Using deb822_repository module instead of apt_key and apt_repository

[FactorT]

Since apt_key is deprecated in Debian12, the deb822_repository module must be used instead. Major changes:

• new tasks "Add repository and repository apt-key" for Debian 12 version for installation:
  • postgres
  • consul
  • pg_probackup
  • pg_backrest

Additional minor changes:

• new path for postgresql.org repo key (key the same)
• new key for pg_probackup (old key doesn't work)
• new variable "initial_packages" with items:
  • gnupg
  • apt-transport-https
  • python3-debian

[FactorT]

I saw the problem with tests: role "add-repository" demand python3-debian package and is executed before role "packages" which install python3-package

[vitabaks]

Hello @FactorT

I don't quite understand if this change is really necessary, since all tests for Debian 12 pass successfully (every day) - https://github.com/vitabaks/postgresql_cluster/actions/workflows/schedule_pg_debian12.yml

Since apt_key is deprecated in Debian12

where can I find out more about this?

[FactorT]

@vitabaks Yes this is not really necessary right now. Because apt-key is just marked as depricated but still works in Debian12. Probably apt-key will not work in next major release. And you can reject or hold this PR and come back to it during prepare to next major release of Debian. More information at this medium or Geerling or page

[vitabaks]

Thank you for the information.

[vitabaks]

apt-key is deprecated from Ubuntu 22.04 LTS (Jammy Jellyfish)

It seems that this does not only apply to Debian.

Ansible now has the ansible.builtin.deb822_repository module, which can add keys and repositories in one task. It's a little more complex than the old way, and requires Ansible 2.15 or later

this must be taken into account and the minimal_ansible_version, variables min_ansible_version and README must be updated.

I also think it's worth checking if the 'ansible.builtin.deb822_repository' module is with oldest versions of Debian and Ubuntu and if so, then just replace the 'ansible.builtin.apt_key' and 'ansible.builtin.apt_repository' modules.

[vitabaks]

I also remembered that in one of the projects I used keyring option for apt_key module.

Example:

    - name: Add repository apt-key
      ansible.builtin.apt_key:
        url: "{{ item.key }}"
        state: present
        keyring: /etc/apt/trusted.gpg.d/{{ item.key | urlsplit('netloc') }}.gpg
      loop: "{{ apt_repository_keys }}"
      register: apt_key_status
      until: apt_key_status is success
      delay: 10
      retries: 3
      when: apt_repository_keys | length > 0

so it's worth considering whether this is the best alternative to the new module (it would require fewer changes).

[FactorT]

I also remembered that in one of the projects I used keyring option for apt_key module.

so it's worth considering whether this is the best alternative to the new module (it would require fewer changes).

Yes, it's interesting idea. But keyring option uses apt-key bin file

[FactorT]

I don't understand what's wrong with debin12 and debian11 molecule's tests. In my local environment config_pgcluster playbook works fine. Module python3-debian is presented at molecule's host: string 457 python3-debian was installed string 462 add repository task was done succesfully It was role add-repository in deploy_pgcluster playbook Next playbook config_pgcluster uses the same role add-repository which shows that python3-debian package is installed at string 1233 But next task add-repository can't find this module.

[vitabaks]

OK, I'll try to figure it out.

[vitabaks]

@FactorT I have made some changes to the code, please check it out. But I have not yet found a solution to the error in debian 11, 12 when the second execution of the playbook.

[FactorT]

@vitabaks thank you very much!