commit 54eac273886f0fdd8bf7a2711c244f8e5b563788 Author: shnee Date: Tue Feb 22 14:28:37 2022 -0500 init commit diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7a0f30c --- /dev/null +++ b/LICENSE @@ -0,0 +1,22 @@ + +MIT License + +Copyright (c) 2022 shnee + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..8eb8f1b --- /dev/null +++ b/README.md @@ -0,0 +1,93 @@ +Ansible Role: Third Party Apt Repo +================================================================================ + +An ansible role that will add a third party apt repo to and Debian like distro. +It can optionally install packages after adding the repo. + +This role has only been tested on Ubuntu 20.04. + +Role Variables +---------------------------------------- + +A string in apt source list format. This string will be passed to +`ansible.builtin.apt_repository.repo`. +```yml +third_party_repo: deb [arch=amd64] https://apt.releases.hashicorp.com focal main +``` + +A URL to the key that signed packages from the 3rd party repo. This string will +be passed to `ansible.builtin.apt_key.url`. +```yml +third_party_repo_key_url: https://apt.releases.hashicorp.com/gpg +``` + +The fingerprint of the key pointed to by `third_party_repo_key_url`. This string +will be passed to `ansible.builtin.apt_key.id`. See section below on how to find +this key. +```yml +third_party_repo_key_fingerprint: E8A032E094D8EB4EA189D270DA418C88A3219F7B +``` + +A list of packages to install after the third party repo has been added. These +can be packages from the third party repo or from the default repos. +```yml +packages: [terraform] +``` + +Install Role +---------------------------------------- + +Create a yaml file with the following content. +```yml +--- +- src: "git+https://gitlab.mss.com/ANDSAS/ops/ansible/\ + third_party_apt_repo_ansible_role.git" + name: third_party_apt_repo + version: master +``` + +Then run: +```shell +ansible-galaxy install -r +``` + +Example Playbook +---------------------------------------- + +```yml +- roles: + - role: install_via_3rd_party_apt_repo + third_party_repo: | + deb [arch=amd64] https://apt.releases.hashicorp.com focal main + third_party_repo_key_url: https://apt.releases.hashicorp.com/gpg + third_party_repo_key_fingerprint: E8A032E094D8EB4EA189D270DA418C88A3219F7B + packages: [terraform] +``` + +GPG Key Fingerprint +---------------------------------------- + +Here is a way to get a fingerprint for a key via gpg. This method will not +import the key. The command uses the `-n` flag which tells gpg that this is a +dry run and to not import the key. + +```shell +$ > gpg2 -n -q --import --import-options import-show +pub rsa4096 2020-05-07 [SC] + E8A032E094D8EB4EA189D270DA418C88A3219F7B +uid HashiCorp Security (HashiCorp Package Signing) +sub rsa4096 2020-05-07 [E] +``` + +In this example the hex string `E8A032E094D8EB4EA189D270DA418C88A3219F7B` is the +fingerprint. + +License +---------------------------------------- + +MIT + +Author Information +---------------------------------------- + +This role was created by [shnee](https://github.com/shnee). diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..b6e94dd --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +packages: [] diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..3c46652 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,20 @@ +--- +dependencies: [] + +galaxy_info: + author: shnee + description: Install a third party packages from third party apt repos. + + license: MIT + + min_ansible_version: 2.1 + + platforms: + - name: Ubuntu + versions: [focal] + + galaxy_tags: + - debian + - ubuntu + - packages + - apt diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..23396e8 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: Add 3rd party apt repo and install 3rd party packages. + become: true + when: ansible_os_family == "Debian" + block: + - name: Install https apt dependencies. + ansible.builtin.package: + name: + - apt-transport-https + - ca-certificates + - curl + state: present + + - name: Add GPG key to apt. + ansible.builtin.apt_key: + url: "{{ third_party_repo_key_url }}" + id: "{{ third_party_repo_key_fingerprint }}" + state: present + + - name: Add third party repo to apt. + ansible.builtin.apt_repository: + repo: "{{ third_party_repo }}" + state: present + update_cache: true + + # TODO add a step to pin versions. + + - name: Install third party packages. + ansible.builtin.package: + name: "{{ packages }}" + state: present