Install deb822 sources on Debian >=12

This commit is contained in:
Jérémy Lecour 2023-03-19 11:44:53 +01:00 committed by Jérémy Lecour
parent f1644ed138
commit 45e8132d07
43 changed files with 518 additions and 541 deletions

View file

@ -1,7 +1,7 @@
# This role installs the docker daemon
---
- name: Remove older docker packages
apt:
ansible.builtin.apt:
name:
- docker
- docker-engine
@ -9,21 +9,21 @@
state: absent
- name: Install source requirements
apt:
ansible.builtin.apt:
name:
- ca-certificates
- gnupg2
state: present
- name: Install apt-transport-https (Debian <10)
apt:
ansible.builtin.apt:
name:
- apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Add Docker's official GPG key
copy:
ansible.builtin.copy:
src: docker-debian.asc
dest: "{{ apt_keyring_dir }}/docker-debian.asc"
force: yes
@ -32,10 +32,11 @@
group: root
- name: Add Docker repository (Debian <12)
apt_repository:
ansible.builtin.apt_repository:
repo: 'deb [signed-by={{ apt_keyring_dir }}/docker-debian.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
filename: docker.list
filename: docker
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Docker repository (Debian >=12)
@ -43,43 +44,48 @@
src: docker.sources.j2
dest: /etc/apt/sources.list.d/docker.sources
state: present
register: docker_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
when: docker_sources is changed
- name: Install Docker
apt:
ansible.builtin.apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
update_cache: yes
- name: python-docker is installed
apt:
ansible.builtin.apt:
name: python-docker
state: present
when: ansible_python_version is version('3', '<')
- name: python3-docker is installed
apt:
ansible.builtin.apt:
name: python3-docker
state: present
when: ansible_python_version is version('3', '>=')
- name: Copy Docker daemon configuration file
template:
ansible.builtin.template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
notify: restart docker
- name: Creating Docker tmp directory
file:
ansible.builtin.file:
path: "{{ docker_tmpdir }}"
state: directory
mode: "0644"
owner: root
- name: Creating Docker TLS directory
file:
ansible.builtin.file:
path: "{{ docker_tls_path }}"
state: directory
mode: "0644"
@ -87,7 +93,7 @@
when: docker_tls_enabled | bool
- name: Copy shellpki utility to Docker TLS directory
template:
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "{{ docker_tls_path }}/{{ item }}"
mode: "0744"
@ -97,12 +103,13 @@
when: docker_tls_enabled | bool
- name: Check if certs are already created
stat:
ansible.builtin.stat:
path: "{{ docker_tls_path }}/certs"
register: tls_certs_stat
- name: Creating a CA, server key
command: "{{ docker_tls_path }}/shellpki.sh init"
ansible.builtin.command:
cmd: "{{ docker_tls_path }}/shellpki.sh init"
when:
- docker_tls_enabled | bool
- not tls_certs_stat.stat.isdir

View file

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
when: elastic_sources is changed

View file

@ -1,73 +1,23 @@
---
- name: APT https transport is enabled
apt:
name: apt-transport-https
state: present
tags:
- elasticsearch
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- elasticsearch
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- elasticsearch
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- elasticsearch
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- elasticsearch
- packages
- name: Unsigned Elastic sources list is not available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- elasticsearch
- packages
- name: APT sources
ansible.builtin.import_tasks: apt_sources.yml
args:
apply:
tags:
- elasticsearch
- packages
- name: Elasticsearch is installed
apt:
ansible.builtin.apt:
name: elasticsearch
state: present
update_cache: yes
tags:
- elasticsearch
- packages
- name: Elasticsearch service is enabled
service:
ansible.builtin.systemd:
name: elasticsearch
enabled: yes
tags:

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

View file

@ -55,6 +55,7 @@
ansible.builtin.apt_repository:
repo: 'deb [signed-by={{ apt_keyring_dir }}/hwraid.le-vert.net.asc] http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present
update_cache: yes
tags:
- packages
when:
@ -66,8 +67,13 @@
dest: /etc/apt/sources.list.d/hwraid.le-vert.net.sources
tags:
- packages
when:
- ansible_distribution_major_version is version('12', '>=')
register: hwraid_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: hwraid_sources is changed
- name: Install packages for DELL/LSI hardware
ansible.builtin.apt:

View file

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: elastic_sources is changed

View file

@ -1,62 +1,11 @@
---
- name: APT https transport is enabled
apt:
name: apt-transport-https
state: present
tags:
- filebeat
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- filebeat
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- filebeat
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- filebeat
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- filebeat
- packages
- name: Unsigned Elastic sources list is not available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- filebeat
- packages
- name: APT sources
import_tasks: apt_sources.yml
args:
apply:
tags:
- filebeat
- packages
- name: Filebeat is installed
apt:

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

View file

@ -1,27 +1,9 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- packages
- fluentd
- name: Fluentd embedded GPG key is absent
apt_key:
id: "AB97ACBE"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- packages
- fluentd
- name: Add Fluentd GPG key
copy:
src: fluentd.asc
dest: "{{ apt_keyring_dir }}/fluentd.asc"
src: treasuredata.asc
dest: "{{ apt_keyring_dir }}/treasuredata.asc"
force: yes
mode: "0644"
owner: root
@ -30,30 +12,31 @@
- packages
- fluentd
- name: Fluentd sources list is available
- name: Add Treasuredata repository (Debian <12)
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/fluentd.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
filename: treasuredata
update_cache: yes
repo: "deb [signed-by={{ apt_keyring_dir }}/treasuredata.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
filename: treasuredata.list
state: present
tags:
- packages
- fluentd
when: ansible_distribution_major_version is version('12', '<')
- name: Unsigned Fluentd sources list is not available
apt_repository:
repo: "deb http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
filename: treasuredata
update_cache: yes
state: absent
- name: Add Treasuredata repository (Debian >=12)
ansible.builtin.template:
src: treasuredata.sources.j2
dest: /etc/apt/sources.list.d/treasuredata.sources
state: present
tags:
- packages
- fluentd
when: ansible_distribution_major_version is version('12', '>=')
- name: Fluentd is installed.
apt:
name: td-agent
state: present
update_cache: yes
tags:
- fluentd
- packages

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/
Suites: {{ ansible_distribution_release }}
Components: contrib
Signed-by: {{ apt_keyring_dir }}/treasuredata.asc
Enabled: yes

View file

@ -5,18 +5,6 @@
# http://mirrors.jenkins.io/.*
# http://jenkins.mirror.isppower.de/.*
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: Jenkins embedded GPG key is absent
apt_key:
id: "D50582E6"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add Jenkins GPG key
copy:
src: jenkins.asc
@ -26,22 +14,30 @@
owner: root
group: root
- name: Add jenkins APT repository
- name: Add Jenkins APT repository (Debian <12)
apt_repository:
repo: deb [signed-by={{ apt_keyring_dir }}/jenkins.asc] http://pkg.jenkins-ci.org/debian-stable binary/
filename: jenkins
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Remove unsigned jenkins APT repository
apt_repository:
repo: deb http://pkg.jenkins-ci.org/debian-stable binary/
filename: jenkins
- name: Add Jenkins repository (Debian >=12)
ansible.builtin.template:
src: jenkins.sources.j2
dest: /etc/apt/sources.list.d/jenkins.sources
state: present
register: jenkins_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
state: absent
when: jenkins_sources is changed
- name: Install Jenkins
apt:
name: jenkins
state: present
- name: Change Jenkins port
replace:

View file

@ -0,0 +1,7 @@
# {{ ansible_managed }}
Types: deb
URIs: http://pkg.jenkins-ci.org/debian-stable
Suites: binary/
Signed-by: {{ apt_keyring_dir }}/jenkins.asc
Enabled: yes

View file

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: elastic_sources is changed

View file

@ -1,67 +1,17 @@
---
- name: APT https transport is enabled
apt:
name: apt-transport-https
state: present
tags:
- kibana
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- kibana
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- kibana
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- kibana
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- kibana
- packages
- name: Unsigned Elastic sources list is not available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- kibana
- packages
- name: APT sources
import_tasks: apt_sources.yml
args:
apply:
tags:
- kibana
- packages
- name: Kibana is installed
apt:
name: kibana
state: present
update_cache: yes
tags:
- kibana
- packages

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

View file

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: elastic_sources is changed

View file

@ -1,62 +1,11 @@
---
- name: APT https transport is enabled
apt:
name: apt-transport-https
state: present
tags:
- logstash
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- logstash
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- logstash
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- logstash
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- logstash
- packages
- name: Unsigned Elastic sources list is not available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- logstash
- packages
- name: APT sources
import_tasks: apt_sources.yml
args:
apply:
tags:
- logstash
- packages
- name: Logstash is installed
apt:

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

View file

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: elastic_sources is changed

View file

@ -1,62 +1,11 @@
---
- name: APT https transport is enabled
apt:
name: apt-transport-https
state: present
tags:
- metricbeat
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- metricbeat
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- metricbeat
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- metricbeat
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- metricbeat
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- metricbeat
- packages
- name: APT sources
import_tasks: apt_sources.yml
args:
apply:
tags:
- metricbeat
- packages
- name: Metricbeat is installed
apt:

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

View file

@ -1,13 +1,14 @@
---
- include: main_jessie.yml
- ansible.builtin.import_tasks: main_jessie.yml
when: ansible_distribution_release == "jessie"
- include: main_stretch.yml
- ansible.builtin.import_tasks: main_stretch.yml
when: ansible_distribution_release == "stretch"
- include: main_buster.yml
- ansible.builtin.import_tasks: main_buster.yml
when: ansible_distribution_release == "buster"
- include: main_bullseye.yml
when: ansible_distribution_major_version is version('11', '>=')
- ansible.builtin.import_tasks: main_bullseye.yml
when: ansible_distribution_release == "bullseye"

View file

@ -1,22 +1,10 @@
---
- fail:
msg: Not compatible with Debian 11 (Bullseye)
msg: MongoDB versions <4.2 are not compatible with Debian 11 (Bullseye)
when:
- ansible_distribution_release == "bullseye"
- mongodb_version is version('5.0', '<')
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: MongoDB embedded GPG key is absent
apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- mongodb_version is version('5.2', '<')
- name: Add MongoDB GPG key
copy:
@ -27,19 +15,11 @@
owner: root
group: root
- name: Enable APT sources list
- name: Add MongoDB repository
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main"
state: present
filename: "mongodb-org-{{ mongodb_version }}"
update_cache: yes
- name: Disable unsigned APT sources list
apt_repository:
repo: "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main"
state: absent
filename: "mongodb-org-{{ mongodb_version }}"
update_cache: yes
- name: Install packages
apt:

View file

@ -1,7 +1,7 @@
---
- name: Pre-seed package configuration with app name
debconf:
ansible.builtin.debconf:
name: newrelic-php5
question: "newrelic-php5/application-name"
value: "{{ newrelic_appname }}"
@ -9,7 +9,7 @@
when: newrelic_appname | length > 0
- name: Pre-seed package configuration with license
debconf:
ansible.builtin.debconf:
name: newrelic-php5
question: "newrelic-php5/license-key"
value: "{{ newrelic_license }}"
@ -17,26 +17,27 @@
when: newrelic_license | length > 0
- name: list newrelic config files
shell: "find /etc/php* -type f -name newrelic.ini"
ansible.builtin.shell:
cmd: "find /etc/php* -type f -name newrelic.ini"
changed_when: False
check_mode: no
register: find_newrelic_ini
- name: Disable AWS detection
lineinfile:
ansible.builtin.lineinfile:
dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_aws'
line: 'newrelic.daemon.utilization.detect_aws = false'
loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Disable Docker detection
lineinfile:
ansible.builtin.lineinfile:
dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_docker'
line: 'newrelic.daemon.utilization.detect_docker = false'
loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Install package for PHP
apt:
ansible.builtin.apt:
name: newrelic-php5
state: present

