Add support for the dnf5 package manager

molecule/default/tests/test_default.py

@@ -1,6 +1,7 @@
 """Module containing the tests for the default scenario."""
 
 # Standard Python Libraries
+import configparser
 import os
 
 # Third-Party Libraries
@@ -14,10 +15,13 @@
 def test_packages(host):
     """Test that the expected packages were installed."""
     distribution = host.system_info.distribution
+    codename = host.system_info.codename
     if distribution in ["debian", "kali", "ubuntu"]:
         assert host.package("unattended-upgrades").is_installed
-    elif distribution in ["amzn", "fedora"]:
+    elif distribution in ["amzn", "fedora"] and codename not in ["41"]:
         assert host.package("dnf-automatic").is_installed
+    elif distribution in ["fedora"] and codename in ["41"]:
+        assert host.package("dnf5-plugin-automatic").is_installed
     else:
         # This distribution is unsupported
         assert False, f"Distribution {distribution} is not supported."
@@ -26,10 +30,13 @@ def test_packages(host):
 def test_service_enabled(host):
     """Test that the automatic upgrade service exists and was enabled."""
     distribution = host.system_info.distribution
+    codename = host.system_info.codename
     if distribution in ["debian", "kali", "ubuntu"]:
         assert host.service("unattended-upgrades").is_enabled
-    elif distribution in ["amzn", "fedora"]:
+    elif distribution in ["amzn", "fedora"] and codename not in ["41"]:
         assert host.service("dnf-automatic.timer").is_enabled
+    elif distribution in ["fedora"] and codename in ["41"]:
+        assert host.service("dnf5-automatic.timer").is_enabled
     else:
         # This distribution is unsupported
         assert False, f"Distribution {distribution} is not supported."
@@ -71,12 +78,19 @@ def test_service_configuration(host):
         full_command = f"test \"$(awk '{awk_command}' {filename} | sed '{comment_regex}' | grep --invert-match --ignore-case --fixed-strings security | wc --lines) -eq 3\""
         assert host.run(full_command).succeeded
     elif distribution in ["amzn", "fedora"]:
-        f = host.file("/etc/dnf/automatic.conf")
+        filename = "/etc/dnf/automatic.conf"
+        f = host.file(filename)
         assert f.exists
         assert f.is_file
-        assert f.contains(r"^upgrade_type = security$")
-        assert f.contains(r"^download_updates = yes$")
-        assert f.contains(r"^apply_updates = yes$")
+        config = configparser.ConfigParser()
+        config.read_string(f.content_string, filename)
+        assert "commands" in config.sections()
+        assert "upgrade_type" in config["commands"]
+        assert config["commands"]["upgrade_type"] == "security"
+        assert "download_updates" in config["commands"]
+        assert config["commands"]["download_updates"]
+        assert "apply_updates" in config["commands"]
+        assert config["commands"]["apply_updates"]
     else:
         # This distribution is unsupported
         assert False, f"Distribution {distribution} is not supported."

tasks/dnf.yml

@@ -0,0 +1,32 @@
+---
+- name: Configure dnf-automatic
+  block:
+    - name: Configure dnf-automatic to only consider security updates
+      community.general.ini_file:
+        group: root
+        mode: 0644
+        option: upgrade_type
+        owner: root
+        path: /etc/dnf/automatic.conf
+        section: commands
+        value: security
+
+    - name: Configure dnf-automatic to download available updates
+      community.general.ini_file:
+        group: root
+        mode: 0644
+        option: download_updates
+        owner: root
+        path: /etc/dnf/automatic.conf
+        section: commands
+        value: true
+
+    - name: Configure dnf-automatic to apply available updates
+      community.general.ini_file:
+        group: root
+        mode: 0644
+        option: apply_updates
+        owner: root
+        path: /etc/dnf/automatic.conf
+        section: commands
+        value: true

tasks/dnf5.yml

@@ -0,0 +1 @@
+dnf.yml

tasks/main.yml

@@ -1,33 +1,34 @@
 ---
-- name: Load var file with package names based on the OS type
+- name: Load var file with package names based on the package manager
   ansible.builtin.include_vars:
     file: "{{ lookup('first_found', params) }}"
   vars:
     params:
       files:
-        - "{{ ansible_distribution }}_{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution }}.yml"
-        - "{{ ansible_os_family }}.yml"
+        - "{{ ansible_pkg_mgr }}.yml"
       paths:
         - "{{ role_path }}/vars"
 
 - name: Install packages necessary for automated security updates
   ansible.builtin.package:
     name: "{{ package_names }}"
 
-- name: Include OS family- or distribution-specific configuration tasks
+- name: >-
+    Include package manager and (possibly) OS family- or
+    distribution-specific configuration tasks
   ansible.builtin.include_tasks:
     file: "{{ lookup('first_found', params) }}"
   vars:
     params:
       files:
-        - "{{ ansible_distribution }}_{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution }}.yml"
-        - "{{ ansible_os_family }}.yml"
+        - "{{ ansible_pkg_mgr }}_{{ ansible_distribution }}_{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_pkg_mgr }}_{{ ansible_distribution }}.yml"
+        - "{{ ansible_pkg_mgr }}_{{ ansible_os_family }}.yml"
+        - "{{ ansible_pkg_mgr }}.yml"
       paths:
         - "{{ role_path }}/tasks"
 
-- name: Enable SystemD service that will perform the automated security updates
+- name: Enable SystemD unit that will perform the automated security updates
   ansible.builtin.service:
     name: "{{ service_name }}"
     enabled: true

vars/dnf5.yml

@@ -0,0 +1,8 @@
+---
+# The packages to install for automated updates
+package_names:
+  - dnf5-plugin-automatic
+
+# The name of the SystemD timer that will start the automated
+# security updates
+service_name: dnf5-automatic.timer