--- - name: Prepare hosts: "*" pre_tasks: - name: configure additional package repositories for Debian when: ansible_os_family == "Debian" block: - name: install GPG ansible.builtin.apt: name: "gnupg" state: latest update_cache: true become: true - name: add custom repo for SLUB's custom Debian repo ansible.builtin.deb822_repository: architectures: "amd64" components: "main" enabled: true name: "slub" pdiffs: true signed_by: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key" suites: "{{ ansible_lsb.codename }}" uris: "https://sdvdebianrepo.slub-dresden.de/deb-repository" notify: update package cache become: true - name: configure additional package repositories for RedHat when: ansible_os_family == "RedHat" block: - name: add custom repositories ansible.builtin.yum_repository: name: "{{ item.name }}" description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" gpgcheck: "{{ item.gpgcheck | default('true') }}" gpgkey: "{{ item.gpgkey | default(omit) }}" loop: - name: "epel" description: EPEL YUM repo baseurl: "https://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/x86_64/" gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}" - name: "slub" description: SLUB YUM repo baseurl: "https://sdvrhelrepo.slub-dresden.de/" gpgcheck: "false" notify: update package cache become: true - name: remove legacy repo configuration to avoid double configuration for SLUB repo ansible.builtin.file: path: "/etc/yum.repos.d/SLUB.repo" state: absent become: true notify: update package cache # This Ansible role installs a multitude of firewall rules, some of which # will lock us out of our Molecule test VM if we don't take precautions. # As Molecule itself uses SSH just like Ansible, we need to open port # tcp/22 to the private /24 subnet that Vagrant uses when provisioning the # VM. As we don't know for sure what the address for this subnet is and it # can change across servers/platforms, we gather this information # dynamically and filter it through `ipaddr` to get the address of the # whole subnet. The rule is inserted right on top of the list to make sure # we always get access. - name: add firewall rule to allow access from Molecule host into testing VM ansible.builtin.iptables: action: insert rule_num: 1 chain: INPUT comment: "molecule access" jump: "ACCEPT" protocol: tcp source: "{{ ansible_default_ipv4.address | ansible.utils.ipaddr('network') }}/24" destination_port: "22" become: true handlers: - name: update package cache ansible.builtin.package: update_cache: true become: true