ci: Configure package managers using a role

This allows code sharing between integration tests and test image prep.

tests/ansible/hosts/group_vars/all.yml

@@ -27,4 +27,3 @@ become_unpriv_available: >-
   -}}
 
 pkg_mgr_python_interpreter: python
-pkg_repos_overrides: []

tests/ansible/hosts/group_vars/centos8.yml

@@ -1,7 +1,7 @@
 ---
 pkg_mgr_python_interpreter: /usr/libexec/platform-python
 
-pkg_repos_overrides:
+package_manager_repos:
   - dest: /etc/yum.repos.d/CentOS-Linux-AppStream.repo
     content: |
       [appstream]

tests/ansible/hosts/group_vars/debian11.yml

@@ -0,0 +1,5 @@
+package_manager_keys:
+  - src: debian-archive-bullseye-automatic.gpg  # Debian 11
+    dest: /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
+  - src: debian-archive-bookworm-automatic.gpg  # Debian 12
+    dest: /etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.gpg

tests/ansible/hosts/group_vars/debian9.yml

@@ -1,4 +1,4 @@
-pkg_repos_overrides:
+package_manager_repos:
   - dest: /etc/apt/sources.list
     content: |
       deb http://archive.debian.org/debian stretch main contrib non-free

tests/ansible/regression/issue_776__load_plugins_called_twice.yml

@@ -10,7 +10,7 @@
   vars:
     ansible_python_interpreter: "{{ pkg_mgr_python_interpreter }}"
     package: rsync  # Chosen to exist in all tested distros/package managers
-  tasks:
+  pre_tasks:
     # The package management modules require using the same Python version
     # as the target's package manager libraries. This is sometimes in conflict
     # with Ansible requirements, e.g. Ansible 10 (ansible-core 2.17) does not
@@ -19,31 +19,13 @@
       when:
         - ansible_version.full is version('2.17', '>=', strict=True)
 
+  roles:
+    - role: package_manager
+
+  tasks:
     - name: Gather facts manually
       setup:
 
-    - name: Switch to archived package repositories
-      copy:
-        dest: "{{ item.dest }}"
-        content: "{{ item.content }}"
-        mode: u=rw,go=r
-      loop: "{{ pkg_repos_overrides }}"
-      loop_control:
-        label: "{{ item.dest }}"
-
-    - name: Add signing keys
-      copy:
-        src: "{{ item.src }}"
-        dest: "/etc/apt/trusted.gpg.d/{{ item.src | basename }}"
-        mode: u=rw,go=r
-      loop:
-        - src: debian-archive-bullseye-automatic.gpg  # Debian 11
-        - src: debian-archive-bookworm-automatic.gpg  # Debian 12
-      when:
-        # Ideally this would check for Debian 11, but distribution_major_version
-        # is unpopulated sometimes.
-        - ansible_facts.distribution == "Debian"
-
     - name: Update package index
       apt:
         update_cache: true

tests/image_prep/_container_setup.yml

@@ -31,6 +31,7 @@
         - ansible_facts.virtualization_type != "docker"
 
   roles:
+    - role: package_manager
     - role: sshd
     - role: sshd_container
 

tests/image_prep/roles/package_manager/defaults/main.yml

@@ -0,0 +1,2 @@
+package_manager_keys: []
+package_manager_repos: []

tests/image_prep/roles/package_manager/tasks/main.yml

@@ -0,0 +1,13 @@
+- name: Add signing keys
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: u=rw,go=r
+  with_items: "{{ package_manager_keys }}"
+
+- name: Configure package repositories
+  copy:
+    dest: "{{ item.dest }}"
+    content: "{{ item.content }}"
+    mode: u=rw,go=r
+  with_items: "{{ package_manager_repos }}"

tox.ini

@@ -100,6 +100,7 @@ passenv =
     HOME
     MITOGEN_*
 setenv =
+    ANSIBLE_ROLES_PATH = {toxinidir}/tests/image_prep/roles
     # See also azure-pipelines.yml
     ANSIBLE_STRATEGY = mitogen_linear
     NOCOVERAGE_ERASE = 1