diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e9fae02d88a0768c5176da1a715826ebf8904fe2..f2b76bd39472c8dcaec3ec9dbe78e3465d86cec7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,7 +16,8 @@ variables:
SCENARIO: "default"
# ANSIBLE_VAULT_PASSWORD_FILE: "molecule/lza_server_hardening.pass"
ANSIBLE_VAULT_PASSWORD_FILE: "../lza_server_hardening.pass"
-
+ ANSIBLE_FORCE_COLOR: 'true'
+ PY_COLORS: '1'
test-job:
stage: test
diff --git a/molecule/resources/playbooks/prepare.yml b/molecule/resources/playbooks/prepare.yml
index 76fc5eb4b35a749cf194fa117e80f47f8b29a93d..53af85c1122b1c5b1e8847f842031ee269f8261c 100644
--- a/molecule/resources/playbooks/prepare.yml
+++ b/molecule/resources/playbooks/prepare.yml
@@ -3,6 +3,7 @@
hosts: "*"
pre_tasks:
- name: configure additional package repositories for Debian
+ when: ansible_os_family == "Debian"
block:
- name: install GPG
ansible.builtin.apt:
@@ -10,21 +11,21 @@
state: latest
update_cache: true
become: true
- - name: add GPG key for SLUB Debian repository
- ansible.builtin.apt_key:
- url: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
- state: present
- become: true
- - name: add repo URL to sources.list
- ansible.builtin.apt_repository:
- repo: "deb https://sdvdebianrepo.slub-dresden.de/deb-repository bookworm main"
- state: present
- update_cache: true
- mode: "0644"
+ - name: add custom repo for SLUB's custom Debian repo
+ ansible.builtin.deb822_repository:
+ architectures: "amd64"
+ components: "main"
+ enabled: true
+ name: "slub"
+ pdiffs: true
+ signed_by: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
+ suites: "{{ ansible_lsb.codename }}"
+ uris: "https://sdvdebianrepo.slub-dresden.de/deb-repository"
+ notify: update package cache
become: true
- when: ansible_os_family == "Debian"
- name: configure additional package repositories for RedHat
+ when: ansible_os_family == "RedHat"
block:
- name: add custom repositories
ansible.builtin.yum_repository:
@@ -42,13 +43,14 @@
description: SLUB YUM repo
baseurl: "https://sdvrhelrepo.slub-dresden.de/"
gpgcheck: "false"
+ notify: update package cache
become: true
- name: remove legacy repo configuration to avoid double configuration for SLUB repo
ansible.builtin.file:
path: "/etc/yum.repos.d/SLUB.repo"
state: absent
become: true
- when: ansible_os_family == "RedHat"
+ notify: update package cache
# This Ansible role installs a multitude of firewall rules, some of which
# will lock us out of our Molecule test VM if we don't take precautions.
@@ -70,3 +72,9 @@
source: "{{ ansible_default_ipv4.address | ansible.utils.ipaddr('network') }}/24"
destination_port: "22"
become: true
+
+ handlers:
+ - name: update package cache
+ ansible.builtin.package:
+ update_cache: true
+ become: true
diff --git a/molecule/virtualbox/molecule.yml b/molecule/virtualbox/molecule.yml
index b409ad5bd3d34b9568e10a48513b29700fe29ab8..ee9b3f7b5e194d81bd195f2290bcdb9d7d36a9ac 100644
--- a/molecule/virtualbox/molecule.yml
+++ b/molecule/virtualbox/molecule.yml
@@ -13,7 +13,7 @@ platforms:
# https://github.com/ansible-community/molecule-vagrant#documentation
# for more platform parameters.
- name: vm-runner
- box: debian/bullseye64
+ box: debian/bookworm64
memory: 1024
# List of raw Vagrant `config` options.
# provider_raw_config_args: