From 080f6a3f7c3e80cc9da9e5d7fac1284c987d3875 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Mon, 11 Sep 2023 22:46:24 +0200 Subject: [PATCH 1/5] started working on deb822 implementation --- tasks/main.yml | 11 ++---- tasks/ubuntu.yml | 39 +++++++++++++++++++++- templates/repo.sources.j2 | 14 ++++++++ templates/sources.list.j2 | 6 ---- vars/main.yml | 5 ++- vars/ubuntu.yml | 70 ++++++++++++++++++++++++--------------- 6 files changed, 101 insertions(+), 44 deletions(-) create mode 100644 templates/repo.sources.j2 delete mode 100644 templates/sources.list.j2 diff --git a/tasks/main.yml b/tasks/main.yml index 9707fa8..56daaa7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -4,16 +4,9 @@ ansible.builtin.include_vars: file: "{{ ansible_distribution|lower }}.yml" -- name: "Import main repositories" +- name: "Import main {{ ansible_distribution|lower }} repositories" + ansible.builtin.include_tasks: "{{ ansible_distribution|lower }}.yml" when: manage_repositories_enable_default_repo - block: - - name: "Import ubuntu.yml" - ansible.builtin.include_tasks: ubuntu.yml - when: ansible_distribution == 'Ubuntu' - - - name: "Import debian.yml" - ansible.builtin.include_tasks: debian.yml - when: ansible_distribution == 'Debian' - name: "Import custom_repositories.yml" ansible.builtin.include_tasks: custom_repositories.yml diff --git a/tasks/ubuntu.yml b/tasks/ubuntu.yml index ca2eebf..e722319 100644 --- a/tasks/ubuntu.yml +++ b/tasks/ubuntu.yml @@ -1,10 +1,47 @@ --- # task/ubuntu file for manage_repositories +- name: "Emtpy /etc/apt/sources.list" + block: + - name: Read the current content of the file + ansible.builtin.slurp: + src: "{{ manage_repositories_sources_list_location }}" + register: sources_list_current_content + ignore_errors: true + + - name: "Convert sources.list current content to string" + ansible.builtin.set_fact: + sources_list_current_content_str: "{{ sources_list_current_content.content | b64decode | default('') }}" + + - name: "Define sources.list new content" + ansible.builtin.set_fact: + sources_list_new_content: "{{ manage_repositories_sources_list_message }}" + + - name: "Replace content of /etc/apt/sources.list" + ansible.builtin.replace: + path: "{{ manage_repositories_sources_list_location }}" + regexp: "{{ sources_list_current_content_str | regex_escape }}" + replace: "{{ sources_list_new_content }}" + when: sources_list_current_content_str != sources_list_new_content + +- name: "Import list files" + block: + - name: "Create mirrors files" + ansible.builtin.file: + path: "{{ manage_repositories_mirrors_location }}" + state: directory + + - name: "Populate mirrors files" + ansible.builtin.copy: + content: | + "{{ item.uri }}" + dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list" + loop: "{{ manage_repositories_default_repo }}" + - name: "Configure ubuntu main repositories into sources.list" vars: repositories: "{{ manage_repositories_default_repo }}" ansible.builtin.template: - src: "sources.list.j2" + src: "repo.sources.j2" dest: "{{ manage_repositories_default_repo_location }}" mode: '0644' owner: root diff --git a/templates/repo.sources.j2 b/templates/repo.sources.j2 new file mode 100644 index 0000000..02c795d --- /dev/null +++ b/templates/repo.sources.j2 @@ -0,0 +1,14 @@ +# {{ ansible_managed }} + +{% for repository in repositories %} +# {{ repository.comments}} +types: {{ repository.types | join(' ') }} +uris: mirror+file://{{ manage_repositories_mirrors_location }}/{{ repository.name }}.list +suites: {{ repository.suites | join(' ') }} +components: {{ repository.components | join(' ') }} +{% if (repository.options is defined) and repository.options %} +{% for option in repository.options %} +{{ option }}: {{ repository.options[option] }} +{% endfor %} +{% endif %} +{% endfor %} \ No newline at end of file diff --git a/templates/sources.list.j2 b/templates/sources.list.j2 deleted file mode 100644 index c8ca4dd..0000000 --- a/templates/sources.list.j2 +++ /dev/null @@ -1,6 +0,0 @@ -# {{ ansible_managed }} - -{% for repository in repositories %} -# {{ repository.comments}} -{{ repository.type }} {% if repository.gpg_key is not none %}[signed-by=/usr/share/keyrings/{{ repository.filename }}-archive-keyring.asc] {% endif %}{{ repository.uri }} {{ repository.suites }} {{ repository.components }} -{% endfor %} \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index 4b126a0..e802bd9 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,6 @@ --- # vars file for manage_repositories -manage_repositories_default_repo_location: /etc/apt/sources.list +manage_repositories_sources_list_location: /etc/apt/sources.list +manage_repositories_default_repo_location: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" +manage_repositories_mirrors_location: /etc/apt/mirrors +manage_repositories_sources_list_message: "# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources\\n" diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml index 10f2c7d..b8009dd 100644 --- a/vars/ubuntu.yml +++ b/vars/ubuntu.yml @@ -1,31 +1,47 @@ --- # vars file for manage_repositories +# manage_repositories_default_repo: +# # ubuntu main repository +# - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" +# gpg_key: +# comments: "ubuntu main repository" +# type: "deb" +# suites: "{{ ansible_distribution_release }}" +# components: "main restricted universe multiverse" +# # ubuntu updates repository +# - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" +# gpg_key: +# comments: "ubuntu updates repository" +# type: "deb" +# suites: "{{ ansible_distribution_release }}-updates" +# components: "main restricted universe multiverse" +# # ubuntu security repository +# - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" +# gpg_key: +# comments: "ubuntu security repository" +# type: "deb" +# suites: "{{ ansible_distribution_release }}-security" +# components: "main restricted universe multiverse" +# # ubuntu backports repository +# - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" +# gpg_key: +# comments: "ubuntu backports repository" +# type: "deb" +# suites: "{{ ansible_distribution_release }}-backports" +# components: "main restricted universe multiverse" manage_repositories_default_repo: - # ubuntu main repository - - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" - gpg_key: + - name: ubuntu + uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" comments: "ubuntu main repository" - type: "deb" - suites: "{{ ansible_distribution_release }}" - components: "main restricted universe multiverse" - # ubuntu updates repository - - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" - gpg_key: - comments: "ubuntu updates repository" - type: "deb" - suites: "{{ ansible_distribution_release }}-updates" - components: "main restricted universe multiverse" - # ubuntu security repository - - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" - gpg_key: - comments: "ubuntu security repository" - type: "deb" - suites: "{{ ansible_distribution_release }}-security" - components: "main restricted universe multiverse" - # ubuntu backports repository - - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" - gpg_key: - comments: "ubuntu backports repository" - type: "deb" - suites: "{{ ansible_distribution_release }}-backports" - components: "main restricted universe multiverse" + types: + - deb + suites: + - "{{ ansible_distribution_release }}" + - "{{ ansible_distribution_release }}-security" + - "{{ ansible_distribution_release }}-updates" + - "{{ ansible_distribution_release }}-backports" + components: + - main + - restricted + - universe + - multiverse From a05133ec81f0e25f734eac5ad142a7186de99afa Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Wed, 13 Sep 2023 00:09:18 +0200 Subject: [PATCH 2/5] added debian values, still needs debugging --- tasks/debian.yml | 41 +++++++++++++++++++++++++++++++++++++++-- tasks/ubuntu.yml | 2 +- vars/debian.yml | 46 +++++++++++++++++++--------------------------- vars/ubuntu.yml | 29 ----------------------------- 4 files changed, 59 insertions(+), 59 deletions(-) diff --git a/tasks/debian.yml b/tasks/debian.yml index 858d672..36e6f3f 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -1,10 +1,47 @@ --- # task/debian file for manage_repositories -- name: "Configure ubuntu main repositories into sources.list" +- name: "Emtpy /etc/apt/sources.list" + block: + - name: Read the current content of the file + ansible.builtin.slurp: + src: "{{ manage_repositories_sources_list_location }}" + register: sources_list_current_content + ignore_errors: true + + - name: "Convert sources.list current content to string" + ansible.builtin.set_fact: + sources_list_current_content_str: "{{ (sources_list_current_content.content | b64decode) | default('') }}" + + - name: "Define sources.list new content" + ansible.builtin.set_fact: + sources_list_new_content: "{{ manage_repositories_sources_list_message }}" + + - name: "Replace content of /etc/apt/sources.list" + ansible.builtin.replace: + path: "{{ manage_repositories_sources_list_location }}" + regexp: "{{ sources_list_current_content_str | regex_escape }}" + replace: "{{ sources_list_new_content }}" + when: sources_list_current_content_str != sources_list_new_content + +- name: "Import list files" + block: + - name: "Create mirrors files" + ansible.builtin.file: + path: "{{ manage_repositories_mirrors_location }}" + state: directory + + - name: "Populate mirrors files" + ansible.builtin.copy: + content: | + {{ item.uri }} + dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list" + loop: "{{ manage_repositories_default_repo }}" + +- name: "Configure debian main repositories into sources.list" vars: repositories: "{{ manage_repositories_default_repo }}" ansible.builtin.template: - src: "sources.list.j2" + src: "repo.sources.j2" dest: "{{ manage_repositories_default_repo_location }}" mode: '0644' owner: root diff --git a/tasks/ubuntu.yml b/tasks/ubuntu.yml index e722319..38abcc0 100644 --- a/tasks/ubuntu.yml +++ b/tasks/ubuntu.yml @@ -33,7 +33,7 @@ - name: "Populate mirrors files" ansible.builtin.copy: content: | - "{{ item.uri }}" + {{ item.uri }} dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list" loop: "{{ manage_repositories_default_repo }}" diff --git a/vars/debian.yml b/vars/debian.yml index 73b7639..aa099c6 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -1,31 +1,23 @@ --- # vars file for manage_repositories manage_repositories_default_repo: - # debian main repository - - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" - gpg_key: + - name: debian + uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" comments: "debian main repository" - type: "deb" - suites: "{{ ansible_distribution_release }}" - components: "main contrib" - # debian updates repository - - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" - gpg_key: - comments: "debian updates repository" - type: "deb" - suites: "{{ ansible_distribution_release }}-updates" - components: "main contrib" - # debian security repository - - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}-security" - gpg_key: - comments: "debian security repository" - type: "deb" - suites: "{{ ansible_distribution_release }}-security" - components: "main contrib" - # debian backports repository - - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" - gpg_key: - comments: "debian backports repository" - type: "deb" - suites: "{{ ansible_distribution_release }}-backports" - components: "main" + types: + - deb + suites: + - "{{ ansible_distribution_release }}" + - "{{ ansible_distribution_release }}-updates" + - "{{ ansible_distribution_release }}-backports" + components: + - main + - name: debian-security + uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}-security" + comments: "debian main repository" + types: + - deb + suites: + - "{{ ansible_distribution_release }}-security" + components: + - main diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml index b8009dd..8bb0bf8 100644 --- a/vars/ubuntu.yml +++ b/vars/ubuntu.yml @@ -1,34 +1,5 @@ --- # vars file for manage_repositories -# manage_repositories_default_repo: -# # ubuntu main repository -# - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" -# gpg_key: -# comments: "ubuntu main repository" -# type: "deb" -# suites: "{{ ansible_distribution_release }}" -# components: "main restricted universe multiverse" -# # ubuntu updates repository -# - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" -# gpg_key: -# comments: "ubuntu updates repository" -# type: "deb" -# suites: "{{ ansible_distribution_release }}-updates" -# components: "main restricted universe multiverse" -# # ubuntu security repository -# - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" -# gpg_key: -# comments: "ubuntu security repository" -# type: "deb" -# suites: "{{ ansible_distribution_release }}-security" -# components: "main restricted universe multiverse" -# # ubuntu backports repository -# - uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" -# gpg_key: -# comments: "ubuntu backports repository" -# type: "deb" -# suites: "{{ ansible_distribution_release }}-backports" -# components: "main restricted universe multiverse" manage_repositories_default_repo: - name: ubuntu uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}" From 880451bcd5f39287aaaf8635294c843afa618d0f Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Wed, 13 Sep 2023 21:54:24 +0200 Subject: [PATCH 3/5] fixed custom repositories, fixed tests --- molecule/default/requirements.yml | 3 +- molecule/default/verify.yml | 56 ++++++++++--- molecule/with_custom_repo/group_vars/all.yml | 34 ++++---- molecule/with_custom_repo/requirements.yml | 3 +- molecule/with_custom_repo/verify.yml | 82 ++++++++++++++++---- tasks/custom_repositories.yml | 24 +++--- tasks/main.yml | 5 +- tasks/{debian.yml => main_repositories.yml} | 44 +++++------ tasks/prerequisites.yml | 7 ++ tasks/ubuntu.yml | 50 ------------ templates/repo.sources.j2 | 15 ++-- vars/main.yml | 8 +- 12 files changed, 199 insertions(+), 132 deletions(-) rename tasks/{debian.yml => main_repositories.yml} (55%) create mode 100644 tasks/prerequisites.yml delete mode 100644 tasks/ubuntu.yml diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml index e9320f9..ca250b7 100644 --- a/molecule/default/requirements.yml +++ b/molecule/default/requirements.yml @@ -1,3 +1,4 @@ --- # requirements file for molecule -roles: [] +roles: + - name: ednxzu.manage_apt_packages diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 0433fa6..28ce980 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -40,19 +40,53 @@ - stat_etc_apt_sources_list.stat.mode == '0644' - name: "Verify file /etc/apt/sources.list" + vars: + expected_source_list_content: | + # See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources ansible.builtin.assert: that: - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - when: (ansible_distribution|lower) == 'ubuntu' + - "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content" - - name: "Verify file /etc/apt/sources.list" + - name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + block: + - name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + ansible.builtin.stat: + path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" + register: stat_etc_apt_sources_list_d + + - name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + ansible.builtin.slurp: + src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" + register: slurp_etc_apt_sources_list_d + + - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" ansible.builtin.assert: that: - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)" - when: (ansible_distribution|lower) == 'debian' + - stat_etc_apt_sources_list_d.stat.exists + - stat_etc_apt_sources_list_d.stat.isreg + - stat_etc_apt_sources_list_d.stat.pw_name == 'root' + - stat_etc_apt_sources_list_d.stat.gr_name == 'root' + - stat_etc_apt_sources_list_d.stat.mode == '0644' + + - name: test + debug: + msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}" + + - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + vars: + expected_source_list_content: + ubuntu: | + X-Repolib-Name: ubuntu + Types: deb + URIs: http://fr.archive.ubuntu.com/ubuntu + Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports + Components: main restricted universe multiverse + debian: | + X-Repolib-Name: debian + Types: deb + URIs: http://deb.debian.org/debian + Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports + Components: main + ansible.builtin.assert: + that: + - "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]" diff --git a/molecule/with_custom_repo/group_vars/all.yml b/molecule/with_custom_repo/group_vars/all.yml index b2c1c21..8137599 100644 --- a/molecule/with_custom_repo/group_vars/all.yml +++ b/molecule/with_custom_repo/group_vars/all.yml @@ -2,17 +2,25 @@ manage_repositories_enable_default_repo: true manage_repositories_enable_custom_repo: true manage_repositories_custom_repo: - - uri: "https://apt.releases.hashicorp.com" - gpg_key: "https://apt.releases.hashicorp.com/gpg" - comments: "hashicorp repository" - type: "deb" - suites: "{{ ansible_distribution_release }}" - components: "main" - filename: "hashicorp" - - uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}" - gpg_key: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg" + - name: docker + uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}" comments: "{{ ansible_distribution|lower }} docker repository" - type: "deb" - suites: "{{ ansible_distribution_release }}" - components: "stable" - filename: "docker" + types: + - deb + suites: + - "{{ ansible_distribution_release }}" + components: + - stable + options: + Signed-By: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg" + - name: hashicorp + uri: "https://apt.releases.hashicorp.com" + comments: "hashicorp repository" + types: + - deb + suites: + - "{{ ansible_distribution_release }}" + components: + - main + options: + Signed-By: "https://apt.releases.hashicorp.com/gpg" diff --git a/molecule/with_custom_repo/requirements.yml b/molecule/with_custom_repo/requirements.yml index e9320f9..ca250b7 100644 --- a/molecule/with_custom_repo/requirements.yml +++ b/molecule/with_custom_repo/requirements.yml @@ -1,3 +1,4 @@ --- # requirements file for molecule -roles: [] +roles: + - name: ednxzu.manage_apt_packages diff --git a/molecule/with_custom_repo/verify.yml b/molecule/with_custom_repo/verify.yml index 947aa4e..0a29147 100644 --- a/molecule/with_custom_repo/verify.yml +++ b/molecule/with_custom_repo/verify.yml @@ -40,22 +40,56 @@ - stat_etc_apt_sources_list.stat.mode == '0644' - name: "Verify file /etc/apt/sources.list" + vars: + expected_source_list_content: | + # See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources ansible.builtin.assert: that: - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - when: (ansible_distribution|lower) == 'ubuntu' + - "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content" - - name: "Verify file /etc/apt/sources.list" + - name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + block: + - name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + ansible.builtin.stat: + path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" + register: stat_etc_apt_sources_list_d + + - name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + ansible.builtin.slurp: + src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" + register: slurp_etc_apt_sources_list_d + + - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" ansible.builtin.assert: that: - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)" - when: (ansible_distribution|lower) == 'debian' + - stat_etc_apt_sources_list_d.stat.exists + - stat_etc_apt_sources_list_d.stat.isreg + - stat_etc_apt_sources_list_d.stat.pw_name == 'root' + - stat_etc_apt_sources_list_d.stat.gr_name == 'root' + - stat_etc_apt_sources_list_d.stat.mode == '0644' + + - name: test + debug: + msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}" + + - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + vars: + expected_source_list_content: + ubuntu: | + X-Repolib-Name: ubuntu + Types: deb + URIs: http://fr.archive.ubuntu.com/ubuntu + Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports + Components: main restricted universe multiverse + debian: | + X-Repolib-Name: debian + Types: deb + URIs: http://deb.debian.org/debian + Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports + Components: main + ansible.builtin.assert: + that: + - "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]" - name: "Test: directory /etc/apt/sources.list.d" block: @@ -78,23 +112,45 @@ register: slurp_etc_apt_sources_list_d - name: "Verify file /etc/apt/sources.list.d/docker.list" + vars: + expected_source_list_docker_content: | + # Ansible managed: Do NOT edit this file manually! + + # {{ ansible_distribution|lower }} docker repository + X-Repolib-Name: docker + Types: deb + URIs: https://download.docker.com/linux/{{ ansible_distribution|lower }} + Suites: {{ ansible_distribution_release }} + Components: stable + Signed-By: /usr/share/keyrings/docker-archive-keyring.asc ansible.builtin.assert: that: - item.item.isreg - item.item.pw_name == 'root' - item.item.gr_name == 'root' - item.item.mode == '0644' - - "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/docker-archive-keyring.asc] https://download.docker.com/linux/' + (ansible_distribution|lower) + ' ' + ansible_distribution_release + ' stable\\n')" + - "(item.content|b64decode) == expected_source_list_docker_content" loop: "{{ slurp_etc_apt_sources_list_d.results }}" when: (item.item.path | basename | splitext | first) == 'docker' - name: "Verify file /etc/apt/sources.list.d/hashicorp.list" + vars: + expected_source_list_hashicorp_content: | + # Ansible managed: Do NOT edit this file manually! + + # hashicorp repository + X-Repolib-Name: hashicorp + Types: deb + URIs: https://apt.releases.hashicorp.com + Suites: {{ ansible_distribution_release }} + Components: main + Signed-By: /usr/share/keyrings/hashicorp-archive-keyring.asc ansible.builtin.assert: that: - item.item.isreg - item.item.pw_name == 'root' - item.item.gr_name == 'root' - item.item.mode == '0644' - - "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.asc] https://apt.releases.hashicorp.com ' + ansible_distribution_release + ' main\\n')" + - "(item.content|b64decode) == expected_source_list_hashicorp_content" loop: "{{ slurp_etc_apt_sources_list_d.results }}" when: (item.item.path | basename | splitext | first) == 'hashicorp' diff --git a/tasks/custom_repositories.yml b/tasks/custom_repositories.yml index 5edd07f..2d4995a 100644 --- a/tasks/custom_repositories.yml +++ b/tasks/custom_repositories.yml @@ -2,17 +2,23 @@ # task/custom_repositories file for manage_repositories - name: "Download gpg key for custom repositories" ansible.builtin.get_url: - url: "{{ item.gpg_key }}" - dest: "/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc" + url: "{{ item.options['Signed-By'] }}" + dest: "{{ manage_repositories_signing_keys_location }}/{{ item.name }}-archive-keyring.asc" mode: '0644' loop: "{{ manage_repositories_custom_repo }}" - when: item.gpg_key not in [None, ''] + when: item.options is defined + and item.options['Signed-By'] is defined + and item.options['Signed-By'] not in [None, ''] -- name: "Add custom repository into source.list.d/.list" +- name: "Configure custom repositories" vars: - signed_by: "{% if item.gpg_key not in [None, ''] %}[signed-by=/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc]{% endif %}" - ansible.builtin.apt_repository: - repo: "{{ item.type }} {% if signed_by != '' %}{{ signed_by }} {% endif %}{{ item.uri }} {{ item.suites }} {{ item.components }}" - state: "present" - filename: "{{ item.filename }}" + repository: "{{ item }}" + ansible.builtin.template: + src: "repo.sources.j2" + dest: "{{ manage_repositories_repo_location }}/{{ item.name }}.sources" + mode: '0644' + owner: root + group: root loop: "{{ manage_repositories_custom_repo }}" + notify: + - "debian-based-cache-update" diff --git a/tasks/main.yml b/tasks/main.yml index 56daaa7..97f1620 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -4,8 +4,11 @@ ansible.builtin.include_vars: file: "{{ ansible_distribution|lower }}.yml" +- name: "Import prerequisites.yml" + ansible.builtin.include_tasks: prerequisites.yml + - name: "Import main {{ ansible_distribution|lower }} repositories" - ansible.builtin.include_tasks: "{{ ansible_distribution|lower }}.yml" + ansible.builtin.include_tasks: "main_repositories.yml" when: manage_repositories_enable_default_repo - name: "Import custom_repositories.yml" diff --git a/tasks/debian.yml b/tasks/main_repositories.yml similarity index 55% rename from tasks/debian.yml rename to tasks/main_repositories.yml index 36e6f3f..697c7c3 100644 --- a/tasks/debian.yml +++ b/tasks/main_repositories.yml @@ -2,7 +2,7 @@ # task/debian file for manage_repositories - name: "Emtpy /etc/apt/sources.list" block: - - name: Read the current content of the file + - name: "Read the current content of source.list" ansible.builtin.slurp: src: "{{ manage_repositories_sources_list_location }}" register: sources_list_current_content @@ -10,12 +10,21 @@ - name: "Convert sources.list current content to string" ansible.builtin.set_fact: - sources_list_current_content_str: "{{ (sources_list_current_content.content | b64decode) | default('') }}" + sources_list_current_content_str: "{{ (sources_list_current_content.content | default('')) | b64decode }}" - name: "Define sources.list new content" ansible.builtin.set_fact: sources_list_new_content: "{{ manage_repositories_sources_list_message }}" + - name: "Create file /etc/apt/sources.list" + ansible.builtin.file: + path: "{{ manage_repositories_sources_list_location }}" + state: touch + owner: root + group: root + mode: '0644' + when: sources_list_current_content_str == '' + - name: "Replace content of /etc/apt/sources.list" ansible.builtin.replace: path: "{{ manage_repositories_sources_list_location }}" @@ -23,28 +32,13 @@ replace: "{{ sources_list_new_content }}" when: sources_list_current_content_str != sources_list_new_content -- name: "Import list files" - block: - - name: "Create mirrors files" - ansible.builtin.file: - path: "{{ manage_repositories_mirrors_location }}" - state: directory - - - name: "Populate mirrors files" - ansible.builtin.copy: - content: | - {{ item.uri }} - dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list" - loop: "{{ manage_repositories_default_repo }}" - -- name: "Configure debian main repositories into sources.list" - vars: - repositories: "{{ manage_repositories_default_repo }}" - ansible.builtin.template: - src: "repo.sources.j2" - dest: "{{ manage_repositories_default_repo_location }}" - mode: '0644' - owner: root - group: root +- name: "Configure {{ ansible_distribution|lower }} main repositories into sources.list" + ansible.builtin.deb822_repository: + name: "{{ item.name }}" + types: "{{item.types}}" + uris: "{{ item.uri }}" + suites: "{{ item.suites | join(' ') }}" + components: "{{ item.components }}" + loop: "{{ manage_repositories_default_repo }}" notify: - "debian-based-cache-update" diff --git a/tasks/prerequisites.yml b/tasks/prerequisites.yml new file mode 100644 index 0000000..6e851f1 --- /dev/null +++ b/tasks/prerequisites.yml @@ -0,0 +1,7 @@ +--- +# task/prerequisites file for manage_repositories +- name: "Install python dependencies" + ansible.builtin.include_role: + name: ednxzu.manage_apt_packages + vars: + manage_apt_packages_list: "{{ manage_repositories_required_packages }}" diff --git a/tasks/ubuntu.yml b/tasks/ubuntu.yml deleted file mode 100644 index 38abcc0..0000000 --- a/tasks/ubuntu.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# task/ubuntu file for manage_repositories -- name: "Emtpy /etc/apt/sources.list" - block: - - name: Read the current content of the file - ansible.builtin.slurp: - src: "{{ manage_repositories_sources_list_location }}" - register: sources_list_current_content - ignore_errors: true - - - name: "Convert sources.list current content to string" - ansible.builtin.set_fact: - sources_list_current_content_str: "{{ sources_list_current_content.content | b64decode | default('') }}" - - - name: "Define sources.list new content" - ansible.builtin.set_fact: - sources_list_new_content: "{{ manage_repositories_sources_list_message }}" - - - name: "Replace content of /etc/apt/sources.list" - ansible.builtin.replace: - path: "{{ manage_repositories_sources_list_location }}" - regexp: "{{ sources_list_current_content_str | regex_escape }}" - replace: "{{ sources_list_new_content }}" - when: sources_list_current_content_str != sources_list_new_content - -- name: "Import list files" - block: - - name: "Create mirrors files" - ansible.builtin.file: - path: "{{ manage_repositories_mirrors_location }}" - state: directory - - - name: "Populate mirrors files" - ansible.builtin.copy: - content: | - {{ item.uri }} - dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list" - loop: "{{ manage_repositories_default_repo }}" - -- name: "Configure ubuntu main repositories into sources.list" - vars: - repositories: "{{ manage_repositories_default_repo }}" - ansible.builtin.template: - src: "repo.sources.j2" - dest: "{{ manage_repositories_default_repo_location }}" - mode: '0644' - owner: root - group: root - notify: - - "debian-based-cache-update" diff --git a/templates/repo.sources.j2 