ci: Use upstream base images for image prep

This eliminates use of third-party *-vault images and performs repository
config during image prep.

The Apache httpd proxy is necessary because https://vault.centos.org now only
accepts TLS 1.x connections, and CentOS 5 can only do upto SSL 3.0. It is
developed to run on Debian 11.

tests/ansible/hosts/group_vars/debian9.yml

@@ -1,4 +1,6 @@
 package_manager_repos:
   - dest: /etc/apt/sources.list
     content: |
-      deb http://archive.debian.org/debian stretch main contrib non-free
+      deb http://archive.debian.org/debian/ stretch main contrib non-free
+      deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free
+      deb http://archive.debian.org/debian-security stretch/updates main contrib non-free

tests/image_prep/_container_create.yml

@@ -14,6 +14,8 @@
         image: "{{ docker_base }}"
         command: /bin/bash
         hostname: "mitogen-{{ inventory_hostname }}"
+        etc_hosts:
+          centos-vault-proxy: host-gateway
         detach: true
         interactive: true
         tty: true

tests/image_prep/apache_proxy.conf

@@ -0,0 +1,33 @@
+DefaultRuntimeDir ${XDG_RUNTIME_DIR}
+PidFile ${XDG_RUNTIME_DIR}/apache2.pid
+
+LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
+LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
+LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
+LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
+LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
+LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
+
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+
+KeepAlive On
+Listen 8090
+
+<Directory />
+    Require all denied
+    AllowOverride None
+</Directory>
+
+<VirtualHost *:8090>
+    ServerName centos-vault-proxy
+    SSLProxyEngine On
+    CustomLog logs/access.log vhost_combined
+    ProxyPass "/" "https://vault.centos.org/"
+    ProxyPassReverse "https://vault.centos.org/" "/"
+    RedirectMatch "^/(.*)" "http://centos-vault-proxy:8090/$1"
+</VirtualHost>
+
+# /usr/sbin/apache2 -d . -f apache_proxy.conf -D FOREGROUND
+
+# vim: syntax=apache

tests/image_prep/host_vars/centos5.yml

@@ -1,6 +1,36 @@
 bootstrap_packages: [python-simplejson]
 
-docker_base: astj/centos5-vault
+docker_base: centos:5
 
 packages:
   - perl
+package_manager_repos:
+  - dest: /etc/yum.repos.d/CentOS-Base.repo
+    content: |
+      [base]
+      name=CentOS-$releasever - Base
+      baseurl=http://centos-vault-proxy:8090/5.11/os/$basearch/
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+
+      [updates]
+      name=CentOS-$releasever - Updates
+      baseurl=http://centos-vault-proxy:8090/5.11/updates/$basearch/
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+
+      [extras]
+      name=CentOS-$releasever - Extras
+      baseurl=http://centos-vault-proxy:8090/5.11/extras/$basearch/
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+
+  - dest: /etc/yum.repos.d/libselinux.repo
+    content: |
+      [libselinux]
+      name=CentOS-$releasever - libselinux
+      baseurl=http://centos-vault-proxy:8090/5.11/centosplus/$basearch/
+      gpgcheck=1
+      enabled=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
+      includepkgs=libselinux*

tests/image_prep/host_vars/centos6.yml

@@ -1,6 +1,27 @@
 bootstrap_packages: [python]
 
-docker_base: moreati/centos6-vault
+docker_base: centos:6
 
 packages:
   - perl-JSON
+
+package_manager_repos:
+  - dest: /etc/yum.repos.d/CentOS-Base.repo
+    content: |
+      [base]
+      name=CentOS-$releasever - Base
+      baseurl=http://vault.centos.org/6.10/os/$basearch/
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
+
+      [updates]
+      name=CentOS-$releasever - Updates
+      baseurl=http://vault.centos.org/6.10/updates/$basearch/
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
+
+      [extras]
+      name=CentOS-$releasever - Extras
+      baseurl=http://vault.centos.org/6.10/extras/$basearch/
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

tests/image_prep/host_vars/centos7.yml

@@ -6,3 +6,24 @@ packages:
   - perl-JSON
   - python-virtualenv
   - python3
+
+package_manager_repos:
+  - dest: /etc/yum.repos.d/CentOS-Base.repo
+    content: |
+      [base]
+      name=CentOS-$releasever - Base
+      baseurl=http://vault.centos.org/$contentdir/$releasever/os/$basearch/
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+      [updates]
+      name=CentOS-$releasever - Updates
+      baseurl=http://vault.centos.org/$contentdir/$releasever/updates/$basearch/
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+      [extras]
+      name=CentOS-$releasever - Extras
+      baseurl=http://vault.centos.org/$contentdir/$releasever/extras/$basearch/
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

tests/image_prep/host_vars/centos8.yml

@@ -8,3 +8,29 @@ packages:
   - python3-virtualenv
   - python36
   - python38
+
+package_manager_repos:
+  - dest: /etc/yum.repos.d/CentOS-Linux-AppStream.repo
+    content: |
+      [appstream]
+      name=CentOS Linux $releasever - AppStream
+      baseurl=http://vault.centos.org/$contentdir/$releasever/AppStream/$basearch/os/
+      enabled=1
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+  - dest: /etc/yum.repos.d/CentOS-Linux-BaseOS.repo
+    content: |
+      [baseos]
+      name=CentOS Linux $releasever - BaseOS
+      baseurl=http://vault.centos.org/$contentdir/$releasever/BaseOS/$basearch/os/
+      enabled=1
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+  - dest: /etc/yum.repos.d/CentOS-Linux-Extras.repo
+    content: |
+      [extras]
+      name=CentOS Linux $releasever - Extras
+      baseurl=http://vault.centos.org/$contentdir/$releasever/extras/$basearch/os/
+      enabled=1
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

tests/image_prep/host_vars/debian10.yml

@@ -9,3 +9,11 @@ packages:
   - python3
   - python3-virtualenv
   - virtualenv
+
+package_manager_repos:
+  - dest: /etc/apt/sources.list
+    content: |
+      deb http://archive.debian.org/debian/ buster main non-free contrib
+      deb http://archive.debian.org/debian/ buster-updates main non-free contrib
+      deb http://archive.debian.org/debian/ buster-proposed-updates main non-free contrib
+      deb http://security.debian.org/ buster/updates main non-free contrib

tests/image_prep/host_vars/debian11.yml

@@ -1,6 +1,6 @@
 bootstrap_packages: [python3, python3-apt]
 
-docker_base: debian:bullseye
+docker_base: debian:11
 
 packages:
   - libjson-perl
@@ -9,3 +9,9 @@ packages:
   - python2
   - python3-virtualenv
   - virtualenv
+
+package_manager_keys:
+  - src: debian-archive-bullseye-automatic.gpg  # Debian 11
+    dest: /etc/apt/trusted.gpg.d/
+  - src: debian-archive-bookworm-automatic.gpg  # Debian 12
+    dest: /etc/apt/trusted.gpg.d/

tests/image_prep/host_vars/debian9.yml

@@ -9,3 +9,10 @@ packages:
   - python3
   - python3-virtualenv
   - virtualenv
+
+package_manager_repos:
+  - dest: /etc/apt/sources.list
+    content: |
+      deb http://archive.debian.org/debian/ stretch main contrib non-free
+      deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free
+      deb http://archive.debian.org/debian-security stretch/updates main contrib non-free