Refactor EPEL into a role

Fixes bug 1605228, where if the user installs epel-relase from the Centos7 default
packages rather than from the latest rpm online packages the latest epel-release
from the rpm installs on top of it but does not provide newer packages.

But that's not what you care about, the big change that comes with this bugfix is a
refactoring of every playbook that uses EPEL to all call a single role which both
installs epel and setups a handler to cleanup epel when the set of roles is done.

This unifies and cleans up what was previously two ways of installing EPEL, two
ways of disabling it all duplicating across more than half a dozen roles. Some of
of which used the epel_rpm variable some of which did not. The resulting combined
role still uses the rpm command and as such inherits some hackiness in an effort
to keep everything working as it was before just with better organization.

This has been tested with very playbook modified here against my own cloud. Don't
consider this final since trying to install every single one of these to a single
virtual undercloud generated lots of other problems, but none of them failed on EPEL
or package related issues.

Change-Id: Ic592a97875a9ec783519f618260713277589c83e

ansible/install/collectd-generic.yml

@@ -15,6 +15,7 @@
   vars:
     config_type: baremetal
   roles:
+    - epel
     - collectd-generic
   tags: baremetal
 
@@ -23,6 +24,7 @@
   vars:
     config_type: guest
   roles:
+    - epel
     - collectd-generic
   tags: guest
 
@@ -31,5 +33,6 @@
   vars:
     config_type: graphite
   roles:
+    - epel
     - collectd-generic
   tags: graphite

ansible/install/collectd-openstack.yml

@@ -8,6 +8,7 @@
   vars:
     config_type: undercloud
   roles:
+    - { role: epel, when: collectd_undercloud }
     - { role: common, when: collectd_undercloud }
     - { role: collectd-openstack, when: collectd_undercloud }
   tasks:
@@ -22,6 +23,7 @@
   vars:
     config_type: controller
   roles:
+    - { role: epel, when: collectd_controller }
     - { role: common, when: collectd_controller }
     - { role: collectd-openstack, when: collectd_controller }
   tasks:
@@ -36,6 +38,7 @@
   vars:
     config_type: ceph
   roles:
+    - { role: epel, when: collectd_ceph }
     - { role: common, when: collectd_ceph }
     - { role: collectd-openstack, when: collectd_ceph }
   tasks:
@@ -50,6 +53,7 @@
   vars:
     config_type: compute
   roles:
+    - { role: epel, when: collectd_compute }
     - { role: common, when: collectd_compute }
     - { role: collectd-openstack, when: collectd_compute }
   tasks:

ansible/install/elk.yml

@@ -6,6 +6,7 @@
 - hosts: elk
   remote_user: root
   roles:
+    - { role: epel }
     - { role: elasticsearch }
     - { role: fluentd, when: (logging_backend == 'fluentd') }
     - { role: logstash, when: ((logging_backend is none) or (logging_backend == 'logstash')) }

ansible/install/grafana-docker.yml

@@ -6,4 +6,5 @@
 - hosts: grafana
   remote_user: root
   roles:
+    - { role: epel           }
     - { role: grafana_docker }

ansible/install/grafana.yml

@@ -6,4 +6,5 @@
 - hosts: grafana
   remote_user: root
   roles:
+    - { role: epel    }
     - { role: grafana }

ansible/install/graphite-docker.yml

@@ -6,4 +6,5 @@
 - hosts: graphite
   remote_user: root
   roles:
+    - { role: epel            }
     - { role: graphite_docker }

ansible/install/graphite.yml

@@ -6,4 +6,5 @@
 - hosts: graphite
   remote_user: root
   roles:
+    - { role: epel }
     - { role: graphite }

ansible/install/roles/collectd-generic/tasks/main.yml

@@ -3,20 +3,6 @@
 # Install/run collectd for browbeat (Generic)
 #
 
-- name: Check for EPEL
-  shell: rpm -qa | grep -q epel-release
-  ignore_errors: true
-  register: epel_installed
-
-#
-# (akrzos) I have found the use of the yum module for installing EPEL on rhel7 to encounter issues,
-# thus using rpm to install via ansible. This does display a warning in Ansible output.
-#
-- name: Install EPEL rpm
-  command: rpm -ivh {{ epel7_rpm }}
-  become: true
-  when: epel_installed.rc != 0
-
 #
 # (akrzos) yum module works at this point due to the fact the EPEL repo now exists.  EPEL rpm is
 # installed at this point in time.
@@ -83,7 +69,3 @@
   service: name=collectd state=restarted enabled=true
   become: true
 
