From 470d9078f4dac1858cb227d1254b0593a1e27160 Mon Sep 17 00:00:00 2001 From: Nils Date: Fri, 8 Aug 2025 21:42:04 +0200 Subject: [PATCH 01/12] chore: add sources using deb822 --- README.md | 11 +++++++++-- defaults/main.yml | 6 ++++++ meta/main.yml | 9 ++++++++- tasks/setup-Debian.yml | 33 +++++++++++++++++++++++++++++++-- 4 files changed, 54 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index aa2a11f..e92b9d8 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,11 @@ [![CI](https://github.com/geerlingguy/ansible-role-filebeat/actions/workflows/ci.yml/badge.svg)](https://github.com/geerlingguy/ansible-role-filebeat/actions/workflows/ci.yml) -An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat) on RedHat/CentOS or Debian/Ubuntu. +An Ansible Role that installs [Filebeat](https://www.elastic.co/products/beats/filebeat) on RedHat/CentOS or Debian/Ubuntu. Supports both traditional APT repository format and the DEB822 format for Debian 13+ and Ubuntu 24+. ## Requirements -None. +- Ansible 2.15+ (required for DEB822 repository format support on modern Debian/Ubuntu systems) ## Role Variables @@ -16,6 +16,13 @@ Available variables are listed below, along with default values (see `defaults/m Controls the major version of Filebeat which is installed. + filebeat_repo_format: auto + +Controls the repository format used for Debian/Ubuntu systems. Options: +- `auto` (default): Automatically choose format based on OS version (DEB822 for Debian 13+ and Ubuntu 24+, traditional format for older versions) +- `traditional`: Force traditional apt_repository format +- `deb822`: Force DEB822 repository format + filebeat_package: filebeat filebeat_package_state: present diff --git a/defaults/main.yml b/defaults/main.yml index d3ec0fc..f7b4146 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,12 @@ filebeat_version: 7.x filebeat_package: filebeat filebeat_package_state: present +# Repository configuration +# Set to 'auto' to automatically choose format based on OS version +# Set to 'traditional' to force traditional apt_repository format +# Set to 'deb822' to force DEB822 format +filebeat_repo_format: auto + filebeat_create_config: true filebeat_template: "filebeat.yml.j2" diff --git a/meta/main.yml b/meta/main.yml index 5f4ca5f..522b61e 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -7,17 +7,24 @@ galaxy_info: description: Filebeat for Linux. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" - min_ansible_version: 2.10 + min_ansible_version: "2.15" platforms: - name: Debian versions: - jessie - stretch + - buster + - bullseye + - bookworm + - trixie - name: Ubuntu versions: - trusty - xenial - bionic + - focal + - jammy + - noble galaxy_tags: - web - system diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 7772c31..ea85f90 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -6,14 +6,43 @@ - gnupg2 state: present -- name: Add Elasticsearch apt key. +- name: Add Elasticsearch apt key (for traditional repository format). apt_key: url: https://artifacts.elastic.co/GPG-KEY-elasticsearch id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 state: present + when: > + filebeat_repo_format == 'traditional' or + (filebeat_repo_format == 'auto' and ( + ansible_distribution_major_version | int < 12 or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) + )) -- name: Add Filebeat repository. +- name: Add Filebeat repository (traditional format). apt_repository: repo: 'deb https://artifacts.elastic.co/packages/{{ filebeat_version }}/apt stable main' state: present update_cache: true + when: > + filebeat_repo_format == 'traditional' or + (filebeat_repo_format == 'auto' and ( + ansible_distribution_major_version | int < 12 or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) + )) + +- name: Add Filebeat repository (DEB822 format for Debian 12+ and Ubuntu 22+). + deb822_repository: + name: elasticsearch + types: [deb] + uris: https://artifacts.elastic.co/packages/{{ filebeat_version }}/apt + suites: [stable] + components: [main] + signed_by: https://artifacts.elastic.co/GPG-KEY-elasticsearch + state: present + update_cache: true + when: > + filebeat_repo_format == 'deb822' or + (filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + )) From e940d92bdac246e1d147497881f639617e71f8f4 Mon Sep 17 00:00:00 2001 From: Nils Date: Fri, 8 Aug 2025 21:44:18 +0200 Subject: [PATCH 02/12] chore: cleanup old sources for Debian/Ubuntu --- README.md | 6 +++++- defaults/main.yml | 3 +++ tasks/setup-Debian.yml | 43 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e92b9d8..6e9a4d1 100644 --- a/README.md +++ b/README.md @@ -19,10 +19,14 @@ Controls the major version of Filebeat which is installed. filebeat_repo_format: auto Controls the repository format used for Debian/Ubuntu systems. Options: -- `auto` (default): Automatically choose format based on OS version (DEB822 for Debian 13+ and Ubuntu 24+, traditional format for older versions) +- `auto` (default): Automatically choose format based on OS version (DEB822 for Debian 12+ and Ubuntu 22+, traditional format for older versions) - `traditional`: Force traditional apt_repository format - `deb822`: Force DEB822 repository format + filebeat_cleanup_old_sources: true + +Whether to clean up old repository source list entries when using DEB822 format. When enabled, this will remove old APT keys and source list files to prevent conflicts between traditional and DEB822 repository formats. + filebeat_package: filebeat filebeat_package_state: present diff --git a/defaults/main.yml b/defaults/main.yml index f7b4146..5a9c13d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,6 +9,9 @@ filebeat_package_state: present # Set to 'deb822' to force DEB822 format filebeat_repo_format: auto +# Whether to clean up old repository sources when using DEB822 format +filebeat_cleanup_old_sources: true + filebeat_create_config: true filebeat_template: "filebeat.yml.j2" diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index ea85f90..67ef905 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -46,3 +46,46 @@ (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) )) + +- name: Remove old Elasticsearch APT key when using DEB822 format. + apt_key: + id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 + state: absent + when: > + filebeat_cleanup_old_sources and ( + filebeat_repo_format == 'deb822' or + (filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + )) + ) + +- name: Remove old Elasticsearch repository from sources.list.d when using DEB822 format. + apt_repository: + repo: 'deb https://artifacts.elastic.co/packages/{{ filebeat_version }}/apt stable main' + state: absent + when: > + filebeat_cleanup_old_sources and ( + filebeat_repo_format == 'deb822' or + (filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + )) + ) + +- name: Remove potential old Elasticsearch repository files. + file: + path: "{{ item }}" + state: absent + loop: + - /etc/apt/sources.list.d/elasticsearch.list + - /etc/apt/sources.list.d/elastic-{{ filebeat_version }}.list + - /etc/apt/sources.list.d/filebeat.list + when: > + filebeat_cleanup_old_sources and ( + filebeat_repo_format == 'deb822' or + (filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + )) + ) From e97bc70f6414f4644bdbd446ce88b8ad8f900ee1 Mon Sep 17 00:00:00 2001 From: Nils Date: Fri, 8 Aug 2025 21:54:11 +0200 Subject: [PATCH 03/12] feat: enhance CI with additional scenarios and repository format validation for Debian/Ubuntu --- .github/workflows/ci.yml | 119 +++++++++++++++++++++++++++++-- molecule/deb822/converge.yml | 66 +++++++++++++++++ molecule/deb822/molecule.yml | 37 ++++++++++ molecule/deb822/requirements.yml | 3 + 4 files changed, 220 insertions(+), 5 deletions(-) create mode 100644 molecule/deb822/converge.yml create mode 100644 molecule/deb822/molecule.yml create mode 100644 molecule/deb822/requirements.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b3ef8e3..42102bc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,10 +40,21 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - distro: - - rockylinux9 - - ubuntu2404 - - debian12 + include: + - distro: rockylinux9 + scenario: default + - distro: ubuntu2404 + scenario: default + - distro: ubuntu2204 + scenario: default + - distro: debian12 + scenario: default + - distro: debian11 + scenario: default + - distro: ubuntu2404 + scenario: deb822 + - distro: debian12 + scenario: deb822 steps: - name: Check out the codebase. @@ -60,8 +71,106 @@ jobs: run: pip3 install ansible molecule molecule-plugins[docker] docker - name: Run Molecule tests. - run: molecule test + run: molecule test -s ${{ matrix.scenario }} env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' MOLECULE_DISTRO: ${{ matrix.distro }} + + repository-format-tests: + name: Repository Format Tests + runs-on: ubuntu-latest + strategy: + matrix: + include: + - distro: ubuntu2404 + repo_format: auto + expected_format: deb822 + - distro: ubuntu2404 + repo_format: traditional + expected_format: traditional + - distro: ubuntu2404 + repo_format: deb822 + expected_format: deb822 + - distro: debian12 + repo_format: auto + expected_format: deb822 + - distro: debian11 + repo_format: auto + expected_format: traditional + + steps: + - name: Check out the codebase. + uses: actions/checkout@v4 + with: + path: 'geerlingguy.filebeat' + + - name: Set up Python 3. + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule molecule-plugins[docker] docker + + - name: Create test playbook for repository format validation. + run: | + cat > validate-repo-format.yml << 'EOF' + --- + - name: Test repository format + hosts: all + become: yes + vars: + filebeat_repo_format: ${{ matrix.repo_format }} + filebeat_version: 8.x + tasks: + - name: Include role tasks + include_tasks: tasks/setup-Debian.yml + when: ansible_os_family == 'Debian' + + - name: Check if DEB822 repository exists + stat: + path: /etc/apt/sources.list.d/elasticsearch.sources + register: deb822_repo + when: ansible_os_family == 'Debian' + + - name: Check if traditional repository exists + shell: grep -r "artifacts.elastic.co" /etc/apt/sources.list.d/*.list || true + register: traditional_repo + when: ansible_os_family == 'Debian' + changed_when: false + + - name: Validate DEB822 format is used when expected + assert: + that: + - deb822_repo.stat.exists + msg: "DEB822 repository file should exist" + when: + - ansible_os_family == 'Debian' + - "'${{ matrix.expected_format }}' == 'deb822'" + + - name: Validate traditional format is used when expected + assert: + that: + - traditional_repo.stdout != "" + msg: "Traditional repository should exist" + when: + - ansible_os_family == 'Debian' + - "'${{ matrix.expected_format }}' == 'traditional'" + EOF + + - name: Run repository format validation. + run: | + molecule create + molecule converge -s default -- --extra-vars "filebeat_repo_format=${{ matrix.repo_format }}" + ansible-playbook -i molecule/default/.molecule/ansible_inventory/hosts validate-repo-format.yml + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} + + - name: Cleanup. + run: molecule destroy + if: always() + env: + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/molecule/deb822/converge.yml b/molecule/deb822/converge.yml new file mode 100644 index 0000000..b63e541 --- /dev/null +++ b/molecule/deb822/converge.yml @@ -0,0 +1,66 @@ +--- +- name: Converge + hosts: all + become: true + vars: + filebeat_version: 8.x + filebeat_create_config: false # Skip config creation for repository testing + + pre_tasks: + - name: Update apt cache. + apt: update_cache=yes cache_valid_time=600 + when: ansible_os_family == 'Debian' + + - name: Set the java_packages variable (Debian/Ubuntu). + set_fact: + java_packages: + - openjdk-11-jdk + when: ansible_os_family == 'Debian' + + roles: + - role: geerlingguy.java + when: ansible_os_family == 'Debian' + - role: ansible-role-filebeat + + post_tasks: + - name: Verify DEB822 repository exists for systems using DEB822 format + stat: + path: /etc/apt/sources.list.d/elasticsearch.sources + register: deb822_repo + when: + - ansible_os_family == 'Debian' + - filebeat_repo_format == 'deb822' or (filebeat_repo_format == 'auto' and ((ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22))) + + - name: Assert DEB822 repository exists when expected + assert: + that: + - deb822_repo.stat.exists + msg: "DEB822 repository file should exist at /etc/apt/sources.list.d/elasticsearch.sources" + when: + - ansible_os_family == 'Debian' + - filebeat_repo_format == 'deb822' or (filebeat_repo_format == 'auto' and ((ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22))) + + - name: Verify traditional repository does not exist when using DEB822 + shell: grep -r "artifacts.elastic.co" /etc/apt/sources.list.d/*.list || true + register: traditional_repo_check + changed_when: false + when: + - ansible_os_family == 'Debian' + - filebeat_cleanup_old_sources + - filebeat_repo_format == 'deb822' or (filebeat_repo_format == 'auto' and ((ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22))) + + - name: Assert old traditional repositories are cleaned up + assert: + that: + - traditional_repo_check.stdout == "" + msg: "Traditional repository entries should be cleaned up when using DEB822 format" + when: + - ansible_os_family == 'Debian' + - filebeat_cleanup_old_sources + - filebeat_repo_format == 'deb822' or (filebeat_repo_format == 'auto' and ((ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22))) + + - name: Verify filebeat package is installable + package: + name: filebeat + state: present + when: ansible_os_family == 'Debian' diff --git a/molecule/deb822/molecule.yml b/molecule/deb822/molecule.yml new file mode 100644 index 0000000..e19fecb --- /dev/null +++ b/molecule/deb822/molecule.yml @@ -0,0 +1,37 @@ +--- +role_name_check: 1 +dependency: + name: galaxy + options: + ignore-errors: true +driver: + name: docker +platforms: + - name: ubuntu2404-deb822 + image: "geerlingguy/docker-ubuntu2404-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + - name: debian12-deb822 + image: "geerlingguy/docker-debian12-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} + inventory: + host_vars: + ubuntu2404-deb822: + filebeat_repo_format: deb822 + filebeat_cleanup_old_sources: true + debian12-deb822: + filebeat_repo_format: auto + filebeat_cleanup_old_sources: true diff --git a/molecule/deb822/requirements.yml b/molecule/deb822/requirements.yml new file mode 100644 index 0000000..2c26e61 --- /dev/null +++ b/molecule/deb822/requirements.yml @@ -0,0 +1,3 @@ +--- +- name: galaxy + src: geerlingguy.java From 6aae4940baee69c9a0a482a482e3d6c68e82bfad Mon Sep 17 00:00:00 2001 From: Nils Date: Sat, 9 Aug 2025 17:44:42 +0200 Subject: [PATCH 04/12] feat: add DEB822 repository support and improve CI pipeline - Add DEB822 repository format support for Debian 12+ and Ubuntu 22+ - Implement automatic format detection based on OS version - Add optional cleanup of old traditional repository sources - Include python3-debian dependency for DEB822 module support - Fix deb822_repository module parameter usage - Enhance CI pipeline with dedicated DEB822 test scenario - Improve code quality with linting fixes - Set cleanup to false by default to ensure idempotence - Update Java package version to openjdk-17-jdk for compatibility --- defaults/main.yml | 3 ++- molecule/deb822/converge.yml | 44 ++++++++++++++++++++++++-------- molecule/deb822/requirements.yml | 2 +- molecule/default/converge.yml | 2 +- tasks/config.yml | 2 +- tasks/setup-Debian.yml | 20 +++++++++++++++ 6 files changed, 59 insertions(+), 14 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 5a9c13d..b077d81 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -10,7 +10,8 @@ filebeat_package_state: present filebeat_repo_format: auto # Whether to clean up old repository sources when using DEB822 format -filebeat_cleanup_old_sources: true +# Set to false by default to avoid conflicts with other Elastic Stack components +filebeat_cleanup_old_sources: false filebeat_create_config: true filebeat_template: "filebeat.yml.j2" diff --git a/molecule/deb822/converge.yml b/molecule/deb822/converge.yml index b63e541..6402339 100644 --- a/molecule/deb822/converge.yml +++ b/molecule/deb822/converge.yml @@ -14,50 +14,74 @@ - name: Set the java_packages variable (Debian/Ubuntu). set_fact: java_packages: - - openjdk-11-jdk + - openjdk-17-jdk when: ansible_os_family == 'Debian' roles: - role: geerlingguy.java when: ansible_os_family == 'Debian' - - role: ansible-role-filebeat + - role: geerlingguy.filebeat post_tasks: - name: Verify DEB822 repository exists for systems using DEB822 format stat: path: /etc/apt/sources.list.d/elasticsearch.sources register: deb822_repo - when: + when: - ansible_os_family == 'Debian' - - filebeat_repo_format == 'deb822' or (filebeat_repo_format == 'auto' and ((ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22))) + - > + filebeat_repo_format == 'deb822' or ( + filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + ) + ) - name: Assert DEB822 repository exists when expected assert: that: - deb822_repo.stat.exists msg: "DEB822 repository file should exist at /etc/apt/sources.list.d/elasticsearch.sources" - when: + when: - ansible_os_family == 'Debian' - - filebeat_repo_format == 'deb822' or (filebeat_repo_format == 'auto' and ((ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22))) + - > + filebeat_repo_format == 'deb822' or ( + filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + ) + ) - name: Verify traditional repository does not exist when using DEB822 shell: grep -r "artifacts.elastic.co" /etc/apt/sources.list.d/*.list || true register: traditional_repo_check changed_when: false - when: + when: - ansible_os_family == 'Debian' - filebeat_cleanup_old_sources - - filebeat_repo_format == 'deb822' or (filebeat_repo_format == 'auto' and ((ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22))) + - > + filebeat_repo_format == 'deb822' or ( + filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + ) + ) - name: Assert old traditional repositories are cleaned up assert: that: - traditional_repo_check.stdout == "" msg: "Traditional repository entries should be cleaned up when using DEB822 format" - when: + when: - ansible_os_family == 'Debian' - filebeat_cleanup_old_sources - - filebeat_repo_format == 'deb822' or (filebeat_repo_format == 'auto' and ((ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22))) + - > + filebeat_repo_format == 'deb822' or ( + filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + ) + ) - name: Verify filebeat package is installable package: diff --git a/molecule/deb822/requirements.yml b/molecule/deb822/requirements.yml index 2c26e61..92d9207 100644 --- a/molecule/deb822/requirements.yml +++ b/molecule/deb822/requirements.yml @@ -1,3 +1,3 @@ --- -- name: galaxy +- name: geerlingguy.java src: geerlingguy.java diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 7ff5f94..371863c 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,7 +1,7 @@ --- - name: Converge hosts: all - #become: true + # become: true pre_tasks: - name: Update apt cache. diff --git a/tasks/config.yml b/tasks/config.yml index d320493..c2938aa 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -34,4 +34,4 @@ - filebeat_ssl_key_file | default(false) - filebeat_ssl_certificate_file | default(false) -#- name: Ensure filebeat can read system's private key +# - name: Ensure filebeat can read system's private key diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 67ef905..f8427a4 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -6,6 +6,17 @@ - gnupg2 state: present +- name: Ensure python3-debian is present for DEB822 repository management. + apt: + name: python3-debian + state: present + when: > + filebeat_repo_format == 'deb822' or + (filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + )) + - name: Add Elasticsearch apt key (for traditional repository format). apt_key: url: https://artifacts.elastic.co/GPG-KEY-elasticsearch @@ -39,6 +50,15 @@ components: [main] signed_by: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present + when: > + filebeat_repo_format == 'deb822' or + (filebeat_repo_format == 'auto' and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + )) + +- name: Update apt cache after adding DEB822 repository. + apt: update_cache: true when: > filebeat_repo_format == 'deb822' or From ac8d4b225bd748f950c495a7aa9649b3e1f5fa12 Mon Sep 17 00:00:00 2001 From: Nils Heesemann Date: Tue, 12 Aug 2025 18:40:47 +0200 Subject: [PATCH 05/12] feat: enable cleanup of old repository sources for DEB822 format (#3) --- .github/workflows/ci.yml | 106 +++---------------------------- defaults/main.yml | 13 ++-- molecule/deb822/converge.yml | 85 +++++++++++++++---------- molecule/deb822/molecule.yml | 8 +-- molecule/deb822/requirements.yml | 3 - molecule/default/converge.yml | 4 +- tasks/setup-Debian.yml | 93 +++++++++++++-------------- 7 files changed, 110 insertions(+), 202 deletions(-) delete mode 100644 molecule/deb822/requirements.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 42102bc..6c64e21 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,6 +55,14 @@ jobs: scenario: deb822 - distro: debian12 scenario: deb822 + - distro: ubuntu2204 + scenario: deb822 + - distro: debian11 + scenario: deb822 + - distro: ubuntu2004 + scenario: deb822 + - distro: debian13 + scenario: deb822 steps: - name: Check out the codebase. @@ -76,101 +84,3 @@ jobs: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' MOLECULE_DISTRO: ${{ matrix.distro }} - - repository-format-tests: - name: Repository Format Tests - runs-on: ubuntu-latest - strategy: - matrix: - include: - - distro: ubuntu2404 - repo_format: auto - expected_format: deb822 - - distro: ubuntu2404 - repo_format: traditional - expected_format: traditional - - distro: ubuntu2404 - repo_format: deb822 - expected_format: deb822 - - distro: debian12 - repo_format: auto - expected_format: deb822 - - distro: debian11 - repo_format: auto - expected_format: traditional - - steps: - - name: Check out the codebase. - uses: actions/checkout@v4 - with: - path: 'geerlingguy.filebeat' - - - name: Set up Python 3. - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install ansible molecule molecule-plugins[docker] docker - - - name: Create test playbook for repository format validation. - run: | - cat > validate-repo-format.yml << 'EOF' - --- - - name: Test repository format - hosts: all - become: yes - vars: - filebeat_repo_format: ${{ matrix.repo_format }} - filebeat_version: 8.x - tasks: - - name: Include role tasks - include_tasks: tasks/setup-Debian.yml - when: ansible_os_family == 'Debian' - - - name: Check if DEB822 repository exists - stat: - path: /etc/apt/sources.list.d/elasticsearch.sources - register: deb822_repo - when: ansible_os_family == 'Debian' - - - name: Check if traditional repository exists - shell: grep -r "artifacts.elastic.co" /etc/apt/sources.list.d/*.list || true - register: traditional_repo - when: ansible_os_family == 'Debian' - changed_when: false - - - name: Validate DEB822 format is used when expected - assert: - that: - - deb822_repo.stat.exists - msg: "DEB822 repository file should exist" - when: - - ansible_os_family == 'Debian' - - "'${{ matrix.expected_format }}' == 'deb822'" - - - name: Validate traditional format is used when expected - assert: - that: - - traditional_repo.stdout != "" - msg: "Traditional repository should exist" - when: - - ansible_os_family == 'Debian' - - "'${{ matrix.expected_format }}' == 'traditional'" - EOF - - - name: Run repository format validation. - run: | - molecule create - molecule converge -s default -- --extra-vars "filebeat_repo_format=${{ matrix.repo_format }}" - ansible-playbook -i molecule/default/.molecule/ansible_inventory/hosts validate-repo-format.yml - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - MOLECULE_DISTRO: ${{ matrix.distro }} - - - name: Cleanup. - run: molecule destroy - if: always() - env: - MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/defaults/main.yml b/defaults/main.yml index b077d81..9deb633 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,15 +3,10 @@ filebeat_version: 7.x filebeat_package: filebeat filebeat_package_state: present -# Repository configuration -# Set to 'auto' to automatically choose format based on OS version -# Set to 'traditional' to force traditional apt_repository format -# Set to 'deb822' to force DEB822 format -filebeat_repo_format: auto - -# Whether to clean up old repository sources when using DEB822 format -# Set to false by default to avoid conflicts with other Elastic Stack components -filebeat_cleanup_old_sources: false +# Repository configuration is automatic based on OS version: +# - Debian 12+ and Ubuntu 22+ use DEB822 format (modern systems) +# - Older systems use traditional apt_repository format +# Old repository sources are automatically cleaned up on modern systems filebeat_create_config: true filebeat_template: "filebeat.yml.j2" diff --git a/molecule/deb822/converge.yml b/molecule/deb822/converge.yml index 6402339..407bc8a 100644 --- a/molecule/deb822/converge.yml +++ b/molecule/deb822/converge.yml @@ -11,15 +11,7 @@ apt: update_cache=yes cache_valid_time=600 when: ansible_os_family == 'Debian' - - name: Set the java_packages variable (Debian/Ubuntu). - set_fact: - java_packages: - - openjdk-17-jdk - when: ansible_os_family == 'Debian' - roles: - - role: geerlingguy.java - when: ansible_os_family == 'Debian' - role: geerlingguy.filebeat post_tasks: @@ -30,12 +22,8 @@ when: - ansible_os_family == 'Debian' - > - filebeat_repo_format == 'deb822' or ( - filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - ) - ) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - name: Assert DEB822 repository exists when expected assert: @@ -45,12 +33,8 @@ when: - ansible_os_family == 'Debian' - > - filebeat_repo_format == 'deb822' or ( - filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - ) - ) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - name: Verify traditional repository does not exist when using DEB822 shell: grep -r "artifacts.elastic.co" /etc/apt/sources.list.d/*.list || true @@ -58,14 +42,9 @@ changed_when: false when: - ansible_os_family == 'Debian' - - filebeat_cleanup_old_sources - > - filebeat_repo_format == 'deb822' or ( - filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - ) - ) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - name: Assert old traditional repositories are cleaned up assert: @@ -74,17 +53,55 @@ msg: "Traditional repository entries should be cleaned up when using DEB822 format" when: - ansible_os_family == 'Debian' - - filebeat_cleanup_old_sources - > - filebeat_repo_format == 'deb822' or ( - filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - ) - ) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - name: Verify filebeat package is installable package: name: filebeat state: present when: ansible_os_family == 'Debian' + + # Tests for older systems (should use traditional format) + - name: Verify DEB822 repository does NOT exist for older systems + stat: + path: /etc/apt/sources.list.d/elasticsearch.sources + register: deb822_repo_old + when: + - ansible_os_family == 'Debian' + - > + (ansible_distribution == "Debian" and ansible_distribution_major_version | int < 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) + + - name: Assert DEB822 repository does NOT exist on older systems + assert: + that: + - not deb822_repo_old.stat.exists + msg: "DEB822 repository file should NOT exist on older systems (< Debian 12 or < Ubuntu 22)" + when: + - ansible_os_family == 'Debian' + - > + (ansible_distribution == "Debian" and ansible_distribution_major_version | int < 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) + + - name: Verify traditional repository exists for older systems + shell: grep -r "artifacts.elastic.co" /etc/apt/sources.list.d/*.list || true + register: traditional_repo_old + changed_when: false + when: + - ansible_os_family == 'Debian' + - > + (ansible_distribution == "Debian" and ansible_distribution_major_version | int < 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) + + - name: Assert traditional repository exists on older systems + assert: + that: + - traditional_repo_old.stdout != "" + msg: "Traditional repository should exist on older systems (< Debian 12 or < Ubuntu 22)" + when: + - ansible_os_family == 'Debian' + - > + (ansible_distribution == "Debian" and ansible_distribution_major_version | int < 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) diff --git a/molecule/deb822/molecule.yml b/molecule/deb822/molecule.yml index e19fecb..b4966c1 100644 --- a/molecule/deb822/molecule.yml +++ b/molecule/deb822/molecule.yml @@ -29,9 +29,5 @@ provisioner: converge: ${MOLECULE_PLAYBOOK:-converge.yml} inventory: host_vars: - ubuntu2404-deb822: - filebeat_repo_format: deb822 - filebeat_cleanup_old_sources: true - debian12-deb822: - filebeat_repo_format: auto - filebeat_cleanup_old_sources: true + ubuntu2404-deb822: {} + debian12-deb822: {} diff --git a/molecule/deb822/requirements.yml b/molecule/deb822/requirements.yml deleted file mode 100644 index 92d9207..0000000 --- a/molecule/deb822/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: geerlingguy.java - src: geerlingguy.java diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 371863c..8e752ab 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -28,6 +28,6 @@ roles: - role: geerlingguy.java - - role: geerlingguy.elasticsearch - - role: geerlingguy.logstash + # - role: geerlingguy.elasticsearch + # - role: geerlingguy.logstash - role: geerlingguy.filebeat diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index f8427a4..11e31b4 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -11,11 +11,8 @@ name: python3-debian state: present when: > - filebeat_repo_format == 'deb822' or - (filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - )) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - name: Add Elasticsearch apt key (for traditional repository format). apt_key: @@ -23,11 +20,8 @@ id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 state: present when: > - filebeat_repo_format == 'traditional' or - (filebeat_repo_format == 'auto' and ( - ansible_distribution_major_version | int < 12 or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) - )) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int < 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) - name: Add Filebeat repository (traditional format). apt_repository: @@ -35,11 +29,8 @@ state: present update_cache: true when: > - filebeat_repo_format == 'traditional' or - (filebeat_repo_format == 'auto' and ( - ansible_distribution_major_version | int < 12 or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) - )) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int < 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int < 22) - name: Add Filebeat repository (DEB822 format for Debian 12+ and Ubuntu 22+). deb822_repository: @@ -51,61 +42,63 @@ signed_by: https://artifacts.elastic.co/GPG-KEY-elasticsearch state: present when: > - filebeat_repo_format == 'deb822' or - (filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - )) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - name: Update apt cache after adding DEB822 repository. apt: update_cache: true when: > - filebeat_repo_format == 'deb822' or - (filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - )) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) -- name: Remove old Elasticsearch APT key when using DEB822 format. +- name: Remove old Elasticsearch APT key when using DEB822 format (Debian 12). + # Note: apt_key is deprecated in Debian 13+, so we only use it for Debian 12 apt_key: id: 46095ACC8548582C1A2699A9D27D666CD88E42B4 state: absent when: > - filebeat_cleanup_old_sources and ( - filebeat_repo_format == 'deb822' or - (filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - )) - ) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int == 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 22) - name: Remove old Elasticsearch repository from sources.list.d when using DEB822 format. apt_repository: repo: 'deb https://artifacts.elastic.co/packages/{{ filebeat_version }}/apt stable main' state: absent when: > - filebeat_cleanup_old_sources and ( - filebeat_repo_format == 'deb822' or - (filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - )) - ) + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) -- name: Remove potential old Elasticsearch repository files. - file: - path: "{{ item }}" - state: absent +- name: Check repository file formats before cleanup. + shell: | + if [ -f "{{ item }}" ]; then + # Check if file contains DEB822 format (has "Types:" field) + if grep -q "^Types:" "{{ item }}"; then + echo "deb822" + else + echo "traditional" + fi + else + echo "absent" + fi + register: repo_file_formats loop: - /etc/apt/sources.list.d/elasticsearch.list - /etc/apt/sources.list.d/elastic-{{ filebeat_version }}.list - /etc/apt/sources.list.d/filebeat.list + changed_when: false + when: > + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + +- name: Remove old traditional repository files (skip DEB822 format files). + file: + path: "{{ item.item }}" + state: absent + loop: "{{ repo_file_formats.results | default([]) }}" when: > - filebeat_cleanup_old_sources and ( - filebeat_repo_format == 'deb822' or - (filebeat_repo_format == 'auto' and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - )) + item.stdout is defined and + item.stdout == "traditional" and ( + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) ) From 39d8d337ae2b406cc2ba77469f408c1de47612a4 Mon Sep 17 00:00:00 2001 From: Nils Date: Tue, 12 Aug 2025 18:51:32 +0200 Subject: [PATCH 06/12] chore: remove deprecated repository format variables from README --- README.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/README.md b/README.md index 6e9a4d1..dd9c7cc 100644 --- a/README.md +++ b/README.md @@ -16,17 +16,6 @@ Available variables are listed below, along with default values (see `defaults/m Controls the major version of Filebeat which is installed. - filebeat_repo_format: auto - -Controls the repository format used for Debian/Ubuntu systems. Options: -- `auto` (default): Automatically choose format based on OS version (DEB822 for Debian 12+ and Ubuntu 22+, traditional format for older versions) -- `traditional`: Force traditional apt_repository format -- `deb822`: Force DEB822 repository format - - filebeat_cleanup_old_sources: true - -Whether to clean up old repository source list entries when using DEB822 format. When enabled, this will remove old APT keys and source list files to prevent conflicts between traditional and DEB822 repository formats. - filebeat_package: filebeat filebeat_package_state: present From 27d130aae193d22b6ff3abb417eed7ff22dac01c Mon Sep 17 00:00:00 2001 From: Nils Date: Tue, 12 Aug 2025 20:40:42 +0200 Subject: [PATCH 07/12] fix: update Elasticsearch repository filename format for consistency --- tasks/setup-Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 11e31b4..32489c7 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -84,7 +84,7 @@ register: repo_file_formats loop: - /etc/apt/sources.list.d/elasticsearch.list - - /etc/apt/sources.list.d/elastic-{{ filebeat_version }}.list + - /etc/apt/sources.list.d/artifacts_elastic_co_packages_{{ filebeat_version | replace('.','_') }}_apt.list - /etc/apt/sources.list.d/filebeat.list changed_when: false when: > From 5e8ec17675ac1ca7541e43e8796b9206a5fbe725 Mon Sep 17 00:00:00 2001 From: Nils Date: Tue, 12 Aug 2025 21:12:16 +0200 Subject: [PATCH 08/12] fix: repository file cleanup by using fileglob pattern --- tasks/setup-Debian.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 32489c7..b8feca3 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -82,10 +82,8 @@ echo "absent" fi register: repo_file_formats - loop: - - /etc/apt/sources.list.d/elasticsearch.list - - /etc/apt/sources.list.d/artifacts_elastic_co_packages_{{ filebeat_version | replace('.','_') }}_apt.list - - /etc/apt/sources.list.d/filebeat.list + with_fileglob: + - /etc/apt/sources.list.d/artifacts_elastic_co_packages_*_apt.list changed_when: false when: > (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or From 54a237cdd4a9ff8a671115bc8a174f634897e290 Mon Sep 17 00:00:00 2001 From: Nils Date: Tue, 12 Aug 2025 22:02:47 +0200 Subject: [PATCH 09/12] refactor: streamline removal of old traditional repository files for DEB822 format --- tasks/setup-Debian.yml | 32 +++++--------------------------- 1 file changed, 5 insertions(+), 27 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index b8feca3..8058255 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -69,34 +69,12 @@ (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) -- name: Check repository file formats before cleanup. - shell: | - if [ -f "{{ item }}" ]; then - # Check if file contains DEB822 format (has "Types:" field) - if grep -q "^Types:" "{{ item }}"; then - echo "deb822" - else - echo "traditional" - fi - else - echo "absent" - fi - register: repo_file_formats +- name: Remove old traditional repository files when using DEB822 format. + file: + path: "{{ item }}" + state: absent with_fileglob: - - /etc/apt/sources.list.d/artifacts_elastic_co_packages_*_apt.list - changed_when: false + - "/etc/apt/sources.list.d/artifacts_elastic_co_packages_*_apt.list" when: > (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - -- name: Remove old traditional repository files (skip DEB822 format files). - file: - path: "{{ item.item }}" - state: absent - loop: "{{ repo_file_formats.results | default([]) }}" - when: > - item.stdout is defined and - item.stdout == "traditional" and ( - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - ) From a1364635e6462d0075757189e37c5fa50ff3ced2 Mon Sep 17 00:00:00 2001 From: Nils Date: Tue, 12 Aug 2025 22:43:40 +0200 Subject: [PATCH 10/12] feat: add task to find Elasticsearch package sources for cleanup --- tasks/setup-Debian.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 8058255..77656d5 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -69,12 +69,21 @@ (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) +- name: Find all sources of elasticsearch packages. + find: + paths: "/etc/apt/sources.list.d/" + patterns: "artifacts_elastic_co_packages_*_apt.list" + register: elasticsearch_sources + when: > + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + changed_when: False + - name: Remove old traditional repository files when using DEB822 format. file: path: "{{ item }}" state: absent - with_fileglob: - - "/etc/apt/sources.list.d/artifacts_elastic_co_packages_*_apt.list" + with_items: "{{ elasticsearch_sources.files | map(attribute='path') | list }}" when: > (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) \ No newline at end of file From f8149fdce617c4307671674d730a1367975b415d Mon Sep 17 00:00:00 2001 From: Nils Date: Tue, 12 Aug 2025 22:48:37 +0200 Subject: [PATCH 11/12] fix: ensure proper newline at end of file in setup-Debian.yml --- tasks/setup-Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 77656d5..c0e3627 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -86,4 +86,4 @@ with_items: "{{ elasticsearch_sources.files | map(attribute='path') | list }}" when: > (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) \ No newline at end of file + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) From 07fe7161ba850a8c5dcaed371b04a8914c5f15be Mon Sep 17 00:00:00 2001 From: Nils Date: Thu, 21 Aug 2025 11:34:26 +0200 Subject: [PATCH 12/12] feat: reorder tasks to prevent multiple sources error with apt --- tasks/setup-Debian.yml | 55 +++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index c0e3627..92f5e85 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -6,10 +6,38 @@ - gnupg2 state: present +- name: Remove old Elasticsearch repository from sources.list.d when using DEB822 format. + apt_repository: + repo: 'deb https://artifacts.elastic.co/packages/{{ filebeat_version }}/apt stable main' + state: absent + when: > + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + +- name: Find all sources of elasticsearch packages. + find: + paths: "/etc/apt/sources.list.d/" + patterns: "artifacts_elastic_co_packages_*_apt.list" + register: elasticsearch_sources + when: > + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + changed_when: False + +- name: Remove old traditional repository files when using DEB822 format. + file: + path: "{{ item }}" + state: absent + with_items: "{{ elasticsearch_sources.files | map(attribute='path') | list }}" + when: > + (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) + - name: Ensure python3-debian is present for DEB822 repository management. apt: name: python3-debian state: present + update_cache: true when: > (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) @@ -60,30 +88,3 @@ when: > (ansible_distribution == "Debian" and ansible_distribution_major_version | int == 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 22) - -- name: Remove old Elasticsearch repository from sources.list.d when using DEB822 format. - apt_repository: - repo: 'deb https://artifacts.elastic.co/packages/{{ filebeat_version }}/apt stable main' - state: absent - when: > - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - -- name: Find all sources of elasticsearch packages. - find: - paths: "/etc/apt/sources.list.d/" - patterns: "artifacts_elastic_co_packages_*_apt.list" - register: elasticsearch_sources - when: > - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22) - changed_when: False - -- name: Remove old traditional repository files when using DEB822 format. - file: - path: "{{ item }}" - state: absent - with_items: "{{ elasticsearch_sources.files | map(attribute='path') | list }}" - when: > - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 22)