View file

@ -1,19 +1,7 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: NewRelic embedded GPG key is absent
apt_key:
id: "548C16BF"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add NewRelic GPG key
copy:
ansible.builtin.copy:
src: newrelic.asc
dest: "{{ apt_keyring_dir }}/newrelic.asc"
force: yes
@ -21,16 +9,23 @@
owner: root
group: root
- name: Install NewRelic repository
apt_repository:
- name: Install NewRelic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/newrelic.asc] http://apt.newrelic.com/debian/ newrelic non-free"
state: present
filename: newrelic
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Desinstall unsigned NewRelic repository
apt_repository:
repo: "deb http://apt.newrelic.com/debian/ newrelic non-free"
state: absent
filename: newrelic
- name: Add NewRelic repository (Debian >=12)
ansible.builtin.template:
src: newrelic.sources.j2
dest: /etc/apt/sources.list.d/newrelic.sources
state: present
register: newrelic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
when: newrelic_sources is changed

View file

@ -1,11 +1,11 @@
---
- name: Install system monitor daemon
apt:
ansible.builtin.apt:
name: newrelic-sysmond
- name: Set license key for newrelic-sysmond
replace:
ansible.builtin.replace:
dest: /etc/newrelic/nrsysmond.cfg
regexp: "license_key=REPLACE_WITH_REAL_KEY"
replace: "license_key={{ newrelic_license }}"

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://apt.newrelic.com/debian/
Suites: newrelic
Components: non-free
Signed-by: {{ apt_keyring_dir }}/newrelic.asc
Enabled: yes

View file

@ -1,36 +1,17 @@
---
- name: APT https transport is enabled
apt:
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
tags:
- system
- packages
- nodejs
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- name: NodeJS embedded GPG key is absent
apt_key:
id: "68576280"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- system
- packages
- nodejs
when: ansible_distribution_major_version is version('10', '<')
- name: NodeJS GPG key is installed
copy:
ansible.builtin.copy:
src: nodesource.asc
dest: "{{ apt_keyring_dir }}/nodesource.asc"
mode: "0644"
@ -41,8 +22,8 @@
- packages
- nodejs
- name: NodeJS sources list ({{ nodejs_apt_version }}) is available
apt_repository:
- name: Add NodeJS repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/nodesource.asc] https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
filename: nodesource
update_cache: yes
@ -51,26 +32,32 @@
- system
- packages
- nodejs
when: ansible_distribution_major_version is version('12', '<')
- name: Unsigned NodeJS sources list ({{ nodejs_apt_version }}) is not available
apt_repository:
repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
filename: nodesource
update_cache: yes
state: absent
- name: Add NodeJS repository (Debian >=12)
ansible.builtin.template:
src: nodesource.sources.j2
dest: /etc/apt/sources.list.d/nodesource.sources
state: present
register: nodesource_sources
tags:
- system
- packages
- nodejs
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
when: nodesource_sources is changed
- name: NodeJS is installed
apt:
ansible.builtin.apt:
name: nodejs
state: present
update_cache: yes
tags:
- packages
- nodejs
- include: yarn.yml
- ansible.builtin.import_tasks: yarn.yml
when: nodejs_install_yarn | bool

View file

@ -1,29 +1,7 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- yarn
- name: Yarn embedded GPG key is absent
apt_key:
id: "86E50310"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- system
- packages
- nodejs
- yarn
- name: Yarn GPG key is installed
copy:
ansible.builtin.copy:
src: yarn.asc
dest: "{{ apt_keyring_dir }}/yarn.asc"
mode: "0644"
@ -35,32 +13,39 @@
- nodejs
- yarn
- name: Yarn sources list is available
apt_repository:
- name: Add Yarn repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/yarn.asc] https://dl.yarnpkg.com/debian/ stable main"
filename: yarn
update_cache: yes
state: present
tags:
- system
- packages
- nodejs
- yarn
when: ansible_distribution_major_version is version('12', '<')
- name: Unsigned Yarn sources list is not available
apt_repository:
repo: "deb https://dl.yarnpkg.com/debian/ stable main"
filename: yarn
- name: Add Yarn repository (Debian >=12)
ansible.builtin.template:
src: yarn.sources.j2
dest: /etc/apt/sources.list.d/yarn.sources
state: present
update_cache: yes
state: absent
register: yarn_sources
tags:
- system
- packages
- nodejs
- yarn
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
when: yarn_sources is changed
- name: Yarn is installed
apt:
ansible.builtin.apt:
name: yarn
state: present
tags:

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://deb.nodesource.com/{{ nodejs_apt_version }}
Suites: {{ ansible_distribution_release }}
Components: main
Signed-by: {{ apt_keyring_dir }}/nodesource.asc
Enabled: yes

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://dl.yarnpkg.com/debian/
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/yarn.asc
Enabled: yes

View file

@ -1,12 +1,10 @@
---
- name: Setup deb.sury.org repository - Add GPG key
copy:
src: sury.gpg
dest: "{{ apt_keyring_dir }}/sury.gpg"
mode: "0644"
owner: root
group: root
- name: Setup deb.sury.org repository - Install apt-transport-https
apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: copy pub.evolix.org GPG key
copy:
@ -16,18 +14,6 @@
owner: root
group: root
- name: Setup deb.sury.org repository - Install apt-transport-https
apt:
state: present
name: apt-transport-https
- name: Setup deb.sury.org repository - Add preferences file
copy:
src: sury.preferences
dest: /etc/apt/preferences.d/z-sury
when:
- ansible_distribution_release != "bullseye"
- name: Setup pub.evolix.org repository - Add source list
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix {{ ansible_distribution_release }}-php81 main"
@ -36,17 +22,41 @@
when:
- ansible_distribution_release == "bullseye"
- name: Setup deb.sury.org repository - Add source list
- name: Setup deb.sury.org repository - Add preferences file
copy:
src: sury.preferences
dest: /etc/apt/preferences.d/z-sury
when:
- ansible_distribution_release != "bullseye"
- name: Setup deb.sury.org repository - Add GPG key
copy:
src: sury.gpg
dest: "{{ apt_keyring_dir }}/sury.gpg"
mode: "0644"
owner: root
group: root
- name: Add Sury repository (Debian <12)
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
filename: sury
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Setup deb.sury.org repository - Remove unsigned source list
apt_repository:
repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
filename: sury
state: absent
- name: Add Sury repository (Debian >=12)
ansible.builtin.template:
src: sury.sources.j2
dest: /etc/apt/sources.list.d/sury.sources
state: present
register: sury_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: sury_sources is changed
- name: "Override package list for Sury (Debian 9 or later)"
set_fact:

View file

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://packages.sury.org/php/
Suites: {{ ansible_distribution_release }}
Components: main
Signed-by: {{ apt_keyring_dir }}/sury.gpg
Enabled: yes

View file

@ -1,25 +1,28 @@
---
- include: locales.yml
- ansible.builtin.import_tasks: locales.yml
- include: packages_jessie.yml
- ansible.builtin.import_tasks: packages_jessie.yml
when: ansible_distribution_release == "jessie"
- include: packages_stretch.yml
- ansible.builtin.import_tasks: packages_stretch.yml
when: ansible_distribution_release == "stretch"
- include: packages_buster.yml
- ansible.builtin.import_tasks: packages_buster.yml
when: ansible_distribution_release == "buster"
- include: packages_bullseye.yml
when: ansible_distribution_major_version is version('11', '>=')
- ansible.builtin.import_tasks: packages_bullseye.yml
when: ansible_distribution_release == "bullseye"
- include: config.yml