diff --git a/CHANGELOG.md b/CHANGELOG.md index d4bd6ca5..d6993a0d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release. ### Changed * Use python3 modules for Debian 11 and later +* Remove embedded GPG keys only if legacy keyring is present * elasticsearch: 7.x by default * evolinux-base: alert5 comes after the network * evolinux-base: force Debian version to buster for Evolix repository (temporary) diff --git a/apt/tasks/evolix_public.yml b/apt/tasks/evolix_public.yml index 00067f46..8352e666 100644 --- a/apt/tasks/evolix_public.yml +++ b/apt/tasks/evolix_public.yml @@ -1,10 +1,18 @@ --- +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + tags: + - apt + - name: Evolix embedded GPG key is absent apt_key: id: "B8612B5D" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists tags: - apt diff --git a/elasticsearch/tasks/packages.yml b/elasticsearch/tasks/packages.yml index b1291d4a..826fee1e 100644 --- a/elasticsearch/tasks/packages.yml +++ b/elasticsearch/tasks/packages.yml @@ -8,11 +8,20 @@ - elasticsearch - packages +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + tags: + - elasticsearch + - packages + - name: Elastic embedded GPG key is absent apt_key: id: "D88E42B4" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists tags: - elasticsearch - packages diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml index 7f4ebf36..34ed46b3 100644 --- a/evolinux-base/tasks/hardware.yml +++ b/evolinux-base/tasks/hardware.yml @@ -35,6 +35,11 @@ changed_when: "'FAILED' in raidmodel.stdout" failed_when: "'FAILED' in raidmodel.stdout" +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + - name: HPE Smart Storage Administrator (ssacli) is present block: - name: HPE GPG embedded key is absent @@ -42,6 +47,7 @@ id: "26C2B797" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists - name: HPE GPG key is installed copy: @@ -108,7 +114,9 @@ id: "23B3D3B4" keyring: /etc/apt/trusted.gpg state: absent - when: ansible_distribution_major_version is version('9', '>=') + when: + - trusted_gpg_keyring.stat.present + - ansible_distribution_major_version is version('9', '>=') - name: HWRaid GPG key is installed copy: diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml index 034808d3..c84c4db8 100644 --- a/filebeat/tasks/main.yml +++ b/filebeat/tasks/main.yml @@ -8,11 +8,20 @@ - filebeat - packages +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + tags: + - filebeat + - packages + - name: Elastic embedded GPG key is absent apt_key: id: "D88E42B4" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists tags: - filebeat - packages diff --git a/fluentd/tasks/main.yml b/fluentd/tasks/main.yml index 159748e6..282accf2 100644 --- a/fluentd/tasks/main.yml +++ b/fluentd/tasks/main.yml @@ -1,10 +1,19 @@ --- +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + tags: + - packages + - fluentd + - name: Fluentd embedded GPG key is absent apt_key: id: "AB97ACBE" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists tags: - packages - fluentd diff --git a/jenkins/tasks/main.yml b/jenkins/tasks/main.yml index da23e5f5..8ed3d38c 100644 --- a/jenkins/tasks/main.yml +++ b/jenkins/tasks/main.yml @@ -5,11 +5,17 @@ # http://mirrors.jenkins.io/.* # http://jenkins.mirror.isppower.de/.* +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + - name: Jenkins embedded GPG key is absent apt_key: id: "D50582E6" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists - name: Add Jenkins GPG key copy: diff --git a/kibana/tasks/main.yml b/kibana/tasks/main.yml index 8ebbe752..d0694094 100644 --- a/kibana/tasks/main.yml +++ b/kibana/tasks/main.yml @@ -8,11 +8,20 @@ - kibana - packages +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + tags: + - kibana + - packages + - name: Elastic embedded GPG key is absent apt_key: id: "D88E42B4" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists tags: - kibana - packages diff --git a/logstash/tasks/main.yml b/logstash/tasks/main.yml index 4ae70623..73bdab1d 100644 --- a/logstash/tasks/main.yml +++ b/logstash/tasks/main.yml @@ -8,11 +8,20 @@ - logstash - packages +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + tags: + - logstash + - packages + - name: Elastic embedded GPG key is absent apt_key: id: "D88E42B4" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists tags: - logstash - packages diff --git a/metricbeat/tasks/main.yml b/metricbeat/tasks/main.yml index ded5d008..8a009f7f 100644 --- a/metricbeat/tasks/main.yml +++ b/metricbeat/tasks/main.yml @@ -8,11 +8,20 @@ - metricbeat - packages +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + tags: + - metricbeat + - packages + - name: Elastic embedded GPG key is absent apt_key: id: "D88E42B4" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists tags: - metricbeat - packages diff --git a/mongodb/tasks/main_bullseye.yml b/mongodb/tasks/main_bullseye.yml index 63b2193b..d9e6e0eb 100644 --- a/mongodb/tasks/main_bullseye.yml +++ b/mongodb/tasks/main_bullseye.yml @@ -1,11 +1,16 @@ --- -# https://wiki.debian.org/DebianRepository/UseThirdParty +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + - name: MongoDB embedded GPG key is absent apt_key: id: "B8612B5D" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists - name: Add MongoDB GPG key copy: diff --git a/mongodb/tasks/main_buster.yml b/mongodb/tasks/main_buster.yml index 2e62255a..fc7ac7ed 100644 --- a/mongodb/tasks/main_buster.yml +++ b/mongodb/tasks/main_buster.yml @@ -1,10 +1,16 @@ --- +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + - name: MongoDB embedded GPG key is absent apt_key: id: "B8612B5D" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists - name: Add MongoDB GPG key copy: diff --git a/newrelic/tasks/sources.yml b/newrelic/tasks/sources.yml index 08a3ae51..c27de24d 100644 --- a/newrelic/tasks/sources.yml +++ b/newrelic/tasks/sources.yml @@ -1,10 +1,16 @@ --- +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + - name: NewRelic embedded GPG key is absent apt_key: id: "548C16BF" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists - name: Add NewRelic GPG key copy: diff --git a/nodejs/tasks/main.yml b/nodejs/tasks/main.yml index 4f8c2849..5ab49e70 100644 --- a/nodejs/tasks/main.yml +++ b/nodejs/tasks/main.yml @@ -9,11 +9,21 @@ - packages - nodejs +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + tags: + - system + - packages + - nodejs + - name: NodeJS embedded GPG key is absent apt_key: id: "68576280" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists tags: - system - packages diff --git a/nodejs/tasks/yarn.yml b/nodejs/tasks/yarn.yml index 44306d42..e3dfe1da 100644 --- a/nodejs/tasks/yarn.yml +++ b/nodejs/tasks/yarn.yml @@ -1,10 +1,21 @@ --- +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + tags: + - system + - packages + - nodejs + - yarn + - name: Yarn embedded GPG key is absent apt_key: id: "86E50310" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists tags: - system - packages diff --git a/percona/tasks/main.yml b/percona/tasks/main.yml index b14c4876..27544252 100644 --- a/percona/tasks/main.yml +++ b/percona/tasks/main.yml @@ -3,11 +3,17 @@ - set_fact: percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb" +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + - name: Percona embedded GPG key is absent apt_key: id: "8507EFA5" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists - name: Add Percona GPG key copy: diff --git a/postgresql/tasks/pgdg-repo.yml b/postgresql/tasks/pgdg-repo.yml index 429e33cc..a13b7469 100644 --- a/postgresql/tasks/pgdg-repo.yml +++ b/postgresql/tasks/pgdg-repo.yml @@ -13,11 +13,17 @@ repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main" update_cache: yes +- name: Look for legacy apt keyring + stat: + path: /etc/apt/trusted.gpg + register: _trusted_gpg_keyring + - name: PGDG embedded GPG key is absent apt_key: id: "ACCC4CF8" keyring: /etc/apt/trusted.gpg state: absent + when: _trusted_gpg_keyring.stat.exists - name: Add PGDG GPG key copy: