test: add support debian12

CHANGELOG.md

@@ -9,6 +9,7 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)
 
 - feat: add certbot_port variable
 - feat: add hook scripts
+- test: add support debian 12
 
 ## v2.2.0 - 2021-08-24
 

README.md

@@ -10,6 +10,7 @@ Generate certificate SSL with certbot.
 * Ansible >= 2.10
 * Debian
   * Bullseye
+  * Bookworm
 
 ## Role variables
 
@@ -41,7 +42,7 @@ Generate certificate SSL with certbot.
 
 * install [docker](https://docs.docker.com/engine/installation/)
 * install `python3` and `python3-pip`
-* install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint pytest-testinfra yamllint`
+* install molecule and dependencies `pip3 install molecule molecule-plugins[docker] docker ansible-lint pytest-testinfra yamllint`
 * run `molecule test`
 
 ## License

meta/main.yml

@@ -6,11 +6,12 @@ galaxy_info:
   company: Adrien Waksberg
   description: Generate certificate SSL with certbot
   license: Apache2
-  min_ansible_version: 2.10
+  min_ansible_version: "2.10"
   platforms:
     - name: Debian
       versions:
         - bullseye
+        - bookworm
 
   galaxy_tags:
     - certbot

molecule/default/molecule.yml

@@ -2,11 +2,12 @@
 driver:
   name: docker
 platforms:
-  - name: debian10
-    image: nishiki/debian10:molecule
+  - name: debian12
+    image: nishiki/debian12:molecule
     privileged: true
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
     command: /bin/systemd
     capabilities:
       - SYS_ADMIN
@@ -14,7 +15,8 @@ platforms:
     image: nishiki/debian11:molecule
     privileged: true
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
     command: /bin/systemd
     capabilities:
       - SYS_ADMIN

molecule/default/tests/test_default.py

@@ -23,19 +23,19 @@ def test_cron_file(host):
   assert path.user == 'root'
   assert path.group == 'crontab'
   assert path.mode == 0o600
-  assert path.contains('--renew-hook /usr/local/bin/certbot-renew')
+  assert path.contains('perl -e \'sleep int(rand(3600))\' && certbot -q renew')
 
 def test_config_file(host):
-  path = host.file('/etc/letsencrypt/renew.cfg')
+  path = host.file('/etc/letsencrypt/hook-test.local')
   assert path.exists
   assert path.is_file
   assert path.user == 'root'
   assert path.group == 'root'
-  assert path.mode == 0o644
-  assert path.contains('test.local = echo OK > /tmp/test.txt')
+  assert path.mode == 0o700
+  assert path.contains('echo OK > /tmp/test.txt')
 
 def test_renew(host):
-  cmd = host.run('RENEWED_DOMAINS=test.local /usr/local/bin/certbot-renew')
+  cmd = host.run('/etc/letsencrypt/hook-test.local')
   assert cmd.succeeded
 
   path = host.file('/tmp/test.txt')

tasks/certificates.yml

@@ -25,7 +25,7 @@
   loop: '{{ st.results }}'
   loop_control:
     label: '{{ item.item.key }}'
-  when: (certbot_role == 'master' or item.item.name == ansible_fqdn) and not item.stat.exists and not web.failed
+  when: (certbot_role == 'master' or item.item.key == ansible_fqdn) and not item.stat.exists and not web.failed
   tags: certbot
 
 - name: create a new certificate (standalone)
@@ -36,5 +36,5 @@
   loop: '{{ st.results }}'
   loop_control:
     label: '{{ item.item.key }}'
-  when: (certbot_role == 'master' or item.item.name == ansible_fqdn) and not item.stat.exists and web.failed
+  when: (certbot_role == 'master' or item.item.key == ansible_fqdn) and not item.stat.exists and web.failed
   tags: certbot