From 79861b679130c7de0e2b5d3efd116edb6e0fdaf1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Wed, 21 Feb 2024 13:48:58 +0100
Subject: [PATCH] style: use deb822 format and remove deprecated apt_key
(resolves #2233 / ND-2723)
---
.gitlab-ci.yml | 3 ++-
molecule/resources/playbooks/prepare.yml | 34 +++++++++++++++---------
molecule/virtualbox/molecule.yml | 2 +-
3 files changed, 24 insertions(+), 15 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e9fae02..f2b76bd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,7 +16,8 @@ variables:
SCENARIO: "default"
# ANSIBLE_VAULT_PASSWORD_FILE: "molecule/lza_server_hardening.pass"
ANSIBLE_VAULT_PASSWORD_FILE: "../lza_server_hardening.pass"
-
+ ANSIBLE_FORCE_COLOR: 'true'
+ PY_COLORS: '1'
test-job:
stage: test
diff --git a/molecule/resources/playbooks/prepare.yml b/molecule/resources/playbooks/prepare.yml
index 76fc5eb..53af85c 100644
--- a/molecule/resources/playbooks/prepare.yml
+++ b/molecule/resources/playbooks/prepare.yml
@@ -3,6 +3,7 @@
hosts: "*"
pre_tasks:
- name: configure additional package repositories for Debian
+ when: ansible_os_family == "Debian"
block:
- name: install GPG
ansible.builtin.apt:
@@ -10,21 +11,21 @@
state: latest
update_cache: true
become: true
- - name: add GPG key for SLUB Debian repository
- ansible.builtin.apt_key:
- url: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
- state: present
- become: true
- - name: add repo URL to sources.list
- ansible.builtin.apt_repository:
- repo: "deb https://sdvdebianrepo.slub-dresden.de/deb-repository bookworm main"
- state: present
- update_cache: true
- mode: "0644"
+ - name: add custom repo for SLUB's custom Debian repo
+ ansible.builtin.deb822_repository:
+ architectures: "amd64"
+ components: "main"
+ enabled: true
+ name: "slub"
+ pdiffs: true
+ signed_by: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
+ suites: "{{ ansible_lsb.codename }}"
+ uris: "https://sdvdebianrepo.slub-dresden.de/deb-repository"
+ notify: update package cache
become: true
- when: ansible_os_family == "Debian"
- name: configure additional package repositories for RedHat
+ when: ansible_os_family == "RedHat"
block:
- name: add custom repositories
ansible.builtin.yum_repository:
@@ -42,13 +43,14 @@
description: SLUB YUM repo
baseurl: "https://sdvrhelrepo.slub-dresden.de/"
gpgcheck: "false"
+ notify: update package cache
become: true
- name: remove legacy repo configuration to avoid double configuration for SLUB repo
ansible.builtin.file:
path: "/etc/yum.repos.d/SLUB.repo"
state: absent
become: true
- when: ansible_os_family == "RedHat"
+ notify: update package cache
# This Ansible role installs a multitude of firewall rules, some of which
# will lock us out of our Molecule test VM if we don't take precautions.
@@ -70,3 +72,9 @@
source: "{{ ansible_default_ipv4.address | ansible.utils.ipaddr('network') }}/24"
destination_port: "22"
become: true
+
+ handlers:
+ - name: update package cache
+ ansible.builtin.package:
+ update_cache: true
+ become: true
diff --git a/molecule/virtualbox/molecule.yml b/molecule/virtualbox/molecule.yml
index b409ad5..ee9b3f7 100644
--- a/molecule/virtualbox/molecule.yml
+++ b/molecule/virtualbox/molecule.yml
@@ -13,7 +13,7 @@ platforms:
# https://github.com/ansible-community/molecule-vagrant#documentation
# for more platform parameters.
- name: vm-runner
- box: debian/bullseye64
+ box: debian/bookworm64
memory: 1024
# List of raw Vagrant `config` options.
# provider_raw_config_args:
--
GitLab