From a5df30bd04d5894686664327a3aebdd819d41328 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Wed, 27 Nov 2024 17:37:05 +0100
Subject: [PATCH] Manage apt repositores and keys using deb822_repository
 module

The apt-key module is deprecated so the code is refactored to allow
any of the deb822_repository features to used instead.

Change-Id: I968826fec65272e6a978d86c2d97425c8ccfc80c
---
 files/gpg/0EBFCD88    | 62 +++++++++++++++++++++++++++++++++++++++++++
 tasks/zun_compute.yml | 59 +++++++++++++++++++++++++++-------------
 vars/debian.yml       | 17 +++++++++---
 3 files changed, 116 insertions(+), 22 deletions(-)
 create mode 100644 files/gpg/0EBFCD88

diff --git a/files/gpg/0EBFCD88 b/files/gpg/0EBFCD88
new file mode 100644
index 0000000..a753662
--- /dev/null
+++ b/files/gpg/0EBFCD88
@@ -0,0 +1,62 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
+lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
+38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
+L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
+UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
+cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
+ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
+vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
+G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
+XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
+q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
+tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
+BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
+v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
+tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
+jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
+6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
+XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
+FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
+g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
+ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
+9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
+G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
+FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
+EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
+M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
+Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
+w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
+z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
+eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
+VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
+1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
+zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
+pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
+ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
+BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
+1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
+YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
+mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
+KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
+JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
+cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
+6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
+U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
+VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
+irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
+SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
+QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
+9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
+24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
+dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
+Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
+H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
+/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
+M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
+xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
+jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
+YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
+=0YYh
+-----END PGP PUBLIC KEY BLOCK-----
\ No newline at end of file
diff --git a/tasks/zun_compute.yml b/tasks/zun_compute.yml
index 62f243b..7aa0edb 100644
--- a/tasks/zun_compute.yml
+++ b/tasks/zun_compute.yml
@@ -32,32 +32,55 @@
             version: "{{ zun_containerd_package_version }}"
             priority: 1000
 
-    - name: Get apt gpg key
-      get_url:
-        url: "{{ item.gpg_uri }}"
-        dest: "/tmp/{{ item.name }}"
-        mode: "0440"
-      with_items: "{{ zun_docker_repo }}"
+    - name: Validate repo config is deb822 format
+      vars:
+        _repo_check: "{{ zun_docker_repo | selectattr('repo', 'defined') | map(attribute='repo') }}"
+      ansible.builtin.assert:
+        that: _repo_check | length == 0
+        fail_msg: "The following repository definitions must be updated to deb822 format {{ _repo_check }}"
 
-    - name: Add Apt signing key on remote server to keyring
-      apt_key:
-        file: "/tmp/{{ item.name }}"
-        state: present
-      with_items: "{{ zun_docker_repo }}"
+    # NOTE(jrosser) remove this task for the 2025.2 release
+    - name: Clean up legacy repository config not in deb822 format
+      file:
+        path: "/etc/apt/sources.list.d/docker-ce.list"
+        state: absent
+      register: _cleanup_apt_repositories
 
-    - name: Add apt repository
-      apt_repository:
-        repo: "{{ item.repo }}"
-        state: present
-        filename: "{{ item.name }}"
-        update_cache: no
+    - name: Ensure python3-debian package is available
+      apt:
+        name: python3-debian
+
+    - name: Manage apt repositories
+      ansible.builtin.deb822_repository:
+        allow_downgrade_to_insecure: "{{ item.allow_downgrade_to_insecure | default(omit) }}"
+        allow_insecure: "{{ item.allow_insecure | default(omit) }}"
+        allow_weak: "{{ item.allow_weak | default(omit) }}"
+        architectures: "{{ item.architectures | default(omit) }}"
+        by_hash: "{{ item.by_hash | default(omit) }}"
+        check_date: "{{ item.check_date | default(omit) }}"
+        check_valid_until: "{{ item.check_valid_until | default(omit) }}"
+        components: "{{ item.components | default(omit) }}"
+        date_max_future: "{{ item.date_max_future | default(omit) }}"
+        enabled: "{{ item.enabled | default(omit) }}"
+        inrelease_path: "{{ item.inrelease_path | default(omit) }}"
+        languages: "{{ item.languages | default(omit) }}"
+        mode: "{{ item.mode | default(omit) }}"
+        name: "{{ item.name }}"
+        pdiffs: "{{ item.pdiffs | default(omit) }}"
+        signed_by: "{{ item.signed_by | default(omit) }}"
+        state: "{{ item.state | default(omit) }}"
+        suites: "{{ item.suites | default(omit) }}"
+        targets: "{{ item.targets | default(omit) }}"
+        trusted: "{{ item.trusted | default(omit) }}"
+        types: "{{ item.types | default(omit) }}"
+        uris: "{{ item.uris | default(omit) }}"
       with_items: "{{ zun_docker_repo }}"
       register: add_nv_repos
 
     - name: Update Apt cache
       apt:
         update_cache: yes
-      when: add_nv_repos is changed
+      when: (add_nv_repos is changed) or (_cleanup_apt_repositories is changed)
       register: update_apt_cache
       until: update_apt_cache is success
       retries: 5
diff --git a/vars/debian.yml b/vars/debian.yml
index 6561ac4..93e5d6e 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -16,12 +16,21 @@
 _zun_docker_package_version: "5:20.10.24~*"
 _zun_containerd_package_version: "1.6.20-1"
 
+_zun_architecture_mapping:
+  x86_64: amd64
+  ppc64le: ppc64el
+  s390x: s390x
+  armv7l: armhf
+  aarch64: arm64
+
 zun_docker_repo:
   - name: "docker-ce"
-    repo: >-
-      deb [arch=amd64] https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }} {{
-        ansible_facts['distribution_release'] | lower }} stable
-    gpg_uri: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg"
+    suites: "{{ ansible_facts['distribution_release'] | lower }}"
+    uris: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}"
+    signed_by: "{{ lookup('file', 'gpg/0EBFCD88') }}"
+    components: stable
+    architectures: "{{ _zun_architecture_mapping.get(ansible_facts['architecture']) }}"
+    state: present
 
 # Common apt packages
 zun_distro_packages: