Remove embedded GPG keys only if legacy keyring is present
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is failing Details

This commit is contained in:
Jérémy Lecour 2021-07-04 22:08:47 +02:00 committed by Jérémy Lecour
parent ffd7d0e504
commit 29ec7bdcf2
17 changed files with 129 additions and 2 deletions

View File

@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
### Changed
* Use python3 modules for Debian 11 and later
* Remove embedded GPG keys only if legacy keyring is present
* elasticsearch: 7.x by default
* evolinux-base: alert5 comes after the network
* evolinux-base: force Debian version to buster for Evolix repository (temporary)

View File

@ -1,10 +1,18 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- apt
- name: Evolix embedded GPG key is absent
apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- apt

View File

@ -8,11 +8,20 @@
- elasticsearch
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- elasticsearch
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- elasticsearch
- packages

View File

@ -35,6 +35,11 @@
changed_when: "'FAILED' in raidmodel.stdout"
failed_when: "'FAILED' in raidmodel.stdout"
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: HPE Smart Storage Administrator (ssacli) is present
block:
- name: HPE GPG embedded key is absent
@ -42,6 +47,7 @@
id: "26C2B797"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: HPE GPG key is installed
copy:
@ -108,7 +114,9 @@
id: "23B3D3B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: ansible_distribution_major_version is version('9', '>=')
when:
- trusted_gpg_keyring.stat.present
- ansible_distribution_major_version is version('9', '>=')
- name: HWRaid GPG key is installed
copy:

View File

@ -8,11 +8,20 @@
- filebeat
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- filebeat
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- filebeat
- packages

View File

@ -1,10 +1,19 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- packages
- fluentd
- name: Fluentd embedded GPG key is absent
apt_key:
id: "AB97ACBE"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- packages
- fluentd

View File

@ -5,11 +5,17 @@
# http://mirrors.jenkins.io/.*
# http://jenkins.mirror.isppower.de/.*
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: Jenkins embedded GPG key is absent
apt_key:
id: "D50582E6"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add Jenkins GPG key
copy:

View File

@ -8,11 +8,20 @@
- kibana
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- kibana
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- kibana
- packages

View File

@ -8,11 +8,20 @@
- logstash
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- logstash
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- logstash
- packages

View File

@ -8,11 +8,20 @@
- metricbeat
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- metricbeat
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- metricbeat
- packages

View File

@ -1,11 +1,16 @@
---
# https://wiki.debian.org/DebianRepository/UseThirdParty
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: MongoDB embedded GPG key is absent
apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add MongoDB GPG key
copy:

View File

@ -1,10 +1,16 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: MongoDB embedded GPG key is absent
apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add MongoDB GPG key
copy:

View File

@ -1,10 +1,16 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: NewRelic embedded GPG key is absent
apt_key:
id: "548C16BF"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add NewRelic GPG key
copy:

View File

@ -9,11 +9,21 @@
- packages
- nodejs
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- name: NodeJS embedded GPG key is absent
apt_key:
id: "68576280"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- system
- packages

View File

@ -1,10 +1,21 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- yarn
- name: Yarn embedded GPG key is absent
apt_key:
id: "86E50310"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- system
- packages

View File

@ -3,11 +3,17 @@
- set_fact:
percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb"
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: Percona embedded GPG key is absent
apt_key:
id: "8507EFA5"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add Percona GPG key
copy:

View File

@ -13,11 +13,17 @@
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
update_cache: yes
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: PGDG embedded GPG key is absent
apt_key:
id: "ACCC4CF8"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add PGDG GPG key
copy: