diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e43be36c96b9ca7f9c10374844d8ca365d63c021..f336b9a61fcfcc125a365d43cd15498943270100 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -29,18 +29,15 @@ workflow:
on_new_commit: interruptible
variables:
- SCENARIO: "default"
# ANSIBLE_VAULT_PASSWORD_FILE: "molecule/lza_server_hardening.pass"
ANSIBLE_VAULT_PASSWORD_FILE: "../lza_server_hardening.pass"
ANSIBLE_FORCE_COLOR: 'true'
PY_COLORS: '1'
-test-job-debian:
+.job_template: &job_configuration # Hidden yaml configuration that defines an anchor named 'job_configuration'
stage: test
tags:
- "shell"
- variables:
- SCENARIO: "default"
script:
# run Molecule tests
- molecule syntax --scenario-name ${SCENARIO}
@@ -55,22 +52,17 @@ test-job-debian:
# - molecule verify --scenario-name ${SCENARIO}
- molecule destroy --scenario-name ${SCENARIO}
-test-job-rhel:
- stage: test
- tags:
- - "shell"
+test-job-debian12:
+ variables:
+ SCENARIO: "virtualbox_debian12"
+ <<: *job_configuration # Add the contents of the 'job_configuration' alias
+
+test-job-ubuntu2204:
+ variables:
+ SCENARIO: "virtualbox_ubuntu2204"
+ <<: *job_configuration # Add the contents of the 'job_configuration' alias
+
+test-job-alma8:
variables:
SCENARIO: "virtualbox_alma8"
- script:
- # run Molecule tests
- - molecule syntax --scenario-name ${SCENARIO}
- # We cannot use `molecule lint` anymore because:
- # - https://github.com/ansible-community/molecule/pull/3802 "Remove lint command"
- # - https://github.com/ansible-community/molecule/discussions/3825#discussioncomment-4908366
- - yamllint --strict --format colored ./
- - ansible-lint --format full --profile production --strict --force-color ./
- - molecule create --scenario-name ${SCENARIO}
- - molecule converge --scenario-name ${SCENARIO}
- - molecule idempotence --scenario-name ${SCENARIO}
- # - molecule verify --scenario-name ${SCENARIO}
- - molecule destroy --scenario-name ${SCENARIO}
+ <<: *job_configuration # Add the contents of the 'job_configuration' alias
diff --git a/molecule/default b/molecule/default
index 3841ab1f6fbdfc4b16f9491b776a826e19fa583c..5d12603411fd06e14408793fb5f1f3177b573bbd 120000
--- a/molecule/default
+++ b/molecule/default
@@ -1 +1 @@
-./virtualbox
\ No newline at end of file
+molecule/virtualbox_debian12/
\ No newline at end of file
diff --git a/molecule/resources/playbooks/prepare.yml b/molecule/resources/playbooks/prepare.yml
index b4551514480c01ba7ff92a3448d976291b66b92a..942d0ead96b656f6b707e4099cd9151c9922f125 100644
--- a/molecule/resources/playbooks/prepare.yml
+++ b/molecule/resources/playbooks/prepare.yml
@@ -5,24 +5,33 @@
- name: configure additional package repositories for Debian
when: ansible_os_family == "Debian"
block:
- - name: install GPG
- ansible.builtin.apt:
- name: "gnupg"
- state: latest
- update_cache: true
- become: true
- - name: add custom repo for SLUB's custom Debian repo
- ansible.builtin.deb822_repository:
- architectures: "amd64"
- components: "main"
- enabled: true
- name: "slub"
- pdiffs: true
- signed_by: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
- suites: "{{ ansible_lsb.codename }}"
- uris: "https://sdvdebianrepo.slub-dresden.de/deb-repository"
- notify: update package cache
- become: true
+ - name: install GPG
+ ansible.builtin.apt:
+ name: "gnupg"
+ state: latest
+ update_cache: true
+ become: true
+ - name: >
+ Set Mapping for Debian- and Ubuntu-Releasenames. This is necessary,
+ because SLUB's Debian repo server doesn't support Ubuntu releases
+ (yet?). Whenever this restriction is removed, then we can remove
+ the mapping as well.
+ ansible.builtin.set_fact:
+ releasenames:
+ jammy: "bookworm"
+ # noble: "?????????"
+ - name: add custom repo for SLUB's custom Debian repo
+ ansible.builtin.deb822_repository:
+ architectures: "amd64"
+ components: "main"
+ enabled: true
+ name: "slub"
+ pdiffs: true
+ signed_by: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
+ suites: "{{ ( ansible_distribution == 'Ubuntu' ) | ternary( releasenames[ansible_lsb.codename], ansible_lsb.codename ) }}"
+ uris: "https://sdvdebianrepo.slub-dresden.de/deb-repository"
+ notify: update package cache
+ become: true
- name: inform users about supported RHEL versions
ansible.builtin.debug:
diff --git a/molecule/virtualbox/molecule.yml b/molecule/virtualbox_debian12/molecule.yml
similarity index 100%
rename from molecule/virtualbox/molecule.yml
rename to molecule/virtualbox_debian12/molecule.yml
diff --git a/molecule/virtualbox_ubuntu2204/molecule.yml b/molecule/virtualbox_ubuntu2204/molecule.yml
new file mode 100644
index 0000000000000000000000000000000000000000..55714f76a39115a4c8d20addfbde5f91f93ca126
--- /dev/null
+++ b/molecule/virtualbox_ubuntu2204/molecule.yml
@@ -0,0 +1,40 @@
+---
+dependency:
+ name: galaxy
+ enabled: false
+driver:
+ name: vagrant
+platforms:
+ # Check out the documentation at
+ # https://github.com/ansible-community/molecule-vagrant#documentation
+ # for more platform parameters.
+ - name: vm-harden-mol-deb
+ box: ubuntu/jammy64
+ memory: 3072
+ # List of raw Vagrant `config` options.
+ # provider_raw_config_args:
+ # - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+ # Dictionary of `config` options.
+ config_options:
+ ssh.keep_alive: yes
+ ssh.remote_user: "lza"
+provisioner:
+ name: ansible
+ log: true
+ config_options:
+ defaults:
+ # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
+ # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
+ # vault_identity_list: "${MOLECULE_PROJECT_DIRECTORY}/../../lza_server_hardening.pass"
+ vault_identity_list: "../lza_server_hardening.pass, ../../../lza_server_hardening.pass"
+ display_skipped_hosts: false
+ display_ok_hosts: false
+ vvv: false
+ playbooks:
+ # create: ../resources/playbooks/create.yml
+ # destroy: ../resources/playbooks/destroy.yml
+ converge: ../resources/playbooks/converge.yml
+ prepare: ../resources/playbooks/prepare.yml
+ verify: ../resources/playbooks/verify.yml
+verifier:
+ name: ansible