blob: fcc4c110498ac79773e3c0e6584646da97e358c1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# Safety check: make sure debian_codename is set.
- name: check that sane_debian_system_codename is set
shell: |
if [ "{{ sane_debian_system_codename }}" = "" ]
then
echo "You MUST set sane_debian_system_codename" 1>&2
exit 1
fi
# First update package lists. The ones that come with the image may be
# badly out of date.
#
# Use shell to run apt-get, rather than the Ansible apt module, so
# that we can pass in the --allow-releaseinfo--change option.
- name: update package lists
shell: |
apt-get update --allow-releaseinfo-change
args:
warn: false
- name: update package lists
ignore_errors: yes
apt:
update_cache: yes
cache_valid_time: 0
# Now install https transport for APT. This is installed before
# changing sources lists, so that if they happen to use https URLs apt
# will still work. apt-transport-https is in the main Debian archive,
# and we assume those are in the sources.list that come with the
# image.
- name: install apt-transport-https
apt:
name: apt-transport-https
- name: configure main sources.list
template:
src: sources.list.j2
dest: /etc/apt/sources.list
- name: "update package lists"
apt:
update_cache: yes
- name: install necessary tools
apt:
name:
- sudo
- name: "allow root to use sudo"
copy:
content: |
root ALL=(ALL:ALL) NOPASSWD: ALL
dest: /etc/sudoers.d/root
mode: 0600
- name: additional sources.list.d/*
with_items: "{{ sane_debian_system_sources_lists }}"
apt_repository:
repo: "{{ item.repo }}"
update_cache: no
- name: add archive signing keys
with_items: "{{ sane_debian_system_sources_lists }}"
shell: |
key="{{ item.signing_key }}"
sum="$(echo -n "$key" | sha1sum | awk '{ print $1 }')"
echo "$key" > "/etc/apt/trusted.gpg.d/$sum.asc"
when: item.signing_key is defined
# Use shell to run apt-get to update package lists so that we can pass
# in the --allow-releaseinfo--change option.
- name: update package lists
shell: |
apt-get update --allow-releaseinfo-change
- name: add archive keyrings
with_items: "{{ sane_debian_system_sources_lists }}"
apt:
name: "{{ item.keyring_package }}"
when: item.keyring_package is defined
- name: dist-upgrade so everything is up to date
apt:
upgrade: dist
|