fix: EPEL is no longer active on RHEL 7 based distros (#310)

nginxinc · Aug 29, 2024 · 800b8e1 · 800b8e1
1 parent c65659a
commit 800b8e1
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 7 deletions.
diff --git a/tasks/common/prerequisites/install-dependencies.yml b/tasks/common/prerequisites/install-dependencies.yml
@@ -13,23 +13,38 @@
     state: latest # noqa package-latest
   when: ansible_facts['os_family'] == "Debian"
 
+- name: (Amazon Linux/RHEL) Install package dependencies
+  ansible.builtin.yum:
+    name: "{{ nginx_app_protect_redhat_dependencies }}"
+    update_cache: true
+    state: latest # noqa package-latest
+  when: ansible_facts['os_family'] == "RedHat"
+
 - name: (Amazon Linux) Set up Amazon Linux Extras repositories
   ansible.builtin.command: amazon-linux-extras enable {{ item }}
   changed_when: false
   loop: "{{ nginx_app_protect_amazon_extras }}"
   when: ansible_facts['distribution'] == "Amazon"
 
-- name: (Amazon Linux/RHEL) Install package dependencies
-  when: ansible_facts['os_family'] == "RedHat"
+- name: (Amazon Linux) Install EPEL
+  ansible.builtin.command:
+    cmd: amazon-linux-extras install -y epel
+    creates: /etc/yum.repos.d/epel.repo
+  when: ansible_facts['distribution'] == "Amazon"
+
+- name: (RHEL) Install EPEL
+  when:
+    - ansible_facts['os_family'] == "RedHat"
+    - ansible_facts['distribution'] != "Amazon"
   block:
-    - name: (Amazon Linux/RHEL) Import EPEL GPG key
+    - name: (RHEL) Import EPEL GPG key
       ansible.builtin.rpm_key:
         state: present
-        key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ (ansible_facts['distribution'] == 'Amazon') | ternary('7', ansible_facts['distribution_major_version']) }}
+        key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_facts['distribution_major_version'] }}
 
-    - name: (Amazon Linux/RHEL) Install package dependencies
+    - name: (RHEL) Install package dependencies
       ansible.builtin.yum:
-        name: "{{ nginx_app_protect_redhat_dependencies }}"
+        name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm
         update_cache: true
         state: latest # noqa package-latest
 

diff --git a/vars/main.yml b/vars/main.yml
@@ -74,7 +74,7 @@ nginx_app_protect_amazon_extras: [selinux-ng]
 nginx_app_protect_debian_dependencies: [apt-transport-https, ca-certificates]
 
 # Red Hat dependencies
-nginx_app_protect_redhat_dependencies: [ca-certificates, "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ((ansible_facts['distribution'] == 'Amazon') | ternary('7', ansible_facts['distribution_major_version'])) }}.noarch.rpm"]
+nginx_app_protect_redhat_dependencies: [ca-certificates]
 
 # Choose where to fetch the NGINX App Protect and Security Updates signing keys from.
 # Default settings are the official NGINX signing key hosts.