init commit

4 years ago · 54eac27388
commit 54eac27388
5 changed files with 168 additions and 0 deletions
--- a/22
+++ b/22
@ -0,0 +1,22 @@
 MIT License
 Copyright (c) 2022 shnee
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,93 @@
 Ansible Role: Third Party Apt Repo
 ================================================================================
 An ansible role that will add a third party apt repo to and Debian like distro.
 It can optionally install packages after adding the repo.
 This role has only been tested on Ubuntu 20.04.
 Role Variables
 ----------------------------------------
 A string in apt source list format. This string will be passed to
 `ansible.builtin.apt_repository.repo`.
 ```yml
 third_party_repo: deb [arch=amd64] https://apt.releases.hashicorp.com focal main
 ```
 A URL to the key that signed packages from the 3rd party repo. This string will
 be passed to `ansible.builtin.apt_key.url`.
 ```yml
 third_party_repo_key_url: https://apt.releases.hashicorp.com/gpg
 ```
 The fingerprint of the key pointed to by `third_party_repo_key_url`. This string
 will be passed to `ansible.builtin.apt_key.id`. See section below on how to find
 this key.
 ```yml
 third_party_repo_key_fingerprint: E8A032E094D8EB4EA189D270DA418C88A3219F7B
 ```
 A list of packages to install after the third party repo has been added. These
 can be packages from the third party repo or from the default repos.
 ```yml
 packages: [terraform]
 ```
 Install Role
 ----------------------------------------
 Create a yaml file with the following content.
 ```yml
 ---
 - src: "git+https://gitlab.mss.com/ANDSAS/ops/ansible/\
        third_party_apt_repo_ansible_role.git"
  name: third_party_apt_repo
  version: master
 ```
 Then run:
 ```shell
 ansible-galaxy install -r <requirement yaml file>
 ```
 Example Playbook
 ----------------------------------------
 ```yml
 - roles:
    - role: install_via_3rd_party_apt_repo
      third_party_repo: |
        deb [arch=amd64] https://apt.releases.hashicorp.com focal main
      third_party_repo_key_url: https://apt.releases.hashicorp.com/gpg
      third_party_repo_key_fingerprint: E8A032E094D8EB4EA189D270DA418C88A3219F7B
      packages: [terraform]
 ```
 GPG Key Fingerprint
 ----------------------------------------
 Here is a way to get a fingerprint for a key via gpg. This method will not
 import the key. The command uses the `-n` flag which tells gpg that this is a
 dry run and to not import the key.
 ```shell
 $ > gpg2 -n -q --import --import-options import-show <gpg key>
 pub   rsa4096 2020-05-07 [SC]
      E8A032E094D8EB4EA189D270DA418C88A3219F7B
 uid                      HashiCorp Security (HashiCorp Package Signing) <security+packaging@hashicorp.com>
 sub   rsa4096 2020-05-07 [E]
 ```
 In this example the hex string `E8A032E094D8EB4EA189D270DA418C88A3219F7B` is the
 fingerprint.
 License
 ----------------------------------------
 MIT
 Author Information
 ----------------------------------------
 This role was created by [shnee](https://github.com/shnee).
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,2 @@
 ---
 packages: []
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,20 @@
 ---
 dependencies: []
 galaxy_info:
  author: shnee
  description: Install a third party packages from third party apt repos.
  license: MIT
  min_ansible_version: 2.1
  platforms:
    - name: Ubuntu
      versions: [focal]
  galaxy_tags:
    - debian
    - ubuntu
    - packages
    - apt
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,31 @@
 ---
 - name: Add 3rd party apt repo and install 3rd party packages.
  become: true
  when: ansible_os_family == "Debian"
  block:
    - name: Install https apt dependencies.
      ansible.builtin.package:
        name:
          - apt-transport-https
          - ca-certificates
          - curl
        state: present
    - name: Add GPG key to apt.
      ansible.builtin.apt_key:
        url: "{{ third_party_repo_key_url }}"
        id: "{{ third_party_repo_key_fingerprint }}"
        state: present
    - name: Add third party repo to apt.
      ansible.builtin.apt_repository:
        repo: "{{ third_party_repo }}"
        state: present
        update_cache: true
    # TODO add a step to pin versions.
    - name: Install third party packages.
      ansible.builtin.package:
        name: "{{ packages }}"
        state: present