init commit

LICENSE

@@ -0,0 +1,22 @@
+
+MIT License
+
+Copyright (c) 2022 shnee
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,93 @@
+Ansible Role: Third Party Apt Repo
+================================================================================
+
+An ansible role that will add a third party apt repo to and Debian like distro.
+It can optionally install packages after adding the repo.
+
+This role has only been tested on Ubuntu 20.04.
+
+Role Variables
+----------------------------------------
+
+A string in apt source list format. This string will be passed to
+`ansible.builtin.apt_repository.repo`.
+```yml
+third_party_repo: deb [arch=amd64] https://apt.releases.hashicorp.com focal main
+```
+
+A URL to the key that signed packages from the 3rd party repo. This string will
+be passed to `ansible.builtin.apt_key.url`.
+```yml
+third_party_repo_key_url: https://apt.releases.hashicorp.com/gpg
+```
+
+The fingerprint of the key pointed to by `third_party_repo_key_url`. This string
+will be passed to `ansible.builtin.apt_key.id`. See section below on how to find
+this key.
+```yml
+third_party_repo_key_fingerprint: E8A032E094D8EB4EA189D270DA418C88A3219F7B
+```
+
+A list of packages to install after the third party repo has been added. These
+can be packages from the third party repo or from the default repos.
+```yml
+packages: [terraform]
+```
+
+Install Role
+----------------------------------------
+
+Create a yaml file with the following content.
+```yml
+---
+- src: "git+https://gitlab.mss.com/ANDSAS/ops/ansible/\
+        third_party_apt_repo_ansible_role.git"
+  name: third_party_apt_repo
+  version: master
+```
+
+Then run:
+```shell
+ansible-galaxy install -r <requirement yaml file>
+```
+
+Example Playbook
+----------------------------------------
+
+```yml
+- roles:
+    - role: install_via_3rd_party_apt_repo
+      third_party_repo: |
+        deb [arch=amd64] https://apt.releases.hashicorp.com focal main
+      third_party_repo_key_url: https://apt.releases.hashicorp.com/gpg
+      third_party_repo_key_fingerprint: E8A032E094D8EB4EA189D270DA418C88A3219F7B
+      packages: [terraform]
+```
+
+GPG Key Fingerprint
+----------------------------------------
+
+Here is a way to get a fingerprint for a key via gpg. This method will not
+import the key. The command uses the `-n` flag which tells gpg that this is a
+dry run and to not import the key.
+
+```shell
+$ > gpg2 -n -q --import --import-options import-show <gpg key>
+pub   rsa4096 2020-05-07 [SC]
+      E8A032E094D8EB4EA189D270DA418C88A3219F7B
+uid                      HashiCorp Security (HashiCorp Package Signing) <security+packaging@hashicorp.com>
+sub   rsa4096 2020-05-07 [E]
+```
+
+In this example the hex string `E8A032E094D8EB4EA189D270DA418C88A3219F7B` is the
+fingerprint.
+
+License
+----------------------------------------
+
+MIT
+
+Author Information
+----------------------------------------
+
+This role was created by [shnee](https://github.com/shnee).

defaults/main.yml

@@ -0,0 +1,2 @@
+---
+packages: []

meta/main.yml

@@ -0,0 +1,20 @@
+---
+dependencies: []
+
+galaxy_info:
+  author: shnee
+  description: Install a third party packages from third party apt repos.
+
+  license: MIT
+
+  min_ansible_version: 2.1
+
+  platforms:
+    - name: Ubuntu
+      versions: [focal]
+
+  galaxy_tags:
+    - debian
+    - ubuntu
+    - packages
+    - apt

tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: Add 3rd party apt repo and install 3rd party packages.
+  become: true
+  when: ansible_os_family == "Debian"
+  block:
+    - name: Install https apt dependencies.
+      ansible.builtin.package:
+        name:
+          - apt-transport-https
+          - ca-certificates
+          - curl
+        state: present
+
+    - name: Add GPG key to apt.
+      ansible.builtin.apt_key:
+        url: "{{ third_party_repo_key_url }}"
+        id: "{{ third_party_repo_key_fingerprint }}"
+        state: present
+
+    - name: Add third party repo to apt.
+      ansible.builtin.apt_repository:
+        repo: "{{ third_party_repo }}"
+        state: present
+        update_cache: true
+
+    # TODO add a step to pin versions.
+
+    - name: Install third party packages.
+      ansible.builtin.package:
+        name: "{{ packages }}"
+        state: present