feat: add Molecule support for Ubuntu 22.04

.gitlab-ci.yml

@@ -29,18 +29,15 @@ workflow:
     on_new_commit: interruptible
 
 variables:
-  SCENARIO: "default"
   # ANSIBLE_VAULT_PASSWORD_FILE: "molecule/lza_server_hardening.pass"
   ANSIBLE_VAULT_PASSWORD_FILE: "../lza_server_hardening.pass"
   ANSIBLE_FORCE_COLOR: 'true'
   PY_COLORS: '1'
 
-test-job-debian:
+.job_template: &job_configuration   # Hidden yaml configuration that defines an anchor named 'job_configuration'
   stage: test
   tags:
     - "shell"
-  variables:
-    SCENARIO: "default"
   script:
     # run Molecule tests
     - molecule syntax --scenario-name ${SCENARIO}
@@ -55,22 +52,17 @@ test-job-debian:
     # - molecule verify --scenario-name ${SCENARIO}
     - molecule destroy --scenario-name ${SCENARIO}
 
-test-job-rhel:
-  stage: test
-  tags:
-    - "shell"
+test-job-debian12:
+  variables:
+    SCENARIO: "virtualbox_debian12"
+  <<: *job_configuration           # Add the contents of the 'job_configuration' alias
+
+test-job-ubuntu2204:
+  variables:
+    SCENARIO: "virtualbox_ubuntu2204"
+  <<: *job_configuration           # Add the contents of the 'job_configuration' alias
+
+test-job-alma8:
   variables:
     SCENARIO: "virtualbox_alma8"
-  script:
-    # run Molecule tests
-    - molecule syntax --scenario-name ${SCENARIO}
-    # We cannot use `molecule lint` anymore because:
-    # - https://github.com/ansible-community/molecule/pull/3802 "Remove lint command"
-    # - https://github.com/ansible-community/molecule/discussions/3825#discussioncomment-4908366
-    - yamllint --strict --format colored ./
-    - ansible-lint --format full --profile production --strict --force-color ./
-    - molecule create --scenario-name ${SCENARIO}
-    - molecule converge --scenario-name ${SCENARIO}
-    - molecule idempotence --scenario-name ${SCENARIO}
-    # - molecule verify --scenario-name ${SCENARIO}
-    - molecule destroy --scenario-name ${SCENARIO}
+  <<: *job_configuration           # Add the contents of the 'job_configuration' alias

molecule/default

-./virtualbox
\ No newline at end of file
+molecule/virtualbox_debian12/
\ No newline at end of file

molecule/resources/playbooks/prepare.yml

@@ -5,24 +5,33 @@
     - name: configure additional package repositories for Debian
       when: ansible_os_family == "Debian"
       block:
-      - name: install GPG
-        ansible.builtin.apt:
-          name: "gnupg"
-          state: latest
-          update_cache: true
-        become: true
-      - name: add custom repo for SLUB's custom Debian repo
-        ansible.builtin.deb822_repository:
-          architectures: "amd64"
-          components: "main"
-          enabled: true
-          name: "slub"
-          pdiffs: true
-          signed_by: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
-          suites: "{{ ansible_lsb.codename }}"
-          uris: "https://sdvdebianrepo.slub-dresden.de/deb-repository"
-        notify: update package cache
-        become: true
+        - name: install GPG
+          ansible.builtin.apt:
+            name: "gnupg"
+            state: latest
+            update_cache: true
+          become: true
+        - name: >
+            Set Mapping for Debian- and Ubuntu-Releasenames. This is necessary,
+            because SLUB's Debian repo server doesn't support Ubuntu releases
+            (yet?). Whenever this restriction is removed, then we can remove
+            the mapping as well.
+          ansible.builtin.set_fact:
+            releasenames:
+              jammy: "bookworm"
+              # noble: "?????????"
+        - name: add custom repo for SLUB's custom Debian repo
+          ansible.builtin.deb822_repository:
+            architectures: "amd64"
+            components: "main"
+            enabled: true
+            name: "slub"
+            pdiffs: true
+            signed_by: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
+            suites: "{{ ( ansible_distribution == 'Ubuntu' ) | ternary( releasenames[ansible_lsb.codename], ansible_lsb.codename ) }}"
+            uris: "https://sdvdebianrepo.slub-dresden.de/deb-repository"
+          notify: update package cache
+          become: true
 
     - name: inform users about supported RHEL versions
       ansible.builtin.debug:

molecule/virtualbox_ubuntu2204/molecule.yml

+---
+dependency:
+  name: galaxy
+  enabled: false
+driver:
+  name: vagrant
+platforms:
+  # Check out the documentation at
+  # https://github.com/ansible-community/molecule-vagrant#documentation
+  # for more platform parameters.
+  - name: vm-harden-mol-deb
+    box: ubuntu/jammy64
+    memory: 3072
+    # List of raw Vagrant `config` options.
+    # provider_raw_config_args:
+    #   - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+    # Dictionary of `config` options.
+    config_options:
+      ssh.keep_alive: yes
+      ssh.remote_user: "lza"
+provisioner:
+  name: ansible
+  log: true
+  config_options:
+    defaults:
+      # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
+      # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
+      # vault_identity_list: "${MOLECULE_PROJECT_DIRECTORY}/../../lza_server_hardening.pass"
+      vault_identity_list: "../lza_server_hardening.pass, ../../../lza_server_hardening.pass"
+      display_skipped_hosts: false
+      display_ok_hosts: false
+  vvv: false
+  playbooks:
+    # create: ../resources/playbooks/create.yml
+    # destroy: ../resources/playbooks/destroy.yml
+    converge: ../resources/playbooks/converge.yml
+    prepare: ../resources/playbooks/prepare.yml
+    verify: ../resources/playbooks/verify.yml
+verifier:
+  name: ansible