Remove embedded GPG keys only if legacy keyring is present

pull/126/head
Jérémy Lecour 1 year ago committed by Jérémy Lecour
parent ffd7d0e504
commit 29ec7bdcf2
  1. 1
      CHANGELOG.md
  2. 8
      apt/tasks/evolix_public.yml
  3. 9
      elasticsearch/tasks/packages.yml
  4. 10
      evolinux-base/tasks/hardware.yml
  5. 9
      filebeat/tasks/main.yml
  6. 9
      fluentd/tasks/main.yml
  7. 6
      jenkins/tasks/main.yml
  8. 9
      kibana/tasks/main.yml
  9. 9
      logstash/tasks/main.yml
  10. 9
      metricbeat/tasks/main.yml
  11. 7
      mongodb/tasks/main_bullseye.yml
  12. 6
      mongodb/tasks/main_buster.yml
  13. 6
      newrelic/tasks/sources.yml
  14. 10
      nodejs/tasks/main.yml
  15. 11
      nodejs/tasks/yarn.yml
  16. 6
      percona/tasks/main.yml
  17. 6
      postgresql/tasks/pgdg-repo.yml

@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
### Changed
* Use python3 modules for Debian 11 and later
* Remove embedded GPG keys only if legacy keyring is present
* elasticsearch: 7.x by default
* evolinux-base: alert5 comes after the network
* evolinux-base: force Debian version to buster for Evolix repository (temporary)

@ -1,10 +1,18 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- apt
- name: Evolix embedded GPG key is absent
apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- apt

@ -8,11 +8,20 @@
- elasticsearch
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- elasticsearch
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- elasticsearch
- packages

@ -35,6 +35,11 @@
changed_when: "'FAILED' in raidmodel.stdout"
failed_when: "'FAILED' in raidmodel.stdout"
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: HPE Smart Storage Administrator (ssacli) is present
block:
- name: HPE GPG embedded key is absent
@ -42,6 +47,7 @@
id: "26C2B797"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: HPE GPG key is installed
copy:
@ -108,7 +114,9 @@
id: "23B3D3B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: ansible_distribution_major_version is version('9', '>=')
when:
- trusted_gpg_keyring.stat.present
- ansible_distribution_major_version is version('9', '>=')
- name: HWRaid GPG key is installed
copy:

@ -8,11 +8,20 @@
- filebeat
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- filebeat
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- filebeat
- packages

@ -1,10 +1,19 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- packages
- fluentd
- name: Fluentd embedded GPG key is absent
apt_key:
id: "AB97ACBE"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- packages
- fluentd

@ -5,11 +5,17 @@
# http://mirrors.jenkins.io/.*
# http://jenkins.mirror.isppower.de/.*
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: Jenkins embedded GPG key is absent
apt_key:
id: "D50582E6"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add Jenkins GPG key
copy:

@ -8,11 +8,20 @@
- kibana
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- kibana
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- kibana
- packages

@ -8,11 +8,20 @@
- logstash
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- logstash
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- logstash
- packages

@ -8,11 +8,20 @@
- metricbeat
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- metricbeat
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- metricbeat
- packages

@ -1,11 +1,16 @@
---
# https://wiki.debian.org/DebianRepository/UseThirdParty
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: MongoDB embedded GPG key is absent
apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add MongoDB GPG key
copy:

@ -1,10 +1,16 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: MongoDB embedded GPG key is absent
apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add MongoDB GPG key
copy:

@ -1,10 +1,16 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: NewRelic embedded GPG key is absent
apt_key:
id: "548C16BF"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add NewRelic GPG key
copy:

@ -9,11 +9,21 @@
- packages
- nodejs
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- name: NodeJS embedded GPG key is absent
apt_key:
id: "68576280"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- system
- packages

@ -1,10 +1,21 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- yarn
- name: Yarn embedded GPG key is absent
apt_key:
id: "86E50310"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- system
- packages

@ -3,11 +3,17 @@
- set_fact:
percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb"
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: Percona embedded GPG key is absent
apt_key:
id: "8507EFA5"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add Percona GPG key
copy:

@ -13,11 +13,17 @@
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
update_cache: yes
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: PGDG embedded GPG key is absent
apt_key:
id: "ACCC4CF8"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add PGDG GPG key
copy:

Loading…
Cancel
Save