fixed custom repositories, fixed tests

2023-09-13 21:54:24 +02:00 · 2023-09-13 21:54:24 +02:00 · 880451bcd5
commit 880451bcd5
parent a05133ec81
12 changed files with 199 additions and 132 deletions
--- a/molecule/default/requirements.yml
+++ b/molecule/default/requirements.yml
@ -1,3 +1,4 @@
 ---
 # requirements file for molecule
-roles: []
+roles:
+  - name: ednxzu.manage_apt_packages
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@ -40,19 +40,53 @@
              - stat_etc_apt_sources_list.stat.mode == '0644'

        - name: "Verify file /etc/apt/sources.list"
+          vars:
+            expected_source_list_content: |
+              # See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources
          ansible.builtin.assert:
            that:
-              - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
-          when: (ansible_distribution|lower) == 'ubuntu'
+              - "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content"

-        - name: "Verify file /etc/apt/sources.list"
+    - name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
+      block:
+        - name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
+          ansible.builtin.stat:
+            path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
+          register: stat_etc_apt_sources_list_d
+
+        - name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
+          ansible.builtin.slurp:
+            src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
+          register: slurp_etc_apt_sources_list_d
+
+        - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
          ansible.builtin.assert:
            that:
-              - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)"
-          when: (ansible_distribution|lower) == 'debian'
+              - stat_etc_apt_sources_list_d.stat.exists
+              - stat_etc_apt_sources_list_d.stat.isreg
+              - stat_etc_apt_sources_list_d.stat.pw_name == 'root'
+              - stat_etc_apt_sources_list_d.stat.gr_name == 'root'
+              - stat_etc_apt_sources_list_d.stat.mode == '0644'
+
+        - name: test
+          debug:
+            msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}"
+
+        - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
+          vars:
+            expected_source_list_content:
+              ubuntu: |
+                X-Repolib-Name: ubuntu
+                Types: deb
+                URIs: http://fr.archive.ubuntu.com/ubuntu
+                Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
+                Components: main restricted universe multiverse
+              debian: |
+                X-Repolib-Name: debian
+                Types: deb
+                URIs: http://deb.debian.org/debian
+                Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
+                Components: main
+          ansible.builtin.assert:
+            that:
+              - "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]"
--- a/molecule/with_custom_repo/group_vars/all.yml
+++ b/molecule/with_custom_repo/group_vars/all.yml
@ -2,17 +2,25 @@
 manage_repositories_enable_default_repo: true
 manage_repositories_enable_custom_repo: true
 manage_repositories_custom_repo:
-  - uri: "https://apt.releases.hashicorp.com"
-    gpg_key: "https://apt.releases.hashicorp.com/gpg"
-    comments: "hashicorp repository"
-    type: "deb"
-    suites: "{{ ansible_distribution_release }}"
-    components: "main"
-    filename: "hashicorp"
-  - uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
-    gpg_key: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg"
+  - name: docker
+    uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
    comments: "{{ ansible_distribution|lower }} docker repository"
-    type: "deb"
-    suites: "{{ ansible_distribution_release }}"
-    components: "stable"
-    filename: "docker"
+    types:
+      - deb
+    suites:
+      - "{{ ansible_distribution_release }}"
+    components:
+      - stable
+    options:
+      Signed-By: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg"
+  - name: hashicorp
+    uri: "https://apt.releases.hashicorp.com"
+    comments: "hashicorp repository"
+    types:
+      - deb
+    suites:
+      - "{{ ansible_distribution_release }}"
+    components:
+      - main
+    options:
+      Signed-By: "https://apt.releases.hashicorp.com/gpg"
--- a/molecule/with_custom_repo/requirements.yml
+++ b/molecule/with_custom_repo/requirements.yml
@ -1,3 +1,4 @@
 ---
 # requirements file for molecule
-roles: []
+roles:
+  - name: ednxzu.manage_apt_packages
--- a/molecule/with_custom_repo/verify.yml
+++ b/molecule/with_custom_repo/verify.yml
@ -40,22 +40,56 @@
              - stat_etc_apt_sources_list.stat.mode == '0644'

        - name: "Verify file /etc/apt/sources.list"
+          vars:
+            expected_source_list_content: |
+              # See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources
          ansible.builtin.assert:
            that:
-              - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
-          when: (ansible_distribution|lower) == 'ubuntu'
+              - "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content"

-        - name: "Verify file /etc/apt/sources.list"
+    - name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
+      block:
+        - name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
+          ansible.builtin.stat:
+            path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
+          register: stat_etc_apt_sources_list_d
+
+        - name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
+          ansible.builtin.slurp:
+            src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
+          register: slurp_etc_apt_sources_list_d
+
+        - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
          ansible.builtin.assert:
            that:
-              - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
-              - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)"
-          when: (ansible_distribution|lower) == 'debian'
+              - stat_etc_apt_sources_list_d.stat.exists
+              - stat_etc_apt_sources_list_d.stat.isreg
+              - stat_etc_apt_sources_list_d.stat.pw_name == 'root'
+              - stat_etc_apt_sources_list_d.stat.gr_name == 'root'
+              - stat_etc_apt_sources_list_d.stat.mode == '0644'
+
+        - name: test
+          debug:
+            msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}"
+
+        - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
+          vars:
+            expected_source_list_content:
+              ubuntu: |
+                X-Repolib-Name: ubuntu
+                Types: deb
+                URIs: http://fr.archive.ubuntu.com/ubuntu
+                Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
+                Components: main restricted universe multiverse
+              debian: |
+                X-Repolib-Name: debian
+                Types: deb
+                URIs: http://deb.debian.org/debian
+                Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
+                Components: main
+          ansible.builtin.assert:
+            that:
+              - "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]"

    - name: "Test: directory /etc/apt/sources.list.d"
      block:
@ -78,23 +112,45 @@
          register: slurp_etc_apt_sources_list_d

        - name: "Verify file /etc/apt/sources.list.d/docker.list"
+          vars:
+            expected_source_list_docker_content: |
+              # Ansible managed: Do NOT edit this file manually!
+
+              # {{ ansible_distribution|lower }} docker repository
+              X-Repolib-Name: docker
+              Types: deb
+              URIs: https://download.docker.com/linux/{{ ansible_distribution|lower }}
+              Suites: {{ ansible_distribution_release }}
+              Components: stable
+              Signed-By: /usr/share/keyrings/docker-archive-keyring.asc
          ansible.builtin.assert:
            that:
              - item.item.isreg
              - item.item.pw_name == 'root'
              - item.item.gr_name == 'root'
              - item.item.mode == '0644'
-              - "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/docker-archive-keyring.asc] https://download.docker.com/linux/' + (ansible_distribution|lower) + ' ' + ansible_distribution_release + ' stable\\n')"
+              - "(item.content|b64decode) == expected_source_list_docker_content"
          loop: "{{ slurp_etc_apt_sources_list_d.results }}"
          when: (item.item.path | basename | splitext | first) == 'docker'

        - name: "Verify file /etc/apt/sources.list.d/hashicorp.list"
+          vars:
+            expected_source_list_hashicorp_content: |
+              # Ansible managed: Do NOT edit this file manually!
+
+              # hashicorp repository
+              X-Repolib-Name: hashicorp
+              Types: deb
+              URIs: https://apt.releases.hashicorp.com
+              Suites: {{ ansible_distribution_release }}
+              Components: main
+              Signed-By: /usr/share/keyrings/hashicorp-archive-keyring.asc
          ansible.builtin.assert:
            that:
              - item.item.isreg
              - item.item.pw_name == 'root'
              - item.item.gr_name == 'root'
              - item.item.mode == '0644'
-              - "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.asc] https://apt.releases.hashicorp.com ' + ansible_distribution_release + ' main\\n')"
+              - "(item.content|b64decode) == expected_source_list_hashicorp_content"
          loop: "{{ slurp_etc_apt_sources_list_d.results }}"
          when: (item.item.path | basename | splitext | first) == 'hashicorp'
--- a/tasks/custom_repositories.yml
+++ b/tasks/custom_repositories.yml
@ -2,17 +2,23 @@
 # task/custom_repositories file for manage_repositories
 - name: "Download gpg key for custom repositories"
  ansible.builtin.get_url:
-    url: "{{ item.gpg_key }}"
-    dest: "/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc"
+    url: "{{ item.options['Signed-By'] }}"
+    dest: "{{ manage_repositories_signing_keys_location }}/{{ item.name }}-archive-keyring.asc"
    mode: '0644'
  loop: "{{ manage_repositories_custom_repo }}"
-  when: item.gpg_key not in [None, '']
+  when: item.options is defined
+    and item.options['Signed-By'] is defined
+    and item.options['Signed-By'] not in [None, '']

- name: "Add custom repository into source.list.d/.list"
+- name: "Configure custom repositories"
  vars:
-    signed_by: "{% if item.gpg_key not in [None, ''] %}[signed-by=/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc]{% endif %}"
-  ansible.builtin.apt_repository:
-    repo: "{{ item.type }} {% if signed_by != '' %}{{ signed_by }} {% endif %}{{ item.uri }} {{ item.suites }} {{ item.components }}"
-    state: "present"
-    filename: "{{ item.filename }}"
+    repository: "{{ item }}"
+  ansible.builtin.template:
+    src: "repo.sources.j2"
+    dest: "{{ manage_repositories_repo_location }}/{{ item.name }}.sources"
+    mode: '0644'
+    owner: root
+    group: root
  loop: "{{ manage_repositories_custom_repo }}"
+  notify:
+    - "debian-based-cache-update"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -4,8 +4,11 @@
  ansible.builtin.include_vars:
    file: "{{ ansible_distribution|lower }}.yml"

+- name: "Import prerequisites.yml"
+  ansible.builtin.include_tasks: prerequisites.yml
+
 - name: "Import main {{ ansible_distribution|lower }} repositories"
-  ansible.builtin.include_tasks: "{{ ansible_distribution|lower }}.yml"
+  ansible.builtin.include_tasks: "main_repositories.yml"
  when: manage_repositories_enable_default_repo

 - name: "Import custom_repositories.yml"
--- a/tasks/main_repositories.yml
+++ b/tasks/main_repositories.yml
@ -2,7 +2,7 @@
 # task/debian file for manage_repositories
 - name: "Emtpy /etc/apt/sources.list"
  block:
-    - name: Read the current content of the file
+    - name: "Read the current content of source.list"
      ansible.builtin.slurp:
        src: "{{ manage_repositories_sources_list_location }}"
      register: sources_list_current_content
@ -10,12 +10,21 @@

    - name: "Convert sources.list current content to string"
      ansible.builtin.set_fact:
-        sources_list_current_content_str: "{{ (sources_list_current_content.content | b64decode) | default('') }}"
+        sources_list_current_content_str: "{{ (sources_list_current_content.content | default('')) | b64decode }}"

    - name: "Define sources.list new content"
      ansible.builtin.set_fact:
        sources_list_new_content: "{{ manage_repositories_sources_list_message }}"

+    - name: "Create file /etc/apt/sources.list"
+      ansible.builtin.file:
+        path: "{{ manage_repositories_sources_list_location }}"
+        state: touch
+        owner: root
+        group: root
+        mode: '0644'
+      when: sources_list_current_content_str == ''
+
    - name: "Replace content of /etc/apt/sources.list"
      ansible.builtin.replace:
        path: "{{ manage_repositories_sources_list_location }}"
@ -23,28 +32,13 @@
        replace: "{{ sources_list_new_content }}"
      when: sources_list_current_content_str != sources_list_new_content

- name: "Import list files"
-  block:
-    - name: "Create mirrors files"
-      ansible.builtin.file:
-        path: "{{ manage_repositories_mirrors_location }}"
-        state: directory
-
-    - name: "Populate mirrors files"
-      ansible.builtin.copy:
-        content: |
-          {{ item.uri }}
-        dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list"
-      loop: "{{ manage_repositories_default_repo }}"
-
- name: "Configure debian main repositories into sources.list"
-  vars:
-    repositories: "{{ manage_repositories_default_repo }}"
-  ansible.builtin.template:
-    src: "repo.sources.j2"
-    dest: "{{ manage_repositories_default_repo_location }}"
-    mode: '0644'
-    owner: root
-    group: root
+- name: "Configure {{ ansible_distribution|lower }} main repositories into sources.list"
+  ansible.builtin.deb822_repository:
+    name: "{{ item.name }}"
+    types: "{{item.types}}"
+    uris: "{{ item.uri }}"
+    suites: "{{ item.suites | join(' ') }}"
+    components: "{{ item.components }}"
+  loop: "{{ manage_repositories_default_repo }}"
  notify:
    - "debian-based-cache-update"
--- a/tasks/prerequisites.yml
+++ b/tasks/prerequisites.yml
@ -0,0 +1,7 @@
+---
+# task/prerequisites file for manage_repositories
+- name: "Install python dependencies"
+  ansible.builtin.include_role:
+    name: ednxzu.manage_apt_packages
+  vars:
+    manage_apt_packages_list: "{{ manage_repositories_required_packages }}"
--- a/tasks/ubuntu.yml
+++ b/tasks/ubuntu.yml
@ -1,50 +0,0 @@
---
-# task/ubuntu file for manage_repositories
- name: "Emtpy /etc/apt/sources.list"
-  block:
-    - name: Read the current content of the file
-      ansible.builtin.slurp:
-        src: "{{ manage_repositories_sources_list_location }}"
-      register: sources_list_current_content
-      ignore_errors: true
-
-    - name: "Convert sources.list current content to string"
-      ansible.builtin.set_fact:
-        sources_list_current_content_str: "{{ sources_list_current_content.content | b64decode | default('') }}"
-
-    - name: "Define sources.list new content"
-      ansible.builtin.set_fact:
-        sources_list_new_content: "{{ manage_repositories_sources_list_message }}"
-
-    - name: "Replace content of /etc/apt/sources.list"
-      ansible.builtin.replace:
-        path: "{{ manage_repositories_sources_list_location }}"
-        regexp: "{{ sources_list_current_content_str | regex_escape }}"
-        replace: "{{ sources_list_new_content }}"
-      when: sources_list_current_content_str != sources_list_new_content
-
- name: "Import list files"
-  block:
-    - name: "Create mirrors files"
-      ansible.builtin.file:
-        path: "{{ manage_repositories_mirrors_location }}"
-        state: directory
-
-    - name: "Populate mirrors files"
-      ansible.builtin.copy:
-        content: |
-          {{ item.uri }}
-        dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list"
-      loop: "{{ manage_repositories_default_repo }}"
-
- name: "Configure ubuntu main repositories into sources.list"
-  vars:
-    repositories: "{{ manage_repositories_default_repo }}"
-  ansible.builtin.template:
-    src: "repo.sources.j2"
-    dest: "{{ manage_repositories_default_repo_location }}"
-    mode: '0644'
-    owner: root
-    group: root
-  notify:
-    - "debian-based-cache-update"
--- a/templates/repo.sources.j2
+++ b/templates/repo.sources.j2
@ -1,14 +1,17 @@
 # {{ ansible_managed }}

-{% for repository in repositories %}
 # {{ repository.comments}}
-types: {{ repository.types | join(' ') }}
-uris: mirror+file://{{ manage_repositories_mirrors_location }}/{{ repository.name }}.list
-suites: {{ repository.suites | join(' ') }}
-components: {{ repository.components | join(' ') }}
+X-Repolib-Name: {{ repository.name }}
+Types: {{ repository.types | join(' ') }}
+URIs: {{ repository.uri }}
+Suites: {{ repository.suites | join(' ') }}
+Components: {{ repository.components | join(' ') }}
 {% if (repository.options is defined) and repository.options %}
 {% for option in repository.options %}
+{% if option == "Signed-By" %}
+{{ option }}: {{ manage_repositories_signing_keys_location + "/" + item.name + "-archive-keyring.asc" }}
+{% else %}
 {{ option }}: {{ repository.options[option] }}
+{% endif %}
 {% endfor %}
 {% endif %}
-{% endfor %}
--- a/vars/main.yml
+++ b/vars/main.yml
@ -1,6 +1,10 @@
 ---
 # vars file for manage_repositories
 manage_repositories_sources_list_location: /etc/apt/sources.list
-manage_repositories_default_repo_location: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
-manage_repositories_mirrors_location: /etc/apt/mirrors
+manage_repositories_repo_location: /etc/apt/sources.list.d
+manage_repositories_signing_keys_location: /usr/share/keyrings
 manage_repositories_sources_list_message: "# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources\\n"
+manage_repositories_required_packages:
+  - name: python3-debian
+    version: latest
+    state: present