From e70836ced539c8d651cb26e4d208a0578237d428 Mon Sep 17 00:00:00 2001
From: Vitaliy Kukharik <37010174+vitabaks@users.noreply.github.com>
Date: Wed, 24 Jan 2024 17:18:59 +0300
Subject: [PATCH] Disable 'pgdg' repo during system packages installation
 (RHEL). (#561)

---
 roles/packages/tasks/main.yml   | 41 ++++++++++++++++++++++++++-------
 roles/update/tasks/postgres.yml | 14 +++++++----
 roles/update/tasks/system.yml   | 41 +++++++++++++++++++++++++++++----
 update_pgcluster.yml            | 14 +++++------
 4 files changed, 84 insertions(+), 26 deletions(-)

diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml
index 3cf0b8a9b..ef621e84a 100644
--- a/roles/packages/tasks/main.yml
+++ b/roles/packages/tasks/main.yml
@@ -35,13 +35,17 @@
   tags: install_packages_from_file
 
 - block:  # RedHat (update cache)
-    - name: Clean yum cache
-      ansible.builtin.command: yum clean all
+    - name: Update yum cache
+      ansible.builtin.shell: yum clean all && yum -y makecache
+      args:
+        executable: /bin/bash
       when: ansible_distribution_major_version == '7'
 
-    - name: Clean dnf cache
-      ansible.builtin.command: dnf clean all
-      when: ansible_distribution_major_version is version('8', '>=')
+    - name: Update dnf cache
+      ansible.builtin.shell: dnf clean all && dnf -y makecache
+      args:
+        executable: /bin/bash
+      when: ansible_distribution_major_version >= '8'
   environment: "{{ proxy_env | default({}) }}"
   when: ansible_os_family == "RedHat" and installation_method == "repo"
   tags: install_packages, install_postgres
@@ -49,16 +53,37 @@
 # Install packages from repository
 # RedHat
 - name: Install system packages
-  ansible.builtin.package:
+  ansible.builtin.yum:
     name: "{{ item }}"
     state: present
+    disablerepo: 'pgdg*'
   loop: "{{ system_packages }}"
   register: package_status
   until: package_status is success
   delay: 5
   retries: 3
   environment: "{{ proxy_env | default({}) }}"
-  when: ansible_os_family == "RedHat" and installation_method == "repo"
+  when:
+    - installation_method == "repo"
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version == '7'
+  tags: install_packages
+
+- name: Install system packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+    disablerepo: 'pgdg*'
+  loop: "{{ system_packages }}"
+  register: package_status
+  until: package_status is success
+  delay: 5
+  retries: 3
+  environment: "{{ proxy_env | default({}) }}"
+  when:
+    - installation_method == "repo"
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version >= '8'
   tags: install_packages
 
 # Debian
@@ -100,7 +125,7 @@
   when: installation_method == "repo" and ansible_os_family == "Debian"
   tags: install_postgres
 
-# PostgreSQL prepare for install (for RHEL 8)
+# PostgreSQL prepare for install (for RHEL)
 - block:
     - name: PostgreSQL | check if appstream module is enabled
       ansible.builtin.command: 'dnf -y -C module list postgresql'
diff --git a/roles/update/tasks/postgres.yml b/roles/update/tasks/postgres.yml
index d322d4e29..5dbe4092c 100644
--- a/roles/update/tasks/postgres.yml
+++ b/roles/update/tasks/postgres.yml
@@ -1,15 +1,19 @@
 ---
-- name: Clean yum cache
-  ansible.builtin.command: yum clean all
+- name: Update yum cache
+  ansible.builtin.shell: yum clean all && yum -y makecache
+  args:
+    executable: /bin/bash
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version == '7'
 
-- name: Clean dnf cache
-  ansible.builtin.command: dnf clean all
+- name: Update dnf cache
+  ansible.builtin.shell: dnf clean all && dnf -y makecache
+  args:
+    executable: /bin/bash
   when:
     - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version is version('8', '>=')
+    - ansible_distribution_major_version >= '8'
 
 - name: Update apt cache
   ansible.builtin.apt:
diff --git a/roles/update/tasks/system.yml b/roles/update/tasks/system.yml
index a942306f1..427cff826 100644
--- a/roles/update/tasks/system.yml
+++ b/roles/update/tasks/system.yml
@@ -1,15 +1,19 @@
 ---
-- name: Clean yum cache
-  ansible.builtin.command: yum clean all
+- name: Update yum cache
+  ansible.builtin.shell: yum clean all && yum -y makecache
+  args:
+    executable: /bin/bash
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version == '7'
 
-- name: Clean dnf cache
-  ansible.builtin.command: dnf clean all
+- name: Update dnf cache
+  ansible.builtin.shell: dnf clean all && dnf -y makecache
+  args:
+    executable: /bin/bash
   when:
     - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version is version('8', '>=')
+    - ansible_distribution_major_version >= '8'
 
 - name: Update apt cache
   ansible.builtin.apt:
@@ -30,6 +34,33 @@
   delay: 5
   retries: 3
   ignore_errors: true
+  when: ansible_os_family == "Debian"
+
+- name: Update all system packages
+  ansible.builtin.yum:
+    name: '*'
+    state: latest
+    disablerepo: 'pgdg*'
+  register: package_status
+  until: package_status is success
+  delay: 5
+  retries: 3
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version == '7'
+
+- name: Update all system packages
+  ansible.builtin.dnf:
+    name: '*'
+    state: latest
+    disablerepo: 'pgdg*'
+  register: package_status
+  until: package_status is success
+  delay: 5
+  retries: 3
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version >= '8'
 
 - name: Check if a reboot is required
   ansible.builtin.stat:
diff --git a/update_pgcluster.yml b/update_pgcluster.yml
index 9c5cc92bf..0c4f201f0 100644
--- a/update_pgcluster.yml
+++ b/update_pgcluster.yml
@@ -99,16 +99,15 @@
       ansible.builtin.include_role:
         name: update
         tasks_from: postgres
-      when: target | lower == 'postgres'
+      when: target | lower == 'postgres' or target | lower == 'system'
 
     - name: Update Patroni
       ansible.builtin.include_role:
         name: update
         tasks_from: patroni
-      when: target | lower == 'patroni' or
-        (target | lower == 'system' and patroni_installation_method == "pip")
+      when: target | lower == 'patroni' or target | lower == 'system'
 
-    - name: Update all system packages (includes PostgreSQL and Patroni)
+    - name: Update all system packages
       ansible.builtin.include_role:
         name: update
         tasks_from: system
@@ -161,16 +160,15 @@
       ansible.builtin.include_role:
         name: update
         tasks_from: postgres
-      when: target | lower == 'postgres'
+      when: target | lower == 'postgres' or target | lower == 'system'
 
     - name: Update Patroni
       ansible.builtin.include_role:
         name: update
         tasks_from: patroni
-      when: target | lower == 'patroni' or
-        (target | lower == 'system' and patroni_installation_method == "pip")
+      when: target | lower == 'patroni' or target | lower == 'system'
 
-    - name: Update all system packages (includes PostgreSQL and Patroni)
+    - name: Update all system packages
       ansible.builtin.include_role:
         name: update
         tasks_from: system