switch to ansible.builtin.deb822_repository and refactor apt reposito…

…ry configuration
alphanodes · Dec 6, 2023 · 10fb307 · 10fb307
1 parent 0290323
commit 10fb307
Show file tree

Hide file tree

Showing 19 changed files with 265 additions and 156 deletions.
diff --git a/roles/gitlab/defaults/main.yml b/roles/gitlab/defaults/main.yml
@@ -65,8 +65,12 @@ gitlab_puma_threads_min: 1
 gitlab_puma_threads_max: 16
 
 gitlab_rvm_ruby: true
-gitlab_rvm_ruby_ppa: false
-gitlab_rvm_ruby_ppa_key_url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x8094BB14F4E3FBBE
+gitlab_rvm_ruby_apt: false
+gitlab_rvm_ruby_apt_url: https://ppa.launchpadcontent.net/rael-gc/rvm/ubuntu
+gitlab_rvm_ruby_apt_suites: '{{ ansible_distribution_release | lower }}'
+gitlab_rvm_ruby_apt_components: main
+gitlab_rvm_ruby_apt_key_url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x8094BB14F4E3FBBE
+
 gitlab_rvm_ruby_path: '{{ gitlab_home }}/.rvm/wrappers/default'
 # This Version is fixed in .ruby_version
 # gitaly ruby should be rerun (on version change, manually is required - see gitlab_gitaly.yml)
@@ -170,8 +174,9 @@ gitlab_packages:
 # see https://docs.gitlab.com/ee/install/installation.html#3-go
 # NOTE: version should be tests in gitlab pipeline
 # SEE https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/ci/workhorse.gitlab-ci.yml#L30
+# https://go.dev/dl/ -> linux-amd64.tar.gz
 gitlab_go_version: '1.20.12'
-gitlab_go_sha256_checksum: ef79a11aa095a08772d2a69e4f152f897c4e96ee297b0dc20264b7dec2961abe
+gitlab_go_sha256_checksum: 9c5d48c54dd8b0a3b2ef91b0f92a1190aa01f11d26e98033efa64c46a30bba7b
 
 gitlab_nginx_auth_realm: 'Code access is restricted'
 gitlab_nginx_client_max_body_size: '0'

diff --git a/roles/gitlab/tasks/ruby.yml b/roles/gitlab/tasks/ruby.yml
@@ -13,20 +13,34 @@
 - name: Install rvm with ppa {{ gitlab_ruby_version }}
   when:
     - gitlab_rvm_ruby
-    - gitlab_rvm_ruby_ppa
+    - gitlab_rvm_ruby_apt
   block:
-    - name: Add rvm-rael-gc apt key.
-      ansible.builtin.get_url:
-        url: '{{ gitlab_rvm_ruby_ppa_key_url }}'
-        dest: /etc/apt/trusted.gpg.d/rvm-ppa.asc
-        mode: 0644
-        force: true
+    - name: Remove old apt repository files
+      ansible.builtin.file:
+        path: '{{ item }}'
+        state: absent
+      loop:
+        - /etc/apt/sources.list.d/ppa_launchpadcontent_net_rael_gc_rvm_ubuntu.list
+        - /etc/apt/trusted.gpg.d/rvm-ppa.asc
 
+    # see https://docs.ansible.com/ansible/latest/collections/ansible/builtin/deb822_repository_module.html
     - name: Add rvm apt repository
-      ansible.builtin.apt_repository:
-        repo: 'deb https://ppa.launchpadcontent.net/rael-gc/rvm/ubuntu/ {{ ansible_distribution_release | lower }} main'
-        update_cache: true
+      ansible.builtin.deb822_repository:
+        name: rvm
+        uris: '{{ gitlab_rvm_ruby_apt_url }}'
+        types: deb
+        suites: '{{ gitlab_rvm_ruby_apt_suites }}'
+        components: '{{ gitlab_rvm_ruby_apt_components }}'
+        signed_by: '{{ gitlab_rvm_ruby_apt_key_url }}'
         state: present
+      register: rvm_repo
+
+    - name: Update apt cache
+      apt:
+        update_cache: true
+      when: rvm_repo.changed
+      tags:
+        - skip_ansible_lint
 
     - name: Pinning libssl-dev
       ansible.builtin.template:
@@ -56,16 +70,17 @@
 - name: Install rvm without ppa {{ gitlab_ruby_version }}
   when:
     - gitlab_rvm_ruby
-    - not gitlab_rvm_ruby_ppa
+    - not gitlab_rvm_ruby_apt
   block:
-    - name: Remove ppa files
+    - name: Remove openssl apt configuration
       ansible.builtin.file:
-        path: '{{ item }}'
+        path: /etc/apt/preferences.d/openssl
+        state: absent
+
+    - name: Remove rvm apt repository
+      ansible.builtin.deb822_repository:
+        name: rvm
         state: absent
-      loop:
-        - /etc/apt/trusted.gpg.d/rvm-ppa.asc
-        - /etc/apt/preferences.d/openssl
-        - /etc/apt/sources.list.d/ppa_launchpadcontent_net_rael_gc_rvm_ubuntu.list
 
     - name: Remove PPA package
       ansible.builtin.apt:

diff --git a/roles/gitlab/tasks/setup.yml b/roles/gitlab/tasks/setup.yml
@@ -71,7 +71,7 @@
   vars:
     zsh_user: '{{ gitlab_user }}'
     zsh_with_setup: false
-    zsh_with_rvm: '{{ gitlab_rvm_ruby and not gitlab_rvm_ruby_ppa }}'
+    zsh_with_rvm: '{{ gitlab_rvm_ruby and not gitlab_rvm_ruby_apt }}'
     zsh_with_ruby: true
     zsh_user_home: '{{ gitlab_home }}'
     zsh_local_exports:
@@ -95,7 +95,7 @@
     append: true
   when:
     - gitlab_rvm_ruby
-    - gitlab_rvm_ruby_ppa
+    - gitlab_rvm_ruby_apt
 
 # @see https://gitlab.com/gitlab-org/gitlab-workhorse/-/issues/129
 - name: Add redis and www-data to gitlab group

diff --git a/roles/goaccess/defaults/main.yml b/roles/goaccess/defaults/main.yml
@@ -4,12 +4,14 @@
 goaccess_packages:
   - goaccess
 
-goaccess_repo_key_url: https://deb.goaccess.io/gnugpg.key
-goaccess_repo_url: 'deb http://deb.goaccess.io/ {{ ansible_distribution_release }} main'
+goaccess_apt_url: http://deb.goaccess.io/
+goaccess_apt_key_url: https://deb.goaccess.io/gnugpg.key
+goaccess_apt_suites: "{{ ansible_distribution_release }}"
+goaccess_apt_components: main
 
-geoaccess_from_source: true
-geoaccess_source_repo: https://github.com/allinurl/goaccess.git
-geoaccess_source_version: v1.6
+goaccess_from_source: true
+goaccess_source_repo: https://github.com/allinurl/goaccess.git
+goaccess_source_version: v1.6
 
 goaccess_from_source_packages:
   - autoconf

diff --git a/roles/goaccess/tasks/setup_binary.yml b/roles/goaccess/tasks/setup_binary.yml
@@ -1,19 +1,43 @@
 ---
 
-- name: Add goaccess GPG key
-  ansible.builtin.get_url:
-    url: '{{ goaccess_repo_key_url }}'
-    dest: /etc/apt/trusted.gpg.d/goaccess.asc
-    mode: 0644
-    force: true
+- name: Install binary
+  when: not goaccess_from_source
+  block:
+    - name: Remove old apt repository files
+      ansible.builtin.file:
+        path: '{{ item }}'
+        state: absent
+      loop:
+        - /etc/apt/trusted.gpg.d/goaccess.asc
 
-- name: Add goaccess debian repository
-  ansible.builtin.apt_repository:
-    repo: '{{ goaccess_repo_url }}'
-    update_cache: true
-    state: "{{ 'absent' if geoaccess_from_source else 'present' }}"
+    # see https://docs.ansible.com/ansible/latest/collections/ansible/builtin/deb822_repository_module.html
+    - name: Add goaccess apt repository
+      ansible.builtin.deb822_repository:
+        name: goaccess
+        uris: '{{ goaccess_apt_url }}'
+        types: deb
+        suites: '{{ goaccess_apt_suites }}'
+        components: '{{ goaccess_apt_components }}'
+        signed_by: '{{ goaccess_apt_key_url }}'
+        state: present
+      register: goaccess_repo
 
-- name: Be sure goaccess packages are installed
-  ansible.builtin.apt:
-    name: '{{ goaccess_packages }}'
-    state: "{{ 'absent' if geoaccess_from_source else 'present' }}"
+    - name: Update apt cache
+      apt:
+        update_cache: true
+      when: goaccess_repo.changed
+      tags:
+        - skip_ansible_lint
+
+    - name: Be sure goaccess packages are installed
+      ansible.builtin.apt:
+        name: '{{ goaccess_packages }}'
+        state: present
+
+- name: Remove binary
+  when: goaccess_from_source
+  block:
+    - name: Remove goaccess apt repository
+      ansible.builtin.deb822_repository:
+        name: goaccess
+        state: absent
diff --git a/roles/goaccess/tasks/setup_source.yml b/roles/goaccess/tasks/setup_source.yml
@@ -7,10 +7,10 @@
     state: absent
   loop:
     - '{{ goaccess_from_source_build_dir }}'
-  when: not geoaccess_from_source
+  when: not goaccess_from_source
 
 - name: Run from source tasks
-  when: geoaccess_from_source
+  when: goaccess_from_source
   block:
     # do not remove packages, if not from source, because these packages could be used by other roles
     - name: Be sure goaccess source packages are installed
@@ -20,9 +20,9 @@
 
     - name: Get source code to compile
       ansible.builtin.git:
-        repo: "{{ geoaccess_source_repo }}"
+        repo: "{{ goaccess_source_repo }}"
         dest: "{{ goaccess_from_source_build_dir }}"
-        version: "{{ geoaccess_source_version | default('master') }}"
+        version: "{{ goaccess_source_version | default('master') }}"
         force: true
       become: true
       register: goaccess_git_changed

diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml
@@ -3,8 +3,9 @@
 mongodb_package: mongodb-org
 mongodb_version: '5.0'
 
-mongodb_apt_debian_url: "deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }} main"
-mongodb_apt_ubuntu_url: "deb http://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }} multiverse"
+mongodb_apt_url: http://repo.mongodb.org/apt/{{ ansible_distribution | lower }}
+mongodb_apt_suites: "{{ ansible_distribution_release }}/mongodb-org/{{ mongodb_version }}"
+mongodb_apt_components: "{{ 'multiverse' if ansible_distribution == 'Ubuntu' else 'main' }}"
 
 mongodb_apt_key_url: https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc
 

diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml
@@ -2,37 +2,36 @@
 - name: Establish some role-related facts
   ansible.builtin.set_fact:
     mongodb_major_version: "{{ mongodb_version[0:3] | string }}"
-    mongodb_apt_url: "{{ mongodb_apt_ubuntu_url if ansible_distribution == 'Ubuntu' else mongodb_apt_debian_url }}"
 
-- name: Add mongodb gpg key
-  ansible.builtin.get_url:
-    url: "{{ mongodb_apt_key_url }}"
-    dest: /etc/apt/trusted.gpg.d/mongodb.asc
-    mode: 0644
-    force: true
-
-- name: Fail when used wrong mongodb_version variable
-  ansible.builtin.fail:
-    msg: "mongodb_version is not defined"
-  when: >
-    mongodb_package == 'mongodb-org' and
-    mongodb_version is not defined
-
-- name: Show apt url
-  ansible.builtin.debug:
-    msg: "mongodb_apt_url = {{ mongodb_apt_url }}"
-
-- name: Ensure apt sources list for mongodb.org sources is present
-  ansible.builtin.apt_repository:
-    repo: '{{ mongodb_apt_url }}'
-    update_cache: true
-    state: present
+- name: Mongodb-org block
   when: mongodb_package == 'mongodb-org'
+  block:
+    - name: Remove old apt repository files
+      ansible.builtin.file:
+        path: '{{ item }}'
+        state: absent
+      loop:
+        - /etc/apt/sources.list.d/repo_mongodb_org_apt_debian.list
+        - /etc/apt/trusted.gpg.d/mongodb.asc
 
-- name: Apt cache update - does not work with ansible.builtin.apt_repository
-  ansible.builtin.apt:
-    update_cache: true
-  when: mongodb_package == 'mongodb-org'
+    # see https://docs.ansible.com/ansible/latest/collections/ansible/builtin/deb822_repository_module.html
+    - name: Add mongodb apt repository
+      ansible.builtin.deb822_repository:
+        name: mongodb
+        uris: '{{ mongodb_apt_url }}'
+        types: deb
+        suites: '{{ mongodb_apt_suites }}'
+        components: '{{ mongodb_apt_components }}'
+        signed_by: '{{ mongodb_apt_key_url }}'
+        state: present
+      register: mongo_repo
+
+    - name: Update apt cache
+      apt:
+        update_cache: true
+      when: mongo_repo.changed
+      tags:
+        - skip_ansible_lint
 
 - name: Install MongoDB package
   ansible.builtin.apt:

diff --git a/roles/mysql_client/defaults/main.yml b/roles/mysql_client/defaults/main.yml
@@ -3,13 +3,14 @@
 
 # use mysql.com packages (only with Debian)
 mysql_with_mysql_com: true
-mysql_local_apt_key: true
-
 mysql_apt_repo_version: '8.0'
-mysql_apt_repo_version_prev: '5.7'
+
+mysql_apt_url: https://repo.mysql.com/apt/debian/
+# if not specified, local key is used
+# mysql_apt_key_url: https://url_to_gpg_key
+mysql_apt_suites: '{{ ansible_distribution_release | lower }}'
+mysql_apt_components: 'mysql-{{ mysql_apt_repo_version }}'
 
 mysql_client_packages:
  - mysql-client
  - python3-mysqldb
-
-mysql_apt_repo_url: 'deb https://repo.mysql.com/apt/debian/ {{ ansible_distribution_release | lower }} mysql-{{ mysql_apt_repo_version }}'
diff --git a/roles/mysql_client/tasks/main.yml b/roles/mysql_client/tasks/main.yml
@@ -2,8 +2,10 @@
 - name: Include vars
   ansible.builtin.import_tasks: include-vars.yml
 
-- name: Include repo tasks
+# mysql is available on ubuntu without additional repo
+- name: Include repo tasks for debian
   ansible.builtin.include_tasks: repo.yml
+  when: ansible_distribution == 'Debian'
   tags:
     - mysql
     - repo

diff --git a/roles/mysql_client/tasks/repo.yml b/roles/mysql_client/tasks/repo.yml
@@ -1,32 +1,43 @@
 ---
 
-- name: Ensure apt key for mysql.com is present (local key)
-  ansible.builtin.copy:
-    src: mysql.gpg
-    dest: /etc/apt/trusted.gpg.d/mysql.gpg
-    mode: 0644
-  when:
-    - mysql_with_mysql_com
-    - mysql_local_apt_key
+- name: Remove mysql apt repository
+  ansible.builtin.deb822_repository:
+    name: mysql
+    state: absent
+  when: not mysql_with_mysql_com
 
-# url for remote key is not available - dep package is provided by mysql.com
-# - name: Ensure apt key for mysql.com is present (remote key)
-#   ansible.builtin.get_url:
-#     url: "{{ mysql_repo_key_url }}"
-#     dest: /etc/apt/trusted.gpg.d/mysql.asc
-#     mode: 0644
-#     force: true
-#   when: not mysql_local_key
+- name: MySQL.com block
+  when: mysql_with_mysql_com
+  block:
+    - name: Use local gpg key for apt repository
+      ansible.builtin.copy:
+        src: mysql.gpg
+        dest: '{{ mysql_apt_repo_key_file }}'
+        mode: 0644
+      when: mysql_apt_key_url is not defined
 
-- name: Ensure apt sources list for mysql.com sources is present
-  ansible.builtin.apt_repository:
-    repo: '{{ mysql_apt_repo_url }}'
-    update_cache: true
-    state: "{{ 'present' if ansible_distribution == 'Debian' and mysql_with_mysql_com else 'absent' }}"
+    - name: Remove old apt repository files
+      ansible.builtin.file:
+        path: '{{ item }}'
+        state: absent
+      loop:
+        - /etc/apt/sources.list.d/repo_mysql_com_apt_debian.list
 
-- name: Remove previous apt sources list from apt sources
-  ansible.builtin.apt_repository:
-    repo: 'deb http://repo.mysql.com/apt/debian/ {{ ansible_distribution_release | lower }} mysql-{{ mysql_apt_repo_version_prev }}'
-    update_cache: true
-    state: absent
-  when: mysql_with_mysql_com
+    # see https://docs.ansible.com/ansible/latest/collections/ansible/builtin/deb822_repository_module.html
+    - name: Add mysql apt repository
+      ansible.builtin.deb822_repository:
+        name: mysql
+        uris: "{{ mysql_apt_url }}"
+        types: deb
+        suites: '{{ mysql_apt_suites }}'
+        components: '{{ mysql_apt_components }}'
+        signed_by: "{{ mysql_apt_key_url | default(mysql_apt_repo_key_file) }}"
+        state: present
+      register: mysql_repo
+
+    - name: Update apt cache.
+      apt:
+        update_cache: true
+      when: mysql_repo.changed
+      tags:
+        - skip_ansible_lint
diff --git a/roles/mysql_client/vars/main.yml b/roles/mysql_client/vars/main.yml
@@ -0,0 +1 @@
+mysql_apt_repo_key_file: /etc/apt/trusted.gpg.d/mysql.gpg
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		mysql_apt_repo_key_file: /etc/apt/trusted.gpg.d/mysql.gpg
Check warning on line 1 in roles/mysql_client/vars/main.yml View workflow job for this annotation GitHub Actions / build `1:1 [document-start] missing document start "---"`