Remove embedded GPG keys only if legacy keyring is present
This commit is contained in:
parent
ffd7d0e504
commit
29ec7bdcf2
17 changed files with 129 additions and 2 deletions
|
@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
|
|||
### Changed
|
||||
|
||||
* Use python3 modules for Debian 11 and later
|
||||
* Remove embedded GPG keys only if legacy keyring is present
|
||||
* elasticsearch: 7.x by default
|
||||
* evolinux-base: alert5 comes after the network
|
||||
* evolinux-base: force Debian version to buster for Evolix repository (temporary)
|
||||
|
|
|
@ -1,10 +1,18 @@
|
|||
---
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Evolix embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "B8612B5D"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- apt
|
||||
|
||||
|
|
|
@ -8,11 +8,20 @@
|
|||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elastic embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "D88E42B4"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
|
|
@ -35,6 +35,11 @@
|
|||
changed_when: "'FAILED' in raidmodel.stdout"
|
||||
failed_when: "'FAILED' in raidmodel.stdout"
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
|
||||
- name: HPE Smart Storage Administrator (ssacli) is present
|
||||
block:
|
||||
- name: HPE GPG embedded key is absent
|
||||
|
@ -42,6 +47,7 @@
|
|||
id: "26C2B797"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
|
||||
- name: HPE GPG key is installed
|
||||
copy:
|
||||
|
@ -108,7 +114,9 @@
|
|||
id: "23B3D3B4"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: ansible_distribution_major_version is version('9', '>=')
|
||||
when:
|
||||
- trusted_gpg_keyring.stat.present
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- name: HWRaid GPG key is installed
|
||||
copy:
|
||||
|
|
|
@ -8,11 +8,20 @@
|
|||
- filebeat
|
||||
- packages
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- filebeat
|
||||
- packages
|
||||
|
||||
- name: Elastic embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "D88E42B4"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- filebeat
|
||||
- packages
|
||||
|
|
|
@ -1,10 +1,19 @@
|
|||
---
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- packages
|
||||
- fluentd
|
||||
|
||||
- name: Fluentd embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "AB97ACBE"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- packages
|
||||
- fluentd
|
||||
|
|
|
@ -5,11 +5,17 @@
|
|||
# http://mirrors.jenkins.io/.*
|
||||
# http://jenkins.mirror.isppower.de/.*
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
|
||||
- name: Jenkins embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "D50582E6"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
|
||||
- name: Add Jenkins GPG key
|
||||
copy:
|
||||
|
|
|
@ -8,11 +8,20 @@
|
|||
- kibana
|
||||
- packages
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- kibana
|
||||
- packages
|
||||
|
||||
- name: Elastic embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "D88E42B4"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- kibana
|
||||
- packages
|
||||
|
|
|
@ -8,11 +8,20 @@
|
|||
- logstash
|
||||
- packages
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- logstash
|
||||
- packages
|
||||
|
||||
- name: Elastic embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "D88E42B4"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- logstash
|
||||
- packages
|
||||
|
|
|
@ -8,11 +8,20 @@
|
|||
- metricbeat
|
||||
- packages
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- metricbeat
|
||||
- packages
|
||||
|
||||
- name: Elastic embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "D88E42B4"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- metricbeat
|
||||
- packages
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
---
|
||||
|
||||
# https://wiki.debian.org/DebianRepository/UseThirdParty
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
|
||||
- name: MongoDB embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "B8612B5D"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
|
||||
- name: Add MongoDB GPG key
|
||||
copy:
|
||||
|
|
|
@ -1,10 +1,16 @@
|
|||
---
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
|
||||
- name: MongoDB embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "B8612B5D"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
|
||||
- name: Add MongoDB GPG key
|
||||
copy:
|
||||
|
|
|
@ -1,10 +1,16 @@
|
|||
---
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
|
||||
- name: NewRelic embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "548C16BF"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
|
||||
- name: Add NewRelic GPG key
|
||||
copy:
|
||||
|
|
|
@ -9,11 +9,21 @@
|
|||
- packages
|
||||
- nodejs
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- system
|
||||
- packages
|
||||
- nodejs
|
||||
|
||||
- name: NodeJS embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "68576280"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- system
|
||||
- packages
|
||||
|
|
|
@ -1,10 +1,21 @@
|
|||
---
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- system
|
||||
- packages
|
||||
- nodejs
|
||||
- yarn
|
||||
|
||||
- name: Yarn embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "86E50310"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- system
|
||||
- packages
|
||||
|
|
|
@ -3,11 +3,17 @@
|
|||
- set_fact:
|
||||
percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb"
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
|
||||
- name: Percona embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "8507EFA5"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
|
||||
- name: Add Percona GPG key
|
||||
copy:
|
||||
|
|
|
@ -13,11 +13,17 @@
|
|||
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
|
||||
update_cache: yes
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
|
||||
- name: PGDG embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "ACCC4CF8"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
|
||||
- name: Add PGDG GPG key
|
||||
copy:
|
||||
|
|
Loading…
Reference in a new issue