roles/nginx: Use set_fact to set certbot dependencies

Instead of looping over a list of items to install, we can actually just give a list directly to the apt module. This allows the module to install all packages in one transaction, which is faster as well as slightly safer for some dependency resolution scenarios.
2018-04-26 19:48:05 +03:00 · 2018-04-26 19:48:05 +03:00 · 6208d1518c
commit 6208d1518c
parent baa5890d6d
2 changed files with 144 additions and 144 deletions
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@ -30,138 +30,4 @@ letsencrypt_certbot_dest: /opt/certbot-auto
 # mainline is 1.15.x
 nginx_version: mainline

-# Dependencies of certbot-auto on Ubuntu 16.04 "xenial"
-# taken after running certbot-auto on a clean install
-letsencrypt_deps_ubuntu_xenial:
-  - augeas-doc
-  - augeas-tools
-  - binutils
-  - cpp
-  - cpp-5
-  - dialog
-  - gcc
-  - gcc-5
-  - libasan2
-  - libatomic1
-  - libcc1-0
-  - libcilkrts5
-  - libexpat1-dev
-  - libffi-dev
-  - libgcc-5-dev
-  - libgomp1
-  - libisl15
-  - libitm1
-  - liblsan0
-  - libmpc3
-  - libmpx0
-  - libpython-dev
-  - libpython2.7
-  - libpython2.7-dev
-  - libquadmath0
-  - libssl-dev
-  - libtsan0
-  - libubsan0
-  - python-dev
-  - python-pip-whl
-  - python-pkg-resources
-  - python-virtualenv
-  - python2.7-dev
-  - python3-virtualenv
-  - virtualenv
-  - zlib1g-dev
-
-# Dependencies of certbot-auto on Ubuntu 18.04 "bionic"
-# taken after running certbot-auto on a clean install
-letsencrypt_deps_ubuntu_bionic:
-  - augeas-lenses
-  - binutils
-  - binutils-common
-  - binutils-x86-64-linux-gnu
-  - cpp
-  - cpp-7
-  - gcc
-  - gcc-7
-  - gcc-7-base
-  - libasan4
-  - libatomic1
-  - libaugeas0
-  - libbinutils
-  - libc-dev-bin
-  - libc6-dev
-  - libcc1-0
-  - libcilkrts5
-  - libexpat1-dev
-  - libffi-dev
-  - libgcc-7-dev
-  - libgomp1
-  - libisl19
-  - libitm1
-  - liblsan0
-  - libmpc3
-  - libmpx2
-  - libpython-dev
-  - libpython2.7
-  - libpython2.7-dev
-  - libquadmath0
-  - libssl-dev
-  - libtsan0
-  - libubsan0
-  - linux-libc-dev
-  - python-dev
-  - python-pip-whl
-  - python-pkg-resources
-  - python-virtualenv
-  - python2.7-dev
-  - python3-virtualenv
-  - virtualenv
-
-# Dependencies of certbot-auto on Debian 9 "stretch"
-# taken after running certbot-auto on a clean install
-letsencrypt_deps_debian_stretch:
-  - augeas-doc
-  - augeas-tools
-  - autoconf
-  - automake
-  - binutils
-  - bison
-  - cpp
-  - cpp-6
-  - flex
-  - gcc-6
-  - gcc-doc
-  - gcc-multilib
-  - gdb
-  - libasan3
-  - libatomic1
-  - libc-dev-bin
-  - libc6-dev
-  - libcc1-0
-  - libcilkrts5
-  - libexpat1-dev
-  - libffi-dev
-  - libgcc-6-dev
-  - libgomp1
-  - libisl15
-  - libitm1
-  - liblsan0
-  - libmpc3
-  - libmpx2
-  - libpython-dev
-  - libpython2.7
-  - libpython2.7-dev
-  - libquadmath0
-  - libssl-dev
-  - libtool
-  - libtsan0
-  - libubsan0
-  - linux-libc-dev
-  - make
-  - python-dev
-  - python-pip-whl
-  - python-pkg-resources
-  - python-virtualenv
-  - python2.7-dev
-  - python3-virtualenv
-  - virtualenv
-
 # vim: set ts=2 sw=2:
--- a/roles/nginx/tasks/letsencrypt.yml
+++ b/roles/nginx/tasks/letsencrypt.yml
@ -14,17 +14,151 @@
  - name: Download certbot
    get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700

-  - name: Install certbot dependencies (Ubuntu 16.04)
-    when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
-    apt: name={{ letsencrypt_deps_ubuntu_xenial }} state=present update_cache=yes
-
-  - name: Install certbot dependencies (Ubuntu 18.04)
-    when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('18.04', '==')
-    apt: name={{ letsencrypt_deps_ubuntu_bionic }} state=present update_cache=yes
-
-  - name: Install certbot dependencies (Debian 9)
+  # Dependencies certbot checks for on its first run. I set them in a fact so that
+  # I can pass the list directly to the apt module to install in one transaction.
+  - name: Set certbot dependencies (Debian 9)
    when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version_compare('9', '==')
-    apt: name={{ letsencrypt_deps_debian_stretch }} state=present update_cache=yes
+    set_fact:
+      certbot_dependencies:
+        - augeas-doc
+        - augeas-tools
+        - autoconf
+        - automake
+        - binutils
+        - bison
+        - cpp
+        - cpp-6
+        - flex
+        - gcc-6
+        - gcc-doc
+        - gcc-multilib
+        - gdb
+        - libasan3
+        - libatomic1
+        - libc-dev-bin
+        - libc6-dev
+        - libcc1-0
+        - libcilkrts5
+        - libexpat1-dev
+        - libffi-dev
+        - libgcc-6-dev
+        - libgomp1
+        - libisl15
+        - libitm1
+        - liblsan0
+        - libmpc3
+        - libmpx2
+        - libpython-dev
+        - libpython2.7
+        - libpython2.7-dev
+        - libquadmath0
+        - libssl-dev
+        - libtool
+        - libtsan0
+        - libubsan0
+        - linux-libc-dev
+        - make
+        - python-dev
+        - python-pip-whl
+        - python-pkg-resources
+        - python-virtualenv
+        - python2.7-dev
+        - python3-virtualenv
+        - virtualenv
+
+  # Dependencies certbot checks for on its first run. I set them in a fact so that
+  # I can pass the list directly to the apt module to install in one transaction.
+  - name: Set certbot dependencies (Ubuntu 16.04)
+    when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '==')
+    set_fact:
+      certbot_dependencies:
+        - augeas-doc
+        - augeas-tools
+        - binutils
+        - cpp
+        - cpp-5
+        - dialog
+        - gcc
+        - gcc-5
+        - libasan2
+        - libatomic1
+        - libcc1-0
+        - libcilkrts5
+        - libexpat1-dev
+        - libffi-dev
+        - libgcc-5-dev
+        - libgomp1
+        - libisl15
+        - libitm1
+        - liblsan0
+        - libmpc3
+        - libmpx0
+        - libpython-dev
+        - libpython2.7
+        - libpython2.7-dev
+        - libquadmath0
+        - libssl-dev
+        - libtsan0
+        - libubsan0
+        - python-dev
+        - python-pip-whl
+        - python-pkg-resources
+        - python-virtualenv
+        - python2.7-dev
+        - python3-virtualenv
+        - virtualenv
+        - zlib1g-dev
+
+  # Dependencies certbot checks for on its first run. I set them in a fact so that
+  # I can pass the list directly to the apt module to install in one transaction.
+  - name: Set certbot dependencies (Ubuntu 18.04)
+    when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('18.04', '==')
+    set_fact:
+      certbot_dependencies:
+        - augeas-lenses
+        - binutils
+        - binutils-common
+        - binutils-x86-64-linux-gnu
+        - cpp
+        - cpp-7
+        - gcc
+        - gcc-7
+        - gcc-7-base
+        - libasan4
+        - libatomic1
+        - libaugeas0
+        - libbinutils
+        - libc-dev-bin
+        - libc6-dev
+        - libcc1-0
+        - libcilkrts5
+        - libexpat1-dev
+        - libffi-dev
+        - libgcc-7-dev
+        - libgomp1
+        - libisl19
+        - libitm1
+        - liblsan0
+        - libmpc3
+        - libmpx2
+        - libpython-dev
+        - libpython2.7
+        - libpython2.7-dev
+        - libquadmath0
+        - libssl-dev
+        - libtsan0
+        - libubsan0
+        - linux-libc-dev
+        - python-dev
+        - python-pip-whl
+        - python-pkg-resources
+        - python-virtualenv
+        - python2.7-dev
+        - python3-virtualenv
+        - virtualenv
+
+  - name: Install certbot dependencies
+    apt: name={{ certbot_dependencies }} state=present update_cache=yes
  tags: letsencrypt

 # vim: set ts=2 sw=2: