From 45e8132d0765096e0f97799e2a7bf0f4d06d3cb2 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sun, 19 Mar 2023 11:44:53 +0100 Subject: [PATCH] Install deb822 sources on Debian >=12 --- docker-host/tasks/main.yml | 39 ++++++----- elasticsearch/tasks/apt_sources.yml | 36 ++++++++++ elasticsearch/tasks/packages.yml | 70 +++---------------- elasticsearch/templates/elastic.sources.j2 | 8 +++ evolinux-base/tasks/hardware.dell.yml | 10 ++- filebeat/tasks/apt_sources.yml | 36 ++++++++++ filebeat/tasks/main.yml | 65 ++--------------- filebeat/templates/elastic.sources.j2 | 8 +++ .../files/{fluentd.asc => treasuredata.asc} | 0 fluentd/tasks/main.yml | 43 ++++-------- fluentd/templates/treasuredata.sources.j2 | 8 +++ jenkins/tasks/main.yml | 32 ++++----- jenkins/templates/jenkins.sources.j2 | 7 ++ kibana/tasks/apt_sources.yml | 36 ++++++++++ kibana/tasks/main.yml | 66 +++-------------- kibana/templates/elastic.sources.j2 | 8 +++ logstash/tasks/apt_sources.yml | 36 ++++++++++ logstash/tasks/main.yml | 65 ++--------------- logstash/templates/elastic.sources.j2 | 8 +++ metricbeat/tasks/apt_sources.yml | 36 ++++++++++ metricbeat/tasks/main.yml | 65 ++--------------- metricbeat/templates/elastic.sources.j2 | 8 +++ mongodb/tasks/main.yml | 11 +-- mongodb/tasks/main_bullseye.yml | 26 +------ newrelic/tasks/php.yml | 13 ++-- newrelic/tasks/sources.yml | 35 ++++------ newrelic/tasks/sysmond.yml | 4 +- newrelic/templates/newrelic.sources.j2 | 8 +++ nodejs/tasks/main.yml | 55 ++++++--------- nodejs/tasks/yarn.yml | 49 +++++-------- nodejs/templates/nodesource.sources.j2 | 8 +++ nodejs/templates/yarn.sources.j2 | 8 +++ php/tasks/sury_pre.yml | 60 +++++++++------- php/templates/sury.sources.j2 | 8 +++ postgresql/tasks/main.yml | 25 ++++--- postgresql/tasks/packages_bookworm.yml | 6 +- postgresql/tasks/packages_bullseye.yml | 1 + postgresql/tasks/packages_buster.yml | 1 + postgresql/tasks/packages_jessie.yml | 10 +-- postgresql/tasks/packages_stretch.yml | 1 + postgresql/tasks/pgdg-repo.yml | 31 ++++---- postgresql/tasks/postgis.yml | 1 + postgresql/templates/postgresql.sources.j2 | 8 +++ 43 files changed, 518 insertions(+), 541 deletions(-) create mode 100644 elasticsearch/tasks/apt_sources.yml create mode 100644 elasticsearch/templates/elastic.sources.j2 create mode 100644 filebeat/tasks/apt_sources.yml create mode 100644 filebeat/templates/elastic.sources.j2 rename fluentd/files/{fluentd.asc => treasuredata.asc} (100%) create mode 100644 fluentd/templates/treasuredata.sources.j2 create mode 100644 jenkins/templates/jenkins.sources.j2 create mode 100644 kibana/tasks/apt_sources.yml create mode 100644 kibana/templates/elastic.sources.j2 create mode 100644 logstash/tasks/apt_sources.yml create mode 100644 logstash/templates/elastic.sources.j2 create mode 100644 metricbeat/tasks/apt_sources.yml create mode 100644 metricbeat/templates/elastic.sources.j2 create mode 100644 newrelic/templates/newrelic.sources.j2 create mode 100644 nodejs/templates/nodesource.sources.j2 create mode 100644 nodejs/templates/yarn.sources.j2 create mode 100644 php/templates/sury.sources.j2 create mode 100644 postgresql/templates/postgresql.sources.j2 diff --git a/docker-host/tasks/main.yml b/docker-host/tasks/main.yml index 163ec76c..db57a6b6 100644 --- a/docker-host/tasks/main.yml +++ b/docker-host/tasks/main.yml @@ -1,7 +1,7 @@ # This role installs the docker daemon --- - name: Remove older docker packages - apt: + ansible.builtin.apt: name: - docker - docker-engine @@ -9,21 +9,21 @@ state: absent - name: Install source requirements - apt: + ansible.builtin.apt: name: - ca-certificates - gnupg2 state: present - name: Install apt-transport-https (Debian <10) - apt: + ansible.builtin.apt: name: - apt-transport-https state: present when: ansible_distribution_major_version is version('10', '<') - name: Add Docker's official GPG key - copy: + ansible.builtin.copy: src: docker-debian.asc dest: "{{ apt_keyring_dir }}/docker-debian.asc" force: yes @@ -32,10 +32,11 @@ group: root - name: Add Docker repository (Debian <12) - apt_repository: + ansible.builtin.apt_repository: repo: 'deb [signed-by={{ apt_keyring_dir }}/docker-debian.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable' - filename: docker.list + filename: docker state: present + update_cache: yes when: ansible_distribution_major_version is version('12', '<') - name: Add Docker repository (Debian >=12) @@ -43,43 +44,48 @@ src: docker.sources.j2 dest: /etc/apt/sources.list.d/docker.sources state: present + register: docker_sources when: ansible_distribution_major_version is version('12', '>=') +- name: Update APT cache + ansible.builtin.apt: + update_cache: yes + when: docker_sources is changed + - name: Install Docker - apt: + ansible.builtin.apt: name: - docker-ce - docker-ce-cli - containerd.io - update_cache: yes - name: python-docker is installed - apt: + ansible.builtin.apt: name: python-docker state: present when: ansible_python_version is version('3', '<') - name: python3-docker is installed - apt: + ansible.builtin.apt: name: python3-docker state: present when: ansible_python_version is version('3', '>=') - name: Copy Docker daemon configuration file - template: + ansible.builtin.template: src: daemon.json.j2 dest: /etc/docker/daemon.json notify: restart docker - name: Creating Docker tmp directory - file: + ansible.builtin.file: path: "{{ docker_tmpdir }}" state: directory mode: "0644" owner: root - name: Creating Docker TLS directory - file: + ansible.builtin.file: path: "{{ docker_tls_path }}" state: directory mode: "0644" @@ -87,7 +93,7 @@ when: docker_tls_enabled | bool - name: Copy shellpki utility to Docker TLS directory - template: + ansible.builtin.template: src: "{{ item }}.j2" dest: "{{ docker_tls_path }}/{{ item }}" mode: "0744" @@ -97,12 +103,13 @@ when: docker_tls_enabled | bool - name: Check if certs are already created - stat: + ansible.builtin.stat: path: "{{ docker_tls_path }}/certs" register: tls_certs_stat - name: Creating a CA, server key - command: "{{ docker_tls_path }}/shellpki.sh init" + ansible.builtin.command: + cmd: "{{ docker_tls_path }}/shellpki.sh init" when: - docker_tls_enabled | bool - not tls_certs_stat.stat.isdir diff --git a/elasticsearch/tasks/apt_sources.yml b/elasticsearch/tasks/apt_sources.yml new file mode 100644 index 00000000..a0395ffe --- /dev/null +++ b/elasticsearch/tasks/apt_sources.yml @@ -0,0 +1,36 @@ +--- +- name: APT https transport is enabled (Debian <10) + ansible.builtin.apt: + name: apt-transport-https + state: present + when: ansible_distribution_major_version is version('10', '<') + +- name: Elastic GPG key is installed + ansible.builtin.copy: + src: elastic.asc + dest: "{{ apt_keyring_dir }}/elastic.asc" + force: yes + mode: "0644" + owner: root + group: root + +- name: Add Elastic repository (Debian <12) + ansible.builtin.apt_repository: + repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" + filename: elastic + state: present + update_cache: yes + when: ansible_distribution_major_version is version('12', '<') + +- name: Add Elastic repository (Debian >=12) + ansible.builtin.template: + src: elastic.sources.j2 + dest: /etc/apt/sources.list.d/elastic.sources + state: present + register: elastic_sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + ansible.builtin.apt: + update_cache: yes + when: elastic_sources is changed \ No newline at end of file diff --git a/elasticsearch/tasks/packages.yml b/elasticsearch/tasks/packages.yml index 097d85e5..5188e3cc 100644 --- a/elasticsearch/tasks/packages.yml +++ b/elasticsearch/tasks/packages.yml @@ -1,73 +1,23 @@ --- - -- name: APT https transport is enabled - apt: - name: apt-transport-https - state: present - tags: - - elasticsearch - - packages - -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - tags: - - elasticsearch - - packages - -- name: Elastic embedded GPG key is absent - apt_key: - id: "D88E42B4" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - tags: - - elasticsearch - - packages - -- name: Elastic GPG key is installed - copy: - src: elastic.asc - dest: "{{ apt_keyring_dir }}/elastic.asc" - force: yes - mode: "0644" - owner: root - group: root - tags: - - elasticsearch - - packages - -- name: Elastic sources list is available - apt_repository: - repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: present - update_cache: yes - tags: - - elasticsearch - - packages - -- name: Unsigned Elastic sources list is not available - apt_repository: - repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: absent - update_cache: yes - tags: - - elasticsearch - - packages +- name: APT sources + ansible.builtin.import_tasks: apt_sources.yml + args: + apply: + tags: + - elasticsearch + - packages - name: Elasticsearch is installed - apt: + ansible.builtin.apt: name: elasticsearch state: present + update_cache: yes tags: - elasticsearch - packages - name: Elasticsearch service is enabled - service: + ansible.builtin.systemd: name: elasticsearch enabled: yes tags: diff --git a/elasticsearch/templates/elastic.sources.j2 b/elasticsearch/templates/elastic.sources.j2 new file mode 100644 index 00000000..93df736d --- /dev/null +++ b/elasticsearch/templates/elastic.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt +Suites: stable +Components: main +Signed-by: {{ apt_keyring_dir }}/elastic.asc +Enabled: yes \ No newline at end of file diff --git a/evolinux-base/tasks/hardware.dell.yml b/evolinux-base/tasks/hardware.dell.yml index 409d1e07..aa448147 100644 --- a/evolinux-base/tasks/hardware.dell.yml +++ b/evolinux-base/tasks/hardware.dell.yml @@ -55,6 +55,7 @@ ansible.builtin.apt_repository: repo: 'deb [signed-by={{ apt_keyring_dir }}/hwraid.le-vert.net.asc] http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main' state: present + update_cache: yes tags: - packages when: @@ -66,8 +67,13 @@ dest: /etc/apt/sources.list.d/hwraid.le-vert.net.sources tags: - packages - when: - - ansible_distribution_major_version is version('12', '>=') + register: hwraid_sources + when: ansible_distribution_major_version is version('12', '>=') + + - name: Update APT cache + apt: + update_cache: yes + when: hwraid_sources is changed - name: Install packages for DELL/LSI hardware ansible.builtin.apt: diff --git a/filebeat/tasks/apt_sources.yml b/filebeat/tasks/apt_sources.yml new file mode 100644 index 00000000..d6597c74 --- /dev/null +++ b/filebeat/tasks/apt_sources.yml @@ -0,0 +1,36 @@ +--- +- name: APT https transport is enabled (Debian <10) + ansible.builtin.apt: + name: apt-transport-https + state: present + when: ansible_distribution_major_version is version('10', '<') + +- name: Elastic GPG key is installed + ansible.builtin.copy: + src: elastic.asc + dest: "{{ apt_keyring_dir }}/elastic.asc" + force: yes + mode: "0644" + owner: root + group: root + +- name: Add Elastic repository (Debian <12) + ansible.builtin.apt_repository: + repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" + filename: elastic + state: present + update_cache: yes + when: ansible_distribution_major_version is version('12', '<') + +- name: Add Elastic repository (Debian >=12) + ansible.builtin.template: + src: elastic.sources.j2 + dest: /etc/apt/sources.list.d/elastic.sources + state: present + register: elastic_sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + apt: + update_cache: yes + when: elastic_sources is changed \ No newline at end of file diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml index 20858669..0c20cc6c 100644 --- a/filebeat/tasks/main.yml +++ b/filebeat/tasks/main.yml @@ -1,62 +1,11 @@ --- - -- name: APT https transport is enabled - apt: - name: apt-transport-https - state: present - tags: - - filebeat - - packages - -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - tags: - - filebeat - - packages - -- name: Elastic embedded GPG key is absent - apt_key: - id: "D88E42B4" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - tags: - - filebeat - - packages - -- name: Elastic GPG key is installed - copy: - src: elastic.asc - dest: "{{ apt_keyring_dir }}/elastic.asc" - force: yes - mode: "0644" - owner: root - group: root - tags: - - filebeat - - packages - -- name: Elastic sources list is available - apt_repository: - repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: present - update_cache: yes - tags: - - filebeat - - packages - -- name: Unsigned Elastic sources list is not available - apt_repository: - repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: absent - update_cache: yes - tags: - - filebeat - - packages +- name: APT sources + import_tasks: apt_sources.yml + args: + apply: + tags: + - filebeat + - packages - name: Filebeat is installed apt: diff --git a/filebeat/templates/elastic.sources.j2 b/filebeat/templates/elastic.sources.j2 new file mode 100644 index 00000000..93df736d --- /dev/null +++ b/filebeat/templates/elastic.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt +Suites: stable +Components: main +Signed-by: {{ apt_keyring_dir }}/elastic.asc +Enabled: yes \ No newline at end of file diff --git a/fluentd/files/fluentd.asc b/fluentd/files/treasuredata.asc similarity index 100% rename from fluentd/files/fluentd.asc rename to fluentd/files/treasuredata.asc diff --git a/fluentd/tasks/main.yml b/fluentd/tasks/main.yml index 09f93082..21b432f3 100644 --- a/fluentd/tasks/main.yml +++ b/fluentd/tasks/main.yml @@ -1,27 +1,9 @@ --- -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - tags: - - packages - - fluentd - -- name: Fluentd embedded GPG key is absent - apt_key: - id: "AB97ACBE" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - tags: - - packages - - fluentd - - name: Add Fluentd GPG key copy: - src: fluentd.asc - dest: "{{ apt_keyring_dir }}/fluentd.asc" + src: treasuredata.asc + dest: "{{ apt_keyring_dir }}/treasuredata.asc" force: yes mode: "0644" owner: root @@ -30,30 +12,31 @@ - packages - fluentd -- name: Fluentd sources list is available +- name: Add Treasuredata repository (Debian <12) apt_repository: - repo: "deb [signed-by={{ apt_keyring_dir }}/fluentd.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib" - filename: treasuredata - update_cache: yes + repo: "deb [signed-by={{ apt_keyring_dir }}/treasuredata.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib" + filename: treasuredata.list state: present tags: - packages - fluentd + when: ansible_distribution_major_version is version('12', '<') -- name: Unsigned Fluentd sources list is not available - apt_repository: - repo: "deb http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib" - filename: treasuredata - update_cache: yes - state: absent +- name: Add Treasuredata repository (Debian >=12) + ansible.builtin.template: + src: treasuredata.sources.j2 + dest: /etc/apt/sources.list.d/treasuredata.sources + state: present tags: - packages - fluentd + when: ansible_distribution_major_version is version('12', '>=') - name: Fluentd is installed. apt: name: td-agent state: present + update_cache: yes tags: - fluentd - packages diff --git a/fluentd/templates/treasuredata.sources.j2 b/fluentd/templates/treasuredata.sources.j2 new file mode 100644 index 00000000..38dc3eb7 --- /dev/null +++ b/fluentd/templates/treasuredata.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ +Suites: {{ ansible_distribution_release }} +Components: contrib +Signed-by: {{ apt_keyring_dir }}/treasuredata.asc +Enabled: yes \ No newline at end of file diff --git a/jenkins/tasks/main.yml b/jenkins/tasks/main.yml index 956892f4..3a855f9c 100644 --- a/jenkins/tasks/main.yml +++ b/jenkins/tasks/main.yml @@ -5,18 +5,6 @@ # http://mirrors.jenkins.io/.* # http://jenkins.mirror.isppower.de/.* -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - -- name: Jenkins embedded GPG key is absent - apt_key: - id: "D50582E6" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - - name: Add Jenkins GPG key copy: src: jenkins.asc @@ -26,22 +14,30 @@ owner: root group: root -- name: Add jenkins APT repository +- name: Add Jenkins APT repository (Debian <12) apt_repository: repo: deb [signed-by={{ apt_keyring_dir }}/jenkins.asc] http://pkg.jenkins-ci.org/debian-stable binary/ filename: jenkins update_cache: yes + when: ansible_distribution_major_version is version('12', '<') -- name: Remove unsigned jenkins APT repository - apt_repository: - repo: deb http://pkg.jenkins-ci.org/debian-stable binary/ - filename: jenkins +- name: Add Jenkins repository (Debian >=12) + ansible.builtin.template: + src: jenkins.sources.j2 + dest: /etc/apt/sources.list.d/jenkins.sources + state: present + register: jenkins_sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + apt: update_cache: yes - state: absent + when: jenkins_sources is changed - name: Install Jenkins apt: name: jenkins + state: present - name: Change Jenkins port replace: diff --git a/jenkins/templates/jenkins.sources.j2 b/jenkins/templates/jenkins.sources.j2 new file mode 100644 index 00000000..c3578a03 --- /dev/null +++ b/jenkins/templates/jenkins.sources.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +Types: deb +URIs: http://pkg.jenkins-ci.org/debian-stable +Suites: binary/ +Signed-by: {{ apt_keyring_dir }}/jenkins.asc +Enabled: yes \ No newline at end of file diff --git a/kibana/tasks/apt_sources.yml b/kibana/tasks/apt_sources.yml new file mode 100644 index 00000000..d6597c74 --- /dev/null +++ b/kibana/tasks/apt_sources.yml @@ -0,0 +1,36 @@ +--- +- name: APT https transport is enabled (Debian <10) + ansible.builtin.apt: + name: apt-transport-https + state: present + when: ansible_distribution_major_version is version('10', '<') + +- name: Elastic GPG key is installed + ansible.builtin.copy: + src: elastic.asc + dest: "{{ apt_keyring_dir }}/elastic.asc" + force: yes + mode: "0644" + owner: root + group: root + +- name: Add Elastic repository (Debian <12) + ansible.builtin.apt_repository: + repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" + filename: elastic + state: present + update_cache: yes + when: ansible_distribution_major_version is version('12', '<') + +- name: Add Elastic repository (Debian >=12) + ansible.builtin.template: + src: elastic.sources.j2 + dest: /etc/apt/sources.list.d/elastic.sources + state: present + register: elastic_sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + apt: + update_cache: yes + when: elastic_sources is changed \ No newline at end of file diff --git a/kibana/tasks/main.yml b/kibana/tasks/main.yml index 341bfd13..176af2d3 100644 --- a/kibana/tasks/main.yml +++ b/kibana/tasks/main.yml @@ -1,67 +1,17 @@ --- - -- name: APT https transport is enabled - apt: - name: apt-transport-https - state: present - tags: - - kibana - - packages - -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - tags: - - kibana - - packages - -- name: Elastic embedded GPG key is absent - apt_key: - id: "D88E42B4" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - tags: - - kibana - - packages - -- name: Elastic GPG key is installed - copy: - src: elastic.asc - dest: "{{ apt_keyring_dir }}/elastic.asc" - force: yes - mode: "0644" - owner: root - group: root - tags: - - kibana - - packages - -- name: Elastic sources list is available - apt_repository: - repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: present - update_cache: yes - tags: - - kibana - - packages - -- name: Unsigned Elastic sources list is not available - apt_repository: - repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: absent - update_cache: yes - tags: - - kibana - - packages +- name: APT sources + import_tasks: apt_sources.yml + args: + apply: + tags: + - kibana + - packages - name: Kibana is installed apt: name: kibana state: present + update_cache: yes tags: - kibana - packages diff --git a/kibana/templates/elastic.sources.j2 b/kibana/templates/elastic.sources.j2 new file mode 100644 index 00000000..93df736d --- /dev/null +++ b/kibana/templates/elastic.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt +Suites: stable +Components: main +Signed-by: {{ apt_keyring_dir }}/elastic.asc +Enabled: yes \ No newline at end of file diff --git a/logstash/tasks/apt_sources.yml b/logstash/tasks/apt_sources.yml new file mode 100644 index 00000000..d6597c74 --- /dev/null +++ b/logstash/tasks/apt_sources.yml @@ -0,0 +1,36 @@ +--- +- name: APT https transport is enabled (Debian <10) + ansible.builtin.apt: + name: apt-transport-https + state: present + when: ansible_distribution_major_version is version('10', '<') + +- name: Elastic GPG key is installed + ansible.builtin.copy: + src: elastic.asc + dest: "{{ apt_keyring_dir }}/elastic.asc" + force: yes + mode: "0644" + owner: root + group: root + +- name: Add Elastic repository (Debian <12) + ansible.builtin.apt_repository: + repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" + filename: elastic + state: present + update_cache: yes + when: ansible_distribution_major_version is version('12', '<') + +- name: Add Elastic repository (Debian >=12) + ansible.builtin.template: + src: elastic.sources.j2 + dest: /etc/apt/sources.list.d/elastic.sources + state: present + register: elastic_sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + apt: + update_cache: yes + when: elastic_sources is changed \ No newline at end of file diff --git a/logstash/tasks/main.yml b/logstash/tasks/main.yml index d1f4b2da..11b0a0bf 100644 --- a/logstash/tasks/main.yml +++ b/logstash/tasks/main.yml @@ -1,62 +1,11 @@ --- - -- name: APT https transport is enabled - apt: - name: apt-transport-https - state: present - tags: - - logstash - - packages - -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - tags: - - logstash - - packages - -- name: Elastic embedded GPG key is absent - apt_key: - id: "D88E42B4" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - tags: - - logstash - - packages - -- name: Elastic GPG key is installed - copy: - src: elastic.asc - dest: "{{ apt_keyring_dir }}/elastic.asc" - force: yes - mode: "0644" - owner: root - group: root - tags: - - logstash - - packages - -- name: Elastic sources list is available - apt_repository: - repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: present - update_cache: yes - tags: - - logstash - - packages - -- name: Unsigned Elastic sources list is not available - apt_repository: - repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: absent - update_cache: yes - tags: - - logstash - - packages +- name: APT sources + import_tasks: apt_sources.yml + args: + apply: + tags: + - logstash + - packages - name: Logstash is installed apt: diff --git a/logstash/templates/elastic.sources.j2 b/logstash/templates/elastic.sources.j2 new file mode 100644 index 00000000..93df736d --- /dev/null +++ b/logstash/templates/elastic.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt +Suites: stable +Components: main +Signed-by: {{ apt_keyring_dir }}/elastic.asc +Enabled: yes \ No newline at end of file diff --git a/metricbeat/tasks/apt_sources.yml b/metricbeat/tasks/apt_sources.yml new file mode 100644 index 00000000..d6597c74 --- /dev/null +++ b/metricbeat/tasks/apt_sources.yml @@ -0,0 +1,36 @@ +--- +- name: APT https transport is enabled (Debian <10) + ansible.builtin.apt: + name: apt-transport-https + state: present + when: ansible_distribution_major_version is version('10', '<') + +- name: Elastic GPG key is installed + ansible.builtin.copy: + src: elastic.asc + dest: "{{ apt_keyring_dir }}/elastic.asc" + force: yes + mode: "0644" + owner: root + group: root + +- name: Add Elastic repository (Debian <12) + ansible.builtin.apt_repository: + repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" + filename: elastic + state: present + update_cache: yes + when: ansible_distribution_major_version is version('12', '<') + +- name: Add Elastic repository (Debian >=12) + ansible.builtin.template: + src: elastic.sources.j2 + dest: /etc/apt/sources.list.d/elastic.sources + state: present + register: elastic_sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + apt: + update_cache: yes + when: elastic_sources is changed \ No newline at end of file diff --git a/metricbeat/tasks/main.yml b/metricbeat/tasks/main.yml index 71d65022..7fc21d09 100644 --- a/metricbeat/tasks/main.yml +++ b/metricbeat/tasks/main.yml @@ -1,62 +1,11 @@ --- - -- name: APT https transport is enabled - apt: - name: apt-transport-https - state: present - tags: - - metricbeat - - packages - -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - tags: - - metricbeat - - packages - -- name: Elastic embedded GPG key is absent - apt_key: - id: "D88E42B4" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - tags: - - metricbeat - - packages - -- name: Elastic GPG key is installed - copy: - src: elastic.asc - dest: "{{ apt_keyring_dir }}/elastic.asc" - force: yes - mode: "0644" - owner: root - group: root - tags: - - metricbeat - - packages - -- name: Elastic sources list is available - apt_repository: - repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: present - update_cache: yes - tags: - - metricbeat - - packages - -- name: Elastic sources list is available - apt_repository: - repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main" - filename: elastic - state: absent - update_cache: yes - tags: - - metricbeat - - packages +- name: APT sources + import_tasks: apt_sources.yml + args: + apply: + tags: + - metricbeat + - packages - name: Metricbeat is installed apt: diff --git a/metricbeat/templates/elastic.sources.j2 b/metricbeat/templates/elastic.sources.j2 new file mode 100644 index 00000000..93df736d --- /dev/null +++ b/metricbeat/templates/elastic.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt +Suites: stable +Components: main +Signed-by: {{ apt_keyring_dir }}/elastic.asc +Enabled: yes \ No newline at end of file diff --git a/mongodb/tasks/main.yml b/mongodb/tasks/main.yml index 3054ccfe..a71651bf 100644 --- a/mongodb/tasks/main.yml +++ b/mongodb/tasks/main.yml @@ -1,13 +1,14 @@ --- -- include: main_jessie.yml +- ansible.builtin.import_tasks: main_jessie.yml when: ansible_distribution_release == "jessie" -- include: main_stretch.yml +- ansible.builtin.import_tasks: main_stretch.yml when: ansible_distribution_release == "stretch" -- include: main_buster.yml +- ansible.builtin.import_tasks: main_buster.yml when: ansible_distribution_release == "buster" -- include: main_bullseye.yml - when: ansible_distribution_major_version is version('11', '>=') +- ansible.builtin.import_tasks: main_bullseye.yml + when: ansible_distribution_release == "bullseye" + diff --git a/mongodb/tasks/main_bullseye.yml b/mongodb/tasks/main_bullseye.yml index c17642ea..aa20fb97 100644 --- a/mongodb/tasks/main_bullseye.yml +++ b/mongodb/tasks/main_bullseye.yml @@ -1,22 +1,10 @@ --- - fail: - msg: Not compatible with Debian 11 (Bullseye) + msg: MongoDB versions <4.2 are not compatible with Debian 11 (Bullseye) when: - ansible_distribution_release == "bullseye" - - mongodb_version is version('5.0', '<') - -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - -- name: MongoDB embedded GPG key is absent - apt_key: - id: "B8612B5D" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists + - mongodb_version is version('5.2', '<') - name: Add MongoDB GPG key copy: @@ -27,19 +15,11 @@ owner: root group: root -- name: Enable APT sources list +- name: Add MongoDB repository apt_repository: repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main" state: present filename: "mongodb-org-{{ mongodb_version }}" - update_cache: yes - -- name: Disable unsigned APT sources list - apt_repository: - repo: "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main" - state: absent - filename: "mongodb-org-{{ mongodb_version }}" - update_cache: yes - name: Install packages apt: diff --git a/newrelic/tasks/php.yml b/newrelic/tasks/php.yml index 3bd4d809..5afe937d 100644 --- a/newrelic/tasks/php.yml +++ b/newrelic/tasks/php.yml @@ -1,7 +1,7 @@ --- - name: Pre-seed package configuration with app name - debconf: + ansible.builtin.debconf: name: newrelic-php5 question: "newrelic-php5/application-name" value: "{{ newrelic_appname }}" @@ -9,7 +9,7 @@ when: newrelic_appname | length > 0 - name: Pre-seed package configuration with license - debconf: + ansible.builtin.debconf: name: newrelic-php5 question: "newrelic-php5/license-key" value: "{{ newrelic_license }}" @@ -17,26 +17,27 @@ when: newrelic_license | length > 0 - name: list newrelic config files - shell: "find /etc/php* -type f -name newrelic.ini" + ansible.builtin.shell: + cmd: "find /etc/php* -type f -name newrelic.ini" changed_when: False check_mode: no register: find_newrelic_ini - name: Disable AWS detection - lineinfile: + ansible.builtin.lineinfile: dest: "{{ item }}" regexp: '^;?newrelic.daemon.utilization.detect_aws' line: 'newrelic.daemon.utilization.detect_aws = false' loop: "{{ find_newrelic_ini.stdout_lines }}" - name: Disable Docker detection - lineinfile: + ansible.builtin.lineinfile: dest: "{{ item }}" regexp: '^;?newrelic.daemon.utilization.detect_docker' line: 'newrelic.daemon.utilization.detect_docker = false' loop: "{{ find_newrelic_ini.stdout_lines }}" - name: Install package for PHP - apt: + ansible.builtin.apt: name: newrelic-php5 state: present diff --git a/newrelic/tasks/sources.yml b/newrelic/tasks/sources.yml index cda58a85..22473df1 100644 --- a/newrelic/tasks/sources.yml +++ b/newrelic/tasks/sources.yml @@ -1,19 +1,7 @@ --- -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - -- name: NewRelic embedded GPG key is absent - apt_key: - id: "548C16BF" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - - name: Add NewRelic GPG key - copy: + ansible.builtin.copy: src: newrelic.asc dest: "{{ apt_keyring_dir }}/newrelic.asc" force: yes @@ -21,16 +9,23 @@ owner: root group: root -- name: Install NewRelic repository - apt_repository: +- name: Install NewRelic repository (Debian <12) + ansible.builtin.apt_repository: repo: "deb [signed-by={{ apt_keyring_dir }}/newrelic.asc] http://apt.newrelic.com/debian/ newrelic non-free" state: present filename: newrelic update_cache: yes + when: ansible_distribution_major_version is version('12', '<') -- name: Desinstall unsigned NewRelic repository - apt_repository: - repo: "deb http://apt.newrelic.com/debian/ newrelic non-free" - state: absent - filename: newrelic +- name: Add NewRelic repository (Debian >=12) + ansible.builtin.template: + src: newrelic.sources.j2 + dest: /etc/apt/sources.list.d/newrelic.sources + state: present + register: newrelic_sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + ansible.builtin.apt: update_cache: yes + when: newrelic_sources is changed \ No newline at end of file diff --git a/newrelic/tasks/sysmond.yml b/newrelic/tasks/sysmond.yml index e5c5bab9..a6f7fdf6 100644 --- a/newrelic/tasks/sysmond.yml +++ b/newrelic/tasks/sysmond.yml @@ -1,11 +1,11 @@ --- - name: Install system monitor daemon - apt: + ansible.builtin.apt: name: newrelic-sysmond - name: Set license key for newrelic-sysmond - replace: + ansible.builtin.replace: dest: /etc/newrelic/nrsysmond.cfg regexp: "license_key=REPLACE_WITH_REAL_KEY" replace: "license_key={{ newrelic_license }}" diff --git a/newrelic/templates/newrelic.sources.j2 b/newrelic/templates/newrelic.sources.j2 new file mode 100644 index 00000000..85145fc0 --- /dev/null +++ b/newrelic/templates/newrelic.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: http://apt.newrelic.com/debian/ +Suites: newrelic +Components: non-free +Signed-by: {{ apt_keyring_dir }}/newrelic.asc +Enabled: yes \ No newline at end of file diff --git a/nodejs/tasks/main.yml b/nodejs/tasks/main.yml index 1bd6d38f..f79f058c 100644 --- a/nodejs/tasks/main.yml +++ b/nodejs/tasks/main.yml @@ -1,36 +1,17 @@ --- -- name: APT https transport is enabled - apt: +- name: APT https transport is enabled (Debian <10) + ansible.builtin.apt: name: apt-transport-https state: present tags: - system - packages - nodejs - -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - tags: - - system - - packages - - nodejs - -- name: NodeJS embedded GPG key is absent - apt_key: - id: "68576280" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - tags: - - system - - packages - - nodejs + when: ansible_distribution_major_version is version('10', '<') - name: NodeJS GPG key is installed - copy: + ansible.builtin.copy: src: nodesource.asc dest: "{{ apt_keyring_dir }}/nodesource.asc" mode: "0644" @@ -41,8 +22,8 @@ - packages - nodejs -- name: NodeJS sources list ({{ nodejs_apt_version }}) is available - apt_repository: +- name: Add NodeJS repository (Debian <12) + ansible.builtin.apt_repository: repo: "deb [signed-by={{ apt_keyring_dir }}/nodesource.asc] https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main" filename: nodesource update_cache: yes @@ -51,26 +32,32 @@ - system - packages - nodejs + when: ansible_distribution_major_version is version('12', '<') -- name: Unsigned NodeJS sources list ({{ nodejs_apt_version }}) is not available - apt_repository: - repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main" - filename: nodesource - update_cache: yes - state: absent +- name: Add NodeJS repository (Debian >=12) + ansible.builtin.template: + src: nodesource.sources.j2 + dest: /etc/apt/sources.list.d/nodesource.sources + state: present + register: nodesource_sources tags: - system - packages - nodejs + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + ansible.builtin.apt: + update_cache: yes + when: nodesource_sources is changed - name: NodeJS is installed - apt: + ansible.builtin.apt: name: nodejs state: present - update_cache: yes tags: - packages - nodejs -- include: yarn.yml +- ansible.builtin.import_tasks: yarn.yml when: nodejs_install_yarn | bool diff --git a/nodejs/tasks/yarn.yml b/nodejs/tasks/yarn.yml index 5d585c42..645f8f90 100644 --- a/nodejs/tasks/yarn.yml +++ b/nodejs/tasks/yarn.yml @@ -1,29 +1,7 @@ --- -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - tags: - - system - - packages - - nodejs - - yarn - -- name: Yarn embedded GPG key is absent - apt_key: - id: "86E50310" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - tags: - - system - - packages - - nodejs - - yarn - - name: Yarn GPG key is installed - copy: + ansible.builtin.copy: src: yarn.asc dest: "{{ apt_keyring_dir }}/yarn.asc" mode: "0644" @@ -35,32 +13,39 @@ - nodejs - yarn -- name: Yarn sources list is available - apt_repository: +- name: Add Yarn repository (Debian <12) + ansible.builtin.apt_repository: repo: "deb [signed-by={{ apt_keyring_dir }}/yarn.asc] https://dl.yarnpkg.com/debian/ stable main" filename: yarn - update_cache: yes state: present tags: - system - packages - nodejs - yarn + when: ansible_distribution_major_version is version('12', '<') -- name: Unsigned Yarn sources list is not available - apt_repository: - repo: "deb https://dl.yarnpkg.com/debian/ stable main" - filename: yarn +- name: Add Yarn repository (Debian >=12) + ansible.builtin.template: + src: yarn.sources.j2 + dest: /etc/apt/sources.list.d/yarn.sources + state: present update_cache: yes - state: absent + register: yarn_sources tags: - system - packages - nodejs - yarn + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + ansible.builtin.apt: + update_cache: yes + when: yarn_sources is changed - name: Yarn is installed - apt: + ansible.builtin.apt: name: yarn state: present tags: diff --git a/nodejs/templates/nodesource.sources.j2 b/nodejs/templates/nodesource.sources.j2 new file mode 100644 index 00000000..02a4653a --- /dev/null +++ b/nodejs/templates/nodesource.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://deb.nodesource.com/{{ nodejs_apt_version }} +Suites: {{ ansible_distribution_release }} +Components: main +Signed-by: {{ apt_keyring_dir }}/nodesource.asc +Enabled: yes \ No newline at end of file diff --git a/nodejs/templates/yarn.sources.j2 b/nodejs/templates/yarn.sources.j2 new file mode 100644 index 00000000..cd98bc13 --- /dev/null +++ b/nodejs/templates/yarn.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://dl.yarnpkg.com/debian/ +Suites: stable +Components: main +Signed-by: {{ apt_keyring_dir }}/yarn.asc +Enabled: yes diff --git a/php/tasks/sury_pre.yml b/php/tasks/sury_pre.yml index 0d146555..7f5b6bf4 100644 --- a/php/tasks/sury_pre.yml +++ b/php/tasks/sury_pre.yml @@ -1,12 +1,10 @@ --- -- name: Setup deb.sury.org repository - Add GPG key - copy: - src: sury.gpg - dest: "{{ apt_keyring_dir }}/sury.gpg" - mode: "0644" - owner: root - group: root +- name: Setup deb.sury.org repository - Install apt-transport-https + apt: + name: apt-transport-https + state: present + when: ansible_distribution_major_version is version('10', '<') - name: copy pub.evolix.org GPG key copy: @@ -16,18 +14,6 @@ owner: root group: root -- name: Setup deb.sury.org repository - Install apt-transport-https - apt: - state: present - name: apt-transport-https - -- name: Setup deb.sury.org repository - Add preferences file - copy: - src: sury.preferences - dest: /etc/apt/preferences.d/z-sury - when: - - ansible_distribution_release != "bullseye" - - name: Setup pub.evolix.org repository - Add source list apt_repository: repo: "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix {{ ansible_distribution_release }}-php81 main" @@ -36,17 +22,41 @@ when: - ansible_distribution_release == "bullseye" -- name: Setup deb.sury.org repository - Add source list +- name: Setup deb.sury.org repository - Add preferences file + copy: + src: sury.preferences + dest: /etc/apt/preferences.d/z-sury + when: + - ansible_distribution_release != "bullseye" + +- name: Setup deb.sury.org repository - Add GPG key + copy: + src: sury.gpg + dest: "{{ apt_keyring_dir }}/sury.gpg" + mode: "0644" + owner: root + group: root + +- name: Add Sury repository (Debian <12) apt_repository: repo: "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ {{ ansible_distribution_release }} main" filename: sury state: present + update_cache: yes + when: ansible_distribution_major_version is version('12', '<') -- name: Setup deb.sury.org repository - Remove unsigned source list - apt_repository: - repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main" - filename: sury - state: absent +- name: Add Sury repository (Debian >=12) + ansible.builtin.template: + src: sury.sources.j2 + dest: /etc/apt/sources.list.d/sury.sources + state: present + register: sury_sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + apt: + update_cache: yes + when: sury_sources is changed - name: "Override package list for Sury (Debian 9 or later)" set_fact: diff --git a/php/templates/sury.sources.j2 b/php/templates/sury.sources.j2 new file mode 100644 index 00000000..7d8a95c5 --- /dev/null +++ b/php/templates/sury.