From 50259ba5ca44208724d811ecb9ddf9a00047149b Mon Sep 17 00:00:00 2001
From: Eric Renfro <psi-jack@linux-help.org>
Date: Tue, 1 Mar 2022 13:33:32 -0500
Subject: [PATCH] Added install role to manage repositories

---
 galaxy.yml                           |  4 +--
 roles/consul/meta/main.yml           |  5 +--
 roles/consul/tasks/main.yml          | 15 +++------
 roles/install/defaults/main.yml      |  6 ++++
 roles/install/meta/main.yml          | 24 ++++++++++++++
 roles/install/tasks/apt/prepare.yml  | 48 ++++++++++++++++++++++++++++
 roles/install/tasks/main.yml         |  6 ++++
 roles/install/tasks/repositories.yml |  3 ++
 roles/install/vars/Debian.yml        |  3 ++
 roles/install/vars/Ubuntu.yml        |  3 ++
 10 files changed, 103 insertions(+), 14 deletions(-)
 create mode 100644 roles/install/defaults/main.yml
 create mode 100644 roles/install/meta/main.yml
 create mode 100644 roles/install/tasks/apt/prepare.yml
 create mode 100644 roles/install/tasks/main.yml
 create mode 100644 roles/install/tasks/repositories.yml
 create mode 100644 roles/install/vars/Debian.yml
 create mode 100644 roles/install/vars/Ubuntu.yml

diff --git a/galaxy.yml b/galaxy.yml
index 2b30ca5..df199a1 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -5,7 +5,7 @@
 namespace: linuxhelp
 
 # The name of the collection. Has the same character restrictions as 'namespace'
-name: consul
+name: hashicorp
 
 # The version of the collection. Must be compatible with semantic versioning
 version: 1.0.0
@@ -21,7 +21,7 @@ authors:
 
 ### OPTIONAL but strongly recommended
 # A short summary description of the collection
-description: DebOps Consul Collection
+description: DebOps HashiCorp Collection
 
 # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
 # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
diff --git a/roles/consul/meta/main.yml b/roles/consul/meta/main.yml
index 8d1028c..1911f5e 100644
--- a/roles/consul/meta/main.yml
+++ b/roles/consul/meta/main.yml
@@ -6,15 +6,15 @@ collections: [ 'debops.debops' ]
 dependencies: []
 
 galaxy_info:
-
   author: 'Eric Renfro'
   description: 'Install and Configure Consul'
   company: 'Linux-Help'
   license: 'GPL-3.0-or-later'
-  min_ansible_version: '2.9.0'
+  min_ansible_version: '2.8'
   platforms:
     - name: Debian
       versions:
+      - stretch
       - buster
       - bullseye
     - name: Ubuntu
@@ -22,6 +22,7 @@ galaxy_info:
       - bionic
       - focal
   galaxy_tags:
+    - hashicorp
     - debops
     - system
     - monitoring
diff --git a/roles/consul/tasks/main.yml b/roles/consul/tasks/main.yml
index d9b5c4d..ef82411 100644
--- a/roles/consul/tasks/main.yml
+++ b/roles/consul/tasks/main.yml
@@ -2,13 +2,8 @@
 - import_role:
     name: 'secret'
 
-- name: APT Repository key
-  ansible.builtin.apt_key:
-    url: https://apt.releases.hashicorp.com/gpg
-    state: present
-
-- name: APT Repository Configured
-  ansible.builtin.apt_repository:
-    repo: deb [arch=amd64] https://apt.releases.hashicorp.com {{ansible_lsb.codename}} main
-    state: present
-    filename: hashicorp
+- name: Install Consul binary
+  include_role:
+    name: install
+  vars:
+    components: [consul]
diff --git a/roles/install/defaults/main.yml b/roles/install/defaults/main.yml
new file mode 100644
index 0000000..e4de9f5
--- /dev/null
+++ b/roles/install/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+os: unknown
+dist: unknown
+
+components:
+  - consul
diff --git a/roles/install/meta/main.yml b/roles/install/meta/main.yml
new file mode 100644
index 0000000..0f3046a
--- /dev/null
+++ b/roles/install/meta/main.yml
@@ -0,0 +1,24 @@
+galaxy_info:
+  author: Eric Renfro <psi-jack@linux-help.org>
+  description: Install HashiCorp components
+  license: GPL-3.0-or-later
+  min_ansible_version: 2.8
+
+  platforms:
+    - name: Ubuntu
+      versions:
+        - trusty
+        - xenial
+        - bionic
+        - disco
+    - name: Debian
+      versions:
+        - stretch
+        - buster
+        - bullseye
+
+  galaxy_tags:
+    - hashicorp
+    - debops
+    - system
+    - monitoring
diff --git a/roles/install/tasks/apt/prepare.yml b/roles/install/tasks/apt/prepare.yml
new file mode 100644
index 0000000..2798eb0
--- /dev/null
+++ b/roles/install/tasks/apt/prepare.yml
@@ -0,0 +1,48 @@
+---
+- name: Include distro-specific vars ({{ ansible_distribution }})
+  include_vars: file='{{ ansible_distribution }}.yml'
+
+- name: Update apt cache (ensure we have package index)
+  apt:
+    update_cache: true
+  # Updating the APT cache does not change the system so we never report a
+  # change here (helps keep the role idempotent).
+  changed_when: false
+
+- name: Install utility packages
+  apt:
+    name:
+      - gnupg
+      - debian-archive-keyring
+      - apt-transport-https
+    state: present
+
+- name: Fetch the apt repository key
+  uri:
+    url: https://apt.releases.hashicorp.com/gpg
+    force_basic_auth: true
+    return_content: true
+  register: apt_key_download
+  # Fetching resource into memory does not change the system at all, so we
+  # never report a change here (helps keep the role idempotent). And by the
+  # same line of reasoning, we are also safe to run in check mode (the uri
+  # module does not support check mode and would cause us grief when it would
+  # be skipped).
+  changed_when: false
+  check_mode: false
+
+- name: Add apt key
+  apt_key:
+    data: "{{ apt_key_download.content }}"
+
+- name: Add apt repository
+  apt_repository:
+    repo: deb [arch=amd64] https://apt.releases.hashicorp.com {{ dist }} main
+    filename: /etc/apt/sources.list.d/hashicorp
+    validate_certs: true
+
+- name: Add apt source repository
+  apt_repository:
+    repo: deb [arch=amd64] https://apt.releases.hashicorp.com {{ dist }} main
+    filename: /etc/apt/sources.list.d/hashicoprp
+    validate_certs: true
diff --git a/roles/install/tasks/main.yml b/roles/install/tasks/main.yml
new file mode 100644
index 0000000..de4efcc
--- /dev/null
+++ b/roles/install/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Prepare package repositories
+  include_tasks: repositories.yml
+  when: ansible_facts.os_family != "Windows" # No repo concept on Windows
+
+# install selected packages:
diff --git a/roles/install/tasks/repositories.yml b/roles/install/tasks/repositories.yml
new file mode 100644
index 0000000..5c32d80
--- /dev/null
+++ b/roles/install/tasks/repositories.yml
@@ -0,0 +1,3 @@
+---
+- name: Prepare package repositories
+  include_tasks: "{{ ansible_pkg_mgr }}/prepare.yml"
diff --git a/roles/install/vars/Debian.yml b/roles/install/vars/Debian.yml
new file mode 100644
index 0000000..e1dc272
--- /dev/null
+++ b/roles/install/vars/Debian.yml
@@ -0,0 +1,3 @@
+---
+os: debian
+dist: '{{ ansible_distribution_release }}'
diff --git a/roles/install/vars/Ubuntu.yml b/roles/install/vars/Ubuntu.yml
new file mode 100644
index 0000000..08789ce
--- /dev/null
+++ b/roles/install/vars/Ubuntu.yml
@@ -0,0 +1,3 @@
+---
+os: ubuntu
+dist: '{{ ansible_distribution_release }}'
\ No newline at end of file