Use RDO official CloudSIG mirrors for C9S deployments

Instead of using RDO Trunk repo server, CentOS official mirrors provide a most reliable infrastructure and supports EMS which is required when enabling FIPS in C9S. In order to install the rdo-release rpm from repo.fedoraproject.org, which does not support EMS, I'm using a workaround to wget, which works with non-EMS servers because it uses gnutls instead of openssl, and install it locally with rpm. This is also consistent to CentOS 8 implementatioin. Closes-Bug: #2020661 Closes-Bug: #2020434 Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
2023-05-24 21:03:28 +02:00 · 2023-05-24 21:03:28 +02:00 · b2ad00cb66
commit b2ad00cb66
parent dfd7aeaf6c
1 changed files with 16 additions and 1 deletions
--- a/stack.sh
+++ b/stack.sh
@ -311,7 +311,22 @@ function _install_rdo {
            sudo dnf -y install https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el8.rpm
        fi
    elif [[ $DISTRO == "rhel9" ]]; then
-        sudo curl -L -o /etc/yum.repos.d/delorean-deps.repo http://trunk.rdoproject.org/centos9-master/delorean-deps.repo
+        install_package wget
+        # We need to download rdo-release package using wget as installing with dnf from repo.fedoraproject.org fails in
+        # FIPS enabled systems after https://bugzilla.redhat.com/show_bug.cgi?id=2157951
+        # Until we can pull rdo-release from a server which supports EMS, this workaround is doing wget, which does
+        # not relies on openssl but on gnutls, and then install it locally using rpm
+        TEMPRDODIR=$(mktemp -d)
+        if [[ "$TARGET_BRANCH" == "master" ]]; then
+            # rdo-release.el9.rpm points to latest RDO release, use that for master
+            wget -P $TEMPRDODIR  https://rdoproject.org/repos/rdo-release.el9.rpm
+        else
+            # For stable branches use corresponding release rpm
+            rdo_release=$(echo $TARGET_BRANCH | sed "s|stable/||g")
+            wget -P $TEMPRDODIR https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el9.rpm
+        fi
+        sudo rpm -ivh $TEMPRDODIR/rdo-release*rpm
+        rm -rf $TEMPRDODIR
    fi
    sudo dnf -y update
 }