Add flag to disable installation of YUM repositories

itential · Jun 24, 2024 · d2d3f7c · d2d3f7c
1 parent cb52501
commit d2d3f7c
Show file tree

Hide file tree

Showing 11 changed files with 42 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -41,8 +41,9 @@
     5. [IAP](#iap)
     6. [IAG](#iag)
 8. [Patching IAP and IAG](#patching-iap-and-iag)
-9. [Running the Deployer in Offline Mode](#running-the-deployer-in-offline-mode)
-10. [Appendix A: Definition of "Highly Available" Dependencies](#appendix-a-definition-of-highly-available-dependencies)
+9. [Using Internal YUM Repositories](#using-internal-yum-repositories)
+10. [Running the Deployer in Offline Mode](#running-the-deployer-in-offline-mode)
+11. [Appendix A: Definition of "Highly Available" Dependencies](#appendix-a-definition-of-highly-available-dependencies)
 
 ## Overview
 
@@ -146,7 +147,7 @@ The Itential Deployer is an Ansible collection. As such, a familiarity with basi
 
 ### Required Public Repositories
 
-In general the Deployer will install packages using the standard YUM/DNF repositories on the target servers.  When packages are not available for the distribution, the Deployer will either install the required repository or download the packages.
+In general the Deployer will install packages using the standard YUM repositories on the target servers.  When packages are not available for the distribution, the Deployer will either install the required repository or download the packages.
 
 | Component | Hostname | Protocol | Notes |
 | :-------- | :------- | :------- | :---- |
@@ -166,6 +167,8 @@ In general the Deployer will install packages using the standard YUM/DNF reposit
 | IAG | www.python.org | https | When installing on Redhat/CentOS 7 |
 | IAG | www.openssl.org | https | When installing on Redhat/CentOS 7 |
 
+If internal YUM repositories are used, refer to the [Using Internal YUM Repositories](#using-internal-yum-repositories) section.
+
 ### Ports and Networking
 
   In a clustered environment where components are installed on more than one host, the following network traffic flows need to be allowed.
@@ -956,6 +959,21 @@ The Deployer supports patching IAP and IAG.  Refer to the following guide for in
 
 [Patch IAG Guide](docs/patch_iag_guide.md)
 
+## Using Internal YUM Repositories
+
+By default the Deployer will install YUM repositories which point to external URLs.  If the customer hosts repositories internally, the Deployer can be configured to skip installing the repositories.
+
+**&#9432; Note:**
+The customer will be reposible for configuring the repo files in `/etc/yum.repos.d`.
+
+To use internal repositories, set `install_yum_repos` to `false` in the `all` vars section.  For example:
+
+```yaml
+all:
+    vars:
+        install_yum_repos: false
+```
+
 ## Running the Deployer in Offline Mode
 
 The Deployer supports installations in air-gapped environments.  Refer to the following guide for instructions on running the Deployer in offline mode.

diff --git a/roles/common_vars/defaults/main/main.yml b/roles/common_vars/defaults/main/main.yml
@@ -5,6 +5,13 @@
 # The file containing the installed components and versions
 itential_release_file: /etc/iap-release
 
+# Flag to toggle the installation of yum repositories.
+# If set to true (default), repositories will be installed in /etc/yum.repos.d.
+# If set to false, repositories will not be installed and customers will be
+# required to configure them.  This will allow customers to use internal
+# repositories.
+install_yum_repos: true
+
 # By default, do not configure vault
 configure_vault: false
 

diff --git a/roles/mongodb/tasks/download-packages.yml b/roles/mongodb/tasks/download-packages.yml
@@ -33,6 +33,7 @@
     enabled: true
     gpgcheck: true
     gpgkey: "{{ mongodb_gpgkey_url }}"
+  when: install_yum_repos | bool
 
 - name: Download MongoDB rpms
   ansible.builtin.import_role:

diff --git a/roles/mongodb/tasks/mongodb-online.yml b/roles/mongodb/tasks/mongodb-online.yml
@@ -10,7 +10,9 @@
     enabled: true
     gpgcheck: true
     gpgkey: "{{ mongodb_gpgkey_url }}"
-  when: "'mongodb-org' not in ansible_facts.packages"
+  when:
+    - install_yum_repos | bool
+    - "'mongodb-org' not in ansible_facts.packages"
 
 # Install mongodb if mongodb is not already installed
 - name: Install MongoDB packages (online)

diff --git a/roles/platform/tasks/download-packages-mongodb.yml b/roles/platform/tasks/download-packages-mongodb.yml
@@ -12,6 +12,7 @@
         enabled: true
         gpgcheck: true
         gpgkey: "{{ mongodb_gpgkey_url }}"
+      when: install_yum_repos | bool
 
     - name: Download MongoDB rpms
       ansible.builtin.import_role:

diff --git a/roles/platform/tasks/install-mongodb-tools.yml b/roles/platform/tasks/install-mongodb-tools.yml
@@ -18,6 +18,7 @@
         enabled: true
         gpgcheck: true
         gpgkey: "{{ mongodb_gpgkey_url }}"
+      when: install_yum_repos | bool
 
     # Install mongodb tools if they are not already installed
     - name: Install the MongoDB tools packages

diff --git a/roles/rabbitmq/tasks/download-packages.yml b/roles/rabbitmq/tasks/download-packages.yml
@@ -57,6 +57,7 @@
     repo_gpgcheck: false
     sslverify: true
     sslcacert: /etc/pki/tls/certs/ca-bundle.crt
+  when: install_yum_repos | bool
 
 - name: Install RabbitMQ repo
   ansible.builtin.yum_repository:
@@ -73,6 +74,7 @@
     sslverify: true
     sslcacert: /etc/pki/tls/certs/ca-bundle.crt
     metadata_expire: 300
+  when: install_yum_repos | bool
 
 - name: Download Rabbitmq rpms
   ansible.builtin.import_role:

diff --git a/roles/rabbitmq/tasks/rabbitmq-online.yml b/roles/rabbitmq/tasks/rabbitmq-online.yml
@@ -33,6 +33,7 @@
     repo_gpgcheck: false
     sslverify: true
     sslcacert: /etc/pki/tls/certs/ca-bundle.crt
+  when: install_yum_repos | bool
 
 - name: Install rabbitmq repo
   ansible.builtin.yum_repository:
@@ -50,6 +51,7 @@
     sslverify: true
     sslcacert: /etc/pki/tls/certs/ca-bundle.crt
     metadata_expire: 300
+  when: install_yum_repos | bool
 
 # Installs the packages enabled by the above repos
 - name: Install packages

diff --git a/roles/redis/tasks/redis-using-remi-repo.yaml b/roles/redis/tasks/redis-using-remi-repo.yaml
@@ -7,13 +7,15 @@
     state: present
     update_cache: true
     disable_gpg_check: true
+  when: install_yum_repos | bool
 
 - name: Install Remi repo
   ansible.builtin.package:
     update_cache: true
     name: "{{ redis_repo_url[ansible_distribution_major_version] }}"
     state: present
     disable_gpg_check: true
+  when: install_yum_repos | bool
 
 - name: Install Redis using Remi repo
   ansible.builtin.package:

diff --git a/roles/vault/tasks/download-packages.yml b/roles/vault/tasks/download-packages.yml
@@ -20,6 +20,7 @@
     baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
     state: present
     gpgcheck: false
+  when: install_yum_repos | bool
 
 - name: Download Vault rpms
   ansible.builtin.import_role:

diff --git a/roles/vault/tasks/vault-online.yml b/roles/vault/tasks/vault-online.yml
@@ -14,6 +14,7 @@
     baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
     state: present
     gpgcheck: false
+  when: install_yum_repos | bool
 
 - name: Install vault
   ansible.builtin.yum: