[openstack-dev] [infra] Stop enabling EPEL mirror by default
Ian Wienand
iwienand at redhat.com
Tue Apr 4 20:59:13 UTC 2017
On 04/05/2017 03:02 AM, Paul Belanger wrote:
> Recently we've been running into some issues keeping our EPEL mirror
> properly sync'd. We are working to fix this, however we'd also like
> to do the following:
> Stop enabling EPEL mirror by default
> https://review.openstack.org/#/c/453222/
> For the most part, we enable EPEL for our image build process, this
> to install haveged. However, it is also likely the majority of
> centos-7 projects don't actually need EPEL. I know specifically
> both RDO and TripleO avoid using the EPEL repository because of how
> unstable it is.
I agree this is the step to turn it off in our gate, but I've been
trying to excise this so we move to a white-list method during builds,
which is more complicated. This needs to be done, however, so that
3rd party CI who don't use our mirror scripts don't get EPEL hanging
around from the build too.
I'd appreciate reviews
Firstly, we need to ensure the image build EPEL dependencies we have
are flexible to changes in default status.
* https://review.openstack.org/439294 : don't install ccache
* https://review.openstack.org/439911 : allow "--enablerepo" options
for haveged install
* https://review.openstack.org/439917 : install haveged from EPEL
Then we need a way to install EPEL, but disabled, during image builds
* https://review.openstack.org/439926 : Add flag to disable EPEL
Then stop installing EPEL as part of the puppet install, and switch to
installing it from dib in disabled state
* https://review.openstack.org/453322 : Add epel element (with disabled flag)
* https://review.openstack.org/439248 : Don't install EPEL during puppet
At this point, our base images should be coming up with only
whitelisted EPEL packages (haveged, unless I find anything else I've
missed) and the repo disabled.
-i
p.s. tangential; but related is
* https://review.openstack.org/453325 : use Centos openstack repos, not RDO
This could probably be also moved into DIB as an element, if
we feel strongly about it (or infra-package-needs ... but I wasn't
100% sure that's early enough yet)
More information about the OpenStack-dev
mailing list