Use dnf with CentOS¶
centos, dnf, packaging
Blueprint: Use dnf with CentOS
CentOS 7 currently uses
yum as its default package manager. However,
Fedora has moved to
dnf for several releases and it provides significant
performance benefits. It can make the metadata cache, evaluate dependencies,
and handle fastest mirror checks much more efficiently.
yum package managers can co-exist together without causing
conflicts. Several Fedora releases ran both of these simultaneously. The
dnf packages are available in the EPEL repositories (which we currently
enable). It uses all of the existing
yum repositories and GPG keys as well.
The CentOS gate jobs are notoriously slow and the integrated gate times out on
tempest runs frequently. The longest running tasks in each role involve the
installation of distro packages because these tasks use
state: latest the
When Ansible sees
state: latest, it goes through a fairly tedious process:
check-update, which checks the entire system for updates.
If some packages are returned (they need updates), Ansible searches the list to see if any packages from the
yumtask are in that list.
If some packages need updates, Ansible calls
yumto install those packages.
This process can take 5-8 seconds even for one package. In comparison,
dnf completes the task in 0.8-1.6 seconds. This should give us some wiggle
room to get CI jobs completed sooner and convert more of the CentOS jobs from
non-voting to voting.
On CentOS systems, we should install
python-dnf (for Ansible
compatibility). Ansible will prefer
yum, so we would need to
ensure that each role has support for
dnf tasks. Since both package
managers are interchangeable, this could be done by symlinking the
*_install_dnf.yml task files to
*_install_yum.yml and using the
package module in those task files.
dnf isn’t preferred, we could avoid using
state: latest for CentOS
installations. This would cause CentOS deployments to diverge from Ubuntu
and OpenSUSE deployments and it would make bug triage more challenging.
Another option is to update the entire system when
state: latest is
provided but switch all of the package installation tasks to use
present. This will save us a small amount of time since Ansible will skip the
check-update step and go straight into updating all packages. This would
be another diversion from the Ubuntu/OpenSUSE process, however.
Each role with a set of
yum tasks would need to be converted to use
package. A symlink would be needed so that CentOS systems with
installed would use the same tasks.
During the upgrade process,
dnf would be installed on CentOS systems.
Ansible would begin to use
dnf, but the deployer could continue using
yum for their own administration tasks if they prefer it.
dnf package manager supports the same configuration options as yum for
checking GPG keys of packages and repositories.
dnf package manager will provide better performance when managing
packages, but the rest of the system will perform at the same levels.
End user impact¶
End users will not notice this change or gain any benefits from it.
Deployers may notice that some roles use
dnf while others use
all of the patches have merged. This won’t affect the running system, but it
may make some playbooks faster than others.
Deployers would continue to deploy in the same ways that they currently do today.
Developers must be aware that
dnf is present on CentOS systems and that
Ansible will prefer it over
yum. Any new roles/playbooks or updates to
existing ones will need to include support for
dnf via the
package module (which selects
This spec is not dependent on any other spec or blueprint.
- Primary assignee:
Major Hayden (IRC: mhayden, Launchpad: rackerhacker)
dnfpatches to the base roles first (openstack_hosts, lxc_hosts, etc)
Continue moving up the dependent roles until all roles include
Ensure that the integrated repository and openstack-ansible-tasks use
The existing testing done in the OpenStack CI jobs will be sufficient for this
dnf is not installing packages properly or efficiently, we will
see that reflected in the testing playbooks.
This work will require some release notes to notify developers and deployers of
dnf change. However, there’s no need for extensive documentation since
dnf supports the same configurations and arguments as
Test patch for openstack-ansible-openstack_hosts: https://review.openstack.org/488268
Vultr docs for dnf on CentOS 7: https://www.vultr.com/docs/use-dnf-to-manage-software-packages-on-centos-7