feature/move-to-deb822-format #3

Merged
lanson merged 5 commits from feature/move-to-deb822-format into main 2023-09-14 20:42:12 +00:00
16 changed files with 260 additions and 144 deletions

View File

@ -1,3 +1,4 @@
---
# requirements file for molecule
roles: []
roles:
- name: ednxzu.manage_apt_packages

View File

@ -40,19 +40,49 @@
- stat_etc_apt_sources_list.stat.mode == '0644'
- name: "Verify file /etc/apt/sources.list"
vars:
expected_source_list_content: |
# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources
ansible.builtin.assert:
that:
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
when: (ansible_distribution|lower) == 'ubuntu'
- "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content"
- name: "Verify file /etc/apt/sources.list"
- name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
block:
- name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.stat:
path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
register: stat_etc_apt_sources_list_d
- name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.slurp:
src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
register: slurp_etc_apt_sources_list_d
- name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.assert:
that:
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)"
when: (ansible_distribution|lower) == 'debian'
- stat_etc_apt_sources_list_d.stat.exists
- stat_etc_apt_sources_list_d.stat.isreg
- stat_etc_apt_sources_list_d.stat.pw_name == 'root'
- stat_etc_apt_sources_list_d.stat.gr_name == 'root'
- stat_etc_apt_sources_list_d.stat.mode == '0644'
- name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
vars:
expected_source_list_content:
ubuntu: |
X-Repolib-Name: ubuntu
Types: deb
URIs: http://fr.archive.ubuntu.com/ubuntu
Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
Components: main restricted universe multiverse
debian: |
X-Repolib-Name: debian
Types: deb
URIs: http://deb.debian.org/debian
Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
Components: main
ansible.builtin.assert:
that:
- "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]"

View File

@ -2,17 +2,25 @@
manage_repositories_enable_default_repo: true
manage_repositories_enable_custom_repo: true
manage_repositories_custom_repo:
- uri: "https://apt.releases.hashicorp.com"
gpg_key: "https://apt.releases.hashicorp.com/gpg"
comments: "hashicorp repository"
type: "deb"
suites: "{{ ansible_distribution_release }}"
components: "main"
filename: "hashicorp"
- uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
gpg_key: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg"
- name: docker
uri: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
comments: "{{ ansible_distribution|lower }} docker repository"
type: "deb"
suites: "{{ ansible_distribution_release }}"
components: "stable"
filename: "docker"
types:
- deb
suites:
- "{{ ansible_distribution_release }}"
components:
- stable
options:
Signed-By: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg"
- name: hashicorp
uri: "https://apt.releases.hashicorp.com"
comments: "hashicorp repository"
types:
- deb
suites:
- "{{ ansible_distribution_release }}"
components:
- main
options:
Signed-By: "https://apt.releases.hashicorp.com/gpg"

View File

@ -1,3 +1,4 @@
---
# requirements file for molecule
roles: []
roles:
- name: ednxzu.manage_apt_packages

View File

@ -40,22 +40,52 @@
- stat_etc_apt_sources_list.stat.mode == '0644'
- name: "Verify file /etc/apt/sources.list"
vars:
expected_source_list_content: |
# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources
ansible.builtin.assert:
that:
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + ' main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-updates main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-security main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://fr.archive.ubuntu.com/ubuntu ' + ansible_distribution_release + '-backports main restricted universe multiverse') in (slurp_etc_apt_sources_list.content|b64decode)"
when: (ansible_distribution|lower) == 'ubuntu'
- "(slurp_etc_apt_sources_list.content|b64decode) == expected_source_list_content"
- name: "Verify file /etc/apt/sources.list"
- name: "Test: file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
block:
- name: "Stat /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.stat:
path: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
register: stat_etc_apt_sources_list_d
- name: "Slurp file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.slurp:
src: "/etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources"
register: slurp_etc_apt_sources_list_d
- name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
ansible.builtin.assert:
that:
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + ' main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-updates main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://deb.debian.org/debian-security ' + ansible_distribution_release + '-security main contrib') in (slurp_etc_apt_sources_list.content|b64decode)"
- "('deb http://deb.debian.org/debian ' + ansible_distribution_release + '-backports main') in (slurp_etc_apt_sources_list.content|b64decode)"
when: (ansible_distribution|lower) == 'debian'
- stat_etc_apt_sources_list_d.stat.exists
- stat_etc_apt_sources_list_d.stat.isreg
- stat_etc_apt_sources_list_d.stat.pw_name == 'root'
- stat_etc_apt_sources_list_d.stat.gr_name == 'root'
- stat_etc_apt_sources_list_d.stat.mode == '0644'
- name: "Verify file /etc/apt/sources.list.d/{{ ansible_distribution|lower }}"
vars:
expected_source_list_content:
ubuntu: |
X-Repolib-Name: ubuntu
Types: deb
URIs: http://fr.archive.ubuntu.com/ubuntu
Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-security {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
Components: main restricted universe multiverse
debian: |
X-Repolib-Name: debian
Types: deb
URIs: http://deb.debian.org/debian
Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
Components: main
ansible.builtin.assert:
that:
- "(slurp_etc_apt_sources_list_d.content|b64decode) == expected_source_list_content[ansible_distribution|lower]"
- name: "Test: directory /etc/apt/sources.list.d"
block:
@ -78,23 +108,45 @@
register: slurp_etc_apt_sources_list_d
- name: "Verify file /etc/apt/sources.list.d/docker.list"
vars:
expected_source_list_docker_content: |
# Ansible managed: Do NOT edit this file manually!
# {{ ansible_distribution|lower }} docker repository
X-Repolib-Name: docker
Types: deb
URIs: https://download.docker.com/linux/{{ ansible_distribution|lower }}
Suites: {{ ansible_distribution_release }}
Components: stable
Signed-By: /usr/share/keyrings/docker-archive-keyring.asc
ansible.builtin.assert:
that:
- item.item.isreg
- item.item.pw_name == 'root'
- item.item.gr_name == 'root'
- item.item.mode == '0644'
- "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/docker-archive-keyring.asc] https://download.docker.com/linux/' + (ansible_distribution|lower) + ' ' + ansible_distribution_release + ' stable\\n')"
- "(item.content|b64decode) == expected_source_list_docker_content"
loop: "{{ slurp_etc_apt_sources_list_d.results }}"
when: (item.item.path | basename | splitext | first) == 'docker'
- name: "Verify file /etc/apt/sources.list.d/hashicorp.list"
vars:
expected_source_list_hashicorp_content: |
# Ansible managed: Do NOT edit this file manually!
# hashicorp repository
X-Repolib-Name: hashicorp
Types: deb
URIs: https://apt.releases.hashicorp.com
Suites: {{ ansible_distribution_release }}
Components: main
Signed-By: /usr/share/keyrings/hashicorp-archive-keyring.asc
ansible.builtin.assert:
that:
- item.item.isreg
- item.item.pw_name == 'root'
- item.item.gr_name == 'root'
- item.item.mode == '0644'
- "(item.content|b64decode) == ('deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.asc] https://apt.releases.hashicorp.com ' + ansible_distribution_release + ' main\\n')"
- "(item.content|b64decode) == expected_source_list_hashicorp_content"
loop: "{{ slurp_etc_apt_sources_list_d.results }}"
when: (item.item.path | basename | splitext | first) == 'hashicorp'

View File

@ -2,17 +2,23 @@
# task/custom_repositories file for manage_repositories
- name: "Download gpg key for custom repositories"
ansible.builtin.get_url:
url: "{{ item.gpg_key }}"
dest: "/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc"
url: "{{ item.options['Signed-By'] }}"
dest: "{{ manage_repositories_signing_keys_location }}/{{ item.name }}-archive-keyring.asc"
mode: '0644'
loop: "{{ manage_repositories_custom_repo }}"
when: item.gpg_key not in [None, '']
when: item.options is defined
and item.options['Signed-By'] is defined
and item.options['Signed-By'] not in [None, '']
- name: "Add custom repository into source.list.d/.list"
- name: "Configure custom repositories"
vars:
signed_by: "{% if item.gpg_key not in [None, ''] %}[signed-by=/usr/share/keyrings/{{ item.filename }}-archive-keyring.asc]{% endif %}"
ansible.builtin.apt_repository:
repo: "{{ item.type }} {% if signed_by != '' %}{{ signed_by }} {% endif %}{{ item.uri }} {{ item.suites }} {{ item.components }}"
state: "present"
filename: "{{ item.filename }}"
repository: "{{ item }}"
ansible.builtin.template:
src: "repo.sources.j2"
dest: "{{ manage_repositories_repo_location }}/{{ item.name }}.sources"
mode: '0644'
owner: root
group: root
loop: "{{ manage_repositories_custom_repo }}"
notify:
- "debian-based-cache-update"

View File

@ -1,13 +0,0 @@
---
# task/debian file for manage_repositories
- name: "Configure ubuntu main repositories into sources.list"
vars:
repositories: "{{ manage_repositories_default_repo }}"
ansible.builtin.template:
src: "sources.list.j2"
dest: "{{ manage_repositories_default_repo_location }}"
mode: '0644'
owner: root
group: root
notify:
- "debian-based-cache-update"

View File

@ -4,16 +4,12 @@
ansible.builtin.include_vars:
file: "{{ ansible_distribution|lower }}.yml"
- name: "Import main repositories"
when: manage_repositories_enable_default_repo
block:
- name: "Import ubuntu.yml"
ansible.builtin.include_tasks: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- name: "Import prerequisites.yml"
ansible.builtin.include_tasks: prerequisites.yml
- name: "Import debian.yml"
ansible.builtin.include_tasks: debian.yml
when: ansible_distribution == 'Debian'
- name: "Import main repositories for {{ ansible_distribution|lower }}"
ansible.builtin.include_tasks: "main_repositories.yml"
when: manage_repositories_enable_default_repo
- name: "Import custom_repositories.yml"
ansible.builtin.include_tasks: custom_repositories.yml

View File

@ -0,0 +1,44 @@
---
# task/debian file for manage_repositories
- name: "Emtpy /etc/apt/sources.list"
block:
- name: "Read the current content of source.list"
ansible.builtin.slurp:
src: "{{ manage_repositories_sources_list_location }}"
register: sources_list_current_content
ignore_errors: true
- name: "Convert sources.list current content to string"
ansible.builtin.set_fact:
sources_list_current_content_str: "{{ (sources_list_current_content.content | default('')) | b64decode }}"
- name: "Define sources.list new content"
ansible.builtin.set_fact:
sources_list_new_content: "{{ manage_repositories_sources_list_message }}"
- name: "Create file /etc/apt/sources.list"
ansible.builtin.file:
path: "{{ manage_repositories_sources_list_location }}"
state: touch
owner: root
group: root
mode: '0644'
when: sources_list_current_content_str == ''
- name: "Replace content of /etc/apt/sources.list"
ansible.builtin.replace:
path: "{{ manage_repositories_sources_list_location }}"
regexp: "{{ sources_list_current_content_str | regex_escape }}"
replace: "{{ sources_list_new_content }}"
when: sources_list_current_content_str != sources_list_new_content
- name: "Configure main repositories into sources.list.d for {{ ansible_distribution|lower }} "
ansible.builtin.deb822_repository:
name: "{{ item.name }}"
types: "{{item.types}}"
uris: "{{ item.uri }}"
suites: "{{ item.suites | join(' ') }}"
components: "{{ item.components }}"
loop: "{{ manage_repositories_default_repo }}"
notify:
- "debian-based-cache-update"

7
tasks/prerequisites.yml Normal file
View File

@ -0,0 +1,7 @@
---
# task/prerequisites file for manage_repositories
- name: "Install python dependencies"
ansible.builtin.include_role:
name: ednxzu.manage_apt_packages
vars:
manage_apt_packages_list: "{{ manage_repositories_required_packages }}"

View File

@ -1,13 +0,0 @@
---
# task/ubuntu file for manage_repositories
- name: "Configure ubuntu main repositories into sources.list"
vars:
repositories: "{{ manage_repositories_default_repo }}"
ansible.builtin.template:
src: "sources.list.j2"
dest: "{{ manage_repositories_default_repo_location }}"
mode: '0644'
owner: root
group: root
notify:
- "debian-based-cache-update"

17
templates/repo.sources.j2 Normal file
View File

@ -0,0 +1,17 @@
# {{ ansible_managed }}
# {{ repository.comments}}
X-Repolib-Name: {{ repository.name }}
Types: {{ repository.types | join(' ') }}
URIs: {{ repository.uri }}
Suites: {{ repository.suites | join(' ') }}
Components: {{ repository.components | join(' ') }}
{% if (repository.options is defined) and repository.options %}
{% for option in repository.options %}
{% if option == "Signed-By" %}
{{ option }}: {{ manage_repositories_signing_keys_location + "/" + item.name + "-archive-keyring.asc" }}
{% else %}
{{ option }}: {{ repository.options[option] }}
{% endif %}
{% endfor %}
{% endif %}

View File

@ -1,6 +0,0 @@
# {{ ansible_managed }}
{% for repository in repositories %}
# {{ repository.comments}}
{{ repository.type }} {% if repository.gpg_key is not none %}[signed-by=/usr/share/keyrings/{{ repository.filename }}-archive-keyring.asc] {% endif %}{{ repository.uri }} {{ repository.suites }} {{ repository.components }}
{% endfor %}

View File

@ -1,31 +1,23 @@
---
# vars file for manage_repositories
manage_repositories_default_repo:
# debian main repository
- uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}"
gpg_key:
- name: debian
uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}"
comments: "debian main repository"
type: "deb"
suites: "{{ ansible_distribution_release }}"
components: "main contrib"
# debian updates repository
- uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}"
gpg_key:
comments: "debian updates repository"
type: "deb"
suites: "{{ ansible_distribution_release }}-updates"
components: "main contrib"
# debian security repository
- uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}-security"
gpg_key:
comments: "debian security repository"
type: "deb"
suites: "{{ ansible_distribution_release }}-security"
components: "main contrib"
# debian backports repository
- uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}"
gpg_key:
comments: "debian backports repository"
type: "deb"
suites: "{{ ansible_distribution_release }}-backports"
components: "main"
types:
- deb
suites:
- "{{ ansible_distribution_release }}"
- "{{ ansible_distribution_release }}-updates"
- "{{ ansible_distribution_release }}-backports"
components:
- main
- name: debian-security
uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}-security"
comments: "debian main repository"
types:
- deb
suites:
- "{{ ansible_distribution_release }}-security"
components:
- main

View File

@ -1,3 +1,10 @@
---
# vars file for manage_repositories
manage_repositories_default_repo_location: /etc/apt/sources.list
manage_repositories_sources_list_location: /etc/apt/sources.list
manage_repositories_repo_location: /etc/apt/sources.list.d
manage_repositories_signing_keys_location: /usr/share/keyrings
manage_repositories_sources_list_message: "# See /etc/apt/sources.list.d/{{ ansible_distribution|lower }}.sources\\n"
manage_repositories_required_packages:
- name: python3-debian
version: latest
state: present

View File

@ -1,31 +1,18 @@
---
# vars file for manage_repositories
manage_repositories_default_repo:
# ubuntu main repository
- uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}"
gpg_key:
- name: ubuntu
uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}"
comments: "ubuntu main repository"
type: "deb"
suites: "{{ ansible_distribution_release }}"
components: "main restricted universe multiverse"
# ubuntu updates repository
- uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}"
gpg_key:
comments: "ubuntu updates repository"
type: "deb"
suites: "{{ ansible_distribution_release }}-updates"
components: "main restricted universe multiverse"
# ubuntu security repository
- uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}"
gpg_key:
comments: "ubuntu security repository"
type: "deb"
suites: "{{ ansible_distribution_release }}-security"
components: "main restricted universe multiverse"
# ubuntu backports repository
- uri: "{{ manage_repositories_main_repo_uri[ansible_distribution|lower] }}"
gpg_key:
comments: "ubuntu backports repository"
type: "deb"
suites: "{{ ansible_distribution_release }}-backports"
components: "main restricted universe multiverse"
types:
- deb
suites:
- "{{ ansible_distribution_release }}"
- "{{ ansible_distribution_release }}-security"
- "{{ ansible_distribution_release }}-updates"
- "{{ ansible_distribution_release }}-backports"
components:
- main
- restricted
- universe
- multiverse