-- name: Disable EPEL
-  shell: rpm -e epel-release
-  ignore_errors: true
-  become: true

ansible/install/roles/collectd-openstack/tasks/main.yml

@@ -3,20 +3,6 @@
 # Install/run collectd for browbeat
 #
 
-- name: Check for EPEL
-  shell: rpm -qa | grep -q epel-release
-  ignore_errors: true
-  register: epel_installed
-
-#
-# (akrzos) I have found the use of the yum module for installing EPEL on rhel7 to encounter issues,
-# thus using rpm to install via ansible. This does display a warning in Ansible output.
-#
-- name: Install EPEL rpm
-  command: rpm -ivh {{ epel7_rpm }}
-  become: true
-  when: epel_installed.rc != 0
-
 #
 # (akrzos) yum module works at this point due to the fact the EPEL repo now exists.  EPEL rpm is
 # installed at this point in time.
@@ -93,7 +79,3 @@
   service: name=collectd state=restarted enabled=true
   become: true
 
-- name: Disable EPEL
-  shell: rpm -e epel-release
-  ignore_errors: true
-  become: true

ansible/install/roles/epel/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+#
+# Handler to clean up EPEL whenever it is used
+#
+- name: remove_epel
+  shell: rpm -e epel-release
+  ignore_errors: true
+  become: true

ansible/install/roles/epel/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+#
+# Tasks install EPEL packages
+#
+
+- name: Remove old EPEL
+  yum: name=epel-release state=absent
+  become: true
+
+- name: Import EPEL GPG Key
+  rpm_key: key=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
+    state=present
+  become: true
+
+- name: Check for EPEL repo
+  yum: "name={{ epel7_rpm }} state=present"
+  become: true
+  notify: remove_epel

ansible/install/roles/grafana/tasks/main.yml

@@ -9,14 +9,6 @@
     msg="** Edit grafana_host and graphite_host in ../install/group_vars/all.yml before running **"
   when: ((grafana_host is none) or (graphite_host is none))
 
-- name: Import EPEL GPG Key
-  rpm_key: key=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
-    state=present
-
-- name: Check for EPEL repo
-  yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    state=present
-
 - name: Install grafana RPM repo
   copy:
     src=grafana.repo
@@ -140,9 +132,3 @@
 - name: Remove leftover json file
   file: path={{role_path}}/files/data_source.json state=absent
   connection: local
-
-- name: Disable EPEL Repo
-  ini_file: dest=/etc/yum.repos.d/epel.repo
-    section=epel
-    option=enabled
-    value=0

ansible/install/roles/grafana_docker/tasks/main.yml

@@ -3,14 +3,6 @@
 # Install/run grafana-server for browbeat
 #
 
-- name: Import EPEL GPG Key
-  rpm_key: key=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
-    state=present
-
-- name: Check for EPEL repo
-  yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    state=present
-
 - name: disable firewalld
   service: name=firewalld state=stopped enabled=false
   become: true
@@ -80,8 +72,3 @@
   become: true
   when: systemd_grafana_needs_restart.changed
 
-- name: Disable EPEL Repo
-  ini_file: dest=/etc/yum.repos.d/epel.repo
-    section=epel
-    option=enabled
-    value=0

ansible/install/roles/graphite/tasks/main.yml

@@ -3,14 +3,6 @@
 # Install/run graphite-web for browbeat
 #
 
-- name: Import EPEL GPG Key
-  rpm_key: key=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
-    state=present
-
-- name: Check for EPEL repo
-  yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    state=present
-
 - name: Install graphite rpms
   yum: name={{ item }} state=present
   become: true
@@ -168,8 +160,3 @@
   become: true
   when: carbon_cache_needs_restart.changed
 
-- name: Disable EPEL Repo
-  ini_file: dest=/etc/yum.repos.d/epel.repo
-    section=epel
-    option=enabled
-    value=0

ansible/install/roles/graphite_docker/tasks/main.yml

@@ -3,14 +3,6 @@
 # Install/run graphite-web for browbeat
 #
 
-- name: Import EPEL GPG Key
-  rpm_key: key=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
-    state=present
-
-- name: Check for EPEL repo
-  yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    state=present
-
 - name: Install repo file for docker
   copy:
     src=docker.repo
@@ -117,9 +109,3 @@
   become: true
   when: systemd_carbon_needs_restart.changed
 
-
-- name: Disable EPEL Repo
-  ini_file: dest=/etc/yum.repos.d/epel.repo
-    section=epel
-    option=enabled
-    value=0

ansible/install/roles/nginx/tasks/main.yml

@@ -3,14 +3,6 @@
 # Install/run nginx for browbeat
 #
 
-- name: Import EPEL GPG Key
-  rpm_key: key=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
-    state=present
-
-- name: Check for EPEL repo
-  yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    state=present
-
 - name: Install nginx, httpd-tools, httplib2, libsemanage-python
   yum: name={{ item }} state=present
   become: true
@@ -164,8 +156,3 @@
   ignore_errors: true
   when: iptables_needs_restart != 0 and firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0
 
-- name: Disable EPEL Repo
-  ini_file: dest=/etc/yum.repos.d/epel.repo
-    section=epel
-    option=enabled
-    value=0