Remove special handling of pre-Bullseye Debian distros

c9155826 · ale · 640aa019 · c9155826 · c9155826 · c9155826
Commit c9155826 authored 3 years ago by ale
--- a/roles/float-base-docker/tasks/podman_debian.yml
+++ b/roles/float-base-docker/tasks/podman_debian.yml
@@ -3,10 +3,6 @@
 # Install Podman using packages from the Debian distribution
 # (available starting with Bullseye).
- fail:
-    msg: "Debian packages for Podman are only present in Bullseye"
-  when: "float_debian_dist in ('stretch', 'buster')"
 - name: Remove podman Kubic repository key
  file:
    path: "/etc/apt/trusted.gpg.d/kubic.gpg"

--- a/roles/float-base-docker/templates/run.sh.j2
+++ b/roles/float-base-docker/templates/run.sh.j2
@@ -114,12 +114,7 @@ done
 # option to get rid of the useless 'podman' process.
 {% if container_runtime == 'podman' %}
 exec /usr/bin/podman run \
-{% if float_debian_dist in ('stretch', 'buster') %}
-  --cgroup-manager=cgroupfs \
-  --cgroup-parent /system.slice/docker-{{ item.tag }}.service \
-{% else %}
  --cgroups=disabled \
-{% endif %}
  --replace \
  --sdnotify=conmon \
 {% elif container_runtime == 'docker' %}

--- a/roles/float-base-docker/templates/systemd.j2
+++ b/roles/float-base-docker/templates/systemd.j2
@@ -21,12 +21,8 @@ SyslogIdentifier={{ item.service }}-{{ item.container.name }}
 {% if item.container.resources is defined %}
 {% if item.container.resources.ram is defined %}
 MemoryMax={{ item.container.resources.ram }}
-{% if float_debian_dist == 'buster' %}
-ExecStartPost=+/bin/sh -c "echo 0 > /sys/fs/cgroup/memory/system.slice/%n/memory.swappiness"
-{% else %}
 MemorySwapMax=0
 {% endif %}
-{% endif %}
 {% if item.container.resources.cpu is defined %}
 CPUQuota={{ 100 * item.container.resources.cpu }}%
 {% endif %}

--- a/roles/float-base/tasks/apt.yml
+++ b/roles/float-base/tasks/apt.yml
@@ -83,13 +83,11 @@
    state: present
  when: "testing|default(True)"
-# mtail 3.0.0~rc19-2 on Buster is broken when reading from named pipes
+# Remove legacy stretch/buster mtail package pin.
-# Pin mtail to ai3 repo that ships mtail 3.0.0~rc5-1~bpo9+1
+- name: Cleanup mtail package pin
- name: Force mtail version on buster
+  file:
-  copy:
+    path: "/etc/apt/preferences.d/99float-syslog"
-    src: "mtail.apt-preferences"
+    state: absent
-    dest: "/etc/apt/preferences.d/99float-syslog"
-  when: float_debian_dist == 'buster'
 - name: Install base packages
  apt:
@@ -124,6 +122,7 @@
      - auditd
      - audisp-json
      - prometheus-node-exporter
+      - prometheus-node-exporter-collectors
      - assetmon
 - name: Install extra packages

--- a/roles/float-base/tasks/harden.yml
+++ b/roles/float-base/tasks/harden.yml
@@ -63,7 +63,7 @@
 - name: Audispd plugins configured
  copy:
    src: "audit/plugins.d/{{ item }}"
-    dest: "/etc/{{ 'audisp' if float_debian_dist in ('stretch', 'buster') else 'audit' }}/plugins.d/{{ item }}"
+    dest: "/etc/audit/plugins.d/{{ item }}"
  with_items:
    - syslog.conf
    - json.conf

--- a/roles/float-base/tasks/prometheus.yml
+++ b/roles/float-base/tasks/prometheus.yml
@@ -7,13 +7,6 @@
  notify:
    - reload prometheus-node-exporter
- name: Install prometheus node extra package
-  apt:
-    name:
-      - prometheus-node-exporter-collectors
-    state: present
-  when: "float_debian_dist not in ('stretch', 'buster')"
 - name: Add static metrics
  template:
    src: "{{ item }}.j2"

--- a/roles/float-base/templates/sources.list.j2
+++ b/roles/float-base/templates/sources.list.j2
 {% if apt_sources_list_override is defined %}{{ apt_sources_list_override }}{% else %}
 deb http://deb.debian.org/debian {{ float_debian_dist }} main contrib non-free
 deb http://deb.debian.org/debian {{ float_debian_dist }}-updates main contrib non-free
-{% if float_debian_dist in ('stretch', 'buster') %}
-deb http://deb.debian.org/debian {{ float_debian_dist }}-backports main
-deb http://security.debian.org/ {{ float_debian_dist }}/updates main contrib non-free
-{% else %}
 deb http://security.debian.org/debian-security {{ float_debian_dist }}-security main contrib non-free
 {% endif %}
-{% endif %}
--- a/roles/float-infra-dns/templates/bind/named.conf.local
+++ b/roles/float-infra-dns/templates/bind/named.conf.local
@@ -8,10 +8,6 @@ view "internal-in" in {
 {% endfor %}
  };
  recursion yes;
-{% if float_debian_dist == 'buster' %}
-  additional-from-auth yes;
-  additional-from-cache yes;
-{% endif %}
  zone-statistics no;
  // Send minimal responses, to avoid problems with the Spamassassin
@@ -33,13 +29,6 @@ view "external-in" in {
  recursion no;
  zone-statistics yes;
-{% if float_debian_dist == 'buster' %}
-  // Do not trust the cache when generating additional records
-  // for our authoritative zones.
-  additional-from-auth no;
-  additional-from-cache no;
-{% endif %}
  // Include manually-maintained zones.
  include "/etc/bind/named.conf.external-custom-zones";

--- a/roles/float-infra-dns/templates/bind/named.conf.options
+++ b/roles/float-infra-dns/templates/bind/named.conf.options
@@ -28,9 +28,6 @@ options {
  listen-on-v6 { any; };
 {% endif %}
-{% if float_debian_dist == 'buster' %}
-  dnssec-enable yes;
-{% endif %}
  dnssec-validation auto;
  notify no;

--- a/roles/float-infra-haproxy/templates/haproxy.cfg.j2
+++ b/roles/float-infra-haproxy/templates/haproxy.cfg.j2
@@ -4,11 +4,9 @@ global
        group haproxy
        chroot /var/lib/haproxy
        daemon
-{% if float_debian_dist != 'buster' %}
        # use journald-compatibile short format, and don't send 'emerg' level out
        # http://cbonte.github.io/haproxy-dconv/2.2/configuration.html#3.1-log
        log stdout format short local4 info alert
-{% endif %}
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
 defaults

--- a/roles/float-infra-nginx/templates/nginx-upstream.j2
+++ b/roles/float-infra-nginx/templates/nginx-upstream.j2
@@ -15,10 +15,8 @@ upstream {{ upstream.name }}{% if shard %}_{{ shard }}{% endif %} {
 {% endif %}
 	keepalive 8;
-{% if float_debian_dist != 'buster' %}
        keepalive_timeout 300s;
        keepalive_requests 1000;
-{% endif %}
 }
 {% endmacro %}