Add SUSE support (#2)

* bump Vagrantboxes
* add Tumbleweed Vagrantbox
* don't use broken Tumbleweed box
* add SUSE code
* bump GNOME role version
* fix linting
* use FQCNs

molecule/default/converge.yml

@@ -3,4 +3,4 @@
   hosts: all
 
   roles:
-    - role: ansible-pulse_client
+    - role: stdevel.pulse_client

molecule/default/molecule.yml

@@ -6,29 +6,36 @@ dependency:
 driver:
   name: vagrant
 platforms:
-  - name: debian-11
-    box: generic/debian11
+  - name: pulse-debian12
+    box: generic/debian12
     cpus: 1
     memory: 2048
     provider_raw_config_args:
       - customize ["modifyvm", :id, "--graphicscontroller", "vmsvga"]
 
-  - name: ubuntu-2204
+  - name: pulse-ubuntu2204
     box: generic/ubuntu2204
     cpus: 1
     memory: 2048
     provider_raw_config_args:
       - customize ["modifyvm", :id, "--graphicscontroller", "vmsvga"]
 
-  - name: almalinux-9
+  - name: pulse-almalinux9
     box: almalinux/9
     cpus: 1
     memory: 2048
     provider_raw_config_args:
       - customize ["modifyvm", :id, "--graphicscontroller", "vmsvga"]
 
-  - name: fedora-36
-    box: generic/fedora36
+  - name: pulse-fedora38
+    box: generic/fedora38
+    cpus: 1
+    memory: 2048
+    provider_raw_config_args:
+      - customize ["modifyvm", :id, "--graphicscontroller", "vmsvga"]
+
+  - name: pulse-opensuse-leap
+    box: opensuse/Leap-15.5.x86_64
     cpus: 1
     memory: 2048
     provider_raw_config_args:

molecule/default/requirements.yml

@@ -1,4 +1,4 @@
 ---
 roles:
   - name: alvistack.gnome_desktop
-    version: 6.3.1
+    version: 8.2.2

tasks/install_debian.yml

@@ -1,6 +1,6 @@
 ---
 - name: Install package
-  apt:
+  ansible.builtin.apt:
     deb: "{{ pulse_filename }}"
     update_cache: true
   become: true

tasks/install_redhat.yml

@@ -1,18 +1,18 @@
 ---
 - name: Check if EPEL repository is enabled
+  when: ansible_distribution_major_version in ['7', '8', '9']
   block:
     - name: Check YUM repos
-      command: yum repolist
+      ansible.builtin.command: yum repolist
       changed_when: false
       register: yumrepo
     - name: Abort if EPEL not found
-      fail:
+      ansible.builtin.fail:
         msg: EPEL repository not found (required for dependencies)
       when: "'epel' not in yumrepo.stdout"
-  when: ansible_distribution_major_version in ['7', '8', '9']
 
 - name: Install packages
-  yum:
+  ansible.builtin.yum:
     name:
       - "{{ pulse_filename }}"
     disable_gpg_check: true

tasks/install_suse.yml

@@ -0,0 +1,13 @@
+---
+# this is very ugly as Ivanti builds very ugly RPM packages
+# you have been warned ¯\_(ツ)_/¯
+- name: Install packages
+  ansible.builtin.command: "rpm -ivh --nodeps {{ pulse_filename }}"
+  register: rpmout
+  changed_when:
+    - "'Updating / installing' in rpmout.stdout"
+  failed_when:
+    - rpmout.failed
+    - "'is already installed' not in rpmout.stderr"
+  ignore_errors: true
+  become: true

tasks/main.yml

@@ -1,28 +1,28 @@
 ---
 - name: Include distribution-specific variables
-  include_vars: "{{ ansible_os_family | regex_replace(' ', '_') | lower }}.yml"
+  ansible.builtin.include_vars: "{{ ansible_os_family | regex_replace(' ', '_') | lower }}.yml"
 
 - name: Install required dependencies
-  package:
+  ansible.builtin.package:
     name: "{{ pulse_dependencies }}"
   become: true
 
 - name: Include installation tasks
-  include_tasks: "install_{{ ansible_os_family | regex_replace(' ', '_') | lower }}.yml"
+  ansible.builtin.include_tasks: "install_{{ ansible_os_family | regex_replace(' ', '_') | lower }}.yml"
 
 - name: Check running services
-  service_facts:
+  ansible.builtin.service_facts:
   register: running_services
   become: true
 
 - name: Disable systemd-resolved (not supported by Pulse Secure)
-  include_tasks: resolved.yml
+  ansible.builtin.include_tasks: resolved.yml
   when:
     - running_services['ansible_facts']['services']['systemd-resolved.service'] is defined
     - running_services['ansible_facts']['services']['systemd-resolved.service']['state'] == "running"
 
 - name: Download Chrome Embedded Browser
-  command: /opt/pulsesecure/bin/setup_cef.sh install
+  ansible.builtin.command: /opt/pulsesecure/bin/setup_cef.sh install
   args:
     creates: /opt/pulsesecure/lib/cefRuntime/Resources/libcef.so
   become: true

tasks/reset_resolv.yml

@@ -1,27 +1,27 @@
 ---
 - name: Reset resolv.conf
+  become: true
   block:
     - name: Remove /etc/resolv.conf (could be a symlink)
-      file:
+      ansible.builtin.file:
         path: /etc/resolv.conf
         state: absent
 
     - name: Copy last systemd-resolved resolv.conf stub
-      copy:
+      ansible.builtin.copy:
         src: /run/systemd/resolve/resolv.conf
         dest: /etc/resolv.conf
         owner: root
         group: root
         mode: '0644'
 
     - name: Remove systemd-resolved comments
-      lineinfile:
+      ansible.builtin.lineinfile:
         path: /etc/resolv.conf
         regexp: '^# '
         state: absent
 
     - name: Restart network
-      systemd:
+      ansible.builtin.systemd:
         name: "{{ pulse_os_network_service }}"
         state: restarted
-  become: true

tasks/resolved.yml

@@ -1,6 +1,6 @@
 ---
 - name: Disable and mask systemd-resolved
-  systemd:
+  ansible.builtin.systemd:
     name: systemd-resolved
     state: stopped
     masked: true
@@ -9,10 +9,10 @@
   notify: Reset resolv.conf
 
 - name: "Flush handlers"
-  meta: flush_handlers
+  ansible.builtin.meta: flush_handlers
 
 - name: Set configuration file options
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "{{ item.file }}"
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"

tests/test.yml

@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Run role
+  hosts: localhost
   remote_user: root
   roles:
-    - pulse_client
+    - stdevel.pulse_client

vars/suse.yml

@@ -0,0 +1,15 @@
+---
+pulse_dependencies:
+  - tar
+  - bzip2
+  - bind-utils
+  - perl-Digest-SHA1
+  - libgtkmm-3_0-1
+
+pulse_filename: 'https://dreckstools.cstan.io/pulsesecure-latest.rpm'
+# alternate sites:
+# - https://webdev.web3.technion.ac.il/docs/cis/public/ssl-vpn/v.22.2R1.0/ps-pulse-linux-22.2r1.0-b1295-64bit-installer.rpm
+# - https://www.rz-cms.uni-osnabrueck.de/dienste/vpn/pulsesecure_vpn.html#Anchor3db
+# - https://vubnet.vub.ac.be/downloads.html
+
+pulse_os_network_service: 'NetworkManager.service'