Use RDO official CloudSIG mirrors for C9S deployments
Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.
In order to install the rdo-release rpm from repo.fedoraproject.org,
which does not support EMS, I'm using a workaround to wget, which works
with non-EMS servers because it uses gnutls instead of openssl, and
install it locally with rpm.
This is also consistent to CentOS 8 implementatioin.
Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
diff --git a/stack.sh b/stack.sh
index be3c9dd..1d32ed8 100755
--- a/stack.sh
+++ b/stack.sh
@@ -311,7 +311,22 @@
sudo dnf -y install https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el8.rpm
fi
elif [[ $DISTRO == "rhel9" ]]; then
- sudo curl -L -o /etc/yum.repos.d/delorean-deps.repo http://trunk.rdoproject.org/centos9-master/delorean-deps.repo
+ install_package wget
+ # We need to download rdo-release package using wget as installing with dnf from repo.fedoraproject.org fails in
+ # FIPS enabled systems after https://bugzilla.redhat.com/show_bug.cgi?id=2157951
+ # Until we can pull rdo-release from a server which supports EMS, this workaround is doing wget, which does
+ # not relies on openssl but on gnutls, and then install it locally using rpm
+ TEMPRDODIR=$(mktemp -d)
+ if [[ "$TARGET_BRANCH" == "master" ]]; then
+ # rdo-release.el9.rpm points to latest RDO release, use that for master
+ wget -P $TEMPRDODIR https://rdoproject.org/repos/rdo-release.el9.rpm
+ else
+ # For stable branches use corresponding release rpm
+ rdo_release=$(echo $TARGET_BRANCH | sed "s|stable/||g")
+ wget -P $TEMPRDODIR https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el9.rpm
+ fi
+ sudo rpm -ivh $TEMPRDODIR/rdo-release*rpm
+ rm -rf $TEMPRDODIR
fi
sudo dnf -y update
}