--- - name: Speed-up Bootstrap process when: not (custom_iso | bool) ansible.builtin.lineinfile: path: /etc/pacman.conf regexp: ^#ParallelDownloads = line: "ParallelDownloads = {{ environment_parallel_downloads }}" - name: Wait for pacman lock to be released when: not (custom_iso | bool) ansible.builtin.wait_for: path: /var/lib/pacman/db.lck state: absent timeout: "{{ environment_pacman_lock_timeout }}" changed_when: false - name: Resolve installer tools for the target OS when: not (custom_iso | bool) ansible.builtin.set_fact: environment_installer_tools: >- {{ ['glibc'] + (['lua', 'dnf'] if os in ['almalinux', 'fedora', 'rhel', 'rocky'] else []) + (['debootstrap'] if os in ['debian', 'ubuntu', 'ubuntu-lts'] else []) + (['debian-archive-keyring'] if os == 'debian' else []) + (['ubuntu-keyring'] if os in ['ubuntu', 'ubuntu-lts'] else []) }} - name: Query reverse-dependencies of transition-sensitive libraries when: - not (custom_iso | bool) - environment_partial_upgrade_libs | length > 0 ansible.builtin.command: "pacman -Qi {{ item }}" loop: "{{ environment_partial_upgrade_libs }}" register: environment_revdep_query changed_when: false failed_when: false # Co-upgrade each transition library with its installed reverse-deps so a soname # bump moves the whole closure in one transaction, not a partial upgrade. - name: Setup Pacman when: not (custom_iso | bool) vars: environment_pacman_closure: >- {{ ( environment_installer_tools + (environment_revdep_query.results | default([]) | selectattr('rc', 'equalto', 0) | map(attribute='item') | list) + (environment_revdep_query.results | default([]) | selectattr('rc', 'equalto', 0) | map(attribute='stdout') | map('regex_search', 'Required By\s*:\s*(.+)', '\1') | map('first') | map('split') | flatten) ) | reject('equalto', 'None') | unique }} community.general.pacman: update_cache: true name: "{{ environment_pacman_closure }}" state: latest register: environment_tool_install until: environment_tool_install is succeeded retries: "{{ environment_pacman_retries }}" delay: "{{ environment_pacman_retry_delay }}" - name: Prepare /iso mount and repository for RHEL-based systems when: os == "rhel" block: - name: Create /iso directory ansible.builtin.file: path: /usr/local/install/redhat/dvd state: directory mode: "0755" - name: Detect RHEL ISO device ansible.builtin.command: lsblk -rno NAME,TYPE register: environment_lsblk_result changed_when: false - name: Select RHEL ISO device vars: _rom_devices: >- {{ environment_lsblk_result.stdout_lines | map('split', ' ') | selectattr('1', 'equalto', 'rom') | map('first') | map('regex_replace', '^', '/dev/') | list }} ansible.builtin.set_fact: environment_rhel_iso_device: >- {{ _rom_devices[-1] if _rom_devices | length > 1 else (_rom_devices[0] | default('/dev/sr1')) }} - name: Mount RHEL ISO ansible.posix.mount: src: "{{ environment_rhel_iso_device }}" path: /usr/local/install/redhat/dvd fstype: iso9660 opts: "ro,loop" state: mounted # RPM Sequoia signature policy is relaxed because the Arch ISO host does not # trust target-distro GPG keys; the target's own rpm re-verifies after reboot. - name: Create RPM macros directory when: is_rhel | bool ansible.builtin.file: path: /etc/rpm state: directory mode: "0755" - name: Relax RPM Sequoia signature policy for RHEL bootstrap when: is_rhel | bool ansible.builtin.copy: dest: /etc/rpm/macros content: "%_pkgverify_level none\n" mode: "0644" - name: Configure RHEL Repos for installation when: is_rhel | bool block: - name: Create directories for repository files and RPM GPG keys ansible.builtin.file: path: /etc/yum.repos.d state: directory mode: "0755" - name: Create RHEL repository file ansible.builtin.template: src: "{{ os }}.repo.j2" dest: /etc/yum.repos.d/{{ os }}.repo mode: "0644"