Fix: Update support CentOS9 and rm EOL CentOS 7/8

- Remove CentOS 7/8 from molecule platforms and workflows
- Add CentOS 9 (stream9) support to molecule and workflows
- Update tasks to remove CentOS 7/8 specific SSL workarounds
- Simplify version conditionals for Ubuntu 22.04+ and CentOS 9+
- Remove CentOS-8.yml vars file
- Update CentOS-9.yml and CentOS Stream-9.yml to not include virtualenv package
- Install virtualenv via pip on CentOS 9 (broken RPM deps)
- Update molecule prepare.yml to only configure EPEL for CentOS 9

Change-Id: I724192d7c84c2364b71811eff3fb535ab3cd2a0e
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>

diff --git a/.github/workflows/gerrit-verify.yaml b/.github/workflows/gerrit-verify.yaml
index 2eae8b1..2253324 100644 (file)
--- a/.github/workflows/gerrit-verify.yaml
+++ b/.github/workflows/gerrit-verify.yaml
@@ -111,6 +111,7 @@ jobs:
     strategy:
       matrix:
         distro:
+          - centos9
           - ubuntu2204
           - ubuntu2404
       fail-fast: false

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 66ec485..84011b4 100644 (file)
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -4,14 +4,8 @@ dependency:
 driver:
   name: podman
 platforms:
-  - name: centos7
-    image: centos:7
-  - name: centos8
-    image: quay.io/centos/centos:stream8
-  - name: ubuntu1804
-    image: ubuntu:18.04
-  - name: ubuntu2004
-    image: ubuntu:20.04
+  - name: centos9
+    image: quay.io/centos/centos:stream9
   - name: ubuntu2204
     image: ubuntu:22.04
   - name: ubuntu2404

diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
index 00bac50..5840866 100644 (file)
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -3,37 +3,11 @@
   hosts: all
   gather_facts: true
   tasks:
-    - ansible.builtin.rpm_key:
+    - name: Install EPEL for CentOS 9
+      ansible.builtin.dnf:
+        name: epel-release
         state: present
-        key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
-      when: ansible_os_family == 'RedHat'
-      become: true
-
-    - name: Re-configure yum repositories for CentOS 7 and 8 to point to vault
-      become: true
-      when:
-        - (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '8') or
-          (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7')
-      block:
-        - name: Disable default CentOS mirrors (backup original)
-          ansible.builtin.lineinfile:
-            path: /etc/yum.repos.d/CentOS-*
-            regexp: '^mirrorlist'
-            replace: '#mirrorlist'
-            backup: yes
-
-        - name: Update CentOS mirrors to vault.centos.org (backup original)
-          ansible.builtin.lineinfile:
-            path: /etc/yum.repos.d/CentOS-*
-            regexp: '^baseurl=http://mirror.centos.org'
-            replace: 'baseurl=http://vault.centos.org'
-            backup: yes
-
-    - name: Install Fedora EPEL repo
-      ansible.builtin.yum:
-        name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm
-        state: present
-      when: ansible_os_family == 'RedHat'
+      when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '9'
       become: true
 
     - name: Update APT cache

diff --git a/tasks/main.yml b/tasks/main.yml
index 0ec5bfb..3634eee 100644 (file)
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -21,32 +21,12 @@
   when:
     - ansible_distribution == 'CentOS' and ansible_distribution_major_version | int >= 9
 
-- name: Set Python version on Ubuntu >= 18.04 or CentOS 7
+- name: Set Python version on Ubuntu >= 22.04 or CentOS 9
   ansible.builtin.set_fact:
     pyenv_cmd: "{{ python_versions | join(' ') }}"
   when:
-    - (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '18.04') or
-      (ansible_distribution == 'CentOS')
-
-# Ref: https://github.com/pyenv/pyenv/issues/950
-# ERROR: The Python ssl extension was not compiled. Missing the OpenSSL lib?
-# The compat-openssl libs are available only for CentOS8, so python 3.10x will
-# be available for >= CentOS8
-- name: Install SSL dependencies required pyenv for python 3.10.x
-  become: true
-  block:
-    - name: Update SSL dependencies for CentOS  # noqa no-changed-when
-      ansible.builtin.command: "dnf install compat-openssl10* -y"
-      when: ansible_distribution == 'CentOS' and ansible_distribution_major_version >= '8'
-
-    - name: Install SSL dependencies required pyenv for python 3.10.x for CentOS 7  # noqa no-changed-when
-      when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
-      ansible.builtin.yum:
-        name:
-          - openssl11
-          - openssl11-devel
-        update_cache: yes
-        state: present
+    - (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '22.04') or
+      (ansible_distribution == 'CentOS' and ansible_distribution_major_version | int >= 9)
 
 - name: Install Python 3.x versions via pyenv
   become: true
@@ -71,20 +51,11 @@
       changed_when: "'already installed' not in pyenv_install_result.stdout"
       tags:
         - molecule-idempotence-notest
-    - name: 'Install Python on CentOS 7 {{ python310_version }}'
-      ansible.builtin.shell: |
-        CPPFLAGS=$(pkg-config --cflags openssl11) LDFLAGS=$(pkg-config --libs openssl11) pyenv install -s {{ python310_version }}
-      when:
-        - ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
-      register: pyenv_centos7_result
-      changed_when: "'already installed' not in pyenv_centos7_result.stdout"
-      tags:
-        - molecule-idempotence-notest
     - name: 'Install Python {{ python310_version }}'
       ansible.builtin.command: pyenv install -s {{ python310_version }}
       when:
-        - (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '18.04') or
-          (ansible_distribution == 'CentOS' and ansible_distribution_major_version >= '7')
+        - (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '22.04') or
+          (ansible_distribution == 'CentOS' and ansible_distribution_major_version | int >= 9)
       register: pyenv310_result
       changed_when: "'already installed' not in pyenv310_result.stdout"
       tags:
@@ -92,8 +63,8 @@
     - name: 'Install Python {{ python311_version }}'
       ansible.builtin.command: pyenv install -s {{ python311_version }}
       when:
-        - (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '18.04') or
-          (ansible_distribution == 'CentOS' and ansible_distribution_major_version >= '8')
+        - (ansible_distribution == 'Ubuntu' and ansible_distribution_version >= '22.04') or
+          (ansible_distribution == 'CentOS' and ansible_distribution_major_version | int >= 9)
       register: pyenv311_result
       changed_when: "'already installed' not in pyenv311_result.stdout"
       tags:

diff --git a/vars/CentOS Stream-9.yml b/vars/CentOS Stream-9.yml
index 0e61a5b..6687ddb 100644 (file)
--- a/vars/CentOS Stream-9.yml
+++ b/vars/CentOS Stream-9.yml
@@ -1,8 +1,9 @@
 ---
+# CentOS Stream 9 uses Python 3.9+ as default
+# python3-virtualenv from EPEL has broken deps; install via pip instead
 python_packages_distro:
   - libffi-devel
   - python3
   - python3-devel
   - python3-pip
   - python3-setuptools
-  - python3-virtualenv

diff --git a/vars/CentOS-8.yml b/vars/CentOS-8.yml
deleted file mode 100644 (file)
index 3e9a103..0000000
--- a/vars/CentOS-8.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-python_packages_distro:
-  - libffi-devel
-  - python38
-  - python38-devel
-  - python3-pip
-  - python3-setuptools
-  - python3-virtualenv

diff --git a/vars/CentOS-9.yml b/vars/CentOS-9.yml
index a26d301..996dd99 100644 (file)
--- a/vars/CentOS-9.yml
+++ b/vars/CentOS-9.yml
@@ -1,6 +1,5 @@
 ---
-# CentOS Stream 9 uses Python 3.9+ as default
-# No python36, python38, or openssl11 packages available
+# CentOS 9 uses Python 3.9+ as default
 # python3-virtualenv from EPEL has broken deps; install via pip instead
 python_packages_distro:
   - libffi-devel