1 # SPDX-FileCopyrightText: 2021 Intel Corporation.
3 # SPDX-License-Identifier: Apache-2.0
6 - name: enable PowerTools repository on CentOS >= 8 and < 8.3
7 # noqa 303 - yum is called intenionallly here
8 command: yum config-manager --set-enabled PowerTools
10 - ansible_distribution == "CentOS"
11 - ansible_distribution_version >= '8' and ansible_distribution_version < '8.3'
13 - name: enable PowerTools repository on CentOS >= 8.3
14 # noqa 303 - yum is called intenionallly here
15 command: yum config-manager --set-enabled powertools
17 - ansible_distribution == "CentOS"
18 - ansible_distribution_version >= '8.3'
20 - name: enable CodeReady Linux Builder repository on RHEL 8
22 name: codeready-builder-for-rhel-8-x86_64-rpms
24 - ansible_distribution == "RedHat"
25 - ansible_distribution_version >= '8'
27 - name: install epel-release on CentOS
31 - ansible_distribution == "CentOS"
33 - name: obtain EPEL GPG key on RHEL8
36 key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
38 - ansible_distribution == "RedHat"
39 - ansible_distribution_version >= '8'
41 - name: install epel-release on RHEL8
43 name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
45 - ansible_distribution == "RedHat"
46 - ansible_distribution_version >= '8'
48 - name: get full distribution versions
49 command: cat /etc/redhat-release
53 - name: set full distribution version
55 full_dist_version: "{{ release.stdout | regex_replace('.*(\\d+.\\d+.\\d\\d\\d\\d).*', '\\1') }}"
57 - name: update CentOS Vault yum repository on CentOS 7
59 name: C{{ full_dist_version }}-base
60 description: CentOS-{{ full_dist_version }} - Base
62 baseurl: http://vault.centos.org/{{ full_dist_version }}/os/$basearch/
64 gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-{{ ansible_distribution_major_version }}
67 - ansible_distribution == "CentOS"
68 - ansible_distribution_version < '7.9'
71 #- name: update CentOS Vault yum repository on CentOS 8
73 # name: C{{ full_dist_version }}-base
74 # description: CentOS-{{ full_dist_version }} - Base
76 # baseurl: http://vault.centos.org/{{ full_dist_version }}/BaseOS/$basearch/os/
77 # baseurl: http://vault.centos.org/{{ full_dist_version }}/BaseOS/Source/
79 # gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
82 # - ansible_distribution == "CentOS"
83 # - ansible_distribution_version >= '8' and ansible_distribution_version < '8.3'
86 # CentOS-Vault repo not working for CentOS 8, so install kernel headers directly
87 - name: pull matching kernel headers on CentOS 8.2
91 register: source_status
93 - "https://vault.centos.org/8.2.2004/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-193.el8.x86_64.rpm"
94 - "https://vault.centos.org/8.2.2004/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-193.el8.x86_64.rpm"
96 - ansible_distribution == "CentOS"
97 - ansible_distribution_version == '8.2'
100 - name: pull matching kernel headers on CentOS 8.3
104 register: source_status
106 - "http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-240.el8.x86_64.rpm"
107 - "http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-240.el8.x86_64.rpm"
108 # - "https://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-240.el8.x86_64.rpm"
109 # - "https://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-240.el8.x86_64.rpm"
111 - ansible_distribution == "CentOS"
112 - ansible_distribution_version == '8.3'
115 # pull the matching kernel headers if kernel is not updated
116 - name: pull matching kernel headers from configured repos
117 # noqa 503 - more than one condition, can't be a handler
120 - kernel-headers-{{ ansible_kernel }}
121 - kernel-devel-{{ ansible_kernel }}
122 register: kernel_source
124 until: kernel_source is success
126 - not source_status.changed
127 - ansible_os_family == "RedHat"
130 - name: install the 'Development tools' package group
132 name: "@Development tools"
134 - ansible_os_family == "RedHat"
140 - ansible_distribution in ["RedHat", "CentOS"]
141 - ansible_distribution_version < '8'
147 - ansible_distribution in ["RedHat", "CentOS"]
148 - ansible_distribution_version >= '8'
150 - name: update all packages
153 state: latest # noqa 403
156 - ansible_os_family == "RedHat"
157 - update_all_packages | default(false)
159 - name: update to the latest kernel and kernel headers on the Red Hat OS family
164 state: latest # noqa 403
168 - ansible_os_family == "RedHat"
169 - update_kernel | default(false)
171 #note(przemeklal): fixes issue with missing selinux in packet.net CentOS 7 images
172 - name: ensure selinux is installed on CentOS/RHEL 7
176 - policycoreutils-python
178 - selinux-policy-targeted
186 - ansible_distribution in ["RedHat", "CentOS"]
187 - ansible_distribution_version < '8'
189 # Workaround for Equinix Metal CentOS 7
190 - name: set selinux to permissive
192 path: "/etc/sysconfig/selinux"
193 regexp: '^SELINUX=enforcing'
194 line: 'SELINUX=permissive'
196 - ansible_distribution in ["RedHat", "CentOS"]
197 - ansible_distribution_version < '8'
199 - name: Set python is python3
202 path: /usr/bin/python3
203 link: /usr/bin/python
205 - ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
206 - ansible_distribution_version >= '8'
208 - name: install command line tools to collect hardware details
215 when: ansible_distribution in ["RedHat", "CentOS"]
217 - name: use the correct pip version for CentOS 7
222 - ansible_distribution == "CentOS"
223 - ansible_distribution_version < '7.9'