Skip to content

Commit

Permalink
[Apt] Switch to deb822 format
Browse files Browse the repository at this point in the history
  • Loading branch information
nervo committed Oct 26, 2023
1 parent 07b940b commit f1ac5ae
Show file tree
Hide file tree
Showing 15 changed files with 827 additions and 346 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
## [Unreleased]
### Changed
- [All] Update minimum version of ansible to 2.15
- [Apt] Switch to deb822 format
- [Apparmor] Remove handler "apparmor reload" in favor of "Reload apparmor"
- [Cron] Remove handler "cron restart" in favor of "Restart cron"
- [Dhcp] Remove handler "dhcp restart" in favor of "Restart dhcp"
Expand Down
183 changes: 119 additions & 64 deletions molecule/apt/converge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -271,9 +271,24 @@
- name: Keys
tags: [keys]
hosts: debian
vars:
tests_dir: /molecule/apt/keys
tasks:
- name: Clean tests dir
ansible.builtin.file: # noqa: risky-file-permissions
path: "{{ tests_dir }}/{{ item.0 }}"
state: "{{ item.1 }}"
loop: "{{ ['default', 'exclusive'] | product(['absent', 'directory']) }}"
- name: Touch existing files
ansible.builtin.file: # noqa: risky-file-permissions
path: "{{ tests_dir }}/{{ item }}"
state: touch
loop: [
default/state_absent_existing, default/state_ignore_existing,
exclusive/existing, exclusive/existing_present, exclusive/existing_ignore,
]
- block: # noqa: name[missing]
- name: Role
- name: Role - Default
ansible.builtin.import_role:
name: manala.roles.apt
tasks_from: keys
Expand All @@ -282,23 +297,67 @@
- sury_php:100
manala_apt_repositories:
- nginx
- source: deb https://dl.yarnpkg.com/debian/ stable main
- file: yarn.sources
uris: https://dl.yarnpkg.com/debian/
suites: stable
components: main
key: yarn
- source: deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_facts.distribution_release }}-pgdg main
- file: postgresql.sources
uris: http://apt.postgresql.org/pub/repos/apt/
suites: "{{ ansible_facts.distribution_release }}-pgdg"
components: main
key:
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
id: ACCC4CF8
file: postgresql.asc
checksum: sha256:0144068502a1eddd2a0280ede10ef607d1ec592ce819940991203941564e8e76
manala_apt_keys_exclusive: false
manala_apt_keys_dir: "{{ tests_dir }}/default"
manala_apt_keys:
# Short syntax
- sensu-go
# Pattern syntax
- key: grafana
# Verbose syntax
- url: http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
id: 056E8E56
- keyserver: keyserver.ubuntu.com
id: BC19DDBA # Galera
- url: https://www.rabbitmq.com/rabbitmq-release-signing-key.asc
file: rabbitmq.asc
checksum: sha256:bf3d770e522b9436d9c6bee1b1206cba6800fc64d754b1293471038eb9529138
# Flatten
-
- multimedia
# State
- key: mongodb_4_2
file: state_present_implicit
- key: mongodb_4_4
file: state_present
state: present
- key: varnish_4_0
file: state_absent
state: absent
- key: varnish_6_1
file: state_absent_existing
state: absent
- key: glusterfs_6
file: state_ignore
state: ignore
- key: glusterfs_10
file: state_ignore_existing
state: ignore
- name: Role - Exclusive
ansible.builtin.import_role:
name: manala.roles.apt
tasks_from: keys
vars:
manala_apt_keys_exclusive: true
manala_apt_keys_dir: "{{ tests_dir }}/exclusive"
manala_apt_keys:
- key: varnish_6_1
file: existing_present
- key: glusterfs_6
file: existing_ignore
state: ignore
- key: glusterfs_10
file: ignore
state: ignore
always:
- name: Goss
ansible.builtin.command:
Expand All @@ -310,99 +369,95 @@
# Repositories #
################

- name: Repositories - Default
tags: [repositories, repositories.default]
- name: Repositories
tags: [repositories]
hosts: debian
vars:
tests_dir: /molecule/apt/repositories
tasks:
- name: Apt keys
ansible.builtin.apt_key:
url: "{{ item.0 }}"
id: "{{ item.1 }}"
loop:
- [http://deb.nodesource.com/gpgkey/nodesource.gpg.key, 68576280]
- name: Apt repositories
ansible.builtin.apt_repository:
repo: "{{ item }}"
loop:
- deb https://deb.nodesource.com/node_14.x {{ ansible_facts.distribution_release }} main
- deb https://deb.nodesource.com/node_18.x {{ ansible_facts.distribution_release }} main
- name: Clean tests dir
ansible.builtin.file: # noqa: risky-file-permissions
path: "{{ tests_dir }}/{{ item.0 }}"
state: "{{ item.1 }}"
loop: "{{ ['default', 'exclusive'] | product(['absent', 'directory']) }}"
- name: Touch existing files
ansible.builtin.file: # noqa: risky-file-permissions
path: "{{ tests_dir }}/{{ item }}"
state: touch
loop: [
default/state_absent_existing, default/state_ignore_existing,
exclusive/existing, exclusive/existing_present, exclusive/existing_ignore,
]
- block: # noqa: name[missing]
- name: Role
- name: Role - Default
ansible.builtin.import_role:
# Play role fully, because of "keys" tasks dependency
name: manala.roles.apt
tasks_from: repositories
vars:
manala_apt_preferences:
- sury_php:100
manala_apt_repositories_exclusive: false
manala_apt_repositories_dir: "{{ tests_dir }}/default"
manala_apt_repositories:
# Short syntax
- matomo
# Pattern syntax
- repository: grafana
# Verbose syntax
- source: deb https://dl.yarnpkg.com/debian/ stable main
- file: yarn
uris: https://dl.yarnpkg.com/debian/
suites: stable
components: main
key: yarn
- source: deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_facts.distribution_release }}-pgdg main
- file: postgresql
uris: http://apt.postgresql.org/pub/repos/apt/
suites: "{{ ansible_facts.distribution_release }}-pgdg"
components: main
key:
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
id: ACCC4CF8
# Flatten
-
- nginx
# State
- source: deb https://deb.nodesource.com/node_12.x {{ ansible_facts.distribution_release }} main
- source: deb https://deb.nodesource.com/node_14.x {{ ansible_facts.distribution_release }} main
state: absent
- source: deb https://deb.nodesource.com/node_16.x {{ ansible_facts.distribution_release }} main
- repository: nodesource_10
file: state_present_implicit
- repository: nodesource_12
file: state_present
state: present
- source: deb https://deb.nodesource.com/node_18.x {{ ansible_facts.distribution_release }} main
- repository: nodesource_14
file: state_absent
state: absent
- repository: nodesource_16
file: state_absent_existing
state: absent
- repository: nodesource_18
file: state_ignore
state: ignore
- source: deb https://deb.nodesource.com/node_20.x {{ ansible_facts.distribution_release }} main
- repository: nodesource_20
file: state_ignore_existing
state: ignore
always:
- name: Goss
ansible.builtin.command:
cmd: goss --gossfile - validate
stdin: "{{ lookup('ansible.builtin.template', 'goss/repositories.default.yaml.j2') }}"
changed_when: false

- name: Repositories - Exclusive
tags: [repositories, repositories.exclusive]
hosts: debian
tasks:
- name: Apt keys
ansible.builtin.apt_key:
url: "{{ item.0 }}"
id: "{{ item.1 }}"
loop:
- [http://deb.nodesource.com/gpgkey/nodesource.gpg.key, 68576280]
- name: Apt repositories
ansible.builtin.apt_repository:
repo: "{{ item }}"
loop:
- deb https://deb.nodesource.com/node_12.x {{ ansible_facts.distribution_release }} main
- deb https://deb.nodesource.com/node_14.x {{ ansible_facts.distribution_release }} main
- deb https://deb.nodesource.com/node_16.x {{ ansible_facts.distribution_release }} main
- deb https://deb.nodesource.com/node_18.x {{ ansible_facts.distribution_release }} main
- block: # noqa: name[missing]
- name: Role
- name: Role - Exclusive
ansible.builtin.import_role:
# Play role fully, because of "keys" tasks dependency
name: manala.roles.apt
tasks_from: repositories
vars:
manala_apt_repositories_exclusive: true
manala_apt_repositories_dir: "{{ tests_dir }}/exclusive"
manala_apt_repositories:
- source: deb https://deb.nodesource.com/node_14.x {{ ansible_facts.distribution_release }} main
- source: deb https://deb.nodesource.com/node_18.x {{ ansible_facts.distribution_release }} main
- repository: nodesource_16
file: existing_present
- repository: nodesource_18
file: existing_ignore
state: ignore
- source: deb https://deb.nodesource.com/node_20.x {{ ansible_facts.distribution_release }} main
- repository: nodesource_20
file: ignore
state: ignore
always:
- name: Goss
ansible.builtin.command:
cmd: goss --gossfile - validate
stdin: "{{ lookup('ansible.builtin.template', 'goss/repositories.exclusive.yaml.j2') }}"
stdin: "{{ lookup('ansible.builtin.template', 'goss/repositories.yaml.j2') }}"
changed_when: false

############
Expand Down
112 changes: 100 additions & 12 deletions molecule/apt/goss/keys.yaml.j2
Original file line number Diff line number Diff line change
@@ -1,15 +1,103 @@
---

command:
file:
# Default - From preferences
{{ tests_dir }}/default/sury_php.gpg:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: b3ea944563435e54bb64f181ee8bc26200985d09164cdc4c1702fc3ef051f19d
# Default - From repositories
{{ tests_dir }}/default/nginx.asc:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: dd4da5dc599ef9e7a7ac20a87275024b4923a917a306ab5d53fa77871220ecda
{{ tests_dir }}/default/yarn.asc:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: 8550a7e298b523fffa899069754fc150f2ff74092701e4d4109edd1cd6d5327f
{{ tests_dir }}/default/postgresql.asc:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: 0144068502a1eddd2a0280ede10ef607d1ec592ce819940991203941564e8e76
# Default - Short syntax
{{ tests_dir }}/default/sensu-go.asc:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: e74c2b7fbe75d84b3350a5f0a93df95798d99bc1c0b6399e174b36eb162229ef
# Default - Pattern syntax
{{ tests_dir }}/default/grafana.asc:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: 58052c148058ace26dbd01ce057afa5709fb9d39c8a8ab16800be3f42fc02ab2
# Default - Verbose syntax
{{ tests_dir }}/default/rabbitmq.asc:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: bf3d770e522b9436d9c6bee1b1206cba6800fc64d754b1293471038eb9529138
# Default - Flatten
{{ tests_dir }}/default/multimedia.asc:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: 53aede0e70e642307f91645bd66475ad95d37d2e283749ac9306f88435b2efd9
# Default - State
{{ tests_dir }}/default/state_present_implicit:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: 2fa86e09463b95cc35b30b2ec83e869f0b25c77516e76cfa25458e38901fb01f # mongodb_4_2
{{ tests_dir }}/default/state_present:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: b5b674e0fee2ff6e5f007a59bf3be522f3382f90f2c2c796e4a9b7095eb58e94 # mongodb_4_4
{{ tests_dir }}/default/state_absent:
exists: false
{{ tests_dir }}/default/state_absent_existing:
exists: false
{{ tests_dir }}/default/state_ignore:
exists: false
{{ tests_dir }}/default/state_ignore_existing:
exists: true

"apt-key adv --list-public-keys --with-colons | grep '^pub' | cut -d':' -f 5 | egrep -o '.{8}$'":
exit-status: 0
stdout:
- "95BD4743" # Sury_php
- "7BD9BF62" # Nginx
- "86E50310" # Yarn
- "ACCC4CF8" # PostgreSQL
- "0A3F7426" # Sensu Go
- "056E8E56" # RabbitMQ
- "BC19DDBA" # Galera
- "65558117" # Multimedia
# Exclusive
{{ tests_dir }}/exclusive/existing:
exists: false
{{ tests_dir }}/exclusive/existing_present:
exists: true
filetype: file
owner: root
group: root
mode: "0644"
sha256: 90c79fc38896101706f8e69e26c328d55fbe05afb72128af34091d34cd181bbb # varnish_6_1
{{ tests_dir }}/exclusive/existing_ignore:
exists: false
{{ tests_dir }}/exclusive/ignore:
exists: false
Loading

0 comments on commit f1ac5ae

Please sign in to comment.