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://packages.sury.org/php/ +Suites: {{ ansible_distribution_release }} +Components: main +Signed-by: {{ apt_keyring_dir }}/sury.gpg +Enabled: yes \ No newline at end of file diff --git a/postgresql/tasks/main.yml b/postgresql/tasks/main.yml index 1783a763..14d9f9eb 100644 --- a/postgresql/tasks/main.yml +++ b/postgresql/tasks/main.yml @@ -1,25 +1,28 @@ --- -- include: locales.yml +- ansible.builtin.import_tasks: locales.yml -- include: packages_jessie.yml +- ansible.builtin.import_tasks: packages_jessie.yml when: ansible_distribution_release == "jessie" -- include: packages_stretch.yml +- ansible.builtin.import_tasks: packages_stretch.yml when: ansible_distribution_release == "stretch" -- include: packages_buster.yml +- ansible.builtin.import_tasks: packages_buster.yml when: ansible_distribution_release == "buster" -- include: packages_bullseye.yml - when: ansible_distribution_major_version is version('11', '>=') +- ansible.builtin.import_tasks: packages_bullseye.yml + when: ansible_distribution_release == "bullseye" -- include: config.yml +- ansible.builtin.import_tasks: packages_bookworm.yml + when: ansible_distribution_release == "bookworm" -- include: nrpe.yml +- ansible.builtin.import_tasks: config.yml -- include: munin.yml +- ansible.builtin.import_tasks: nrpe.yml -- include: logrotate.yml +- ansible.builtin.import_tasks: munin.yml -- include: postgis.yml +- ansible.builtin.import_tasks: logrotate.yml + +- ansible.builtin.import_tasks: postgis.yml when: postgresql_install_postgis | bool diff --git a/postgresql/tasks/packages_bookworm.yml b/postgresql/tasks/packages_bookworm.yml index 8db31b9b..c2088c39 100644 --- a/postgresql/tasks/packages_bookworm.yml +++ b/postgresql/tasks/packages_bookworm.yml @@ -1,15 +1,15 @@ --- - name: "Set variables (Debian 12)" - set_fact: + ansible.builtin.set_fact: postgresql_version: '15' when: postgresql_version is none or postgresql_version | length == 0 -- include: pgdg-repo.yml +- ansible.builtin.import_tasks: pgdg-repo.yml when: postgresql_version != '15' - name: Install postgresql package - apt: + ansible.builtin.apt: name: - "postgresql-{{ postgresql_version }}" - pgtop diff --git a/postgresql/tasks/packages_bullseye.yml b/postgresql/tasks/packages_bullseye.yml index e825b799..bfbac181 100644 --- a/postgresql/tasks/packages_bullseye.yml +++ b/postgresql/tasks/packages_bullseye.yml @@ -14,3 +14,4 @@ - "postgresql-{{ postgresql_version }}" - pgtop - libdbd-pg-perl + update_cache: yes diff --git a/postgresql/tasks/packages_buster.yml b/postgresql/tasks/packages_buster.yml index 7ecf11be..3e8851fb 100644 --- a/postgresql/tasks/packages_buster.yml +++ b/postgresql/tasks/packages_buster.yml @@ -14,3 +14,4 @@ - "postgresql-{{ postgresql_version }}" - pgtop - libdbd-pg-perl + update_cache: yes diff --git a/postgresql/tasks/packages_jessie.yml b/postgresql/tasks/packages_jessie.yml index 60bb2247..70b5e181 100644 --- a/postgresql/tasks/packages_jessie.yml +++ b/postgresql/tasks/packages_jessie.yml @@ -10,8 +10,8 @@ - name: Install postgresql package apt: - name: '{{ item }}' - loop: - - "postgresql-{{ postgresql_version }}" - - ptop - - libdbd-pg-perl + name: + - "postgresql-{{ postgresql_version }}" + - ptop + - libdbd-pg-perl + update_cache: yes diff --git a/postgresql/tasks/packages_stretch.yml b/postgresql/tasks/packages_stretch.yml index 45b8840c..97a71952 100644 --- a/postgresql/tasks/packages_stretch.yml +++ b/postgresql/tasks/packages_stretch.yml @@ -14,3 +14,4 @@ - "postgresql-{{ postgresql_version }}" - ptop - libdbd-pg-perl + update_cache: yes diff --git a/postgresql/tasks/pgdg-repo.yml b/postgresql/tasks/pgdg-repo.yml index ef467f97..9db20921 100644 --- a/postgresql/tasks/pgdg-repo.yml +++ b/postgresql/tasks/pgdg-repo.yml @@ -8,18 +8,6 @@ - meta: flush_handlers -- name: Look for legacy apt keyring - stat: - path: /etc/apt/trusted.gpg - register: _trusted_gpg_keyring - -- name: PGDG embedded GPG key is absent - apt_key: - id: "ACCC4CF8" - keyring: /etc/apt/trusted.gpg - state: absent - when: _trusted_gpg_keyring.stat.exists - - name: Add PGDG GPG key copy: src: postgresql.asc @@ -29,16 +17,25 @@ owner: root group: root -- name: Add PGDG repository +- name: Add PGDG repository (Debian <12) apt_repository: repo: "deb [signed-by={{ apt_keyring_dir }}/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main" + filename: postgresql update_cache: yes + when: ansible_distribution_major_version is version('12', '<') -- name: Remove unsigned PGDG repository - apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main" +- name: Add PGDG repository (Debian >=12) + ansible.builtin.template: + src: postgresql.sources.j2 + dest: /etc/apt/sources.list.d/postgresql.sources + state: present + register: postgresql_sources + when: ansible_distribution_major_version is version('12', '>=') + +- name: Update APT cache + ansible.builtin.apt: update_cache: yes - state: absent + when: elastic_sources is changed - name: Add APT preference file template: diff --git a/postgresql/tasks/postgis.yml b/postgresql/tasks/postgis.yml index f2300943..dbd511e9 100644 --- a/postgresql/tasks/postgis.yml +++ b/postgresql/tasks/postgis.yml @@ -5,3 +5,4 @@ - postgis - "postgresql-{{ postgresql_version }}-postgis-2.5" - "postgresql-{{ postgresql_version }}-postgis-2.5-scripts" + update_cache: yes diff --git a/postgresql/templates/postgresql.sources.j2 b/postgresql/templates/postgresql.sources.j2 new file mode 100644 index 00000000..38284d20 --- /dev/null +++ b/postgresql/templates/postgresql.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: http://apt.postgresql.org/pub/repos/apt/ +Suites: {{ ansible_distribution_release }}-pgdg +Components: main +Signed-by: {{ apt_keyring_dir }}/postgresql.asc +Enabled: yes \ No newline at end of file