repository: make role usable for Ubuntu 24.04 @ ARM (#727)

Signed-off-by: Christian Berendt <[email protected]>

molecule/delegated/tests/repository/centos.py

@@ -3,7 +3,7 @@
 from ..util.util import (
     get_ansible,
     get_variable,
-    get_dist_role_variable,
+    get_dist_arch_role_variable,
     jinja_replacement,
 )
 
@@ -29,7 +29,7 @@ def test_repository_centos_files(host):
     repositories = get_variable(host, "repositories")
 
     if len(repositories) <= 0:
-        repositories = get_dist_role_variable(host, "__repository_default")
+        repositories = get_dist_arch_role_variable(host, "__repository_default")
 
     if len(repositories) > 0:
         ansible_distribution = get_variable(host, "ansible_distribution", True)

molecule/delegated/tests/repository/debian.py

@@ -4,7 +4,7 @@
     get_ansible,
     get_variable,
     get_from_url,
-    get_dist_role_variable,
+    get_dist_arch_role_variable,
     jinja_replacement,
 )
 
@@ -68,10 +68,17 @@ def test_repository_debian_key_files_dir(host):
         assert f.mode == 0o644
 
 
-def test_repository_debian_sources_list_file(host):
+def test_repository_debian_sources_file(host):
     check_ansible_os_family(host)
 
-    f = host.file("/etc/apt/sources.list")
+    ansible_distribution_release = get_variable(
+        host, "ansible_distribution_release", True
+    )
+
+    if ansible_distribution_release in ["noble"]:
+        f = host.file("/etc/apt/sources.list.d/ubuntu.sources")
+    else:
+        f = host.file("/etc/apt/sources.list")
     assert f.exists
     assert f.user == "root"
     assert f.group == "root"
@@ -81,22 +88,14 @@ def test_repository_debian_sources_list_file(host):
     repositories = get_variable(host, "repositories")
 
     if len(repositories) <= 0:
-        repositories = get_dist_role_variable(host, "__repository_default")
+        repositories = get_dist_arch_role_variable(host, "__repository_default")
 
     assert len(repositories) > 0
 
     for repository in repositories:
-        ansible_distribution_release = get_variable(
-            host, "ansible_distribution_release", True
-        )
         repository["name"] = jinja_replacement(
             repository["name"],
             {"ansible_distribution_release": ansible_distribution_release},
         )
-        repository["repository"] = jinja_replacement(
-            repository["repository"],
-            {"ansible_distribution_release": ansible_distribution_release},
-        )
 
         assert repository["name"] in f.content_string
-        assert repository["repository"] in f.content_string

molecule/delegated/tests/util/util.py

@@ -84,6 +84,17 @@ def get_dist_role_variable(host, name):
     )
 
 
+def get_dist_arch_role_variable(host, name):
+    return get_role_variable(
+        host,
+        name,
+        get_variable(host, "ansible_distribution", True)
+        + "-"
+        + get_variable(host, "ansible_architecture", True)
+        + ".yml",
+    )
+
+
 def get_from_url(url, binary=False):
     # Create a request object with a faked User-Agent header.
     # Some websites like https://pkg.osquery.io/rpm/GPG need this, otherwise they will return http 403 forbidden.

roles/repository/tasks/AlmaLinux.yml

@@ -0,0 +1 @@
+RedHat.yml

roles/repository/tasks/CentOS.yml

@@ -0,0 +1 @@
+RedHat.yml

roles/repository/tasks/repository-Debian-family.yml → roles/repository/tasks/Debian.yml

@@ -28,9 +28,9 @@
   when:
     - repository_key_ids
 
-# NOTE: We ignore errors that can occur during the seeding of the
-#       environment in constellations where the repository keys are
-#       still missing.
+# We ignore errors that can occur during the seeding of the
+# environment in constellations where the repository keys are
+# still missing.
 - name: Check if the keys directory exists
   ansible.builtin.stat:
     path: "{{ repository_key_files_directory }}"
@@ -54,8 +54,7 @@
   when:
     - result is defined and result.stat.isdir is defined and result.stat.isdir
 
-# NOTE: Not using apt_repository here because it requires python-apt.
-
+# Not using apt_repository here because it requires python-apt.
 - name: Copy source.list file
   become: true
   ansible.builtin.template:

roles/repository/tasks/Rocky.yml

@@ -0,0 +1 @@
+RedHat.yml

roles/repository/tasks/Ubuntu.yml

@@ -0,0 +1,47 @@
+---
+- name: Create /etc/apt/sources.list.d directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/apt/sources.list.d
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Include tasks for Ubuntu < 24.04
+  ansible.builtin.include_tasks: Debian.yml
+  when: "ansible_distribution_version is version('24.04', '<')"
+
+- name: Copy 99osism apt configuration
+  become: true
+  ansible.builtin.template:
+    src: 99osism.j2
+    dest: /etc/apt/apt.conf.d/99osism
+    mode: 0644
+  when: "ansible_distribution_version is version('24.04', '>=')"
+
+- name: Remove sources.list file
+  become: true
+  ansible.builtin.file:
+    path: /etc/apt/source.list
+    state: absent
+  when: "ansible_distribution_version is version('24.04', '>=')"
+
+- name: Copy ubuntu.sources file
+  become: true
+  ansible.builtin.template:
+    src: ubuntu.sources.j2
+    dest: /etc/apt/sources.list.d/ubuntu.sources
+    owner: root
+    group: root
+    mode: 0644
+    backup: true
+  notify: Force update of package cache
+  when: "ansible_distribution_version is version('24.04', '>=')"
+
+- name: Update package cache
+  become: true
+  ansible.builtin.apt:
+    cache_valid_time: "{{ repository_cache_valid_time }}"
+    lock_timeout: "{{ apt_lock_timeout | default(300) }}"
+  when: "ansible_distribution_version is version('24.04', '>=')"

roles/repository/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
 - name: Gather variables for each operating system
-  ansible.builtin.include_vars: "{{ ansible_distribution }}-dist.yml"
+  ansible.builtin.include_vars: "{{ ansible_distribution }}-{{ ansible_architecture }}.yml"
 
-- name: Set repository_default variable to default value
+- name: Set repository_default fact to default value
   ansible.builtin.set_fact:
     repository_default: "{{ __repository_default }}"
   when: repository_default | default(None) == None
@@ -13,4 +13,4 @@
   when: repositories | length == 0
 
 - name: Include distribution specific repository tasks
-  ansible.builtin.include_tasks: "repository-{{ ansible_os_family }}-family.yml"
+  ansible.builtin.include_tasks: "{{ ansible_distribution }}.yml"

roles/repository/templates/ubuntu.sources.j2

@@ -0,0 +1,10 @@
+# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
+
+{% for item in repositories %}
+Types: deb
+URIs: {{ item.deb822_uris }}
+Suites: {{ item.name }}
+Components: {{ item.deb822_components }}
+Signed-By: {{ item.deb822_signed_by }}
+{{ '' if loop.last else '\n' }}
+{% endfor %}

roles/repository/vars/Ubuntu-aarch64.yml

@@ -0,0 +1,20 @@
+# We only support ARM as of Ubuntu 24.04. Therefore, only the new
+# DEB822 format is used here.
+---
+__repository_default:
+  - name: "{{ ansible_distribution_release }}"
+    deb822_uris: http://ports.ubuntu.com/ubuntu-ports/
+    deb822_components: main restricted universe multiverse
+    deb822_signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+  - name: "{{ ansible_distribution_release }}-backports"
+    deb822_uris: http://ports.ubuntu.com/ubuntu-ports/
+    deb822_components: main restricted universe multiverse
+    deb822_signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+  - name: "{{ ansible_distribution_release }}-security"
+    deb822_uris: http://ports.ubuntu.com/ubuntu-ports/
+    deb822_components: main restricted universe multiverse
+    deb822_signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+  - name: "{{ ansible_distribution_release }}-updates"
+    deb822_uris: http://ports.ubuntu.com/ubuntu-ports/
+    deb822_components: main restricted universe multiverse
+    deb822_signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg

roles/repository/vars/Ubuntu-x86_64.yml

@@ -0,0 +1,22 @@
+---
+__repository_default:
+  - name: "{{ ansible_distribution_release }}"
+    repository: "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted universe multiverse"
+    deb822_uris: http://de.archive.ubuntu.com/ubuntu/
+    deb822_components: main restricted universe multiverse
+    deb822_signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+  - name: "{{ ansible_distribution_release }}-backports"
+    repository: "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-backports main restricted universe multiverse"
+    deb822_uris: http://de.archive.ubuntu.com/ubuntu/
+    deb822_components: main restricted universe multiverse
+    deb822_signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+  - name: "{{ ansible_distribution_release }}-security"
+    repository: "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-security main restricted universe multiverse"
+    deb822_uris: http://de.archive.ubuntu.com/ubuntu/
+    deb822_components: main restricted universe multiverse
+    deb822_signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+  - name: "{{ ansible_distribution_release }}-updates"
+    repository: "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates main restricted universe multiverse"
+    deb822_uris: http://de.archive.ubuntu.com/ubuntu/
+    deb822_components: main restricted universe multiverse
+    deb822_signed_by: /usr/share/keyrings/ubuntu-archive-keyring.gpg