diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml index e9320f9..ca250b7 100644 --- a/molecule/default/requirements.yml +++ b/molecule/default/requirements.yml @@ -1,3 +1,4 @@ --- # requirements file for molecule -roles: [] +roles: + - name: ednxzu.manage_apt_packages diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 0433fa6..28ce980 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -40,19 +40,53 @@ - stat_etc_apt_sources_list.stat.mode == '0644' - name: "Verify file /etc/apt/sources.list" + vars: + expected_source_list_content: | + # See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources ansible.builtin.assert: that: - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - when: (ansible_distribution|lower) == 'ubuntu' + - "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content" - - name: "Verify file /etc/apt/sources.list" + - name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + block: + - name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + ansible.builtin.stat: + path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" + register: stat_etc_apt_sources_list_d + + - name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + ansible.builtin.slurp: + src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" + register: slurp_etc_apt_sources_list_d + + - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" ansible.builtin.assert: that: - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)" - when: (ansible_distribution|lower) == 'debian' + - stat_etc_apt_sources_list_d.stat.exists + - stat_etc_apt_sources_list_d.stat.isreg + - stat_etc_apt_sources_list_d.stat.pw_name == 'root' + - stat_etc_apt_sources_list_d.stat.gr_name == 'root' + - stat_etc_apt_sources_list_d.stat.mode == '0644' + + - name: test + debug: + msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}" + + - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + vars: + expected_source_list_content: + ubuntu: | + X-Repolib-Name: ubuntu + Types: deb + URIs: http://fr.archive.ubuntu.com/ubuntu + Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports + Components: main restricted universe multiverse + debian: | + X-Repolib-Name: debian + Types: deb + URIs: http://deb.debian.org/debian + Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports + Components: main + ansible.builtin.assert: + that: + - "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]" diff --git a/molecule/with_custom_repo/group_vars/all.yml b/molecule/with_custom_repo/group_vars/all.yml index b2c1c21..8137599 100644 --- a/molecule/with_custom_repo/group_vars/all.yml +++ b/molecule/with_custom_repo/group_vars/all.yml @@ -2,17 +2,25 @@ manage_repositories_enable_default_repo: true manage_repositories_enable_custom_repo: true manage_repositories_custom_repo: - - uri: "https://apt.releases.hashicorp.com" - gpg_key: "https://apt.releases.hashicorp.com/gpg" - comments: "hashicorp repository" - type: "deb" - suites: "{{ ansible_distribution_release }}" - components: "main" - filename: "hashicorp" - - uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}" - gpg_key: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg" + - name: docker + uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}" comments: "{{ ansible_distribution|lower }} docker repository" - type: "deb" - suites: "{{ ansible_distribution_release }}" - components: "stable" - filename: "docker" + types: + - deb + suites: + - "{{ ansible_distribution_release }}" + components: + - stable + options: + Signed-By: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg" + - name: hashicorp + uri: "https://apt.releases.hashicorp.com" + comments: "hashicorp repository" + types: + - deb + suites: + - "{{ ansible_distribution_release }}" + components: + - main + options: + Signed-By: "https://apt.releases.hashicorp.com/gpg" diff --git a/molecule/with_custom_repo/requirements.yml b/molecule/with_custom_repo/requirements.yml index e9320f9..ca250b7 100644 --- a/molecule/with_custom_repo/requirements.yml +++ b/molecule/with_custom_repo/requirements.yml @@ -1,3 +1,4 @@ --- # requirements file for molecule -roles: [] +roles: + - name: ednxzu.manage_apt_packages diff --git a/molecule/with_custom_repo/verify.yml b/molecule/with_custom_repo/verify.yml index 947aa4e..0a29147 100644 --- a/molecule/with_custom_repo/verify.yml +++ b/molecule/with_custom_repo/verify.yml @@ -40,22 +40,56 @@ - stat_etc_apt_sources_list.stat.mode == '0644' - name: "Verify file /etc/apt/sources.list" + vars: + expected_source_list_content: | + # See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources ansible.builtin.assert: that: - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - when: (ansible_distribution|lower) == 'ubuntu' + - "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content" - - name: "Verify file /etc/apt/sources.list" + - name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + block: + - name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + ansible.builtin.stat: + path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" + register: stat_etc_apt_sources_list_d + + - name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + ansible.builtin.slurp: + src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" + register: slurp_etc_apt_sources_list_d + + - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" ansible.builtin.assert: that: - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - - "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)" - when: (ansible_distribution|lower) == 'debian' + - stat_etc_apt_sources_list_d.stat.exists + - stat_etc_apt_sources_list_d.stat.isreg + - stat_etc_apt_sources_list_d.stat.pw_name == 'root' + - stat_etc_apt_sources_list_d.stat.gr_name == 'root' + - stat_etc_apt_sources_list_d.stat.mode == '0644' + + - name: test + debug: + msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}" + + - name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}" + vars: + expected_source_list_content: + ubuntu: | + X-Repolib-Name: ubuntu + Types: deb + URIs: http://fr.archive.ubuntu.com/ubuntu + Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports + Components: main restricted universe multiverse + debian: | + X-Repolib-Name: debian + Types: deb + URIs: http://deb.debian.org/debian + Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports + Components: main + ansible.builtin.assert: + that: + - "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]" - name: "Test: directory /etc/apt/sources.list.d" block: @@ -78,23 +112,45 @@ register: slurp_etc_apt_sources_list_d - name: "Verify file /etc/apt/sources.list.d/docker.list" + vars: + expected_source_list_docker_content: | + # Ansible managed: Do NOT edit this file manually! + + # {{ ansible_distribution|lower }} docker repository + X-Repolib-Name: docker + Types: deb + URIs: https://download.docker.com/linux/{{ ansible_distribution|lower }} + Suites: {{ ansible_distribution_release }} + Components: stable + Signed-By: /usr/share/keyrings/docker-archive-keyring.asc ansible.builtin.assert: that: - item.item.isreg - item.item.pw_name == 'root' - item.item.gr_name == 'root' - item.item.mode == '0644' - - "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/docker-archive-keyring.asc] https://download.docker.com/linux/' + (ansible_distribution|lower) + ' ' + ansible_distribution_release + ' stable\\n')" + - "(item.content|b64decode) == expected_source_list_docker_content" loop: "{{ slurp_etc_apt_sources_list_d.results }}" when: (item.item.path | basename | splitext | first) == 'docker' - name: "Verify file /etc/apt/sources.list.d/hashicorp.list" + vars: + expected_source_list_hashicorp_content: | + # Ansible managed: Do NOT edit this file manually! + + # hashicorp repository + X-Repolib-Name: hashicorp + Types: deb + URIs: https://apt.releases.hashicorp.com + Suites: {{ ansible_distribution_release }} + Components: main + Signed-By: /usr/share/keyrings/hashicorp-archive-keyring.asc ansible.builtin.assert: that: - item.item.isreg - item.item.pw_name == 'root' - item.item.gr_name == 'root' - item.item.mode == '0644' - - "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.asc] https://apt.releases.hashicorp.com ' + ansible_distribution_release + ' main\\n')" + - "(item.content|b64decode) == expected_source_list_hashicorp_content" loop: "{{ slurp_etc_apt_sources_list_d.results }}" when: (item.item.path | basename | splitext | first) == 'hashicorp' diff --git a/tasks/custom_repositories.yml b/tasks/custom_repositories.yml index 5edd07f..2d4995a 100644 --- a/tasks/custom_repositories.yml +++ b/tasks/custom_repositories.yml @@ -2,17 +2,23 @@ # task/custom_repositories file for manage_repositories - name: "Download gpg key for custom repositories" ansible.builtin.get_url: - url: "{{ item.gpg_key }}" - dest: "/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc" + url: "{{ item.options['Signed-By'] }}" + dest: "{{ manage_repositories_signing_keys_location }}/{{ item.name }}-archive-keyring.asc" mode: '0644' loop: "{{ manage_repositories_custom_repo }}" - when: item.gpg_key not in [None, ''] + when: item.options is defined + and item.options['Signed-By'] is defined + and item.options['Signed-By'] not in [None, ''] -- name: "Add custom repository into source.list.d/.list" +- name: "Configure custom repositories" vars: - signed_by: "{% if item.gpg_key not in [None, ''] %}[signed-by=/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc]{% endif %}" - ansible.builtin.apt_repository: - repo: "{{ item.type }} {% if signed_by != '' %}{{ signed_by }} {% endif %}{{ item.uri }} {{ item.suites }} {{ item.components }}" - state: "present" - filename: "{{ item.filename }}" + repository: "{{ item }}" + ansible.builtin.template: + src: "repo.sources.j2" + dest: "{{ manage_repositories_repo_location }}/{{ item.name }}.sources" + mode: '0644' + owner: root + group: root loop: "{{ manage_repositories_custom_repo }}" + notify: + - "debian-based-cache-update" diff --git a/tasks/main.yml b/tasks/main.yml index 56daaa7..97f1620 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -4,8 +4,11 @@ ansible.builtin.include_vars: file: "{{ ansible_distribution|lower }}.yml" +- name: "Import prerequisites.yml" + ansible.builtin.include_tasks: prerequisites.yml + - name: "Import main {{ ansible_distribution|lower }} repositories" - ansible.builtin.include_tasks: "{{ ansible_distribution|lower }}.yml" + ansible.builtin.include_tasks: "main_repositories.yml" when: manage_repositories_enable_default_repo - name: "Import custom_repositories.yml" diff --git a/tasks/debian.yml b/tasks/main_repositories.yml similarity index 55% rename from tasks/debian.yml rename to tasks/main_repositories.yml index 36e6f3f..697c7c3 100644 --- a/tasks/debian.yml +++ b/tasks/main_repositories.yml @@ -2,7 +2,7 @@ # task/debian file for manage_repositories - name: "Emtpy /etc/apt/sources.list" block: - - name: Read the current content of the file + - name: "Read the current content of source.list" ansible.builtin.slurp: src: "{{ manage_repositories_sources_list_location }}" register: sources_list_current_content @@ -10,12 +10,21 @@ - name: "Convert sources.list current content to string" ansible.builtin.set_fact: - sources_list_current_content_str: "{{ (sources_list_current_content.content | b64decode) | default('') }}" + sources_list_current_content_str: "{{ (sources_list_current_content.content | default('')) | b64decode }}" - name: "Define sources.list new content" ansible.builtin.set_fact: sources_list_new_content: "{{ manage_repositories_sources_list_message }}" + - name: "Create file /etc/apt/sources.list" + ansible.builtin.file: + path: "{{ manage_repositories_sources_list_location }}" + state: touch + owner: root + group: root + mode: '0644' + when: sources_list_current_content_str == '' + - name: "Replace content of /etc/apt/sources.list" ansible.builtin.replace: path: "{{ manage_repositories_sources_list_location }}" @@ -23,28 +32,13 @@ replace: "{{ sources_list_new_content }}" when: sources_list_current_content_str != sources_list_new_content -- name: "Import list files" - block: - - name: "Create mirrors files" - ansible.builtin.file: - path: "{{ manage_repositories_mirrors_location }}" - state: directory - - - name: "Populate mirrors files" - ansible.builtin.copy: - content: | - {{ item.uri }} - dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list" - loop: "{{ manage_repositories_default_repo }}" - -- name: "Configure debian main repositories into sources.list" - vars: - repositories: "{{ manage_repositories_default_repo }}" - ansible.builtin.template: - src: "repo.sources.j2" - dest: "{{ manage_repositories_default_repo_location }}" - mode: '0644' - owner: root - group: root +- name: "Configure {{ ansible_distribution|lower }} main repositories into sources.list" + ansible.builtin.deb822_repository: + name: "{{ item.name }}" + types: "{{item.types}}" + uris: "{{ item.uri }}" + suites: "{{ item.suites | join(' ') }}" + components: "{{ item.components }}" + loop: "{{ manage_repositories_default_repo }}" notify: - "debian-based-cache-update" diff --git a/tasks/prerequisites.yml b/tasks/prerequisites.yml new file mode 100644 index 0000000..6e851f1 --- /dev/null +++ b/tasks/prerequisites.yml @@ -0,0 +1,7 @@ +--- +# task/prerequisites file for manage_repositories +- name: "Install python dependencies" + ansible.builtin.include_role: + name: ednxzu.manage_apt_packages + vars: + manage_apt_packages_list: "{{ manage_repositories_required_packages }}" diff --git a/tasks/ubuntu.yml b/tasks/ubuntu.yml deleted file mode 100644 index 38abcc0..0000000 --- a/tasks/ubuntu.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# task/ubuntu file for manage_repositories -- name: "Emtpy /etc/apt/sources.list" - block: - - name: Read the current content of the file - ansible.builtin.slurp: - src: "{{ manage_repositories_sources_list_location }}" - register: sources_list_current_content - ignore_errors: true - - - name: "Convert sources.list current content to string" - ansible.builtin.set_fact: - sources_list_current_content_str: "{{ sources_list_current_content.content | b64decode | default('') }}" - - - name: "Define sources.list new content" - ansible.builtin.set_fact: - sources_list_new_content: "{{ manage_repositories_sources_list_message }}" - - - name: "Replace content of /etc/apt/sources.list" - ansible.builtin.replace: - path: "{{ manage_repositories_sources_list_location }}" - regexp: "{{ sources_list_current_content_str | regex_escape }}" - replace: "{{ sources_list_new_content }}" - when: sources_list_current_content_str != sources_list_new_content - -- name: "Import list files" - block: - - name: "Create mirrors files" - ansible.builtin.file: - path: "{{ manage_repositories_mirrors_location }}" - state: directory - - - name: "Populate mirrors files" - ansible.builtin.copy: - content: | - {{ item.uri }} - dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list" - loop: "{{ manage_repositories_default_repo }}" - -- name: "Configure ubuntu main repositories into sources.list" - vars: - repositories: "{{ manage_repositories_default_repo }}" - ansible.builtin.template: - src: "repo.sources.j2" - dest: "{{ manage_repositories_default_repo_location }}" - mode: '0644' - owner: root - group: root - notify: - - "debian-based-cache-update" diff --git a/templates/repo.sources.j2 b/templates/repo.sources.j2 index 02c795d..79dae38 100644 --- a/templates/repo.sources.j2 +++ b/templates/repo.sources.j2 @@ -1,14 +1,17 @@ # {{ ansible_managed }} -{% for repository in repositories %} # {{ repository.comments}} -types: {{ repository.types | join(' ') }} -uris: mirror+file://{{ manage_repositories_mirrors_location }}/{{ repository.name }}.list -suites: {{ repository.suites | join(' ') }} -components: {{ repository.components | join(' ') }} +X-Repolib-Name: {{ repository.name }} +Types: {{ repository.types | join(' ') }} +URIs: {{ repository.uri }} +Suites: {{ repository.suites | join(' ') }} +Components: {{ repository.components | join(' ') }} {% if (repository.options is defined) and repository.options %} {% for option in repository.options %} +{% if option == "Signed-By" %} +{{ option }}: {{ manage_repositories_signing_keys_location + "/" + item.name + "-archive-keyring.asc" }} +{% else %} {{ option }}: {{ repository.options[option] }} +{% endif %} {% endfor %} {% endif %} -{% endfor %} \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index e802bd9..d6c9648 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,6 +1,10 @@ --- # vars file for manage_repositories manage_repositories_sources_list_location: /etc/apt/sources.list -manage_repositories_default_repo_location: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" -manage_repositories_mirrors_location: /etc/apt/mirrors +manage_repositories_repo_location: /etc/apt/sources.list.d +manage_repositories_signing_keys_location: /usr/share/keyrings manage_repositories_sources_list_message: "# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources\\n" +manage_repositories_required_packages: + - name: python3-debian + version: latest + state: present