postgresql_cluster icon indicating copy to clipboard operation
postgresql_cluster copied to clipboard

Published 20 hours ago verified publisher icon vitabaks

Using deb822_repository module instead of apt_key and apt_repository

Open FactorT opened this issue 11 months ago • 11 comments

Since apt_key is deprecated in Debian12, the deb822_repository module must be used instead. Major changes:

  • new tasks "Add repository and repository apt-key" for Debian 12 version for installation:
    • postgres
    • consul
    • pg_probackup
    • pg_backrest

Additional minor changes:

  • new path for postgresql.org repo key (key the same)
  • new key for pg_probackup (old key doesn't work)
  • new variable "initial_packages" with items:
    • gnupg
    • apt-transport-https
    • python3-debian

FactorT avatar Feb 29 '24 08:02 FactorT

I saw the problem with tests: role "add-repository" demand python3-debian package and is executed before role "packages" which install python3-package

FactorT avatar Feb 29 '24 09:02 FactorT

Hello @FactorT

I don't quite understand if this change is really necessary, since all tests for Debian 12 pass successfully (every day) - https://github.com/vitabaks/postgresql_cluster/actions/workflows/schedule_pg_debian12.yml

Since apt_key is deprecated in Debian12

where can I find out more about this?

vitabaks avatar Feb 29 '24 10:02 vitabaks

@vitabaks Yes this is not really necessary right now. Because apt-key is just marked as depricated but still works in Debian12. Probably apt-key will not work in next major release. And you can reject or hold this PR and come back to it during prepare to next major release of Debian. More information at this medium or Geerling or page

FactorT avatar Feb 29 '24 10:02 FactorT

Thank you for the information.

vitabaks avatar Feb 29 '24 10:02 vitabaks

apt-key is deprecated from Ubuntu 22.04 LTS (Jammy Jellyfish)

It seems that this does not only apply to Debian.

Ansible now has the ansible.builtin.deb822_repository module, which can add keys and repositories in one task. It's a little more complex than the old way, and requires Ansible 2.15 or later

this must be taken into account and the minimal_ansible_version, variables min_ansible_version and README must be updated.

I also think it's worth checking if the 'ansible.builtin.deb822_repository' module is with oldest versions of Debian and Ubuntu and if so, then just replace the 'ansible.builtin.apt_key' and 'ansible.builtin.apt_repository' modules.

vitabaks avatar Feb 29 '24 10:02 vitabaks

I also remembered that in one of the projects I used keyring option for apt_key module.

Example:

    - name: Add repository apt-key
      ansible.builtin.apt_key:
        url: "{{ item.key }}"
        state: present
        keyring: /etc/apt/trusted.gpg.d/{{ item.key | urlsplit('netloc') }}.gpg
      loop: "{{ apt_repository_keys }}"
      register: apt_key_status
      until: apt_key_status is success
      delay: 10
      retries: 3
      when: apt_repository_keys | length > 0

so it's worth considering whether this is the best alternative to the new module (it would require fewer changes).

vitabaks avatar Feb 29 '24 11:02 vitabaks

I also remembered that in one of the projects I used keyring option for apt_key module.

so it's worth considering whether this is the best alternative to the new module (it would require fewer changes).

Yes, it's interesting idea. But keyring option uses apt-key bin file

FactorT avatar Feb 29 '24 12:02 FactorT

I don't understand what's wrong with debin12 and debian11 molecule's tests. In my local environment config_pgcluster playbook works fine. Module python3-debian is presented at molecule's host: string 457 python3-debian was installed string 462 add repository task was done succesfully It was role add-repository in deploy_pgcluster playbook Next playbook config_pgcluster uses the same role add-repository which shows that python3-debian package is installed at string 1233 But next task add-repository can't find this module.

FactorT avatar Mar 01 '24 10:03 FactorT

OK, I'll try to figure it out.

vitabaks avatar Mar 02 '24 10:03 vitabaks

@FactorT I have made some changes to the code, please check it out. But I have not yet found a solution to the error in debian 11, 12 when the second execution of the playbook.

vitabaks avatar Mar 13 '24 11:03 vitabaks

@vitabaks thank you very much!

FactorT avatar Mar 14 '24 11:03 FactorT

@vitabaks How did you fix the error in debian 11, 12 when the second execution of the playbook? btw, I changed consul's installation from apt to deb822

FactorT avatar Aug 13 '24 14:08 FactorT

Hi @FactorT

How did you fix the error in debian 11, 12 when the second execution of the playbook?

I don't know ) maybe the ansible update helped.

UPD: That doesn't seem to be the case, ansible version 9.2.0 was used in tests

Successfully installed Jinja2-3.1.4 MarkupSafe-2.1.5 PyYAML-6.0.1 ansible-9.2.0 ansible-core-2.16.3 cffi-1.16.0 cryptography-42.0.4 packaging-23.2 pycparser-2.21 resolvelib-1.0.1

vitabaks avatar Aug 13 '24 14:08 vitabaks

Another theory is that it is possible that fixes have been made to system packages such as python3 that contribute to the correct execution of the code now.

vitabaks avatar Aug 13 '24 22:08 vitabaks

I've done a few additional test runs and it looks like everything is fine now.

I will merge this PR and if there is a problem in the future, we will promptly fix them.

vitabaks avatar Aug 14 '24 09:08 vitabaks