b/templates/repo.sources.j2 index 02c795d..79dae38 100644 --- a/templates/repo.sources.j2 +++ b/templates/repo.sources.j2 @@ -1,14 +1,17 @@ # {{ ansible_managed }} -{% for repository in repositories %} # {{ repository.comments}} -types: {{ repository.types | join(' ') }} -uris: mirror+file://{{ manage_repositories_mirrors_location }}/{{ repository.name }}.list -suites: {{ repository.suites | join(' ') }} -components: {{ repository.components | join(' ') }} +X-Repolib-Name: {{ repository.name }} +Types: {{ repository.types | join(' ') }} +URIs: {{ repository.uri }} +Suites: {{ repository.suites | join(' ') }} +Components: {{ repository.components | join(' ') }} {% if (repository.options is defined) and repository.options %} {% for option in repository.options %} +{% if option == "Signed-By" %} +{{ option }}: {{ manage_repositories_signing_keys_location + "/" + item.name + "-archive-keyring.asc" }} +{% else %} {{ option }}: {{ repository.options[option] }} +{% endif %} {% endfor %} {% endif %} -{% endfor %} \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index e802bd9..d6c9648 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,6 +1,10 @@ --- # vars file for manage_repositories manage_repositories_sources_list_location: /etc/apt/sources.list -manage_repositories_default_repo_location: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" -manage_repositories_mirrors_location: /etc/apt/mirrors +manage_repositories_repo_location: /etc/apt/sources.list.d +manage_repositories_signing_keys_location: /usr/share/keyrings manage_repositories_sources_list_message: "# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources\\n" +manage_repositories_required_packages: + - name: python3-debian + version: latest + state: present From b83a5e98165ea85e5867824d973e84bf43868fc9 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Wed, 13 Sep 2023 21:57:41 +0200 Subject: [PATCH 4/5] fix linting --- molecule/with_custom_repo/verify.yml | 4 ---- tasks/main.yml | 2 +- tasks/main_repositories.yml | 2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/molecule/with_custom_repo/verify.yml b/molecule/with_custom_repo/verify.yml index 0a29147..8418cb9 100644 --- a/molecule/with_custom_repo/verify.yml +++ b/molecule/with_custom_repo/verify.yml @@ -68,10 +68,6 @@ - stat_etc_apt_sources_list_d.stat.gr_name == 'root' - stat_etc_apt_sources_list_d.stat.mode == '0644' - - name: test - debug: - msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}" - - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" vars: expected_source_list_content: diff --git a/tasks/main.yml b/tasks/main.yml index 97f1620..a21273d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -7,7 +7,7 @@ - name: "Import prerequisites.yml" ansible.builtin.include_tasks: prerequisites.yml -- name: "Import main {{ ansible_distribution|lower }} repositories" +- name: "Import main repositories for {{ ansible_distribution|lower }}" ansible.builtin.include_tasks: "main_repositories.yml" when: manage_repositories_enable_default_repo diff --git a/tasks/main_repositories.yml b/tasks/main_repositories.yml index 697c7c3..57f9bf6 100644 --- a/tasks/main_repositories.yml +++ b/tasks/main_repositories.yml @@ -32,7 +32,7 @@ replace: "{{ sources_list_new_content }}" when: sources_list_current_content_str != sources_list_new_content -- name: "Configure {{ ansible_distribution|lower }} main repositories into sources.list" +- name: "Configure main repositories into sources.list.d for {{ ansible_distribution|lower }} " ansible.builtin.deb822_repository: name: "{{ item.name }}" types: "{{item.types}}" From 47ae41fd32448457d826bea4ed5946ee9a3a6ae2 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Wed, 13 Sep 2023 22:00:51 +0200 Subject: [PATCH 5/5] fix linting --- molecule/default/verify.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 28ce980..03f484f 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -68,10 +68,6 @@ - stat_etc_apt_sources_list_d.stat.gr_name == 'root' - stat_etc_apt_sources_list_d.stat.mode == '0644' - - name: test - debug: - msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}" - - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" vars: expected_source_list_content: