diff --git a/roles/configure-mirrors/README.rst b/roles/configure-mirrors/README.rst index d7d6570d0..8152ce499 100644 --- a/roles/configure-mirrors/README.rst +++ b/roles/configure-mirrors/README.rst @@ -7,6 +7,13 @@ An ansible role to configure services to use mirrors. The base host for mirror servers. +.. zuul:rolevar:: mirror_use_ssl + :default: False + + Use ssl to communicate to mirror endpoints. Note if the platform + cannot use ssl (for example Ubuntu Xenial apt needs additional packages) + this will still use http instead of https when set for that platform. + .. zuul:rolevar:: pypi_fqdn :default: {{ mirror_fqdn }} diff --git a/roles/configure-mirrors/defaults/main.yaml b/roles/configure-mirrors/defaults/main.yaml index 4a07e2c90..7cd665bb7 100644 --- a/roles/configure-mirrors/defaults/main.yaml +++ b/roles/configure-mirrors/defaults/main.yaml @@ -1,5 +1,12 @@ +set_apt_mirrors_trusted: False mirror_fqdn: "{{ zuul_site_mirror_fqdn|default(omit) }}" pypi_fqdn: "{{ mirror_fqdn }}" -pypi_mirror: "http://{{ pypi_fqdn }}/pypi/simple" -set_apt_mirrors_trusted: False -wheel_mirror: "http://{{ mirror_fqdn }}/wheel/{{ ansible_distribution | lower }}-{{ ansible_distribution_version }}-{{ ansible_architecture | lower }}" +mirror_use_ssl: False +http_or_https: >- + {%- if mirror_use_ssl and ansible_distribution_release not in ['xenial', 'stretch'] -%} + https + {%- else -%} + http + {%- endif -%} +pypi_mirror: "{{ http_or_https }}://{{ pypi_fqdn }}/pypi/simple" +wheel_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/wheel/{{ ansible_distribution | lower }}-{{ ansible_distribution_version }}-{{ ansible_architecture | lower }}" diff --git a/roles/configure-mirrors/vars/CentOS.yaml b/roles/configure-mirrors/vars/CentOS.yaml index 79ea83ed0..7821347ea 100644 --- a/roles/configure-mirrors/vars/CentOS.yaml +++ b/roles/configure-mirrors/vars/CentOS.yaml @@ -1,2 +1,2 @@ -package_mirror: "http://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}" -epel_mirror: "http://{{ mirror_fqdn }}/epel" +package_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}" +epel_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/epel" diff --git a/roles/configure-mirrors/vars/Debian.yaml b/roles/configure-mirrors/vars/Debian.yaml index 37406c126..8b24e3331 100644 --- a/roles/configure-mirrors/vars/Debian.yaml +++ b/roles/configure-mirrors/vars/Debian.yaml @@ -1,2 +1,2 @@ -package_mirror: "http://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}" -security_mirror: "http://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}-security" +package_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}" +security_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}-security" diff --git a/roles/configure-mirrors/vars/Fedora.yaml b/roles/configure-mirrors/vars/Fedora.yaml index e4da29a79..a2b5d4c87 100644 --- a/roles/configure-mirrors/vars/Fedora.yaml +++ b/roles/configure-mirrors/vars/Fedora.yaml @@ -1 +1 @@ -package_mirror: "http://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}" +package_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}" diff --git a/roles/configure-mirrors/vars/Suse.yaml b/roles/configure-mirrors/vars/Suse.yaml index 5947d7121..52c4800f5 100644 --- a/roles/configure-mirrors/vars/Suse.yaml +++ b/roles/configure-mirrors/vars/Suse.yaml @@ -1,7 +1,7 @@ -package_mirror: "http://{{ mirror_fqdn }}/opensuse" wheels_slug: "{%- if ansible_distribution == 'openSUSE Tumbleweed' -%} opensuse-tumbleweed-{{ ansible_architecture | lower }} {%- else -%} {{ ansible_distribution | lower }}-{{ ansible_distribution_version }}-{{ ansible_architecture | lower }} {%- endif -%}" -wheel_mirror: "http://{{ mirror_fqdn }}/wheel/{{ wheels_slug }}" +package_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/opensuse" +wheel_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/wheel/{{ wheels_slug }}" diff --git a/roles/configure-mirrors/vars/Ubuntu.aarch64.yaml b/roles/configure-mirrors/vars/Ubuntu.aarch64.yaml index 047179039..cd9b03768 100644 --- a/roles/configure-mirrors/vars/Ubuntu.aarch64.yaml +++ b/roles/configure-mirrors/vars/Ubuntu.aarch64.yaml @@ -1 +1 @@ -package_mirror: "http://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}-ports" +package_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}-ports" diff --git a/roles/configure-mirrors/vars/Ubuntu.yaml b/roles/configure-mirrors/vars/Ubuntu.yaml index e4da29a79..a2b5d4c87 100644 --- a/roles/configure-mirrors/vars/Ubuntu.yaml +++ b/roles/configure-mirrors/vars/Ubuntu.yaml @@ -1 +1 @@ -package_mirror: "http://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}" +package_mirror: "{{ http_or_https }}://{{ mirror_fqdn }}/{{ ansible_distribution | lower }}" diff --git a/test-playbooks/base-roles/configure-mirrors.yaml b/test-playbooks/base-roles/configure-mirrors.yaml index 1efedb8fe..114ad5a2d 100644 --- a/test-playbooks/base-roles/configure-mirrors.yaml +++ b/test-playbooks/base-roles/configure-mirrors.yaml @@ -1,4 +1,4 @@ -- name: Test the configure-mirrors role +- name: Test the configure-mirrors role with http hosts: all roles: - role: configure-mirrors @@ -9,7 +9,30 @@ set_fact: emacs_package: app-editors/emacs when: ansible_distribution == 'Gentoo' - - name: Install a package to sanity check the mirror configuration + - name: Install a package to sanity check the http mirror configuration + package: + name: "{{ emacs_package | default('emacs') }}" + state: "present" + become: yes + +- name: Test the configure-mirrors role with https + hosts: all + roles: + - role: configure-mirrors + mirror_fqdn: "{{ zuul_site_mirror_fqdn }}" + mirror_use_ssl: True + set_apt_mirrors_trusted: True + post_tasks: + - name: Set emacs package fact for gentoo + set_fact: + emacs_package: app-editors/emacs + when: ansible_distribution == 'Gentoo' + - name: Remove existing emacs package install + package: + name: "{{ emacs_package | default('emacs') }}" + state: "absent" + become: yes + - name: Install a package to sanity check the https mirror configuration package: name: "{{ emacs_package | default('emacs') }}" state: "present"