[Ansible 2.12] Playbook to enable yum on EOL CentOS 6
table of contents
- 1 Introduction
- 2 Prerequisites
- 3 Execution environment
- 4 Ansible 2.12 environment construction procedure
- 5 Playbook
- 5.1 centos6_repo_change.yml
- 5.2 ## Variable default
- 5.3 # Base.repo backup
- 5.4 # If releasever does not exist, create it with the current version number
- 5.5 # Comment out the repo mirrorlist and change the baseurl to an available repository to enable it
- 5.6 # When the repository is changed, delete the yum cache when: replace_result is changed
- 6 Example
- 7 lastly
Hello everyone.
I'm Naka, a member of the System Solutions Department, and I want to improve my work efficiency with Ansible.
previously wrote an article titled "Making yum usable on EOL CentOS 6 [Repository Changes]."
The default repository for EOL CentOS 6 is no longer available, and yum will not work due to an error.
Therefore, this article explains how to change the repository to one that is still available.
However, the above article describes a "manual" change process
you have multiple CentOS 6 servers in your environment, it would be a pain to manually update all of them.
Also, doing it manually on multiple servers increases the chances of an accident, so I would like to do it manually.
This time, we will introduce a "Playbook" for "Code" and "Ansible" that allows you to use yum on EOL'd CentOS 6, and explain how to run it
Introduction
- We do not recommend using it on CentOS 6.
a temporary solution for CentOS 6 due to unavoidable reasons . - This is a version that is no longer supported.
is also a temporary solution is not intended to be recommended.
Prerequisites
Q. Why change it in a playbook?
A.
1. "When done manually, the work time increases in proportion to the number of machines."
→ With Ansible , even if the number of machines increases, the work can be completed in a much shorter time than if it were done manually .
Therefore, the more machines there are, the more efficient the work becomes.This will prevent personnel from being tied up in the work all day
2. "Manual work on multiple machines is prone to accidents"
→ When work is done continuously, it tends to become an assembly line process, making it very easy for mistakes to occur.By creating a playbook for this, you can make the same changes to all machines without making any mistakes
3. "Playbooks can also be reused and inherited as procedure manuals"
→ There are cases where procedure manuals are not retained or require modifications even if they are reused.
However, with a playbook, you can often use it as is by simply changing the target, so it is "less likely to decay."
Q. What if I still want to do it manually?
A. I have explained the manual procedure in a previous article.
Please refer to here
Q. If you get the error "(libselinux-python) aren't installed!", it seems easier to install it manually
A. I believe this error occurs when SELinux is not completely disabled and the "libselinux-python" package is missing
to end up with the cart before the horse thinking, "It's easier to just do the same manual process to correct the error
.Therefore, we have introduced a solution playbook that can be used in conjunction with this in our previous article, so please make use of it.
[Ansible] Solution for "(libselinux-python) aren't installed!" for CentOS 6 Playbook
Execution environment
■ Linux environment
OS: AlmaLinux release 8.10 (WSL2 environment)
Shell: Bash
Docker version 26.1.3, build b72abbb■ Ansible environment (Docker container in WSL2)
OS: AlmaLinux release 8.9
Ansible: Ansible-core 2.12.10■ Windows environment
OS: Windows 11 Pro (version: 23H2)
Language setting: Changed to Japanese■ CentOS 6 environment (Vagrant + VirtualBox)
OS: CentOS 6.9 (bento / centos-6.9)
Vagrant: 2.4.1
VirtualBox: 7.0.18 r162988 (Qt5.15.2)
IP: 192.168.33.15
Ansible 2.12 environment construction procedure
Since the CentOS 6 environment generally uses an older version of Python, we will use the older compatible version (2.12) of Ansible
In a previous article, we explained how to build Ansible 2.12, so please refer to this.
[Ansible 2.12] Build an Ansible execution environment for CentOS 6 using Docker in WSL2
Playbook
Manual tasks
: "Backing up the repository"
, "Specifying the version"
, "Rewriting the Base repository",
and "Deleting the yum cache".
The above four steps have been compiled into a single Playbook
centos6_repo_change.yml
This Playbook is loaded using import_tasks in main.yml.
(The author prefers to separate Playbooks for each role to improve reusability, readability, and maintainability.)
--- ## Variable default # repo_source | default('/etc/yum.repos.d/CentOS-Base.repo') # repo_dest | default(default_repo_path) # repo_url | default('http://ftp.iij.ad.jp/pub/linux/centos-vault/$releasever')" # Base.repo backup # If a backup for the day already exists, it will not be retrieved - name: Check backup for base.repo ansible.builtin.stat: path: "{{ repo_dest | default('/etc/yum.repos.d/CentOS-Base.repo_' + lookup('pipe', 'date +\"%Y%m%d\"')) }}" register: backup_base_repo_result< - name: Backup base.repo ansible.builtin.copy: src: "{{ repo_source | default('/etc/yum.repos.d/CentOS-Base.repo') }}" dest: "{{ repo_dest | default('/etc/yum.repos.d/CentOS-Base.repo_' + lookup('pipe', 'date +\"%Y%m%d\"')) }}" mode: "0644" remote_src: yes when: not backup_base_repo_result.stat.exists # If releasever does not exist, create it with the current version number - name: Set releasever ansible.builtin.shell: cmd: echo "{{ ansible_distribution_version }}" > /etc/yum/vars/releasever args: creates: /etc/yum/vars/releasever - ansible.builtin.debug: var: ansible_distribution_version # Comment out mirrorlist in repo & change baseurl to an available repository to enable it - name: Replace mirrorlist ansible.builtin.replace: path: "{{ repo_source | default('/etc/yum.repos.d/CentOS-Base.repo') }}" regexp: "{{ item.regexp }}" replace: "{{ item.replace }}" loop: - regexp: '^mirrorlist=http://mirrorlist.centos.org' replace: '#mirrorlist=http://mirrorlist.centos.org' - regexp: '^#baseurl=http://mirror.centos.org/centos/\$releasever' replace: "baseurl={{ repo_url | default('http://ftp.iij.ad.jp/pub/linux/centos-vault/$releasever') }}" register: replace_result # When changing the repository, delete the yum cache - name: Clean yum cache ansible.builtin.command: cmd: yum clean all when: replace_result is changed
## Variable default
Specify the default value of the variable
It is also provided as a guide to make it easier to understand when specifying vars separately
# Base.repo backup
Check for its existence with the stat module and store it in a variable with register
This is determined by when, and if there is no backup of the repository for that day, it will be obtained
From now on, path destinations, repositories, etc. will be made into variables and default values for the variables will be specified using the default filter
Additionally, for backups using the lookup plugin, we have added the year, month, and day to the end of the file name to make it easier to distinguish .
# If releasever does not exist, create it with the current version number
Create a variable file to fix the version when using yum
The ansible.builtin.shell module is used for judgment and processing.
This module uses OS functions, so idempotence checks are not performed.
However, the args -> creates parameter allows you to specify the condition that "do not execute if the specified file does not exist," so I used it because it allows you to control it to the intended situation.
ansible_distribution_version
on the Ansible side , you can obtain the current OS version of the execution environment (6.9 in this case).
The above is used to create a file via the echo command
Just to be sure, use the ansible.builtin.debug module to display the contents of the variables on the console
# Comment out the repo mirrorlist and change the baseurl to an available repository to enable it
The ansible.builtin.replace module rewrites two places as shown in the title
This corresponds to the part that is rewritten with the sed command during the manual procedure
We use loop to specify two locations, but it can also be done with with_items
The execution result is saved using register and used in the next process using when
# When a repository is changed, delete the yum cache
when: replace_result is changed
The yum module does not have a function equivalent to yum clean all, which deletes the yum cache
For this reason, we use the ansible.builtin.command module, which executes OS commands in the same way as a shell
The results of using the replace module to rewrite the repository mentioned earlier are saved using register, and are executed only when "changed" is confirmed
Aside: Difference between shell module and Command module
The Shell module uses the Shell , so you can use environment variables and pipes in the OS .
It is convenient because you can also execute one-liners that you normally use in the environment.
The Command module does not go through the shell, so environment variables cannot be used .
This is an advantage, as it eliminates the possibility of unintended behavior due to environment-specific variables .
However, since these use commands from the target OS rather than Ansible, idempotence cannot be guaranteed .
This is only a last resort when modules cannot be used
Example
Inventory file for verification environment
Since there may be environments with (not recommended) in the CentOS 6 (bento/centos-6.9) environment
--- all: vars: ansible_user: vagrant hosts: targetnode: ansible_host: 192.168.33.15 ansible_ssh_pass: vagrant
main.yml
Instead of writing tasks in main.yml, I use import_tasks to load Playbooks.
(The author prefers to separate Playbooks for different roles to improve reusability, readability, and maintainability.)
As for variables, the value specified as default in the Playbook is used, so it can be executed even if not specified.
However, we have listed the items and content that can be changed with variables because we believe it is easy to understand intuitively
- name: main.yml hosts: targetnode become: yes vars: wget_repo: "http://ftp.iij.ad.jp/pub/linux/centos-vault" repo_source: "/etc/yum.repos.d/CentOS-Base.repo" repo_dest: "/etc/yum.repos.d/CentOS-Base.repo_{{ lookup('pipe', 'date +\"%Y%m%d\"') }}" repo_url: '{{ wget_repo }}/$releasever' tasks: #Install if SELinux is not disabled and libselinux-python does not exist - name: Include libeselinux-python(wget) ansible.builtin.import_tasks: libselinux-python_wget.yml #Change the initial repository of Centos6 Base - name: Include centos6_repo_change ansible.builtin.import_tasks: centos6_repo_change.yml
libselinux-python_wget.yml is a playbook for dealing with SElinux-related errors , as mentioned in the previous article
centos6_repo_change.yml is the Playbook introduced this time.
Playbook execution
In this article, we will run it from a container with the previous Ansible version mentioned the other article
Before executing, check that yum cannot be used on the verification machine
■Preliminary check [vagrant@targetnode ~]$ yum info php Loaded plugins: fastestmirror Determining fastest mirrors Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os&infra=stock error was 14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrorlist.centos.org'" Error: Cannot find a valid baseurl for repo: base *The repository is no longer available, so an error will appear and it cannot be used
■ Execute Playbook [root@author's container environment work]# ansible-playbook -i hosts main.yml ~Omitted~ PLAY RECAP ****************************************************************************************************************************** targetnode : ok=17 changed=8 unreachable=0 failed=0 skipped=0 rescued=0 ignored=2 *The results of the two Playbooks are output
■Post-confirmation [vagrant@targetnode ~]$ yum info php Loaded plugins: fastestmirror Determining fastest mirrors base | 3.7 kB 00:00 base/primary_db | 4.7 MB 00:00 extras | 3.4 kB 00:00 extras/primary_db | 30 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 8.1 MB 00:00 Available Packages Name : php Arch : x86_64 Version : 5.3.3 ~Omitted~
After running the playbook, the repository error is resolved and metadata is retrieved.
The results of yum info php are then output, confirming that yum can now be used successfully.
lastly
This article is based on my previous experience of using Ansible.
The playbook I created at the time was hastily created, so it was rougher and less reusable than the current one, but I'm glad I was able to improve it in order to write this blog post.
when you need to respond to something, you will be in a hurry and it will tend to be something that can only be used on the spot.
If you have the time, it may be a good idea to prepare a playbook with general content.
I hope this article will give you some inspiration to try Ansible, or provide you with some useful knowledge and information.
Thank you for reading this far!
Reference materials
ansible.builtin.yum module – Manages packages with the yum package manager
https://docs.ansible.com/ansible/9/collections/ansible/builtin/yum_module.html
ansible.builtin.replace module – Replace all instances of a particular string in a file using a back-referenced regular expression
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/replace_module.html
How do I change the CentOS 6 repository address? | Alibaba Cloud
https://www.alibabacloud.com/help/en/ecs/user-guide/change-the-centos-6-source-address
3
Loading...3 
The person who wrote this article
About the author
