Replace with ansible.builtin.deb822_repository

alvistack · Jan 14, 2025 · 0323576 · 0323576
1 parent 1c25eef
commit 0323576
Show file tree

Hide file tree

Showing 21 changed files with 169 additions and 106 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -13,9 +13,9 @@
 
 .script-bootstrap-python: &script-bootstrap-python
   - |
-    if ! [[ -x "$(command -v pipx)" ]]; then
+    if ! [[ -x "$(command -v pipx)" && -x "$(command -v flake8)" && -x "$(command -v yamllint)" ]]; then
       export DEBIAN_FRONTEND="noninteractive"
-      echo -e "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
+      printf "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04\n" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
       curl -fsSL https://downloadcontent.opensuse.org/repositories/home:alvistack/xUbuntu_24.04/Release.key | sudo tee /etc/apt/keyrings/alvistack.asc > /dev/null
       sudo -E apt-get update
       sudo -E apt-get install -y bzip2 ca-certificates curl flake8 gcc gnupg gzip iproute2 pipx procps python3 python3-apt python3-cryptography python3-flake8 python3-jmespath python3-lxml python3-netaddr python3-pip python3-setuptools python3-venv python3-virtualenv python3-wheel sudo tar unzip xz-utils yamllint zip
@@ -27,9 +27,9 @@
 
 .script-bootstrap-ansible: &script-bootstrap-ansible
   - |
-    if ! [[ -x "$(command -v ansible)" ]]; then
+    if ! [[ -x "$(command -v ansible)" && -x "$(command -v ansible-lint)" ]]; then
       export DEBIAN_FRONTEND="noninteractive"
-      echo -e "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
+      printf "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04\n" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
       curl -fsSL https://downloadcontent.opensuse.org/repositories/home:alvistack/xUbuntu_24.04/Release.key | sudo tee /etc/apt/keyrings/alvistack.asc > /dev/null
       sudo -E apt-get update
       sudo -E apt-get install -y ansible ansible-lint python3-docker python3-netaddr python3-vagrant
@@ -41,7 +41,7 @@
   - |
     if ! [[ -x "$(command -v molecule)" ]]; then
       export DEBIAN_FRONTEND="noninteractive"
-      echo -e "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
+      printf "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04\n" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
       curl -fsSL https://downloadcontent.opensuse.org/repositories/home:alvistack/xUbuntu_24.04/Release.key | sudo tee /etc/apt/keyrings/alvistack.asc > /dev/null
       sudo -E apt-get update
       sudo -E apt-get install -y python3-molecule python3-molecule-plugins
@@ -52,7 +52,7 @@
   - |
     if ! [[ -x "$(command -v docker)" ]]; then
       export DEBIAN_FRONTEND="noninteractive"
-      echo -e "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
+      printf "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04\n" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
       curl -fsSL https://downloadcontent.opensuse.org/repositories/home:alvistack/xUbuntu_24.04/Release.key | sudo tee /etc/apt/keyrings/alvistack.asc > /dev/null
       sudo -E apt-get update
       sudo -E apt-get install -y crun podman podman-docker
@@ -63,7 +63,7 @@
   - |
     if ! [[ -x "$(command -v packer)" ]]; then
       export DEBIAN_FRONTEND="noninteractive"
-      echo -e "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
+      printf "Components:\nEnabled: yes\nX-Repolib-Name: alvistack\nSigned-By: /etc/apt/keyrings/alvistack.asc\nSuites: /\nTypes: deb\nURIs: http://downloadcontent.opensuse.org/repositories/home:/alvistack/xUbuntu_24.04\n" | sudo tee /etc/apt/sources.list.d/alvistack.sources > /dev/null
       curl -fsSL https://downloadcontent.opensuse.org/repositories/home:alvistack/xUbuntu_24.04/Release.key | sudo tee /etc/apt/keyrings/alvistack.asc > /dev/null
       sudo -E apt-get update
       sudo -E apt-get install -y packer packer-plugin-libvirt

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## YYYYMMDD.Y.Z - TBC
 
+- Replace with `ansible.builtin.deb822_repository`
+- Support Ansible community package 11.1.0
 - Support Ansible community package 11.0.0
 - Support Ubuntu 24.10
 - Support Ansible community package 10.5.0

diff --git a/packer/postgres-15-docker/packer.json b/packer/postgres-15-docker/packer.json
@@ -32,6 +32,16 @@
     }
   ],
   "provisioners": [
+    {
+      "inline": [
+        "set -eu",
+        "rm -rf /etc/apt/sources.list*",
+        "mkdir -p /etc/apt/sources.list.d",
+        "printf \"Components: main universe restricted multiverse\nEnabled: yes\nX-Repolib-Name: ubuntu\nSigned-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg\nSuites: noble noble-updates noble-backports\nTypes: deb\nURIs: http://archive.ubuntu.com/ubuntu\n\" | tee /etc/apt/sources.list.d/ubuntu.sources > /dev/null",
+        "printf \"Components: main universe restricted multiverse\nEnabled: yes\nX-Repolib-Name: ubuntu-security\nSigned-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg\nSuites: noble-security\nTypes: deb\nURIs: http://security.ubuntu.com/ubuntu\n\" | tee /etc/apt/sources.list.d/ubuntu-security.sources > /dev/null"
+      ],
+      "type": "shell"
+    },
     {
       "inline": [
         "set -eu",

diff --git a/packer/postgres-16-docker/packer.json b/packer/postgres-16-docker/packer.json
@@ -32,6 +32,16 @@
     }
   ],
   "provisioners": [
+    {
+      "inline": [
+        "set -eu",
+        "rm -rf /etc/apt/sources.list*",
+        "mkdir -p /etc/apt/sources.list.d",
+        "printf \"Components: main universe restricted multiverse\nEnabled: yes\nX-Repolib-Name: ubuntu\nSigned-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg\nSuites: noble noble-updates noble-backports\nTypes: deb\nURIs: http://archive.ubuntu.com/ubuntu\n\" | tee /etc/apt/sources.list.d/ubuntu.sources > /dev/null",
+        "printf \"Components: main universe restricted multiverse\nEnabled: yes\nX-Repolib-Name: ubuntu-security\nSigned-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg\nSuites: noble-security\nTypes: deb\nURIs: http://security.ubuntu.com/ubuntu\n\" | tee /etc/apt/sources.list.d/ubuntu-security.sources > /dev/null"
+      ],
+      "type": "shell"
+    },
     {
       "inline": [
         "set -eu",

diff --git a/packer/postgres-17-docker/packer.json b/packer/postgres-17-docker/packer.json
@@ -32,6 +32,16 @@
     }
   ],
   "provisioners": [
+    {
+      "inline": [
+        "set -eu",
+        "rm -rf /etc/apt/sources.list*",
+        "mkdir -p /etc/apt/sources.list.d",
+        "printf \"Components: main universe restricted multiverse\nEnabled: yes\nX-Repolib-Name: ubuntu\nSigned-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg\nSuites: noble noble-updates noble-backports\nTypes: deb\nURIs: http://archive.ubuntu.com/ubuntu\n\" | tee /etc/apt/sources.list.d/ubuntu.sources > /dev/null",
+        "printf \"Components: main universe restricted multiverse\nEnabled: yes\nX-Repolib-Name: ubuntu-security\nSigned-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg\nSuites: noble-security\nTypes: deb\nURIs: http://security.ubuntu.com/ubuntu\n\" | tee /etc/apt/sources.list.d/ubuntu-security.sources > /dev/null"
+      ],
+      "type": "shell"
+    },
     {
       "inline": [
         "set -eu",

diff --git a/playbooks/prepare.yml b/playbooks/prepare.yml
@@ -119,7 +119,7 @@
     - name: debian | apt-get install *.deb
       ansible.builtin.raw: |
         set -eu
-        DEBIAN_FRONTEND=noninteractive apt-get install -y bzip2 ca-certificates curl gcc gnupg gzip hostname iproute2 passwd procps python3 python3-apt python3-jmespath python3-lxml python3-pip python3-setuptools python3-venv python3-virtualenv python3-wheel rsync sudo tar unzip util-linux xz-utils zip
+        DEBIAN_FRONTEND=noninteractive apt-get install -y bzip2 ca-certificates curl gcc gnupg gzip hostname iproute2 passwd procps python3 python3-apt python3-debian python3-jmespath python3-lxml python3-pip python3-setuptools python3-venv python3-virtualenv python3-wheel rsync sudo tar unzip util-linux xz-utils zip
       args:
         executable: /bin/bash
       when: ansible_os_family | lower == "debian"

diff --git a/playbooks/tasks/debian.yml b/playbooks/tasks/debian.yml
@@ -23,18 +23,21 @@
   loop:
     - { dest: /etc/apt/preferences.d/99-backports.pref }
     - { dest: /etc/apt/preferences.d/nosnap.pref }
-    - { dest: /etc/apt/sources.list }
 
-- name: prepare files
-  ansible.builtin.file:
-    dest: "{{ item.dest }}"
-    owner: "{{ item.owner | default('root') }}"
-    group: "{{ item.group | default('root') }}"
-    mode: "{{ item.mode | default('0644') }}"
-    state: "{{ item.state | default('file') }}"
-  loop:
-    - { dest: /etc/apt/sources.list.d/debian.sources, state: absent }
-    - { dest: /etc/apt/sources.list.d/ubuntu.sources, state: absent }
+- name: apt-add-repository
+  ansible.builtin.deb822_repository:
+    name: "{{ item.name }}"
+    types: "{{ item.types }}"
+    uris: "{{ item.uris }}"
+    suites: "{{ item.suites }}"
+    components: "{{ item.components }}"
+    signed_by: "{{ item.signed_by }}"
+    enabled: "{{ item.enabled }}"
+    state: "{{ item.state }}"
+    architectures: "{{ item.architectures | default(None) or omit }}"
+  loop: "{{ _deb822_repository }}"
+  register: result
+  until: result is succeeded
 
 - name: apt-get update
   ansible.builtin.apt:

diff --git a/playbooks/templates/etc/apt/sources.list.j2 b/playbooks/templates/etc/apt/sources.list.j2
diff --git a/playbooks/vars/debian-12.yml b/playbooks/vars/debian-12.yml
@@ -14,6 +14,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+_deb822_repository:
+  - name: debian
+    types: deb
+    uris: http://deb.debian.org/debian
+    suites: bookworm bookworm-updates
+    components: main contrib non-free non-free-firmware
+    signed_by: /usr/share/keyrings/debian-archive-keyring.gpg
+    enabled: true
+    state: present
+  - name: debian-security
+    types: deb
+    uris: http://deb.debian.org/debian-security
+    suites: bookworm-security
+    components: main contrib non-free non-free-firmware
+    signed_by: /usr/share/keyrings/debian-archive-keyring.gpg
+    enabled: true
+    state: present
+
 _apt:
   - { state: latest, name: ca-certificates }
   - { state: latest, name: curl }

diff --git a/playbooks/vars/debian.yml b/playbooks/vars/debian.yml
@@ -14,6 +14,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+_deb822_repository:
+  - name: debian
+    types: deb
+    uris: http://deb.debian.org/debian
+    suites: testing testing-updates
+    components: main contrib non-free non-free-firmware
+    signed_by: /usr/share/keyrings/debian-archive-keyring.gpg
+    enabled: true
+    state: present
+  - name: debian-security
+    types: deb
+    uris: http://deb.debian.org/debian-security
+    suites: testing-security
+    components: main contrib non-free non-free-firmware
+    signed_by: /usr/share/keyrings/debian-archive-keyring.gpg
+    enabled: true
+    state: present
+
 _apt:
   - { state: latest, name: ca-certificates }
   - { state: latest, name: curl }

diff --git a/playbooks/vars/ubuntu-20.04.yml b/playbooks/vars/ubuntu-20.04.yml
@@ -14,6 +14,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+_deb822_repository:
+  - name: ubuntu
+    types: deb
+    uris: http://archive.ubuntu.com/ubuntu
+    suites: focal focal-updates focal-backports
+    components: main universe restricted multiverse
+    signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+    enabled: true
+    state: present
+  - name: ubuntu-security
+    types: deb
+    uris: http://security.ubuntu.com/ubuntu
+    suites: focal-security
+    components: main universe restricted multiverse
+    signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+    enabled: true
+    state: present
+
 _apt:
   - { state: latest, name: ca-certificates }
   - { state: latest, name: curl }

diff --git a/playbooks/vars/ubuntu-22.04.yml b/playbooks/vars/ubuntu-22.04.yml
@@ -14,6 +14,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+_deb822_repository:
+  - name: ubuntu
+    types: deb
+    uris: http://archive.ubuntu.com/ubuntu
+    suites: jammy jammy-updates jammy-backports
+    components: main universe restricted multiverse
+    signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+    enabled: true
+    state: present
+  - name: ubuntu-security
+    types: deb
+    uris: http://security.ubuntu.com/ubuntu
+    suites: jammy-security
+    components: main universe restricted multiverse
+    signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+    enabled: true
+    state: present
+
 _apt:
   - { state: latest, name: ca-certificates }
   - { state: latest, name: curl }

diff --git a/playbooks/vars/ubuntu-24.04.yml b/playbooks/vars/ubuntu-24.04.yml
@@ -14,6 +14,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+_deb822_repository:
+  - name: ubuntu
+    types: deb
+    uris: http://archive.ubuntu.com/ubuntu
+    suites: noble noble-updates noble-backports
+    components: main universe restricted multiverse
+    signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+    enabled: true
+    state: present
+  - name: ubuntu-security
+    types: deb
+    uris: http://security.ubuntu.com/ubuntu
+    suites: noble-security
+    components: main universe restricted multiverse
+    signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+    enabled: true
+    state: present
+
 _apt:
   - { state: latest, name: ca-certificates }
   - { state: latest, name: curl }