majic-ansible-roles Changeset

Changeset - fb34333e4b48

Parent rev.

Child rev.

[Not reviewed]

0 5 1

Branko Majic (branko) - 5 months ago 2023-11-18 16:50:47
branko@majic.rs

MAR-181: Use Debian-provided Prosody package instead of project repository:

- Upstream repository has a tendency to drop support for older Debian
releases, and to completely wipe old version repositories.
- It should be way less hassle to simply start using the
Debian-provided packages instead.
- Introduces deprecation tests to check if the role will also clean-up
the non-Debian packages.

6 files changed with 163 insertions and 36 deletions:

roles/xmpp_server/molecule/default/files/prosody-debian-gpg-key.asc

roles/xmpp_server/molecule/default/prepare.yml

roles/xmpp_server/molecule/default/tests/test_default.py

roles/xmpp_server/molecule/default/tests/test_deprecated.py

roles/xmpp_server/molecule/default/tests/test_mandatory.py

roles/xmpp_server/tasks/main.yml

0 comments (0 inline, 0 general)

roles/xmpp_server/molecule/default/files/prosody-debian-gpg-key.asc

➞

Show inline comments

@@ new file 100644 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v2
 mQGiBEoXOjERBAD2ygmSdiqsRmrTqUqcGoWmTU90DrikaYb3/rwwMhSloXT9qNuD
 aOdJb/LNfwhiSbKF35JHgYV4+RIdwDLv4wNqmsQH1ZYOUi3j/1O5w2LV8lG816X2
 NdGni+fGArtM68C9ZxdIDweo2V5G5StHINcKP/Cab08sUjyrrCpwO/Z5xwCg9H8L
 PsFYns6RcnM7f6A6x5NHEVsEAL9RYChhkecv/+qnbDlKHOJT8TQT4S8p6RYtaZHE
 XR73vvvj0P/6Lxw+tKZJqQmVpNaLXztLSNW3KfAR+Jz4SLBJoSP4uXJ5UVIUnqbp
 HCUZ3BnDGeHuTplxtrYWmznE34KMks6riXoUApU/kmo8TFqh8aTEp1F/Zd9TdriQ
 c0iCA/42SBlM3Ax0cbi2thHSEhUV6aCbs9R9H2Tmke0LswpUMTfxUT37b8t5ocbZ
 iHoGdEVIC3ZK2Usu6IS5uhY4245iECafLUX4LF4uY17IHj713yOHZ8T9t2LAGFu9
 oxM7EEoDyVK8Jg0fRn7srBC/p7MdBD1kwVaQOnIjqjiqf3e9sLQyUHJvc29keSBJ
 TSBEZWJpYW4gUGFja2FnZXMgPGRldmVsb3BlcnNAcHJvc29keS5pbT6IYAQTEQIA
 IAUCShc6MQIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEHOT1+Z02du11MQA
 nRsq54C4D1k/s0i0Tg41h1LDbAFtAKC2g53DYE3X8jPVJVBTFeHsnkztfLkEDQRK
 FzsAEBAAwd9OI2tmqS0DR3Z8vxpio0eV/0+G4OObYEzjq4Keohw8u4qGVoDO4LPB
 pyseNPv6J+eu+F2ONa04L1eODPAYprzjxU6gFgt+X2u7kjERybFDXBlVHUNDQIUM
 hqpVHhslLGAk1tLJ0anIVwn7Lh4ft7IZq2/LrAb5SR1sSml4q6352jwqyxsNZv71
 R+xHjVfj4SqE2FQ63YpQQQtKiPIc/u876m1bxC04KuR1buEjA0KlPHARjGW9dGf/
 SzEy4FYcuLyNPUiRRH2AJ+b8wocefpXnbKKfHs+zL0j2KApAvSiiW0MN3qvXiXV5
 aer7DVubXpzrS7VAeBJ6yzjqQTUWbYhmg2MKn6JixYI9y4w9ENGhkHcKp8RjOgdP
 +hdzoyKQNSE51y1NzujQCefs85BaXKrImUvJJVziWEsTAiy0rT55+juDenjAmGlC
 mCkNCTB0fbWI3HH3P6WdT3ft+jZkVuxHWTbyogGVYyVy3et29HnI+KJ4+94FbWvd
 WdEOA2HD1EaPbkUtN1J39PoP0iDx0V1eKBrLGqMGXmDUAYjXBy9sEJz2CpLwzx3S
 wizIgUv5hogLILassF05YB08DtLDk1EB7D+TSkBWG+G33r6DljTk5hrjWJCE1DK4
 OfwGkwV9J75mDS36eTknEn4hxt2NSDOwXD/u0KeEKrrGGBZt918AAwUP/38LeUAs
 c+7HeQmuWItZvTjAeQd71ECi0G/iIO+ccGYFvIKEMMUrJZQaGJpa3h8j1Eu8usEE
 +3UULn6Wl5YpiCpIBpEystxnmqn2bxaKtDdFtD43hHV/eaCQuuLKN9qmx6VspdqH
 SqN+1xbtkBqIBxONBLNusafByWUs15AUxFbLYqS5dPw3PNooHGLRvLtq3prO0F2j
 BLKiujpNSWG/Q6u/AbxIn3qNiYOl201bKBQiYD/xCZEQZAfJSWC+EvU0fpDrTNy+
 MArZniAGltAR4UyhJcqS3RAsB6b12ZpgreOpbTAJ3hET6bYmIwVPQfE/OfIRkZMm
 jldn4zzRjMn9HiJjc/lvWJecmdzZ1NOKFCigz8luOHZeSXCS34THhi4fHZBzSKfD
 FJXOmq79ouHTY0hyvVksk/tj3g7Oz3obFYDbb86XmAVlPvsmWTFO83DFS2ohA6ai
 lvbRhTMOED4y5Ed5abFcfrziCTyPtZgm1OpeNibrOp85D2IzMHlqZTG/RWl5LtVU
 wFSrv0OlEz2xD9RyrlIg9c4BUJNybErX1oZ08FVWQdmgff59XNNLv7bPPHYKCnaE
 ou6SAY1PeEgmbONRJ6cR6dSVIMEAl8rFCIcL7jz/6S4CjMqST4D9MqDOeoDdl2Zm
 ohKViNdLF+P2Oha6djBTxEjz1qhfcu7OVjGaiEkEGBECAAkFAkoXOwACGwwACgkQ
 c5PX5nTZ27WmTQCg32XtVZ1E9KIPDpcpMrhV+4wpt50AnjSYtDgDGoWbRxhGDNK3
 UqwePNWL
 =/y9s
 -----END PGP PUBLIC KEY BLOCK-----

roles/xmpp_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -135,6 +135,25 @@ @@
       tags:
         - workaround:prosody_repository_override
 - hosts: deprecated
   become: true
   tasks:
     - name: Add Prosody repository signing key
       apt_key:
         data: "{{ lookup('file', 'prosody-debian-gpg-key.asc') }}"
         state: present
     - name: Add Prosody repository
       apt_repository:
         repo: "deb http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
         state: present
     - name: Install Prosody (from Prosody repository)
       apt:
         name: prosody-0.11
         state: present
 - hosts: clients
   become: true
   tasks:

roles/xmpp_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -20,34 +20,6 @@ def test_supporting_packages_installed(host): @@
     assert host.package('lua-ldap').is_installed
 def test_prosody_apt_key(host):
     """
     Tests if Prosody repository signing key has been imported.
     """
     keys = host.run("apt-key adv --fingerprint --fingerprint prosody")
     assert "107D 65A0 A148 C237 FDF0  0AB4 7393 D7E6 74D9 DBB5" in keys.stdout
     assert "44AB 6DD0 6DA4 6979 CFAF  997F 9B1B 8278 6C8F 28BA" in keys.stdout
 def test_prosody_repository(host):
     """
     Tests if Prosody repository has been added.
     """
     repository = host.file("/etc/apt/sources.list.d/packages_prosody_im_debian.list")
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     expected_content = "deb http://packages.prosody.im/debian %s main\n" % distribution_release
     assert repository.is_file
     assert repository.user == 'root'
     assert repository.group == 'root'
     assert repository.mode == 0o644
     assert repository.content_string == expected_content
 def test_prosody_user(host):
     """
     Tests if Prosody user has been set-up correctly to access TLS material.

roles/xmpp_server/molecule/default/tests/test_deprecated.py

➞

Show inline comments

@@ @@ -44,7 +44,7 @@ def test_correct_prosody_package_installed(host): @@
     Tests if correct Prosody package has been installed.
     """
-    assert host.package('prosody-0.11').is_installed
     assert host.package('prosody').is_installed
 @pytest.mark.parametrize("port", [
@@ @@ -89,3 +89,69 @@ def test_xmpp_c2s_tls_version_and_ciphers(host, port): @@
     assert tls_versions == expected_tls_versions
     assert tls_ciphers == expected_tls_ciphers
 def test_dependent_packages_not_installed_from_prosody_repository(host):
     """
     Tests if no dependent packages have been installed from the
     Prosody project repository.
     This tests exists primarily to check if the Ansible code will
     switch over correctly to using the stock Debian packages instead,
     since upstream has a tendency to drop repositories for old Debian
     releases (they do not support Debian LTS releases).
     """
     # Retrieve list of all packages except Prosody itself, and check
     # if any of them mention prosody in the version string.
     packages = host.run("dpkg-query --show --showformat '${db:Status-Status} ${Package} ${Version}\n' |"
                         "grep '^installed' | grep -v '^installed prosody' | grep prosody").stdout
     assert packages == ""
 def test_prosody_package_not_installed_from_prosody_repository(host):
     """
     Tests if Prosody package itself has not been installed from the
     project repository"
     This tests exists primarily to check if the Ansible code will
     switch over correctly to using the stock Debian packages instead,
     since upstream has a tendency to drop repositories for old Debian
     releases (they do not support Debian LTS releases).
     """
     # Extract name of package providing Prosody XMPP server.
     package_name = host.run("  dpkg-query --show --showformat '${db:Status-Status} ${Package}: ${Provides} \n'"
                             "| grep '^installed' | grep ': .*xmpp-server'"
                             "| sed -e 's/installed //;s/:.*//'").stdout.strip()
     assert package_name != "", "Failed to extract name of package providing Prosody."
     package_info = host.run("dpkg-query --show --showformat 'Package: ${Package}\nVersion: ${Version}\nMaintainer: ${Maintainer}\n' %s", package_name)
     assert package_info.rc == 0, "Failed to retrieve information about package: %s " % package_name
     assert "nightly" not in package_info.stdout
     assert "Matthew James Wild" not in package_info.stdout
 @pytest.mark.parametrize("apt_key", [
     "107D 65A0 A148 C237 FDF0  0AB4 7393 D7E6 74D9 DBB5",
     "44AB 6DD0 6DA4 6979 CFAF  997F 9B1B 8278 6C8F 28BA"
 ])
 def test_prosody_apt_key_is_absent(host, apt_key):
     """
     Tests if Prosody repository signing key has been removed.
     """
     keys = host.run("apt-key adv --fingerprint --fingerprint prosody")
     assert apt_key not in keys.stdout
 def test_prosody_repository_is_absent(host):
     """
     Tests if Prosody repository is absent.
     """
     assert not host.file("/etc/apt/sources.list.d/packages_prosody_im_debian.list").exists

roles/xmpp_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -44,7 +44,7 @@ def test_correct_prosody_package_installed(host): @@
     Tests if correct Prosody package has been installed.
     """
-    assert host.package('prosody-0.11').is_installed
     assert host.package('prosody').is_installed
 @pytest.mark.parametrize("port", [

roles/xmpp_server/tasks/main.yml

➞

Show inline comments

@@ @@ -4,15 +4,44 @@ @@
   apt:
     name: python-apt
 - name: Add Prosody repository apt key
 - name: Collect information about installed packages
   package_facts:
 - name: Uninstall Prosody from project-provided repository
   apt:
     name: prosody
     state: absent
   when:
     - "ansible_facts.packages['prosody'] is defined"
     - "'nightly' in ansible_facts.packages['prosody'][0].version"
 - name: Uninstall Prosody dependencies from project-provided repository
   apt:
     name:
       - lua-expat
       - lua-filesystem
       - lua-sec
       - lua-socket
     state: absent
   when: >-
     (ansible_facts.packages['lua-expat'] is defined and 'prosody' in ansible_facts.packages['lua-expat'][0].version)
     or (ansible_facts.packages['lua-filesystem'] is defined and 'prosody' in ansible_facts.packages['lua-filesystem'][0].version)
     or (ansible_facts.packages['lua-sec'] is defined and 'prosody' in ansible_facts.packages['lua-sec'][0].version)
     or (ansible_facts.packages['lua-socket'] is defined and 'prosody' in ansible_facts.packages['lua-socket'][0].version)
 - name: Remove Prosody project-provided apt key
   apt_key:
     data: "{{ lookup('file', 'prosody-debian-gpg-key.asc') }}"
     state: present
     id: "{{ item }}"
     state: absent
   with_items:
     - "107D65A0A148C237FDF00AB47393D7E674D9DBB5"
     - "44AB6DD06DA46979CFAF997F9B1B82786C8F28BA"
-- name: Add Prosody repository
+- name: Remove Prosody project-provided repository
   apt_repository:
     repo: "deb http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
-    state: present
+    state: absent
 - name: Install Lua LDAP library
   apt:
@@ @@ -23,7 +52,7 @@ @@
 - name: Install Prosody
   apt:
-    name: "{{ xmpp_prosody_package }}"
+    name: prosody
     state: present
   notify:
     - Restart Prosody

0 comments (0 inline, 0 general)