style: use deb822 format and remove deprecated apt_key (resolves #2233 / ND-2723)

79861b67 · Jörg Sachse · b1064159 · 79861b67 · 79861b67 · 79861b67
Commit 79861b67 authored 1 year ago by Jörg Sachse
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,7 +16,8 @@ variables:
  SCENARIO: "default"
  # ANSIBLE_VAULT_PASSWORD_FILE: "molecule/lza_server_hardening.pass"
  ANSIBLE_VAULT_PASSWORD_FILE: "../lza_server_hardening.pass"
+  ANSIBLE_FORCE_COLOR: 'true'
+  PY_COLORS: '1'
 test-job:
  stage: test

--- a/molecule/resources/playbooks/prepare.yml
+++ b/molecule/resources/playbooks/prepare.yml
@@ -3,6 +3,7 @@
  hosts: "*"
  pre_tasks:
    - name: configure additional package repositories for Debian
+      when: ansible_os_family == "Debian"
      block:
      - name: install GPG
        ansible.builtin.apt:
@@ -10,21 +11,21 @@
          state: latest
          update_cache: true
        become: true
-      - name: add GPG key for SLUB Debian repository
+      - name: add custom repo for SLUB's custom Debian repo
-        ansible.builtin.apt_key:
+        ansible.builtin.deb822_repository:
-          url: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
+          architectures: "amd64"
-          state: present
+          components: "main"
-        become: true
+          enabled: true
-      - name: add repo URL to sources.list
+          name: "slub"
-        ansible.builtin.apt_repository:
+          pdiffs: true
-          repo: "deb https://sdvdebianrepo.slub-dresden.de/deb-repository bookworm main"
+          signed_by: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
-          state: present
+          suites: "{{ ansible_lsb.codename }}"
-          update_cache: true
+          uris: "https://sdvdebianrepo.slub-dresden.de/deb-repository"
-          mode: "0644"
+        notify: update package cache
        become: true
-      when: ansible_os_family == "Debian"
    - name: configure additional package repositories for RedHat
+      when: ansible_os_family == "RedHat"
      block:
      - name: add custom repositories
        ansible.builtin.yum_repository:
@@ -42,13 +43,14 @@
            description: SLUB YUM repo
            baseurl: "https://sdvrhelrepo.slub-dresden.de/"
            gpgcheck: "false"
+        notify: update package cache
        become: true
      - name: remove legacy repo configuration to avoid double configuration for SLUB repo
        ansible.builtin.file:
          path: "/etc/yum.repos.d/SLUB.repo"
          state: absent
        become: true
-      when: ansible_os_family == "RedHat"
+        notify: update package cache
    # This Ansible role installs a multitude of firewall rules, some of which
    # will lock us out of our Molecule test VM if we don't take precautions.
@@ -70,3 +72,9 @@
        source: "{{ ansible_default_ipv4.address | ansible.utils.ipaddr('network') }}/24"
        destination_port: "22"
      become: true
+  handlers:
+    - name: update package cache
+      ansible.builtin.package:
+        update_cache: true
+      become: true
--- a/molecule/virtualbox/molecule.yml
+++ b/molecule/virtualbox/molecule.yml
@@ -13,7 +13,7 @@ platforms:
  # https://github.com/ansible-community/molecule-vagrant#documentation
  # for more platform parameters.
  - name: vm-runner
-    box: debian/bullseye64
+    box: debian/bookworm64
    memory: 1024
    # List of raw Vagrant `config` options.
    # provider_raw_config_args: