From 832a0ebfef6d20b3495fd602e7829ce8d56bbc69 Mon Sep 17 00:00:00 2001 From: Mirjan Hoffmann Date: Thu, 12 Oct 2023 06:42:34 +0200 Subject: [PATCH] update to vagrant box bookworm, made script bookworm-compliable --- SHIBBOLETH.md | 3 +-- Vagrantfile | 2 +- ansible/roles/apache/tasks/main.yml | 1 + ansible/roles/edu-sharing/tasks/main.yml | 1 - .../roles/moodle-registration/tasks/main.yml | 2 +- .../tasks/esrender.yml | 2 +- .../shibboleth/tasks/debian-from-bullseye.yml | 14 ++++++++++ ansible/roles/shibboleth/tasks/main.yml | 12 +++++---- .../tasks/migrate-from-switchaai.yml | 26 +++++++++++++++++++ 9 files changed, 52 insertions(+), 11 deletions(-) create mode 100644 ansible/roles/shibboleth/tasks/debian-from-bullseye.yml create mode 100644 ansible/roles/shibboleth/tasks/migrate-from-switchaai.yml diff --git a/SHIBBOLETH.md b/SHIBBOLETH.md index c7ec725..3d47ab8 100644 --- a/SHIBBOLETH.md +++ b/SHIBBOLETH.md @@ -22,8 +22,7 @@ Es ist möglich den Single-Sign-On (SSO) Zugang via DFN-AAI (Shibboleth) automat ## Unterstützte Systeme -* Debian Stretch (9) -* Debian Buster (10) +* Debian Ansible-Skripte für weitere Systeme können unter [ansible/roles/shibboleth/tasks](ansible/roles/shibboleth/tasks) hinzugefügt werden. Eine gute Beschreibung der Installation liefert [SWITCHaai](https://www.switch.ch/aai/guides/sp/installation/). Beiträge sind sehr willkommen - einfach einen Pull Request erstellen. diff --git a/Vagrantfile b/Vagrantfile index 36265d6..307cbe3 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -4,7 +4,7 @@ settings = YAML.load_file 'ansible/group_vars/all.yml' Vagrant.configure("2") do |config| config.vm.define "edu-sharing-vm" do |srv| - srv.vm.box = "debian/buster64" + srv.vm.box = "debian/bookworm64" srv.ssh.insert_key = false srv.vm.hostname = "edu-sharing.box" srv.vm.network :private_network, ip: settings['edu_sharing_host'] diff --git a/ansible/roles/apache/tasks/main.yml b/ansible/roles/apache/tasks/main.yml index c0bb22d..83830b5 100644 --- a/ansible/roles/apache/tasks/main.yml +++ b/ansible/roles/apache/tasks/main.yml @@ -2,6 +2,7 @@ - name: Install apache apt: name: ["apache2"] + update_cache: true state: "present" tags: - packages diff --git a/ansible/roles/edu-sharing/tasks/main.yml b/ansible/roles/edu-sharing/tasks/main.yml index 865bafa..6559848 100644 --- a/ansible/roles/edu-sharing/tasks/main.yml +++ b/ansible/roles/edu-sharing/tasks/main.yml @@ -5,7 +5,6 @@ - unzip - jq - gzip - - python-lxml - python3-lxml become: yes tags: diff --git a/ansible/roles/moodle-registration/tasks/main.yml b/ansible/roles/moodle-registration/tasks/main.yml index e28f0b3..b5e5c12 100644 --- a/ansible/roles/moodle-registration/tasks/main.yml +++ b/ansible/roles/moodle-registration/tasks/main.yml @@ -7,7 +7,7 @@ become: yes vars: packages: - - python-lxml + - python3-lxml tags: - packages - root-task diff --git a/ansible/roles/renderingservice-installation/tasks/esrender.yml b/ansible/roles/renderingservice-installation/tasks/esrender.yml index f8c9e91..7d80ffe 100644 --- a/ansible/roles/renderingservice-installation/tasks/esrender.yml +++ b/ansible/roles/renderingservice-installation/tasks/esrender.yml @@ -1,7 +1,7 @@ --- - name: Ensure python-lxml packages are present apt: - name: ["python-lxml"] + name: ["python3-lxml"] become: yes tags: - packages diff --git a/ansible/roles/shibboleth/tasks/debian-from-bullseye.yml b/ansible/roles/shibboleth/tasks/debian-from-bullseye.yml new file mode 100644 index 0000000..fe111b0 --- /dev/null +++ b/ansible/roles/shibboleth/tasks/debian-from-bullseye.yml @@ -0,0 +1,14 @@ +# Debian Bullseye (11) + + +- name: Check if SWITCHaai-swdistrib.list exists + stat: + path: /etc/apt/sources.list.d/SWITCHaai-swdistrib.list + register: switchaai_sources_list_stat_result + +- include_tasks: migrate-from-switchaai.yml + when: switchaai_sources_list_stat_result.stat.exists + +- name: Install shibboleth package for debian + apt: + update_cache: yes + name: libapache2-mod-shib diff --git a/ansible/roles/shibboleth/tasks/main.yml b/ansible/roles/shibboleth/tasks/main.yml index 51b11a1..2785e3b 100644 --- a/ansible/roles/shibboleth/tasks/main.yml +++ b/ansible/roles/shibboleth/tasks/main.yml @@ -3,11 +3,10 @@ # Fail for unsupported versions - fail: msg='unsupported OS version {{ ansible_distribution }} {{ ansible_distribution_release }}' - vars: - supported_versions: - - 'Debian stretch' - - 'Debian buster' - when: (ansible_distribution + ' ' + ansible_distribution_release) not in supported_versions + when: ansible_distribution != 'Debian' + +- debug: + var: ansible_distribution_version - include: debianstretch.yml when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch' @@ -15,4 +14,7 @@ - include: debianbuster.yml when: ansible_distribution == 'Debian' and ansible_distribution_release == 'buster' +- include: debian-from-bullseye.yml + when: ansible_distribution == 'Debian' and ansible_distribution_version is version('11', '>=') + - include: shibbolethconfig.yml diff --git a/ansible/roles/shibboleth/tasks/migrate-from-switchaai.yml b/ansible/roles/shibboleth/tasks/migrate-from-switchaai.yml new file mode 100644 index 0000000..f23c220 --- /dev/null +++ b/ansible/roles/shibboleth/tasks/migrate-from-switchaai.yml @@ -0,0 +1,26 @@ + +- name: Remove switchaai shibboleth + apt: + name: shibboleth + state: absent + +- command: + cmd: apt-mark manual libapache2-mod-shib + +- name: Remove switchaai-apt-source + apt: + name: switchaai-apt-source + purge: true + state: absent + +- name: Remove switchaai files + file: + path: "{{ item }}" + state: absent + loop: + - /etc/apt/trusted.gpg.d/SWITCHaai-swdistrib.gpg + - /etc/apt/sources.list.d/SWITCHaai-swdistrib.list + +- name: apt update + apt: + update_cache: true