ansible-roles/manage_repositories
ansible-roles/manage_repositories
4
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fixed custom repositories, fixed tests
Some checks failed
test / Linting (push) Failing after 29s
Details
test / Molecule tests (default, debian11) (push) Has been skipped
Details
test / Molecule tests (default, debian12) (push) Has been skipped
Details
test / Molecule tests (default, ubuntu2004) (push) Has been skipped
Details
test / Molecule tests (default, ubuntu2204) (push) Has been skipped
Details
test / Molecule tests (with_custom_repo, debian11) (push) Has been skipped
Details
test / Molecule tests (with_custom_repo, debian12) (push) Has been skipped
Details
test / Molecule tests (with_custom_repo, ubuntu2004) (push) Has been skipped
Details
test / Molecule tests (with_custom_repo, ubuntu2204) (push) Has been skipped
Details

Browse Source
This commit is contained in:
Bertrand Lanson 2023-09-13 21:54:24 +02:00
parent a05133ec81
commit 880451bcd5
12 changed files with 199 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
molecule/default/requirements.yml
View File

@ -1,3 +1,4 @@
--- ---
# requirements file for molecule # requirements file for molecule
roles: [] roles:
- name: ednxzu.manage_apt_packages

56
molecule/default/verify.yml
View File

@ -40,19 +40,53 @@
- stat_etc_apt_sources_list.stat.mode == '0644' - stat_etc_apt_sources_list.stat.mode == '0644'
- name: "Verify file /etc/apt/sources.list" - name: "Verify file /etc/apt/sources.list"
vars:
expected_source_list_content: |
# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
when: (ansible_distribution|lower) == 'ubuntu'
- name: "Verify file /etc/apt/sources.list" - name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
block:
- name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.stat:
path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
register: stat_etc_apt_sources_list_d
- name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.slurp:
src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
register: slurp_etc_apt_sources_list_d
- name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - stat_etc_apt_sources_list_d.stat.exists
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - stat_etc_apt_sources_list_d.stat.isreg
- "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - stat_etc_apt_sources_list_d.stat.pw_name == 'root'
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)" - stat_etc_apt_sources_list_d.stat.gr_name == 'root'
when: (ansible_distribution|lower) == 'debian' - stat_etc_apt_sources_list_d.stat.mode == '0644'
- name: test
debug:
msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}"
- name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
vars:
expected_source_list_content:
ubuntu: |
X-Repolib-Name: ubuntu
Types: deb
URIs: http://fr.archive.ubuntu.com/ubuntu
Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
Components: main restricted universe multiverse
debian: |
X-Repolib-Name: debian
Types: deb
URIs: http://deb.debian.org/debian
Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
Components: main
ansible.builtin.assert:
that:
- "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]"

34
molecule/with_custom_repo/group_vars/all.yml
View File

@ -2,17 +2,25 @@
manage_repositories_enable_default_repo: true manage_repositories_enable_default_repo: true
manage_repositories_enable_custom_repo: true manage_repositories_enable_custom_repo: true
manage_repositories_custom_repo: manage_repositories_custom_repo:
- uri: "https://apt.releases.hashicorp.com" - name: docker
gpg_key: "https://apt.releases.hashicorp.com/gpg" uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
comments: "hashicorp repository"
type: "deb"
suites: "{{ ansible_distribution_release }}"
components: "main"
filename: "hashicorp"
- uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
gpg_key: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg"
comments: "{{ ansible_distribution|lower }} docker repository" comments: "{{ ansible_distribution|lower }} docker repository"
type: "deb" types:
suites: "{{ ansible_distribution_release }}" - deb
components: "stable" suites:
filename: "docker" - "{{ ansible_distribution_release }}"
components:
- stable
options:
Signed-By: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg"
- name: hashicorp
uri: "https://apt.releases.hashicorp.com"
comments: "hashicorp repository"
types:
- deb
suites:
- "{{ ansible_distribution_release }}"
components:
- main
options:
Signed-By: "https://apt.releases.hashicorp.com/gpg"

3
molecule/with_custom_repo/requirements.yml
View File

@ -1,3 +1,4 @@
--- ---
# requirements file for molecule # requirements file for molecule
roles: [] roles:
- name: ednxzu.manage_apt_packages

82
molecule/with_custom_repo/verify.yml
View File

@ -40,22 +40,56 @@
- stat_etc_apt_sources_list.stat.mode == '0644' - stat_etc_apt_sources_list.stat.mode == '0644'
- name: "Verify file /etc/apt/sources.list" - name: "Verify file /etc/apt/sources.list"
vars:
expected_source_list_content: |
# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)" - "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
when: (ansible_distribution|lower) == 'ubuntu'
- name: "Verify file /etc/apt/sources.list" - name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
block:
- name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.stat:
path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
register: stat_etc_apt_sources_list_d
- name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.slurp:
src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
register: slurp_etc_apt_sources_list_d
- name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - stat_etc_apt_sources_list_d.stat.exists
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - stat_etc_apt_sources_list_d.stat.isreg
- "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)" - stat_etc_apt_sources_list_d.stat.pw_name == 'root'
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)" - stat_etc_apt_sources_list_d.stat.gr_name == 'root'
when: (ansible_distribution|lower) == 'debian' - stat_etc_apt_sources_list_d.stat.mode == '0644'
- name: test
debug:
msg: "{{ slurp_etc_apt_sources_list_d.content|b64decode }}"
- name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
vars:
expected_source_list_content:
ubuntu: |
X-Repolib-Name: ubuntu
Types: deb
URIs: http://fr.archive.ubuntu.com/ubuntu
Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
Components: main restricted universe multiverse
debian: |
X-Repolib-Name: debian
Types: deb
URIs: http://deb.debian.org/debian
Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
Components: main
ansible.builtin.assert:
that:
- "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]"
- name: "Test: directory /etc/apt/sources.list.d" - name: "Test: directory /etc/apt/sources.list.d"
block: block:
@ -78,23 +112,45 @@
register: slurp_etc_apt_sources_list_d register: slurp_etc_apt_sources_list_d
- name: "Verify file /etc/apt/sources.list.d/docker.list" - name: "Verify file /etc/apt/sources.list.d/docker.list"
vars:
expected_source_list_docker_content: |
# Ansible managed: Do NOT edit this file manually!
# {{ ansible_distribution|lower }} docker repository
X-Repolib-Name: docker
Types: deb
URIs: https://download.docker.com/linux/{{ ansible_distribution|lower }}
Suites: {{ ansible_distribution_release }}
Components: stable
Signed-By: /usr/share/keyrings/docker-archive-keyring.asc
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- item.item.isreg - item.item.isreg
- item.item.pw_name == 'root' - item.item.pw_name == 'root'
- item.item.gr_name == 'root' - item.item.gr_name == 'root'
- item.item.mode == '0644' - item.item.mode == '0644'
- "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/docker-archive-keyring.asc] https://download.docker.com/linux/' + (ansible_distribution|lower) + ' ' + ansible_distribution_release + ' stable\\n')" - "(item.content|b64decode) == expected_source_list_docker_content"
loop: "{{ slurp_etc_apt_sources_list_d.results }}" loop: "{{ slurp_etc_apt_sources_list_d.results }}"
when: (item.item.path | basename | splitext | first) == 'docker' when: (item.item.path | basename | splitext | first) == 'docker'
- name: "Verify file /etc/apt/sources.list.d/hashicorp.list" - name: "Verify file /etc/apt/sources.list.d/hashicorp.list"
vars:
expected_source_list_hashicorp_content: |
# Ansible managed: Do NOT edit this file manually!
# hashicorp repository
X-Repolib-Name: hashicorp
Types: deb
URIs: https://apt.releases.hashicorp.com
Suites: {{ ansible_distribution_release }}
Components: main
Signed-By: /usr/share/keyrings/hashicorp-archive-keyring.asc
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- item.item.isreg - item.item.isreg
- item.item.pw_name == 'root' - item.item.pw_name == 'root'
- item.item.gr_name == 'root' - item.item.gr_name == 'root'
- item.item.mode == '0644' - item.item.mode == '0644'
- "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.asc] https://apt.releases.hashicorp.com ' + ansible_distribution_release + ' main\\n')" - "(item.content|b64decode) == expected_source_list_hashicorp_content"
loop: "{{ slurp_etc_apt_sources_list_d.results }}" loop: "{{ slurp_etc_apt_sources_list_d.results }}"
when: (item.item.path | basename | splitext | first) == 'hashicorp' when: (item.item.path | basename | splitext | first) == 'hashicorp'

24
tasks/custom_repositories.yml
View File

@ -2,17 +2,23 @@
# task/custom_repositories file for manage_repositories # task/custom_repositories file for manage_repositories
- name: "Download gpg key for custom repositories" - name: "Download gpg key for custom repositories"
ansible.builtin.get_url: ansible.builtin.get_url:
url: "{{ item.gpg_key }}" url: "{{ item.options['Signed-By'] }}"
dest: "/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc" dest: "{{ manage_repositories_signing_keys_location }}/{{ item.name }}-archive-keyring.asc"
mode: '0644' mode: '0644'
loop: "{{ manage_repositories_custom_repo }}" loop: "{{ manage_repositories_custom_repo }}"
when: item.gpg_key not in [None, ''] when: item.options is defined
and item.options['Signed-By'] is defined
and item.options['Signed-By'] not in [None, '']
- name: "Add custom repository into source.list.d/.list" - name: "Configure custom repositories"
vars: vars:
signed_by: "{% if item.gpg_key not in [None, ''] %}[signed-by=/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc]{% endif %}" repository: "{{ item }}"
ansible.builtin.apt_repository: ansible.builtin.template:
repo: "{{ item.type }} {% if signed_by != '' %}{{ signed_by }} {% endif %}{{ item.uri }} {{ item.suites }} {{ item.components }}" src: "repo.sources.j2"
state: "present" dest: "{{ manage_repositories_repo_location }}/{{ item.name }}.sources"
filename: "{{ item.filename }}" mode: '0644'
owner: root
group: root
loop: "{{ manage_repositories_custom_repo }}" loop: "{{ manage_repositories_custom_repo }}"
notify:
- "debian-based-cache-update"

5
tasks/main.yml
View File

@ -4,8 +4,11 @@
ansible.builtin.include_vars: ansible.builtin.include_vars:
file: "{{ ansible_distribution|lower }}.yml" file: "{{ ansible_distribution|lower }}.yml"
- name: "Import prerequisites.yml"
ansible.builtin.include_tasks: prerequisites.yml
- name: "Import main {{ ansible_distribution|lower }} repositories" - name: "Import main {{ ansible_distribution|lower }} repositories"
ansible.builtin.include_tasks: "{{ ansible_distribution|lower }}.yml" ansible.builtin.include_tasks: "main_repositories.yml"
when: manage_repositories_enable_default_repo when: manage_repositories_enable_default_repo
- name: "Import custom_repositories.yml" - name: "Import custom_repositories.yml"

44
tasks/debian.yml → tasks/main_repositories.yml
View File

@ -2,7 +2,7 @@
# task/debian file for manage_repositories # task/debian file for manage_repositories
- name: "Emtpy /etc/apt/sources.list" - name: "Emtpy /etc/apt/sources.list"
block: block:
- name: Read the current content of the file - name: "Read the current content of source.list"
ansible.builtin.slurp: ansible.builtin.slurp:
src: "{{ manage_repositories_sources_list_location }}" src: "{{ manage_repositories_sources_list_location }}"
register: sources_list_current_content register: sources_list_current_content
@ -10,12 +10,21 @@
- name: "Convert sources.list current content to string" - name: "Convert sources.list current content to string"
ansible.builtin.set_fact: ansible.builtin.set_fact:
sources_list_current_content_str: "{{ (sources_list_current_content.content | b64decode) | default('') }}" sources_list_current_content_str: "{{ (sources_list_current_content.content | default('')) | b64decode }}"
- name: "Define sources.list new content" - name: "Define sources.list new content"
ansible.builtin.set_fact: ansible.builtin.set_fact:
sources_list_new_content: "{{ manage_repositories_sources_list_message }}" sources_list_new_content: "{{ manage_repositories_sources_list_message }}"
- name: "Create file /etc/apt/sources.list"
ansible.builtin.file:
path: "{{ manage_repositories_sources_list_location }}"
state: touch
owner: root
group: root
mode: '0644'
when: sources_list_current_content_str == ''
- name: "Replace content of /etc/apt/sources.list" - name: "Replace content of /etc/apt/sources.list"
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ manage_repositories_sources_list_location }}" path: "{{ manage_repositories_sources_list_location }}"
@ -23,28 +32,13 @@
replace: "{{ sources_list_new_content }}" replace: "{{ sources_list_new_content }}"
when: sources_list_current_content_str != sources_list_new_content when: sources_list_current_content_str != sources_list_new_content
- name: "Import list files" - name: "Configure {{ ansible_distribution|lower }} main repositories into sources.list"
block: ansible.builtin.deb822_repository:
- name: "Create mirrors files" name: "{{ item.name }}"
ansible.builtin.file: types: "{{item.types}}"
path: "{{ manage_repositories_mirrors_location }}" uris: "{{ item.uri }}"
state: directory suites: "{{ item.suites | join(' ') }}"
components: "{{ item.components }}"
- name: "Populate mirrors files" loop: "{{ manage_repositories_default_repo }}"
ansible.builtin.copy:
content: |
{{ item.uri }}
dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list"
loop: "{{ manage_repositories_default_repo }}"
- name: "Configure debian main repositories into sources.list"
vars:
repositories: "{{ manage_repositories_default_repo }}"
ansible.builtin.template:
src: "repo.sources.j2"
dest: "{{ manage_repositories_default_repo_location }}"
mode: '0644'
owner: root
group: root
notify: notify:
- "debian-based-cache-update" - "debian-based-cache-update"

7
tasks/prerequisites.yml Normal file
View File

@ -0,0 +1,7 @@
---
# task/prerequisites file for manage_repositories
- name: "Install python dependencies"
ansible.builtin.include_role:
name: ednxzu.manage_apt_packages
vars:
manage_apt_packages_list: "{{ manage_repositories_required_packages }}"

50
tasks/ubuntu.yml
View File

@ -1,50 +0,0 @@
---
# task/ubuntu file for manage_repositories
- name: "Emtpy /etc/apt/sources.list"
block:
- name: Read the current content of the file
ansible.builtin.slurp:
src: "{{ manage_repositories_sources_list_location }}"
register: sources_list_current_content
ignore_errors: true
- name: "Convert sources.list current content to string"
ansible.builtin.set_fact:
sources_list_current_content_str: "{{ sources_list_current_content.content | b64decode | default('') }}"
- name: "Define sources.list new content"
ansible.builtin.set_fact:
sources_list_new_content: "{{ manage_repositories_sources_list_message }}"
- name: "Replace content of /etc/apt/sources.list"
ansible.builtin.replace:
path: "{{ manage_repositories_sources_list_location }}"
regexp: "{{ sources_list_current_content_str | regex_escape }}"
replace: "{{ sources_list_new_content }}"
when: sources_list_current_content_str != sources_list_new_content
- name: "Import list files"
block:
- name: "Create mirrors files"
ansible.builtin.file:
path: "{{ manage_repositories_mirrors_location }}"
state: directory
- name: "Populate mirrors files"
ansible.builtin.copy:
content: |
{{ item.uri }}
dest: "{{ manage_repositories_mirrors_location }}/{{ item.name }}.list"
loop: "{{ manage_repositories_default_repo }}"
- name: "Configure ubuntu main repositories into sources.list"
vars:
repositories: "{{ manage_repositories_default_repo }}"
ansible.builtin.template:
src: "repo.sources.j2"
dest: "{{ manage_repositories_default_repo_location }}"
mode: '0644'
owner: root
group: root
notify:
- "debian-based-cache-update"

15
templates/repo.sources.j2
View File

@ -1,14 +1,17 @@
# {{ ansible_managed }} # {{ ansible_managed }}
{% for repository in repositories %}
# {{ repository.comments}} # {{ repository.comments}}
types: {{ repository.types | join(' ') }} X-Repolib-Name: {{ repository.name }}
uris: mirror+file://{{ manage_repositories_mirrors_location }}/{{ repository.name }}.list Types: {{ repository.types | join(' ') }}
suites: {{ repository.suites | join(' ') }} URIs: {{ repository.uri }}
components: {{ repository.components | join(' ') }} Suites: {{ repository.suites | join(' ') }}
Components: {{ repository.components | join(' ') }}
{% if (repository.options is defined) and repository.options %} {% if (repository.options is defined) and repository.options %}
{% for option in repository.options %} {% for option in repository.options %}
{% if option == "Signed-By" %}
{{ option }}: {{ manage_repositories_signing_keys_location + "/" + item.name + "-archive-keyring.asc" }}
{% else %}
{{ option }}: {{ repository.options[option] }} {{ option }}: {{ repository.options[option] }}
{% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endfor %}

8
vars/main.yml
View File

@ -1,6 +1,10 @@
--- ---
# vars file for manage_repositories # vars file for manage_repositories
manage_repositories_sources_list_location: /etc/apt/sources.list manage_repositories_sources_list_location: /etc/apt/sources.list
manage_repositories_default_repo_location: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources" manage_repositories_repo_location: /etc/apt/sources.list.d
manage_repositories_mirrors_location: /etc/apt/mirrors manage_repositories_signing_keys_location: /usr/share/keyrings
manage_repositories_sources_list_message: "# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources\\n" manage_repositories_sources_list_message: "# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources\\n"
manage_repositories_required_packages:
- name: python3-debian
version: latest
state: present