chore: deprecate tests and tasks for RHEL/CentOS 7 and move to Alma 8 instead...

chore: deprecate tests and tasks for RHEL/CentOS 7 and move to Alma 8 instead of Rocky 8, because there have been no releases for Rocky 8 Vagrant Boxes for 9 months

.yamllint

 ---
-# based on documentation available at
-# https://yamllint.readthedocs.io/en/stable/rules.html
-
+# Based on ansible-lint config
 extends: default
 
 rules:
@@ -11,13 +9,29 @@ rules:
   brackets:
     max-spaces-inside: 1
     level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
   comments:
-    min-spaces-from-content: 4
+    min-spaces-from-content: 1 # prettier compatibility
   comments-indentation: disable
-  document-end: disable
-  document-start:
-    level: warning
-  octal-values:
-    forbid-explicit-octal: false
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
   line-length: disable
-  truthy: enable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  octal-values:
+    forbid-implicit-octal: true    # yamllint defaults to false
+    forbid-explicit-octal: true    # yamllint defaults to false
+  trailing-spaces: disable
+  truthy: disable

molecule/resources/playbooks/converge.yml

@@ -9,7 +9,7 @@
       become: true
       when: ansible_os_family == "Debian"
     - name: update yum cache
-      ansible.builtin.yum:
+      ansible.builtin.dnf:
         update_cache: true
       become: true
       when: ansible_os_family == "RedHat"

molecule/virtualbox_centos7/molecule.yml → molecule/virtualbox_alma8/molecule.yml

@@ -4,16 +4,12 @@ dependency:
   enabled: false
 driver:
   name: vagrant
-lint: |
-  set -e
-  yamllint .
-  ansible-lint -x no-loop-var-prefix,command-instead-of-module,package-latest
 platforms:
   # Check out the documentation at
   # https://github.com/ansible-community/molecule-vagrant#documentation
   # for more platform parameters.
   - name: vm-runner
-    box: centos/7
+    box: almalinux/8
     memory: 1024
     # List of raw Vagrant `config` options.
     # provider_raw_config_args:
@@ -29,7 +25,7 @@ provisioner:
     defaults:
       # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
       # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
-      vault_identity_list: "../lza_install_common.pass"
+      vault_identity_list: "../../../lza_install_common.pass"
   vvv: false
   playbooks:
     # create: ../resources/playbooks/create.yml

molecule/virtualbox_rocky8/molecule.yml

----
-dependency:
-  name: galaxy
-  enabled: false
-driver:
-  name: vagrant
-lint: |
-  set -e
-  yamllint .
-  ansible-lint -x no-loop-var-prefix,command-instead-of-module,package-latest
-platforms:
-  # Check out the documentation at
-  # https://github.com/ansible-community/molecule-vagrant#documentation
-  # for more platform parameters.
-  - name: vm-runner
-    box: rockylinux/8
-    memory: 1024
-    # List of raw Vagrant `config` options.
-    # provider_raw_config_args:
-    #   - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
-    # Dictionary of `config` options.
-    config_options:
-      ssh.keep_alive: true
-      ssh.remote_user: "'lza'"
-provisioner:
-  name: ansible
-  log: true
-  config_options:
-    defaults:
-      # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
-      # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
-      vault_identity_list: "../lza_install_common.pass"
-  vvv: false
-  playbooks:
-    # create: ../resources/playbooks/create.yml
-    # destroy: ../resources/playbooks/destroy.yml
-    converge: ../resources/playbooks/converge.yml
-    # prepare: ../resources/playbooks/prepare.yml
-    verify: ../resources/playbooks/verify.yml
-verifier:
-  name: ansible

tasks/configure_autoupdate.yml

@@ -67,22 +67,30 @@
           line: 'Unattended-Upgrade::Remove-Unused-Dependencies "false";'
 
 # based on: https://access.redhat.com/solutions/2823901
+# based on: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/managing-software-packages_configuring-basic-system-settings#automating-software-updates_updating-software-packages
 - name: Install & configurate autoupdate (RedHat)
   when: ansible_os_family == "RedHat"
   block:
     - name: include vars yum-cron.yml
       ansible.builtin.include_vars: "yum-cron.yml"
 
+    - name: purge yum-cron
+      ansible.builtin.dnf:
+        name: "yum-cron"
+        state: absent
+    - name: remove config file for yum-cron, as it's not used any more from RHEL 8 onwards
+      ansible.builtin.file:
+        path: "/etc/yum/yum-cron.conf"
+        state: absent
+
     - name: Install autoupdate packages (RedHat)
-      ansible.builtin.yum:
-        name: [
-          'yum-cron'
-        ]
+      ansible.builtin.dnf:
+        name: 'dnf-automatic'
         state: present
-    - name: configure yum-cron
+    - name: configure dnf-automatic
       ansible.builtin.template:
-        src: "etc/yum/yum-cron.conf.j2"
-        dest: "/etc/yum/yum-cron.conf"
+        src: "etc/dnf/automatic.conf.j2"
+        dest: "/etc/dnf/automatic.conf"
         owner: "root"
         group: "root"
         mode: "0644"

tasks/configure_package_repositories.yml

@@ -39,29 +39,35 @@
         install packages from the newly configured repo)
       ansible.builtin.meta: flush_handlers
 
-- name: add custom repositories
-  when: ansible_os_family == "RedHat"
-  ansible.builtin.yum_repository:
-    name: "{{ item.name }}"
-    description: "{{ item.description }}"
-    baseurl: "{{ item.baseurl }}"
-    gpgcheck: "{{ item.gpgcheck | default('true') }}"
-    gpgkey: "{{ item.gpgkey | default(omit) }}"
-  loop:
-    - name: "epel"
-      description: EPEL YUM repo
-      baseurl: "https://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/x86_64/"
-      gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
-    - name: "slub"
-      description: SLUB YUM repo
-      baseurl: "https://sdvrhelrepo.slub-dresden.de/"
-      gpgcheck: "false"
-  notify: update package cache
-
-- name: >
-    remove legacy repo configuration to avoid double configuration for SLUB repo
-  ansible.builtin.file:
-    path: "/etc/yum.repos.d/SLUB.repo"
-    state: absent
-  when: ansible_os_family == "RedHat"
+- name: configure RHEL repositories
+  when:
+    - ansible_os_family == "RedHat"
+    - "ansible_distribution_major_version is version('8', '==')"
   notify: update package cache
+  block:
+    - name: add SLUB DNF repo
+      ansible.builtin.yum_repository:
+        name: "{{ item.name }}"
+        description: "{{ item.description }}"
+        baseurl: "{{ item.baseurl }}"
+        gpgcheck: "{{ item.gpgcheck | default('true') }}"
+        gpgkey: "{{ item.gpgkey | default(omit) }}"
+      loop:
+        - name: "slub"
+          description: SLUB DNF repo
+          baseurl: "https://sdvrhelrepo.slub-dresden.de/"
+          gpgcheck: "false"
+    # https://docs.fedoraproject.org/en-US/epel/getting-started/#_rhel_8
+#    - name: enable powertools repo in dnf config-manager to install EPEL
+#      community.general.dnf_config_manager:
+#        name: [ "powertools" ]
+    - name: install EPEL-release
+      ansible.builtin.dnf:
+        name: "epel-release"
+#        name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm"
+        disable_gpg_check: true
+    - name: >
+        remove legacy repo configuration to avoid double configuration for SLUB repo
+      ansible.builtin.file:
+        path: "/etc/yum.repos.d/SLUB.repo"
+        state: absent

tasks/install_packages.yml

@@ -5,17 +5,18 @@
     update_cache: true
   when: ansible_os_family == "Debian"
 
-# Äquivalent von yum update
+# Äquivalent von dnf update
 - name: update packages (RedHat)
   when: ansible_os_family == "RedHat"
   block:
-    - name: yum update
-      ansible.builtin.yum:
+    - name: dnf update
+      ansible.builtin.dnf:
         update_cache: true
-        name: '*'
+#        name: '*'
         state: present
-    - name: yum autoremove
-      ansible.builtin.yum:
+        disable_gpg_check: true
+    - name: dnf autoremove
+      ansible.builtin.dnf:
         autoremove: true
 
 - name: uninstall packages
@@ -55,7 +56,6 @@
       'net-tools',
       'nload',
       'nmon',
-      'ntp',
       'parted',
       'psmisc',
       'pv',
@@ -108,7 +108,7 @@
 
 # Installation RedHat-spezifische Pakete
 - name: Installation RedHat-spezifische Pakete
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: [
       'bind-utils',
       'csh',
@@ -117,11 +117,9 @@
       'iputils',
       'kernel-doc',
       'libcgroup-tools',
-      'libselinux-python',
       'libselinux-python3',
       'lvm2',
       'lzip',
-      'lziprecover',
       'neovim',
       'nfs-utils',
       'perf',
@@ -137,7 +135,7 @@
       'vim-enhanced',
       'vim-filesystem',
       'vim-trailing-whitespace',
-      'yum-utils'
+      'dnf-utils'
     ]
     state: present
   environment:

tasks/main.yml

@@ -25,7 +25,7 @@
 
 - name: SLUB-lokales Debian-Repository hinzufügen
   ansible.builtin.import_tasks: "configure_package_repositories.yml"
-  tags: [apt, yum, packages]
+  tags: [apt, dnf, packages]
 
 - name: NTP-Client
   ansible.builtin.import_tasks: "migrate_ntpd_to_esxi_timesync.yml"
@@ -36,7 +36,7 @@
 
 - name: Systempakete installieren
   ansible.builtin.import_tasks: "install_packages.yml"
-  tags: [apt, yum, packages]
+  tags: [apt, dnf, packages]
 
 - name: HotAdd-Scripte für VMware installieren
   ansible.builtin.import_tasks: "install_hotadd_scripts.yml"
@@ -53,7 +53,7 @@
 
 - name: Autoupdate konfigurieren
   ansible.builtin.import_tasks: "configure_autoupdate.yml"
-  tags: [apt, yum, packages]
+  tags: [apt, dnf, packages]
 
 - name: Konfigurationsdateien einspielen - SSH-Login
   ansible.builtin.import_tasks: "configure_ssh_login.yml"

templates/etc/dnf/automatic.conf.j2

+[commands]
+#  What kind of upgrade to perform:
+# default                            = all available upgrades
+# security                           = only the security upgrades
+upgrade_type = default
+random_sleep = 0
+
+# Maximum time in seconds to wait until the system is on-line and able to
+# connect to remote repositories.
+network_online_timeout = 60
+
+# To just receive updates use dnf-automatic-notifyonly.timer
+
+# Whether updates should be downloaded when they are available, by
+# dnf-automatic.timer. notifyonly.timer, download.timer and
+# install.timer override this setting.
+download_updates = yes
+
+# Whether updates should be applied when they are available, by
+# dnf-automatic.timer. notifyonly.timer, download.timer and
+# install.timer override this setting.
+# apply_updates = no    # DEFAULT
+apply_updates = yes
+
+
+[emitters]
+# Name to use for this system in messages that are emitted.  Default is the
+# hostname.
+# system_name = my-host
+
+# How to send messages.  Valid options are stdio, email and motd.  If
+# emit_via includes stdio, messages will be sent to stdout; this is useful
+# to have cron send the messages.  If emit_via includes email, this
+# program will send email itself according to the configured options.
+# If emit_via includes motd, /etc/motd file will have the messages. if
+# emit_via includes command_email, then messages will be send via a shell
+# command compatible with sendmail.
+# Default is email,stdio.
+# If emit_via is None or left blank, no messages will be sent.
+# emit_via = email    # DEFAULT
+emit_via = email
+
+
+[email]
+# The address to send email messages from.
+# email_from = root@example.com    # DEFAULT
+email_from = {{ ansible_hostname }}@slub-dresden.de
+
+# List of addresses to send messages to.
+email_to = root
+
+# Name of the host to connect to to send email messages.
+email_host = localhost
+
+
+[command]
+# The shell command to execute. This is a Python format string, as used in
+# str.format(). The format function will pass a shell-quoted argument called
+# `body`.
+# command_format = "cat"
+
+# The contents of stdin to pass to the command. It is a format string with the
+# same arguments as `command_format`.
+# stdin_format = "{body}"
+
+
+[command_email]
+# The shell command to use to send email. This is a Python format string,
+# as used in str.format(). The format function will pass shell-quoted arguments
+# called body, subject, email_from, email_to.
+# command_format = "mail -Ssendwait -s {subject} -r {email_from} {email_to}"
+
+# The contents of stdin to pass to the command. It is a format string with the
+# same arguments as `command_format`.
+# stdin_format = "{body}"
+
+# The address to send email messages from.
+# email_from = root@example.com    # DEFAULT
+email_from = {{ ansible_hostname }}@slub-dresden.de
+
+# List of addresses to send messages to.
+email_to = root
+
+
+[base]
+# This section overrides dnf.conf
+
+# Use this to filter DNF core messages
+debuglevel = 1

templates/etc/yum/yum-cron.conf.j2

-[commands]
-#  What kind of update to use:
-# default                            = yum upgrade
-# security                           = yum --security upgrade
-# security-severity:Critical         = yum --sec-severity=Critical upgrade
-# minimal                            = yum --bugfix update-minimal
-# minimal-security                   = yum --security update-minimal
-# minimal-security-severity:Critical =  --sec-severity=Critical update-minimal
-update_cmd = {{ update_cmd }}
-
-# Whether a message should be emitted when updates are available,
-# were downloaded, or applied.
-update_messages = {{ update_messages }}
-
-# Whether updates should be downloaded when they are available.
-download_updates = {{ download_updates  }}
-
-# Whether updates should be applied when they are available.  Note
-# that download_updates must also be yes for the update to be applied.
-apply_updates = {{ apply_updates }}
-
-# Maximum amout of time to randomly sleep, in minutes.  The program
-# will sleep for a random amount of time between 0 and random_sleep
-# minutes before running.  This is useful for e.g. staggering the
-# times that multiple systems will access update servers.  If
-# random_sleep is 0 or negative, the program will run immediately.
-# 6*60 = 360
-random_sleep = {{ random_sleep }}
-
-
-[emitters]
-# Name to use for this system in messages that are emitted.  If
-# system_name is None, the hostname will be used.
-system_name = None
-
-# How to send messages.  Valid options are stdio and email.  If
-# emit_via includes stdio, messages will be sent to stdout; this is useful
-# to have cron send the messages.  If emit_via includes email, this
-# program will send email itself according to the configured options.
-# If emit_via is None or left blank, no messages will be sent.
-emit_via = stdio
-
-# The width, in characters, that messages that are emitted should be
-# formatted to.
-output_width = 80
-
-
-[email]
-# The address to send email messages from.
-# NOTE: 'localhost' will be replaced with the value of system_name.
-email_from = root@localhost
-
-# List of addresses to send messages to.
-email_to = root
-
-# Name of the host to connect to to send email messages.
-email_host = localhost
-
-
-[groups]
-# NOTE: This only works when group_command != objects, which is now the default
-# List of groups to update
-group_list = None
-
-# The types of group packages to install
-group_package_types = mandatory, default
-
-[base]
-# This section overrides yum.conf
-
-# Use this to filter Yum core messages
-# -4: critical
-# -3: critical+errors
-# -2: critical+errors+warnings (default)
-debuglevel = -2
-
-# skip_broken = True
-mdpolicy = group:main
-
-# Uncomment to auto-import new gpg keys (dangerous)
-# assumeyes = True