From 53b0f1645bfc1d83f3042e85cf54d22f1a7d4863 Mon Sep 17 00:00:00 2001 From: Matt Clay Date: Wed, 21 May 2025 10:21:27 -0700 Subject: [PATCH] ansible-test - Add RHEL 10.0 remote (#85189) * ansible-test - Add RHEL 10.0 remote * Update tests for RHEL 10 * Fix iptables test * Rework rpm_key integration test --- .azure-pipelines/azure-pipelines.yml | 6 + changelogs/fragments/ansible-test-rhel-10.yml | 2 + test/integration/targets/copy/tasks/acls.yml | 19 ++ .../targets/iptables/tasks/main.yml | 2 + .../targets/lineinfile/tasks/acls.yml | 14 +- .../prepare_http_tests/tasks/default.yml | 2 +- test/integration/targets/rpm_key/aliases | 1 + .../targets/rpm_key/defaults/main.yaml | 0 .../targets/rpm_key/tasks/main.yaml | 36 ++- .../targets/rpm_key/tasks/rpm_key.yaml | 206 +++++++----------- .../integration/targets/rpm_key/vars/main.yml | 8 + .../install-RedHat-10-python-3.yml | 9 + .../uninstall-RedHat-10-python-3.yml | 7 + .../ansible_test/_data/completion/remote.txt | 1 + .../_util/target/setup/bootstrap.sh | 31 +++ 15 files changed, 218 insertions(+), 126 deletions(-) create mode 100644 changelogs/fragments/ansible-test-rhel-10.yml delete mode 100644 test/integration/targets/rpm_key/defaults/main.yaml create mode 100644 test/integration/targets/rpm_key/vars/main.yml create mode 100644 test/integration/targets/setup_paramiko/install-RedHat-10-python-3.yml create mode 100644 test/integration/targets/setup_paramiko/uninstall-RedHat-10-python-3.yml diff --git a/.azure-pipelines/azure-pipelines.yml b/.azure-pipelines/azure-pipelines.yml index bfb08660403..56fa471e75b 100644 --- a/.azure-pipelines/azure-pipelines.yml +++ b/.azure-pipelines/azure-pipelines.yml @@ -94,6 +94,8 @@ stages: test: rhel/9.5@3.9 - name: RHEL 9.5 py312 test: rhel/9.5@3.12 + - name: RHEL 10.0 + test: rhel/10.0 - name: FreeBSD 13.5 test: freebsd/13.5 - name: FreeBSD 14.2 @@ -108,6 +110,8 @@ stages: test: macos/15.3 - name: RHEL 9.5 test: rhel/9.5 + - name: RHEL 10.0 + test: rhel/10.0 - name: FreeBSD 13.5 test: freebsd/13.5 - name: FreeBSD 14.2 @@ -125,6 +129,8 @@ stages: test: fedora/41 - name: RHEL 9.5 test: rhel/9.5 + - name: RHEL 10.0 + test: rhel/10.0 - name: Ubuntu 24.04 test: ubuntu/24.04 groups: diff --git a/changelogs/fragments/ansible-test-rhel-10.yml b/changelogs/fragments/ansible-test-rhel-10.yml new file mode 100644 index 00000000000..956c929a159 --- /dev/null +++ b/changelogs/fragments/ansible-test-rhel-10.yml @@ -0,0 +1,2 @@ +minor_changes: + - ansible-test - Add RHEL 10.0 as a remote platform for testing. diff --git a/test/integration/targets/copy/tasks/acls.yml b/test/integration/targets/copy/tasks/acls.yml index 04aa13c85f3..6ff56908e87 100644 --- a/test/integration/targets/copy/tasks/acls.yml +++ b/test/integration/targets/copy/tasks/acls.yml @@ -3,6 +3,13 @@ apt: name: acl when: ansible_distribution in ('Ubuntu') + register: setup_acl + + - name: Install the acl package on RedHat + dnf: + name: acl + when: ansible_distribution in ('RedHat') + register: setup_acl - block: - name: Testing ACLs @@ -30,6 +37,18 @@ - "'other::r--' in acls.stdout_lines" always: + - name: Remove the acl package on Ubuntu + apt: + name: acl + state: absent + when: setup_acl is changed and ansible_distribution in ('Ubuntu') + + - name: Remove the acl package on RedHat + dnf: + name: acl + state: absent + when: setup_acl is changed and ansible_distribution in ('RedHat') + - name: Clean up file: path: "~/test.txt" diff --git a/test/integration/targets/iptables/tasks/main.yml b/test/integration/targets/iptables/tasks/main.yml index eb2674ac516..cc3ba808273 100644 --- a/test/integration/targets/iptables/tasks/main.yml +++ b/test/integration/targets/iptables/tasks/main.yml @@ -32,5 +32,7 @@ package: name: iptables state: present + # prevent attempts to upgrade the kernel and install kernel modules for a non-running kernel version + exclude: "{{ 'kernel-core' if ansible_distribution == 'RedHat' else omit }}" - import_tasks: chain_management.yml diff --git a/test/integration/targets/lineinfile/tasks/acls.yml b/test/integration/targets/lineinfile/tasks/acls.yml index 1be6ecb59ec..18da15884fd 100644 --- a/test/integration/targets/lineinfile/tasks/acls.yml +++ b/test/integration/targets/lineinfile/tasks/acls.yml @@ -5,6 +5,12 @@ when: ansible_distribution in ('Ubuntu') register: setup_acl + - name: Install the acl package on RedHat + dnf: + name: acl + when: ansible_distribution in ('RedHat') + register: setup_acl + - name: Create file copy: content: "TEST" @@ -46,7 +52,13 @@ apt: name: acl state: absent - when: setup_acl is changed + when: setup_acl is changed and ansible_distribution in ('Ubuntu') + + - name: Remove the acl package on RedHat + dnf: + name: acl + state: absent + when: setup_acl is changed and ansible_distribution in ('RedHat') - name: Clean up file: diff --git a/test/integration/targets/prepare_http_tests/tasks/default.yml b/test/integration/targets/prepare_http_tests/tasks/default.yml index 57fd4d523e9..457da542370 100644 --- a/test/integration/targets/prepare_http_tests/tasks/default.yml +++ b/test/integration/targets/prepare_http_tests/tasks/default.yml @@ -1,5 +1,5 @@ - name: RedHat - Enable the dynamic CA configuration feature - command: update-ca-trust force-enable + command: update-ca-trust when: ansible_os_family == 'RedHat' and ansible_distribution != "Fedora" - name: RedHat - Retrieve test cacert diff --git a/test/integration/targets/rpm_key/aliases b/test/integration/targets/rpm_key/aliases index a4c92ef8538..e5156968fa8 100644 --- a/test/integration/targets/rpm_key/aliases +++ b/test/integration/targets/rpm_key/aliases @@ -1,2 +1,3 @@ destructive shippable/posix/group1 +needs/root diff --git a/test/integration/targets/rpm_key/defaults/main.yaml b/test/integration/targets/rpm_key/defaults/main.yaml deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/test/integration/targets/rpm_key/tasks/main.yaml b/test/integration/targets/rpm_key/tasks/main.yaml index 6f71ca6eadb..3da5bfc4e6e 100644 --- a/test/integration/targets/rpm_key/tasks/main.yaml +++ b/test/integration/targets/rpm_key/tasks/main.yaml @@ -1,2 +1,34 @@ - - include_tasks: 'rpm_key.yaml' - when: ansible_os_family == "RedHat" + - when: ansible_os_family == "RedHat" + block: + + - name: List the installed GPG keys + shell: rpm -q gpg-pubkey | sort + register: list_of_pubkeys + + - name: Retrieve the installed GPG keys + command: rpm -q --qf %{description} gpg-pubkey + register: pubkeys + + - name: Save the retrieved GPG keys to a file + copy: + content: "{{ pubkeys['stdout'] }}" + dest: "{{ remote_tmp_dir + '/pubkeys' }}" + mode: 0600 + + - include_tasks: rpm_key.yaml + + always: + + - name: Remove all GPG keys from key ring + shell: rpm -q gpg-pubkey | xargs rpm -e + + - name: Restore the previously installed GPG keys + command: rpm --import {{ (remote_tmp_dir + '/pubkeys') | quote }} + + - name: List the installed GPG keys + shell: rpm -q gpg-pubkey | sort + register: new_list_of_pubkeys + + - name: Verify the GPG keys have been restored + assert: + that: list_of_pubkeys["stdout"] == new_list_of_pubkeys["stdout"] diff --git a/test/integration/targets/rpm_key/tasks/rpm_key.yaml b/test/integration/targets/rpm_key/tasks/rpm_key.yaml index 77cdd586d46..f83da4fcca1 100644 --- a/test/integration/targets/rpm_key/tasks/rpm_key.yaml +++ b/test/integration/targets/rpm_key/tasks/rpm_key.yaml @@ -1,158 +1,137 @@ ---- -# -# Save initial state -# -- name: Retrieve a list of gpg keys are installed for package checking - shell: 'rpm -q gpg-pubkey | sort' - register: list_of_pubkeys - -- name: Retrieve the gpg keys used to verify packages - command: 'rpm -q --qf %{description} gpg-pubkey' - register: pubkeys - -- name: Save gpg keys to a file - copy: - content: "{{ pubkeys['stdout'] }}\n" - dest: '{{ remote_tmp_dir }}/pubkeys' - mode: 0600 - -# -# Tests start -# -- name: download EPEL GPG key +- name: Download test key get_url: - url: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY-EPEL-7 - dest: /tmp/RPM-GPG-KEY-EPEL-7 + url: "{{ test_key_url }}" + dest: "{{ test_key_path }}" -- name: download sl rpm +- name: Download test RPM get_url: - url: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/sl-5.02-1.el7.x86_64.rpm - dest: /tmp/sl.rpm + url: "{{ test_rpm_url }}" + dest: "{{ test_rpm_path }}" -- name: remove EPEL GPG key from keyring +- name: Remove test key from keyring rpm_key: state: absent - key: /tmp/RPM-GPG-KEY-EPEL-7 + key: "{{ test_key_path }}" -- name: check GPG signature of sl. Should fail - shell: "rpm --checksig /tmp/sl.rpm" - register: sl_check +- name: Verify checking signature of RPM fails + shell: rpm --checksig {{ test_rpm_path | quote }} + register: checksig ignore_errors: yes -- name: confirm that signature check failed +- name: Confirm that signature check failed assert: that: - - "'MISSING KEYS' in sl_check.stdout or 'SIGNATURES NOT OK' in sl_check.stdout" - - "sl_check.failed" + - checksig.stdout is contains 'SIGNATURES NOT OK' + - checksig.failed -- name: remove EPEL GPG key from keyring (idempotent) +- name: Remove test key from keyring (idempotent) rpm_key: state: absent - key: /tmp/RPM-GPG-KEY-EPEL-7 + key: "{{ test_key_path }}" register: idempotent_test -- name: check idempotence +- name: Check idempotence assert: - that: "not idempotent_test.changed" + that: idempotent_test is not changed -- name: add EPEL GPG key to key ring +- name: Add test key to key ring rpm_key: state: present - key: /tmp/RPM-GPG-KEY-EPEL-7 + key: "{{ test_key_path }}" -- name: add EPEL GPG key to key ring (idempotent) +- name: Add test key to key ring (idempotent) rpm_key: state: present - key: /tmp/RPM-GPG-KEY-EPEL-7 + key: "{{ test_key_path }}" register: key_idempotence -- name: verify idempotence +- name: Verify idempotence assert: - that: "not key_idempotence.changed" + that: key_idempotence is not changed -- name: check GPG signature of sl. Should return okay - shell: "rpm --checksig /tmp/sl.rpm" - register: sl_check +- name: Check signature of RPM + shell: rpm --checksig {{ test_rpm_path | quote }} + register: checksig -- name: confirm that signature check succeeded +- name: Confirm that signature check succeeded assert: - that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout or 'digests signatures OK' in sl_check.stdout" + that: checksig.stdout is contains 'digests signatures OK' -- name: remove GPG key from url +- name: Remove test key via url rpm_key: state: absent - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY-EPEL-7 + key: "{{ test_key_url }}" - name: Confirm key is missing - shell: "rpm --checksig /tmp/sl.rpm" - register: sl_check + shell: rpm --checksig {{ test_rpm_path | quote }} + register: checksig ignore_errors: yes -- name: confirm that signature check failed +- name: Confirm that signature check failed assert: that: - - "'MISSING KEYS' in sl_check.stdout or 'SIGNATURES NOT OK' in sl_check.stdout" - - "sl_check.failed" + - checksig.stdout is contains 'SIGNATURES NOT OK' + - checksig.failed -- name: add GPG key from url +- name: Add test key from url rpm_key: state: present - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY-EPEL-7 + key: "{{ test_key_url }}" -- name: check GPG signature of sl. Should return okay - shell: "rpm --checksig /tmp/sl.rpm" - register: sl_check +- name: Check signature of RPM + shell: rpm --checksig {{ test_rpm_path | quote }} + register: checksig -- name: confirm that signature check succeeded +- name: Confirm that signature check succeeded assert: - that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout or 'digests signatures OK' in sl_check.stdout" + that: checksig.stdout is contains 'digests signatures OK' -- name: remove all keys from key ring - shell: "rpm -q gpg-pubkey | xargs rpm -e" +- name: Remove all keys from key ring + shell: rpm -q gpg-pubkey | xargs rpm -e -- name: add very first key on system +- name: Add very first key on system rpm_key: state: present - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY-EPEL-7 + key: "{{ test_key_url }}" -- name: check GPG signature of sl. Should return okay - shell: "rpm --checksig /tmp/sl.rpm" - register: sl_check +- name: Check GPG signature of RPM + shell: rpm --checksig {{ test_rpm_path | quote }} + register: checksig -- name: confirm that signature check succeeded +- name: Confirm that signature check succeeded assert: - that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout or 'digests signatures OK' in sl_check.stdout" + that: checksig.stdout is contains 'digests signatures OK' -- name: get keyid - shell: "rpm -q gpg-pubkey | head -n 1 | xargs rpm -q --qf %{version}" +- name: Get keyid + shell: rpm -q gpg-pubkey | head -n 1 | xargs rpm -q --qf %{version} register: key_id -- name: remove GPG key using keyid +- name: Remove test key using keyid rpm_key: state: absent key: "{{ key_id.stdout }}" register: remove_keyid - failed_when: remove_keyid.changed == false + failed_when: not remove_keyid.changed -- name: remove GPG key using keyid (idempotent) +- name: Remove test key using keyid (idempotent) rpm_key: state: absent key: "{{ key_id.stdout }}" register: key_id_idempotence -- name: verify idempotent (key_id) +- name: Verify idempotent (key_id) assert: - that: "not key_id_idempotence.changed" + that: key_id_idempotence is not changed -- name: add very first key on system again +- name: Add very first key on system again rpm_key: state: present - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY-EPEL-7 + key: "{{ test_key_url }}" - name: Issue 20325 - Verify fingerprint of key, invalid fingerprint - EXPECTED FAILURE rpm_key: - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag - fingerprint: 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 + key: "{{ sub_key_url }}" + fingerprint: "{{ invalid_fingerprint }}" register: result failed_when: result is success @@ -161,12 +140,12 @@ that: - result is success - result is not changed - - "'does not match any key fingerprints' in result.msg" + - result.msg is contains 'does not match any key fingerprints' - name: Issue 20325 - Verify fingerprint of key, valid fingerprint rpm_key: - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag - fingerprint: EBC6 E12C 62B1 C734 026B 2122 A20E 5214 6B8D 79E6 + key: "{{ sub_key_url }}" + fingerprint: "{{ primary_fingerprint }}" register: result - name: Issue 20325 - Assert Verify fingerprint of key, valid fingerprint @@ -177,8 +156,8 @@ - name: Issue 20325 - Verify fingerprint of key, valid fingerprint - Idempotent check rpm_key: - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag - fingerprint: EBC6 E12C 62B1 C734 026B 2122 A20E 5214 6B8D 79E6 + key: "{{ sub_key_url }}" + fingerprint: "{{ primary_fingerprint }}" register: result - name: Issue 20325 - Assert Verify fingerprint of key, valid fingerprint - Idempotent check @@ -188,13 +167,14 @@ - result is not changed # Reset to test subkey validation -- name: remove all keys from key ring - shell: "rpm -q gpg-pubkey | xargs rpm -e" + +- name: Remove all keys from key ring + shell: rpm -q gpg-pubkey | xargs rpm -e - name: Verify fingerprint of subkey, valid fingerprint rpm_key: - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag - fingerprint: 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86 + key: "{{ sub_key_url }}" + fingerprint: "{{ sub_key_fingerprint }}" register: result - name: Assert Verify fingerprint of key, valid fingerprint @@ -205,8 +185,8 @@ - name: Verify fingerprint of subkey, valid fingerprint - Idempotent check rpm_key: - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag - fingerprint: 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86 + key: "{{ sub_key_url }}" + fingerprint: "{{ sub_key_fingerprint }}" register: result - name: Assert Verify fingerprint of subkey, valid fingerprint - Idempotent check @@ -216,15 +196,16 @@ - result is not changed # Reset to test multi-key validation -- name: remove all keys from key ring - shell: "rpm -q gpg-pubkey | xargs rpm -e" + +- name: Remove all keys from key ring + shell: rpm -q gpg-pubkey | xargs rpm -e - name: Verify fingerprint of primary and subkey, valid fingerprint rpm_key: - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag + key: "{{ sub_key_url }}" fingerprint: - - 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86 - - EBC6 E12C 62B1 C734 026B 2122 A20E 5214 6B8D 79E6 + - "{{ primary_fingerprint }}" + - "{{ sub_key_fingerprint }}" register: result - name: Assert Verify fingerprint of primary and subkey, valid fingerprint @@ -235,10 +216,10 @@ - name: Verify fingerprint of primary and subkey, valid fingerprint - Idempotent check rpm_key: - key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag + key: "{{ sub_key_url }}" fingerprint: - - 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86 - - EBC6 E12C 62B1 C734 026B 2122 A20E 5214 6B8D 79E6 + - "{{ primary_fingerprint }}" + - "{{ sub_key_fingerprint }}" register: result - name: Assert Verify fingerprint of primary and subkey, valid fingerprint - Idempotent check @@ -246,22 +227,3 @@ that: - result is success - result is not changed - - -# -# Cleanup -# -- name: remove all keys from key ring - shell: "rpm -q gpg-pubkey | xargs rpm -e" - -- name: Restore the gpg keys normally installed on the system - command: 'rpm --import {{ remote_tmp_dir }}/pubkeys' - -- name: Retrieve a list of gpg keys are installed for package checking - shell: 'rpm -q gpg-pubkey | sort' - register: new_list_of_pubkeys - -- name: Confirm that we've restored all the pubkeys - assert: - that: - - 'list_of_pubkeys["stdout"] == new_list_of_pubkeys["stdout"]' diff --git a/test/integration/targets/rpm_key/vars/main.yml b/test/integration/targets/rpm_key/vars/main.yml new file mode 100644 index 00000000000..694a6d0c7f4 --- /dev/null +++ b/test/integration/targets/rpm_key/vars/main.yml @@ -0,0 +1,8 @@ +test_key_url: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY-EPEL-10 +test_key_path: "{{ remote_tmp_dir + '/RPM-GPG-KEY-EPEL-10' }}" +test_rpm_url: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/scitokens-cpp-devel-1.1.3-2.el10_1.x86_64.rpm +test_rpm_path: "{{ remote_tmp_dir + '/test.rpm' }}" +sub_key_url: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/openbao-gpg-pub-20240618.asc +invalid_fingerprint: 1111 1111 1111 1111 1111 1111 1111 1111 1111 1111 +primary_fingerprint: 66D1 5FDD 8728 7219 C8E1 5478 D200 CD70 2853 E6D0 +sub_key_fingerprint: E617 DCD4 065C 2AFC 0B2C F7A7 BA8B C08C 0F69 1F94 diff --git a/test/integration/targets/setup_paramiko/install-RedHat-10-python-3.yml b/test/integration/targets/setup_paramiko/install-RedHat-10-python-3.yml new file mode 100644 index 00000000000..84be4de490e --- /dev/null +++ b/test/integration/targets/setup_paramiko/install-RedHat-10-python-3.yml @@ -0,0 +1,9 @@ +- name: Setup remote constraints + include_tasks: setup-remote-constraints.yml +- name: Install Paramiko for Python 3 on RHEL 10 + pip: # no python3-paramiko package exists for RHEL 10 + name: paramiko + extra_args: "-c {{ remote_constraints }}" + +- name: Drop the crypto-policy to LEGACY for these tests + command: update-crypto-policies --set LEGACY diff --git a/test/integration/targets/setup_paramiko/uninstall-RedHat-10-python-3.yml b/test/integration/targets/setup_paramiko/uninstall-RedHat-10-python-3.yml new file mode 100644 index 00000000000..fa28ca6ec96 --- /dev/null +++ b/test/integration/targets/setup_paramiko/uninstall-RedHat-10-python-3.yml @@ -0,0 +1,7 @@ +- name: Uninstall Paramiko for Python 3 on RHEL 10 + pip: # no python3-paramiko package exists for RHEL 10 + name: paramiko + state: absent + +- name: Revert the crypto-policy back to DEFAULT + command: update-crypto-policies --set DEFAULT diff --git a/test/lib/ansible_test/_data/completion/remote.txt b/test/lib/ansible_test/_data/completion/remote.txt index 9fbfbb59614..71727f56d35 100644 --- a/test/lib/ansible_test/_data/completion/remote.txt +++ b/test/lib/ansible_test/_data/completion/remote.txt @@ -8,6 +8,7 @@ freebsd python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64 macos/15.3 python=3.13 python_dir=/usr/local/bin become=sudo provider=parallels arch=x86_64 macos python_dir=/usr/local/bin become=sudo provider=parallels arch=x86_64 rhel/9.5 python=3.9,3.12 become=sudo provider=aws arch=x86_64 +rhel/10.0 python=3.12 become=sudo provider=aws arch=x86_64 rhel become=sudo provider=aws arch=x86_64 ubuntu/22.04 python=3.10 become=sudo provider=aws arch=x86_64 ubuntu/24.04 python=3.12 become=sudo provider=aws arch=x86_64 diff --git a/test/lib/ansible_test/_util/target/setup/bootstrap.sh b/test/lib/ansible_test/_util/target/setup/bootstrap.sh index 9258c64774c..b2093e79523 100644 --- a/test/lib/ansible_test/_util/target/setup/bootstrap.sh +++ b/test/lib/ansible_test/_util/target/setup/bootstrap.sh @@ -281,10 +281,41 @@ bootstrap_remote_rhel_9() done } +bootstrap_remote_rhel_10() +{ + py_pkg_prefix="python3" + + packages=" + gcc + ${py_pkg_prefix}-devel + ${py_pkg_prefix}-pip + " + + if [ "${controller}" ]; then + packages=" + ${packages} + ${py_pkg_prefix}-cryptography + ${py_pkg_prefix}-jinja2 + ${py_pkg_prefix}-packaging + ${py_pkg_prefix}-pyyaml + ${py_pkg_prefix}-resolvelib + " + fi + + while true; do + # shellcheck disable=SC2086 + dnf install -q -y ${packages} \ + && break + echo "Failed to install packages. Sleeping before trying again..." + sleep 10 + done +} + bootstrap_remote_rhel() { case "${platform_version}" in 9.*) bootstrap_remote_rhel_9 ;; + 10.*) bootstrap_remote_rhel_10 ;; esac }