---
- name: Prepare
hosts: "*"
pre_tasks:
- name: configure additional package repositories for Debian
when: ansible_os_family == "Debian"
block:
- name: install GPG
ansible.builtin.apt:
name: "gnupg"
state: latest
update_cache: true
become: true
- name: modify package repo config
ansible.builtin.deb822_repository:
architectures: "amd64"
components: "{{ item.components | default('main') }}"
enabled: "{{ item.enabled | default(true) }}"
name: "{{ item.name }}"
pdiffs: true
signed_by: "{{ item.signed_by }}"
suites: "{{ item.suites | default(ansible_lsb.codename) }}"
uris: "{{ item.uris }}"
loop:
# PC @steidl with local Debian repo for SubAp tests
- name: "bdv141"
signed_by: "http://bdv141.slub-dresden.de/deb-repository/pub.gpg.key"
suites: "lza-testing"
uris: "http://bdv141.slub-dresden.de/deb-repository"
# on-prem Debian Repo
- name: "slub"
signed_by: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
uris: "https://sdvdebianrepo.slub-dresden.de/deb-repository"
# add non-free repos to be able to install libmath-random-perl from official Debian public repo
- name: "debian"
components: ["main", "non-free"]
signed_by: "/usr/share/keyrings/debian-archive-keyring.gpg"
suites: ["{{ ansible_lsb.codename }}", "{{ ansible_lsb.codename }}-updates"]
uris: "http://deb.debian.org/debian"
notify: update package cache
become: true
- name: configure additional package repositories for RedHat
when: ansible_os_family == "RedHat"
block:
- name: add custom repositories
ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
baseurl: "{{ item.baseurl }}"
gpgcheck: "{{ item.gpgcheck | default('true') }}"
gpgkey: "{{ item.gpgkey | default(omit) }}"
loop:
- name: "epel"
description: EPEL YUM repo
baseurl: "https://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/x86_64/"
gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
- name: "slub"
description: SLUB YUM repo
baseurl: "https://sdvrhelrepo.slub-dresden.de/"
gpgcheck: "false"
notify: update package cache
- name: remove legacy repo configuration to avoid double configuration for SLUB repo
ansible.builtin.file:
path: "/etc/yum.repos.d/SLUB.repo"
state: absent
notify: update package cache
# Ansible roles can install a multitude of firewall rules, some of which
# will lock us out of our Molecule test VM if we don't take precautions.
# As Molecule itself uses SSH just like Ansible, we need to open port
# tcp/22 to the private /24 subnet that Vagrant uses when provisioning the
# VM. As we don't know for sure what the address for this subnet is and it
# can change across servers/platforms, we gather this information
# dynamically and filter it through `ipaddr` to get the address of the
# whole subnet. The rule is inserted right on top of the list to make sure
# we always get access.
- name: add firewall rule to allow access from Molecule host into testing VM
ansible.builtin.iptables:
action: insert
rule_num: 1
chain: INPUT
comment: "molecule access"
jump: "ACCEPT"
protocol: tcp
source: "{{ ansible_default_ipv4.address | ansible.utils.ipaddr('network') }}/24"
destination_port: "22"
become: true
handlers:
- name: update package cache
ansible.builtin.package:
update_cache: true
become: true