Description of problem:
OCP installer pulls various RPM packages unnecessarily. This may cause problems in large scale deployments, when multiple OCP nodes are trying to pull RPM packages from the same repository at the same time and often unnecessarily.
Version-Release number of the following components:
$ oc version
features: Basic-Auth GSSAPI Kerberos SPNEGO
$ git describe
Steps to Reproduce:
1. Install OCP 3.10 and with "os_firewall_use_firewalld=false" with no firewalld package installed on soon-to-become OCP nodes.
2. Watch firewalld rpm package being installed by the installer even though it was "os_firewall_use_firewalld=false"
$ rpm -q firewalld
$ rpm -q firewalld
package firewalld is not installed
It is not only firewalld, but haproxy on non-LB nodes and other packages which are not strictly needed. See: https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_node/defaults/main.yml#L120
Moving to 3.10.z unless there's signs that this actually breaks anything. I agree that we need to clean this up.
This happens because we've moved all node associated packages into a static list that doesn't take into consideration a lot of optional components.
Thinking more about this, if you've setup a mirror infrastructure that cannot handle the load of your nodes installing 20 something packages I feel like that's a problem that should be addressed. The majority of the packages are actually mandatory so I'm not sure shaving off a handful of them makes a meaningful difference.
For 4.0, we should make sure to pare everything down to a minimal set. There's at least a few packages in the list that are planned to be deprecated in 4.0.
*** Bug 1580282 has been marked as a duplicate of this bug. ***
There appear to be no active cases related to this bug. As such we're closing this bug in order to focus on bugs that are still tied to active customer cases. Please re-open this bug if you feel it was closed in error or a new active case is attached.