[Ansible 2.12] Playbook to use yum on EOL CentOS 6

2024.09.02

• Server construction/operation
• Infrastructure related
• Osaka office

3

209

Hello everyone.
He is a member of the System Solutions Department and wants to improve work efficiency with Ansible.

previously wrote an article titled ``Enable yum to be used on EOL CentOS 6 [Repository change]''

The default repository of EOL CentOS 6 is no longer available, and yum cannot be used due to an error.
Therefore, the content is to change the repository to something that can still be used.

However, in the above article, the changes were done "manually".

you have an environment with multiple CentOS 6 servers , it will be a pain to manually support all of them.
Also, since there is a high probability of accidents if multiple units are operated manually, I would like to handle this using a "code".

This time, we will introduce "Code" and "Ansible's playbook to enable use of yum on EOL CentOS 6" and explain how to run it.

Preface

• We do not recommend operating on CentOS 6.
  This is only an emergency response to CentOS 6, which exists for unavoidable reasons
• You are using a version that is no longer supported.
  This is also for emergency use and is not intended to be recommended.

Explanation of the premise

Q. Why do you change it using a playbook?

A.

1. "If you do it manually, the work time increases in proportion to the number of machines"
→ With Ansible , even if the number of machines increases, it can be handled in a much shorter time compared to manual work .
Therefore, the more units there are, the more efficient the work will be.

You can avoid having your personnel tied up all day long on the job.

2. ``Manual work on multiple machines is prone to accidents.''
→ When work is performed continuously, it tends to become assembly line work, and work errors are very likely to occur.

By converting this into a playbook, you can make the same changes to all machines without making any mistakes.

3. "Playbooks can also be reused and inherited as procedure manuals"
→ There are cases where procedure manuals do not remain, or where modifications are necessary before they can be reused.
However, with playbooks, you can often use them as-is by simply changing the target, and they are "hard to perish."

Q. What if I still want to do it manually?

A.I explained the manual procedure in an article I wrote previously.

Please refer here.

Enable yum to be used on EOL CentOS 6 [Repository change]

Q. If you get the "(libselinux-python) aren't installed!" error, it seems easier to do it manually.

A. I think this error occurs when SELinux is not completely disabled and the "libselinux-python" package is not available.

It's easy to put the cart before the horse and think, ``It's easier to do the work manually to correct errors.''

Therefore, in the previous article, we introduced a playbook for solving the problem that can be used in combination, so please make use of it.

[Ansible] Solution for "(libselinux-python) aren't installed!" for CentOS 6 Playbook

Execution environment

■ Linux environment
OS: AlmaLinux release 8.10 (WSL2 environment)
Shell: Bash
Docker version 26.1.3, build b72abbb

■ Ansible environment (Docker container in WSL2)
OS: AlmaLinux release 8.9
Ansible: Ansible-core 2.12.10

■ Windows environment
OS: Windows11 Pro (version: 23H2)
Language setting: Changed to Japanese

■ CentOS 6 environment (Vagrant + VirtualBox)
OS: CentOS 6.9 (bento / centos-6.9)
Vagrant: 2.4.1
VirtualBox: 7.0.18 r162988 (Qt5.15.2)
IP: 192.168.33.15

Ansible 2.12 environment construction steps

Since the CentOS 6 environment basically uses an old version of Python, Ansible uses the corresponding old version (2.12).

In a previous article, I explained how to build Ansible 2.12, so please refer to it here.

