CHANGELOG.md

@@ -1,11 +1,3 @@
-## v2.X.Y
-
-### Added
-* Molecule tests for Gentoo (many thanks to @VTimofeenko ! − PR #25).
-
-### Fixed
-* Separate repositories update from installation task (fix #24).
-
 ## v2.0.0
 
 ### Added

molecule/gentoo/Dockerfile.j2

@@ -1,5 +0,0 @@
-FROM gentoo/stage3:systemd
-ENV container=docker
-
-VOLUME ["/sys/fs/cgroup"]
-CMD ["/sbin/init"]

molecule/gentoo/converge.yml

@@ -1,9 +0,0 @@
----
-- name: Converge
-  hosts: all
-  gather_facts: yes
-  roles:
-    - role: ipr-cnrs.nftables
-      nft_debug: true
-      # can't remove iptables on an instance with docker
-      nft_old_pkg_manage: false

molecule/gentoo/molecule.yml

@@ -1,21 +0,0 @@
----
-dependency:
-  name: galaxy
-driver:
-  name: docker
-platforms:
-  - name: Gentoo
-    image: gentoo/stage3:systemd
-    command: /sbin/init
-    privileged: true
-    volumes:
-      - /srv/gentoo-molecule/gentoo-repo:/var/db/repos/gentoo
-      - /srv/gentoo-molecule/binpkgs:/var/cache/binpkgs
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    tmpfs:
-      - /run
-      - /tmp
-provisioner:
-  name: ansible
-verifier:
-  name: ansible

molecule/gentoo/prepare.yml

@@ -1,34 +0,0 @@
-# Taken from https://github.com/VTimofeenko/portage-overlay-cfg on commit d8914035e236c4f3819985098dd1ae36551bfc52
-# If bugs are found – check that repository
-# Since Gentoo builds from source, to save time on molecule tests, we should reuse artifacts as much as possible
-# This playbook performs the initial setup of a Gentoo container
-# It configures portage to try to use prebuilt packages if available and to save the built packages.
----
-- name: Run preparation playbook
-  hosts: Gentoo
-  tasks:
-    - name: Enable buildpkg feature
-      lineinfile:
-        line: "FEATURES='buildpkg'"
-        dest: /etc/portage/make.conf
-        state: present
-    - name: Enable trying to install from binpkgs by default
-      lineinfile:
-        line: "EMERGE_DEFAULT_OPTS='--usepkg'"
-        dest: /etc/portage/make.conf
-        state: present
-    - name: Synchronize gentoo repository if needed
-      block:
-        - name: Check if there is anything in the repo
-          find:
-            paths: '/var/db/repos/gentoo/'
-          register: find_files_in_repo
-        - name: Synchronize the repo if needed
-          command: "emaint sync -a"
-          when: find_files_in_repo.matched == 0
-
-    - name: Install equery, needed for package check
-      # Command, because equery does not exist yet
-      command: emerge --changed-use --oneshot app-portage/gentoolkit
-      changed_when: false
-# The rest of the original file is specific to that role and not needed here

molecule/gentoo/verify.yml

@@ -1,92 +0,0 @@
----
-# This is an example playbook to execute Ansible tests.
-
-- name: Verify
-  hosts: all
-  gather_facts: false
-  tasks:
-
-  - name: check for nftables.d
-    stat:
-      path: /etc/nftables.d
-    register: p
-
-  - name: check nftables.d
-    assert:
-      that:
-        - p.stat.exists and p.stat.isdir
-
-  - name: check for nftables.conf
-    stat:
-      path: /etc/nftables.conf
-    register: p
-
-  - name: check nftables.conf
-    assert:
-      that:
-        - p.stat.exists
-
-  - name: check for filter-input.nft
-    stat:
-      path: /etc/nftables.d/filter-input.nft
-    register: p
-
-  - name: check filter-input.nft
-    assert:
-      that:
-        - p.stat.exists
-
-  - name: list rules
-    command: nft list ruleset
-    register: nft
-
-  - name: debug rules
-    debug: var=nft
-
-  - name: check rules
-    assert:
-      that:
-        # The whole line is:
-        # type filter hook input priority 0; policy drop;
-        # However on CentOS will return "priority 0", while Debian will
-        # show "priority filter"
-        - '"type filter hook input" in nft.stdout'
-        - '"type filter hook output" in nft.stdout'
-
-  - name: check for fail2ban systemd custom dir
-    stat:
-      path: /etc/systemd/system/fail2ban.service.d
-    register: f2b_systemd_dir
-
-  - name: check fail2ban systemd custom dir
-    assert:
-      that:
-        - f2b_systemd_dir.stat.exists and f2b_systemd_dir.stat.isdir
-
-  - name: check for fail2ban systemd override
-    stat:
-      path: /etc/systemd/system/fail2ban.service.d/override.conf
-    register: f2b_systemd_override
-
-  - name: check fail2ban systemd override
-    assert:
-      that:
-        - f2b_systemd_override.stat.exists
-
-  - name: service status - active
-    command: systemctl is-active nftables.service
-    register: status
-
-  - name: check service status
-    assert:
-      that:
-        - 'status.stdout == "active"'
-
-  - name: service status - enabled
-    command: systemctl is-enabled nftables.service
-    register: status
-
-  - name: check service status
-    assert:
-      that:
-        - 'status.stdout == "enabled"'

tasks/main.yml

@@ -55,16 +55,11 @@
     loop_var: osname
 
 # Manage packages [[[1
-- name: Update repositories
-  package:
-    update_cache: true
-  when: (nft_enabled|bool and
-         ansible_os_family not in [ 'Gentoo' ])
-
 - name: Ensure Nftables packages are in their desired state
   package:
     name: '{{ nft_pkg_list | list }}'
     state: '{{ nft_pkg_state }}'
+    update_cache: true
   register: pkg_install_result
   until: pkg_install_result is success
   when: nft_enabled|bool