From e4345c217ee0ac8e4ec790e45c98f0f603052a2c Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sat, 4 Apr 2020 15:35:37 -0400 Subject: [PATCH] ensure-package-repositories: Add role This role allows users to supply a common variable and it will contain all the logic to configure the correct repository based on their operating system. Co-Authored-By: Andreas Jaeger Change-Id: I4a3ab5f099c2e4671b78c751d8f0e8ccf2304afa --- doc/source/system-roles.rst | 1 + roles/ensure-package-repositories/README.rst | 80 +++++++++++++++++++ .../defaults/main.yaml | 3 + .../tasks/Debian.yaml | 25 ++++++ .../tasks/RedHat.yaml | 36 +++++++++ .../tasks/Suse.yaml | 35 ++++++++ .../tasks/main.yaml | 7 ++ 7 files changed, 187 insertions(+) create mode 100644 roles/ensure-package-repositories/README.rst create mode 100644 roles/ensure-package-repositories/defaults/main.yaml create mode 100644 roles/ensure-package-repositories/tasks/Debian.yaml create mode 100644 roles/ensure-package-repositories/tasks/RedHat.yaml create mode 100644 roles/ensure-package-repositories/tasks/Suse.yaml create mode 100644 roles/ensure-package-repositories/tasks/main.yaml diff --git a/doc/source/system-roles.rst b/doc/source/system-roles.rst index 828b30dc9..2c6c0ceaf 100644 --- a/doc/source/system-roles.rst +++ b/doc/source/system-roles.rst @@ -1,6 +1,7 @@ System Roles ============ +.. zuul:autorole:: ensure-package-repositories .. zuul:autorole:: ensure-phoronix-test-suite .. zuul:autorole:: phoronix-test-suite .. zuul:autorole:: phoronix-combine-results diff --git a/roles/ensure-package-repositories/README.rst b/roles/ensure-package-repositories/README.rst new file mode 100644 index 000000000..60439357f --- /dev/null +++ b/roles/ensure-package-repositories/README.rst @@ -0,0 +1,80 @@ +Ensure that package manager repositories are installed. This role works +with the pattern of including variables for different operating systems. + +.. note:: This role currently only supports RPM and DEB based distributions. + +Example use for Debian and Ubuntu: + +.. code-block:: yaml + + - name: Add all repositories + include_role: + name: ensure-package-repositories + vars: + repositories_keys: + - url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key + repositories_list: + - repo: deb-src https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main + - repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main + +Example use for Fedora and Red Hat: + +.. code-block:: yaml + + _docker_keys: + - data: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + ... + -----END PGP PUBLIC KEY BLOCK----- + + _docker_repos: + - name: docker-ce-stable + description: Docker CE Stable - $basearch + baseurl: "{{ docker_mirror_base_url }}/$releasever/$basearch/stable" + gpgcheck: yes + + - name: Add all repositories + include_role: + name: ensure-package-repositories + vars: + repositories_keys: "{{ _docker_keys }}" + repositories_list: "{{ _docker_repos }}" + +Example use for openSUSE and SUSE Linux: + +.. code-block:: yaml + + _docker_keys: + - data: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + ... + -----END PGP PUBLIC KEY BLOCK----- + + _docker_repos: + - name: docker-ce-stable + description: Docker CE Stable - $basearch + uri: "{{ docker_mirror_base_url }}/$releasever/$basearch/stable.repo" + + - name: Add all repositories + include_role: + name: ensure-package-repositories + vars: + repositories_keys: "{{ _docker_keys }}" + repositories_list: "{{ _docker_repos }}" + +**Role Variables** + +.. zuul:rolevar:: repositories_keys + :default: [] + + List of dictionaries containing keys to install for the package manager, + every dictionary may contain either the key ``url`` which will be + downloaded and installed, or ``data`` which contains the key to be + installed. + +.. zuul:rolevar:: repository_list + :default: [] + + List of dictionaries containing repository configuration, the format + of each dictionary is mapped to the same as the module parameters of + the package manager for Ansible (such as ``yum_repository``, etc.) diff --git a/roles/ensure-package-repositories/defaults/main.yaml b/roles/ensure-package-repositories/defaults/main.yaml new file mode 100644 index 000000000..2a98a497b --- /dev/null +++ b/roles/ensure-package-repositories/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +repositories_keys: [] +repositories_list: [] diff --git a/roles/ensure-package-repositories/tasks/Debian.yaml b/roles/ensure-package-repositories/tasks/Debian.yaml new file mode 100644 index 000000000..f97486498 --- /dev/null +++ b/roles/ensure-package-repositories/tasks/Debian.yaml @@ -0,0 +1,25 @@ +- name: Add apt keys + become: true + apt_key: + url: "{{ zj_item['url'] | default(omit) }}" + data: "{{ zj_item['data'] | default(omit) }}" + loop: "{{ repositories_keys }}" + loop_control: + loop_var: zj_item + +- name: Add apt repositories + become: true + apt_repository: + repo: "{{ zj_item['repo'] | default(omit) }}" + state: present + update_cache: no + loop: "{{ repositories_list }}" + loop_control: + loop_var: zj_item + register: _add_apt_repos + +- name: Update APT cache + become: true + apt: + update_cache: yes + when: _add_apt_repos is changed diff --git a/roles/ensure-package-repositories/tasks/RedHat.yaml b/roles/ensure-package-repositories/tasks/RedHat.yaml new file mode 100644 index 000000000..659601ef3 --- /dev/null +++ b/roles/ensure-package-repositories/tasks/RedHat.yaml @@ -0,0 +1,36 @@ +- name: Create GPG key temp directory + tempfile: + prefix: "GPG_keys" + state: directory + register: gpg_key_tempdir + +- name: Upload GPG keys + copy: + content: "{{ zj_item['data'] }}" + dest: "{{ gpg_key_tempdir.path }}/key-{{ zj_idx }}.gpg" + loop: "{{ repositories_keys }}" + loop_control: + loop_var: zj_item + index_var: zj_idx + when: "'data' in zj_item" + +- name: Import GPG keys + become: true + rpm_key: + key: "{{ ('url' in zj_item) | ternary(zj_item['url'], ('data' in zj_item) | ternary(gpg_key_tempdir.path + '/key-' ~ zj_idx ~ '.gpg', zj_item['key'])) }}" + state: present + loop: "{{ repositories_keys }}" + loop_control: + loop_var: zj_item + index_var: zj_idx + +- name: Add repositories + yum_repository: + name: "{{ zj_item['name'] }}" + description: "{{ zj_item['description'] | default(omit) }}" + baseurl: "{{ zj_item['baseurl'] | default(omit) }}" + gpgcheck: "{{ zj_item['gpgcheck'] | default(omit) }}" + gpgkey: "{{ zj_item['gpgkey'] | default(omit) }}" + loop: "{{ repositories_list }}" + loop_control: + loop_var: zj_item diff --git a/roles/ensure-package-repositories/tasks/Suse.yaml b/roles/ensure-package-repositories/tasks/Suse.yaml new file mode 100644 index 000000000..8f8abd21f --- /dev/null +++ b/roles/ensure-package-repositories/tasks/Suse.yaml @@ -0,0 +1,35 @@ +- name: Create GPG key temp directory + tempfile: + prefix: "GPG_keys" + state: directory + register: gpg_key_tempdir + +- name: Upload GPG keys + copy: + content: "{{ zj_item['data'] }}" + dest: "{{ gpg_key_tempdir.path }}/key-{{ zj_idx }}.gpg" + loop: "{{ repositories_keys }}" + loop_control: + loop_var: zj_item + index_var: zj_idx + when: "'data' in zj_item" + +- name: Import GPG keys + become: true + rpm_key: + key: "{{ ('url' in zj_item) | ternary(zj_item['url'], ('data' in zj_item) | ternary(gpg_key_tempdir.path + '/key-' ~ zj_idx ~ '.gpg', zj_item['key'])) }}" + state: present + loop: "{{ repositories_keys }}" + loop_control: + loop_var: zj_item + index_var: zj_idx + +- name: Add repositories + zypper_repository: + name: "{{ zj_item['name'] }}" + description: "{{ zj_item['description'] | default(omit) }}" + repo: "{{ zj_item['repo'] | default(omit) }}" + disable_gpg_check: "{{ zj_item['disable_gpg_check'] | default(omit) }}" + loop: "{{ repositories_list }}" + loop_control: + loop_var: zj_item diff --git a/roles/ensure-package-repositories/tasks/main.yaml b/roles/ensure-package-repositories/tasks/main.yaml new file mode 100644 index 000000000..93f093c72 --- /dev/null +++ b/roles/ensure-package-repositories/tasks/main.yaml @@ -0,0 +1,7 @@ +- name: Install repositories + include: "{{ zj_item }}" + with_first_found: + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + loop_control: + loop_var: zj_item