[Ansible 2.12] Build an Ansible execution environment for CentOS 6 using Docker in WSL2

Playbook

Performed manually
: - "Backing up the repository"
- "Specifying the version"
- "Rewriting the base repository"
- "Deleting the yum cache"

The above four steps have been put into one playbook.

centos6_repo_change.yml

We use import_tasks on the main.yml side to load this playbook.
(Because I like to separate playbooks into roles to improve reusability, readability, and maintainability)

--- ## Variable default # repo_source | default('/etc/yum.repos.d/CentOS-Base.repo') # repo_dest | default(default_repo_path) # repo_url | default('http://ftp.iij. ad.jp/pub/linux/centos-vault/$releasever')" # Base.repo backup # Do not obtain if today's backup already exists - name: Check backup for base.repo ansible.builtin.stat : path: "{{ repo_dest | default('/etc/yum.repos.d/CentOS-Base.repo_' + lookup('pipe', 'date +\"%Y%m%d\"')) } }" register: backup_base_repo_result< - name: Backup base.repo ansible.builtin.copy: src: "{{ repo_source | default('/etc/yum.repos.d/CentOS-Base.repo') }}" dest: "{{ repo_dest | default('/etc/yum.repos.d/CentOS-Base.repo_' + lookup('pipe', 'date +\"%Y%m%d\"')) }}" mode : "0644" remote_src: yes when: not backup_base_repo_result.stat.exists # If releasever does not exist, create it with the current version number - name: Set releasever ansible.builtin.shell: cmd: echo "{{ ansible_distribution_version }}" > /etc/yum/vars/releasever args: creates: /etc/yum/vars/releasever - ansible.builtin.debug: var: ansible_distribution_version # Enable by commenting out the repo's mirrorlist & rewriting the baseurl to an available repository - name : Replace mirrorlist ansible.builtin.replace: path: "{{ repo_source | default('/etc/yum.repos.d/CentOS-Base.repo') }}" regexp: "{{ item.regexp }}" replace : "{{ item.replace }}" loop: - regexp: '^mirrorlist=http://mirrorlist.centos.org' replace: '#mirrorlist=http://mirrorlist.centos.org' - regexp: '^ #baseurl=http://mirror.centos.org/centos/\$releasever' replace: "baseurl={{ repo_url | default('http://ftp.iij.ad.jp/pub/linux/centos-vault /$releasever') }}" register: replace_result # Delete yum cache when changing repository - name: Clean yum cache ansible.builtin.command: cmd: yum clean all when: replace_result is changed

## Variable default

Explicit default value of variables.

It is also listed as a guideline to make it easier to understand when you want to specify it separately in relation to vars.

# Base.repo backup

Check its existence using the stat module and store it in a variable using register.

It is determined by when and if there is no backup of the repository on that day, it will be obtained.

From now on, make the path destination, repository, etc. into a variable and use the default filter to specify the default value of the variable.

In addition, for backups using the lookup plugin, we added the year, month, and day to the end of the file name to make it easier to identify .

# If releasever does not exist, create it with the current version number

Create a variable file to fix the version when using yum.

The ansible.builtin.shell module is used to perform judgment and processing.
Since this module uses OS-side functionality, idempotency checks are not performed.

However, the args -> creates parameter allows you to specify the condition that ``do not execute if the specified file does not exist'' , so I used it because I could control the situation as I intended.

ansible_distribution_version

on the Ansible side , you can get the current OS version of the execution environment (6.9 in this case).

The above is used to create a file via the echo command.

Just to be sure, use the ansible.builtin.debug module to display the contents of the variables on the console.

# Comment out mirrorlist in repo & rewrite baseurl to an available repository to enable it

In the ansible.builtin.replace module, two places are rewritten as shown in the title.

This corresponds to the part that is rewritten using the sed command during the manual procedure

I use loop to specify two locations, but it can also be executed with with_items.

Save the execution result with register and use it in the when of the next process.

# Delete the yum cache when the repository is changed
when: replace_result is changed

The yum module does not have a function equivalent to yum clean all, which deletes the yum cache

Therefore, we use the ansible.builtin.command module, which executes OS commands like shell.

The result of using the replace module that rewrites the repository is saved with register, and is executed only when "changed" is confirmed.

Side note: Difference between shell module and Command module

Since the Shell module it is possible to use environment variables and pipes in the OS .
It is convenient because it allows you to execute one-liners that you normally use in the environment.

the Command module does not go through the shell, environment variables etc. cannot be used .
This is also an advantage, as it eliminates the possibility of unintended behavior due to environment-specific variables .

However, since these use commands of the target OS rather than Ansible, idempotency cannot be ensured .
This is only a last resort if the module cannot handle it

Execution example

--- all: vars: ansible_user: vagrant hosts: targetnode: ansible_host: 192.168.33.15 ansible_ssh_pass: vagrant

main.yml

No tasks are written on the main.yml side, and the playbook is loaded using import_tasks.
(Because the author likes to separate playbooks into roles in order to improve reusability, readability, and maintainability)

For variables, the values ​​specified in default in the playbook are used, so it can be executed even if they are not specified.

However, we purposely write down the items and contents that can be changed using variables because we think they are easy to understand intuitively.

- name: main.yml hosts: targetnode become: yes vars: wget_repo: "http://ftp.iij.ad.jp/pub/linux/centos-vault" repo_source: "/etc/yum.repos.d/CentOS -Base.repo" repo_dest: "/etc/yum.repos.d/CentOS-Base.repo_{{ lookup('pipe', 'date +\"%Y%m%d\"') }}" repo_url: '{{ wget_repo }}/$releasever' tasks: #Install when SELinux is not disabled and libselinux-python is not present - name: Include libeselinux-python(wget) ansible.builtin.import_tasks: libselinux-python_wget.yml # Change the initial repository of Centos6 Base - name: Include centos6_repo_change ansible.builtin.import_tasks: centos6_repo_change.yml

Playbook execution

we will run it from a container equipped with a previous Ansible version, which was introduced in another article

Before executing, check that yum cannot be used on the verification machine and then execute.

■Preliminary confirmation [vagrant@targetnode ~]$ yum info php Loaded plugins: fastestmirror Determining fastest mirrors Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os&infra=stock error was 14: PYCURL ERROR 6 - "Couldn't resolve host 'mirrorlist.centos.org'" Error: Cannot find a valid baseurl for repo: base *An error occurs and it cannot be used because the repository is no longer available.

■Playbook execution [root@author container environment work]# ansible-playbook -i hosts main.yml ~Omitted~ PLAY RECAP ******************************** ************************************************** ************************************************ targetnode: ok=17 changed=8 unreachable=0 failed=0 skipped=0 rescued=0 ignored=2 *Results of two playbooks are output

■Post-confirmation [vagrant@targetnode ~]$ yum info php Loaded plugins: fastestmirror Determining fastest mirrors base | 3.7 kB 00:00 base/primary_db | 4.7 MB 00:00 extras | 3.4 kB 00:00 extras/primary_db | 30 kB 00 :00 updates | 3.4 kB 00:00 updates/primary_db | 8.1 MB 00:00 Available Packages Name : php Arch : x86_64 Version : 5.3.3 ~Omitted~

lastly

The content I wrote this time is based on my experience of actually doing something with Ansible.
His playbook at the time was created in a hurry, so it was rougher and less reusable than it is now, but I'm glad I was able to improve it for writing about it in this blog.

If something needs to be done, you'll be in a hurry to prepare it, and I think you tend to end up with something that can only be used on the spot.
If you have the time, it may be a good idea to prepare a playbook with general-purpose content.

I hope that those who read this article will be able to get started using Ansible, or that they will find some useful knowledge/information.
Thank you for reading this far!

Reference materials

ansible.builtin.yum module – Manages packages with the yum package manager
https://docs.ansible.com/ansible/9/collections/ansible/builtin/yum_module.html

ansible.builtin.replace module – Replace all instances of a particular string in a file using a back-referenced regular expression
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/replace_module.html

How do I change the CentOS 6 repository address? | Alibaba Cloud
https://www.alibabacloud.com/help/en/ecs/user-guide/change-the-centos-6-source-address

If you found this article helpful , please give it a like!

3

Loading...

3

209