name: update all packages package: name: '*' state: latest # noqa 403 exclude: kernel* when: - ansible_os_family == "RedHat" - update_all_packages | default(false) - name: update to the latest kernel and kernel headers on the Red Hat OS family package: name: - kernel - kernel-devel state: latest # noqa 403 notify: - reboot server when: - ansible_os_family == "RedHat" - update_kernel | default(false) #note(przemeklal): fixes issue with missing selinux in packet.net CentOS 7 images - name: ensure selinux is installed on CentOS/RHEL 7 package: name: - policycoreutils - policycoreutils-python - selinux-policy - selinux-policy-targeted - libselinux-utils - setools - setools-console - shtool - lshw state: present when: - ansible_distribution in ["RedHat", "CentOS"] - ansible_distribution_version < '8' # Workaround for Equinix Metal CentOS 7 - name: set selinux to permissive lineinfile: path: "/etc/sysconfig/selinux" regexp: '^SELINUX=enforcing' line: 'SELINUX=permissive' when: - ansible_distribution in ["RedHat", "CentOS"] - ansible_distribution_version < '8' - name: set python is python3 alternatives: name: python path: /usr/bin/python3 link: /usr/bin/python when: - ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - ansible_distribution_version >= '8' - name: install command line tools to collect hardware details package: name: - hwinfo - inxi - jq state: present when: ansible_distribution in ["RedHat", "CentOS"] - name: Add kubic yum repo and install updated version of podman block: - name: disable container-tools module # noqa 305 - shell is used intentionally here shell: dnf -y module disable container-tools - name: enable rhcontainerbot/container-selinux repository # noqa 305 - shell is used intentionally here shell: dnf -y copr enable rhcontainerbot/container-selinux - name: Add kubic yum repo yum_repository: name: devel_kubic_libcontainers_stable description: Stable Releases of Upstream github.com/containers packages (CentOS_$releasever) baseurl: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_$releasever/ gpgcheck: yes gpgkey: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_$releasever/repodata/repomd.xml.key keepcache: '0' - name: install runc dnf: name: runc state: present - name: install podman package package: name: podman state: present when: - ansible_os_family == "RedHat" and ansible_distribution_version >= '8.2' - '"docker" not in container_runtime' # SELINUX will be disabled later stage so, these packages are required when container_runtime is docker - name: install packages in RHEL >= 8.4 when container_runtime is docker dnf: name: - bridge-utils - lsof - lvm2 - tcpdump - iproute-tc - openssh-server - chrony - iputils when: - ansible_distribution == "RedHat" and ansible_distribution_version >= '8.4' - container_runtime == "docker" # Workaround - Set pip to a version that supports correct version of packages needed - name: use the correct pip version for CentOS 7 pip: name: - pip==9.0.3 when: - ansible_distribution == "CentOS" - ansible_distribution_version < '7.9' - name: Install pip3 required by dpdk yum: name: python3-pip state: latest when: - ansible_distribution == "CentOS" - ansible_distribution_version < '7.9'