From 6cfaf767c10025271b471f9b4a34619811c9ecda Mon Sep 17 00:00:00 2001
From: David Galloway <david.galloway@ibm.com>
Date: Thu, 5 Feb 2026 09:17:01 -0500
Subject: [PATCH] common: s/http/https in apt sources as outbound port 80 is
 blocked in Sepia

Signed-off-by: David Galloway <david.galloway@ibm.com>
---
 roles/common/handlers/main.yml     |  4 ++++
 roles/common/tasks/apt_systems.yml | 21 +++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index 30e2a52d..72534de6 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -5,3 +5,7 @@
     state: restarted
   # There's an issue with ansible<=2.9 and our custom built kernels (5.8 as of this commit) where the service and systemd modules don't have backwards compatibility with init scripts
   ignore_errors: "{{ 'ceph' in ansible_kernel }}"
+
+- name: apt update
+  ansible.builtin.apt:
+    update_cache: yes
diff --git a/roles/common/tasks/apt_systems.yml b/roles/common/tasks/apt_systems.yml
index 824b1333..a0987925 100644
--- a/roles/common/tasks/apt_systems.yml
+++ b/roles/common/tasks/apt_systems.yml
@@ -57,3 +57,24 @@
     state: present
   when:
     - ansible_distribution_major_version|int >= 24
+
+# Outbound port 80 traffic is blocked in Sepia
+- name: Find apt source list files
+  ansible.builtin.find:
+    paths:
+      - /etc/apt
+      - /etc/apt/sources.list.d
+    patterns:
+      - sources.list
+      - "*.list"
+    file_type: file
+  register: apt_source_files
+
+- name: Replace http with https in apt sources
+  ansible.builtin.replace:
+    path: "{{ item.path }}"
+    regexp: '(^\s*deb(?:-src)?\s+)(http://)'
+    replace: '\1https://'
+    backup: yes
+  loop: "{{ apt_source_files.files }}"
+  notify: apt update
-- 
2.47.3