evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

Install deb822 sources on Debian >=12

This commit is contained in:
Jérémy Lecour 2023-03-19 11:44:53 +01:00 committed by Jérémy Lecour
parent f1644ed138
commit 45e8132d07
43 changed files with 518 additions and 541 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
docker-host/tasks/main.yml
View File

@ -1,7 +1,7 @@
# This role installs the docker daemon # This role installs the docker daemon
--- ---
- name: Remove older docker packages - name: Remove older docker packages
apt: ansible.builtin.apt:
name: name:
- docker - docker
- docker-engine - docker-engine
@ -9,21 +9,21 @@
state: absent state: absent
- name: Install source requirements - name: Install source requirements
apt: ansible.builtin.apt:
name: name:
- ca-certificates - ca-certificates
- gnupg2 - gnupg2
state: present state: present
- name: Install apt-transport-https (Debian <10) - name: Install apt-transport-https (Debian <10)
apt: ansible.builtin.apt:
name: name:
- apt-transport-https - apt-transport-https
state: present state: present
when: ansible_distribution_major_version is version('10', '<') when: ansible_distribution_major_version is version('10', '<')
- name: Add Docker's official GPG key - name: Add Docker's official GPG key
copy: ansible.builtin.copy:
src: docker-debian.asc src: docker-debian.asc
dest: "{{ apt_keyring_dir }}/docker-debian.asc" dest: "{{ apt_keyring_dir }}/docker-debian.asc"
force: yes force: yes
@ -32,10 +32,11 @@
group: root group: root
- name: Add Docker repository (Debian <12) - name: Add Docker repository (Debian <12)
apt_repository: ansible.builtin.apt_repository:
repo: 'deb [signed-by={{ apt_keyring_dir }}/docker-debian.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable' repo: 'deb [signed-by={{ apt_keyring_dir }}/docker-debian.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
filename: docker.list filename: docker
state: present state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<') when: ansible_distribution_major_version is version('12', '<')
- name: Add Docker repository (Debian >=12) - name: Add Docker repository (Debian >=12)
@ -43,43 +44,48 @@
src: docker.sources.j2 src: docker.sources.j2
dest: /etc/apt/sources.list.d/docker.sources dest: /etc/apt/sources.list.d/docker.sources
state: present state: present
register: docker_sources
when: ansible_distribution_major_version is version('12', '>=') when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
when: docker_sources is changed
- name: Install Docker - name: Install Docker
apt: ansible.builtin.apt:
name: name:
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli
- containerd.io - containerd.io
update_cache: yes
- name: python-docker is installed - name: python-docker is installed
apt: ansible.builtin.apt:
name: python-docker name: python-docker
state: present state: present
when: ansible_python_version is version('3', '<') when: ansible_python_version is version('3', '<')
- name: python3-docker is installed - name: python3-docker is installed
apt: ansible.builtin.apt:
name: python3-docker name: python3-docker
state: present state: present
when: ansible_python_version is version('3', '>=') when: ansible_python_version is version('3', '>=')
- name: Copy Docker daemon configuration file - name: Copy Docker daemon configuration file
template: ansible.builtin.template:
src: daemon.json.j2 src: daemon.json.j2
dest: /etc/docker/daemon.json dest: /etc/docker/daemon.json
notify: restart docker notify: restart docker
- name: Creating Docker tmp directory - name: Creating Docker tmp directory
file: ansible.builtin.file:
path: "{{ docker_tmpdir }}" path: "{{ docker_tmpdir }}"
state: directory state: directory
mode: "0644" mode: "0644"
owner: root owner: root
- name: Creating Docker TLS directory - name: Creating Docker TLS directory
file: ansible.builtin.file:
path: "{{ docker_tls_path }}" path: "{{ docker_tls_path }}"
state: directory state: directory
mode: "0644" mode: "0644"
@ -87,7 +93,7 @@
when: docker_tls_enabled | bool when: docker_tls_enabled | bool
- name: Copy shellpki utility to Docker TLS directory - name: Copy shellpki utility to Docker TLS directory
template: ansible.builtin.template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "{{ docker_tls_path }}/{{ item }}" dest: "{{ docker_tls_path }}/{{ item }}"
mode: "0744" mode: "0744"
@ -97,12 +103,13 @@
when: docker_tls_enabled | bool when: docker_tls_enabled | bool
- name: Check if certs are already created - name: Check if certs are already created
stat: ansible.builtin.stat:
path: "{{ docker_tls_path }}/certs" path: "{{ docker_tls_path }}/certs"
register: tls_certs_stat register: tls_certs_stat
- name: Creating a CA, server key - name: Creating a CA, server key
command: "{{ docker_tls_path }}/shellpki.sh init" ansible.builtin.command:
cmd: "{{ docker_tls_path }}/shellpki.sh init"
when: when:
- docker_tls_enabled | bool - docker_tls_enabled | bool
- not tls_certs_stat.stat.isdir - not tls_certs_stat.stat.isdir

36
elasticsearch/tasks/apt_sources.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
when: elastic_sources is changed

70
elasticsearch/tasks/packages.yml
View File

@ -1,73 +1,23 @@
--- ---
- name: APT sources
- name: APT https transport is enabled ansible.builtin.import_tasks: apt_sources.yml
apt: args:
name: apt-transport-https apply:
state: present tags:
tags: - elasticsearch
- elasticsearch - packages
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- elasticsearch
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- elasticsearch
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- elasticsearch
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- elasticsearch
- packages
- name: Unsigned Elastic sources list is not available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- elasticsearch
- packages
- name: Elasticsearch is installed - name: Elasticsearch is installed
apt: ansible.builtin.apt:
name: elasticsearch name: elasticsearch
state: present state: present
update_cache: yes
tags: tags:
- elasticsearch - elasticsearch
- packages - packages
- name: Elasticsearch service is enabled - name: Elasticsearch service is enabled
service: ansible.builtin.systemd:
name: elasticsearch name: elasticsearch
enabled: yes enabled: yes
tags: tags:

8
elasticsearch/templates/elastic.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

10
evolinux-base/tasks/hardware.dell.yml
View File

@ -55,6 +55,7 @@
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: 'deb [signed-by={{ apt_keyring_dir }}/hwraid.le-vert.net.asc] http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main' repo: 'deb [signed-by={{ apt_keyring_dir }}/hwraid.le-vert.net.asc] http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present state: present
update_cache: yes
tags: tags:
- packages - packages
when: when:
@ -66,8 +67,13 @@
dest: /etc/apt/sources.list.d/hwraid.le-vert.net.sources dest: /etc/apt/sources.list.d/hwraid.le-vert.net.sources
tags: tags:
- packages - packages
when: register: hwraid_sources
- ansible_distribution_major_version is version('12', '>=') when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: hwraid_sources is changed
- name: Install packages for DELL/LSI hardware - name: Install packages for DELL/LSI hardware
ansible.builtin.apt: ansible.builtin.apt:

36
filebeat/tasks/apt_sources.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: elastic_sources is changed

65
filebeat/tasks/main.yml
View File

@ -1,62 +1,11 @@
--- ---
- name: APT sources
- name: APT https transport is enabled import_tasks: apt_sources.yml
apt: args:
name: apt-transport-https apply:
state: present tags:
tags: - filebeat
- filebeat - packages
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- filebeat
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- filebeat
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- filebeat
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- filebeat
- packages
- name: Unsigned Elastic sources list is not available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- filebeat
- packages
- name: Filebeat is installed - name: Filebeat is installed
apt: apt:

8
filebeat/templates/elastic.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

0
fluentd/files/fluentd.asc → fluentd/files/treasuredata.asc
View File

43
fluentd/tasks/main.yml
View File

@ -1,27 +1,9 @@
--- ---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- packages
- fluentd
- name: Fluentd embedded GPG key is absent
apt_key:
id: "AB97ACBE"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- packages
- fluentd
- name: Add Fluentd GPG key - name: Add Fluentd GPG key
copy: copy:
src: fluentd.asc src: treasuredata.asc
dest: "{{ apt_keyring_dir }}/fluentd.asc" dest: "{{ apt_keyring_dir }}/treasuredata.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root
@ -30,30 +12,31 @@
- packages - packages
- fluentd - fluentd
- name: Fluentd sources list is available - name: Add Treasuredata repository (Debian <12)
apt_repository: apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/fluentd.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib" repo: "deb [signed-by={{ apt_keyring_dir }}/treasuredata.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
filename: treasuredata filename: treasuredata.list
update_cache: yes
state: present state: present
tags: tags:
- packages - packages
- fluentd - fluentd
when: ansible_distribution_major_version is version('12', '<')
- name: Unsigned Fluentd sources list is not available - name: Add Treasuredata repository (Debian >=12)
apt_repository: ansible.builtin.template:
repo: "deb http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib" src: treasuredata.sources.j2
filename: treasuredata dest: /etc/apt/sources.list.d/treasuredata.sources
update_cache: yes state: present
state: absent
tags: tags:
- packages - packages
- fluentd - fluentd
when: ansible_distribution_major_version is version('12', '>=')
- name: Fluentd is installed. - name: Fluentd is installed.
apt: apt:
name: td-agent name: td-agent
state: present state: present
update_cache: yes
tags: tags:
- fluentd - fluentd
- packages - packages

8
fluentd/templates/treasuredata.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/
Suites: {{ ansible_distribution_release }}
Components: contrib
Signed-by: {{ apt_keyring_dir }}/treasuredata.asc
Enabled: yes

32
jenkins/tasks/main.yml
View File

@ -5,18 +5,6 @@
# http://mirrors.jenkins.io/.* # http://mirrors.jenkins.io/.*
# http://jenkins.mirror.isppower.de/.* # http://jenkins.mirror.isppower.de/.*
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: Jenkins embedded GPG key is absent
apt_key:
id: "D50582E6"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add Jenkins GPG key - name: Add Jenkins GPG key
copy: copy:
src: jenkins.asc src: jenkins.asc
@ -26,22 +14,30 @@
owner: root owner: root
group: root group: root
- name: Add jenkins APT repository - name: Add Jenkins APT repository (Debian <12)
apt_repository: apt_repository:
repo: deb [signed-by={{ apt_keyring_dir }}/jenkins.asc] http://pkg.jenkins-ci.org/debian-stable binary/ repo: deb [signed-by={{ apt_keyring_dir }}/jenkins.asc] http://pkg.jenkins-ci.org/debian-stable binary/
filename: jenkins filename: jenkins
update_cache: yes update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Remove unsigned jenkins APT repository - name: Add Jenkins repository (Debian >=12)
apt_repository: ansible.builtin.template:
repo: deb http://pkg.jenkins-ci.org/debian-stable binary/ src: jenkins.sources.j2
filename: jenkins dest: /etc/apt/sources.list.d/jenkins.sources
state: present
register: jenkins_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes update_cache: yes
state: absent when: jenkins_sources is changed
- name: Install Jenkins - name: Install Jenkins
apt: apt:
name: jenkins name: jenkins
state: present
- name: Change Jenkins port - name: Change Jenkins port
replace: replace:

7
jenkins/templates/jenkins.sources.j2 Normal file
View File

@ -0,0 +1,7 @@
# {{ ansible_managed }}
Types: deb
URIs: http://pkg.jenkins-ci.org/debian-stable
Suites: binary/
Signed-by: {{ apt_keyring_dir }}/jenkins.asc
Enabled: yes

36
kibana/tasks/apt_sources.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: elastic_sources is changed

66
kibana/tasks/main.yml
View File

@ -1,67 +1,17 @@
--- ---
- name: APT sources
- name: APT https transport is enabled import_tasks: apt_sources.yml
apt: args:
name: apt-transport-https apply:
state: present tags:
tags: - kibana
- kibana - packages
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- kibana
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- kibana
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- kibana
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- kibana
- packages
- name: Unsigned Elastic sources list is not available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- kibana
- packages
- name: Kibana is installed - name: Kibana is installed
apt: apt:
name: kibana name: kibana
state: present state: present
update_cache: yes
tags: tags:
- kibana - kibana
- packages - packages

8
kibana/templates/elastic.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

36
logstash/tasks/apt_sources.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: elastic_sources is changed

65
logstash/tasks/main.yml
View File

@ -1,62 +1,11 @@
--- ---
- name: APT sources
- name: APT https transport is enabled import_tasks: apt_sources.yml
apt: args:
name: apt-transport-https apply:
state: present tags:
tags: - logstash
- logstash - packages
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- logstash
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- logstash
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- logstash
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- logstash
- packages
- name: Unsigned Elastic sources list is not available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- logstash
- packages
- name: Logstash is installed - name: Logstash is installed
apt: apt:

8
logstash/templates/elastic.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

36
metricbeat/tasks/apt_sources.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: APT https transport is enabled (Debian <10)
ansible.builtin.apt:
name: apt-transport-https
state: present
when: ansible_distribution_major_version is version('10', '<')
- name: Elastic GPG key is installed
ansible.builtin.copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add Elastic repository (Debian <12)
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Add Elastic repository (Debian >=12)
ansible.builtin.template:
src: elastic.sources.j2
dest: /etc/apt/sources.list.d/elastic.sources
state: present
register: elastic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: elastic_sources is changed

65
metricbeat/tasks/main.yml
View File

@ -1,62 +1,11 @@
--- ---
- name: APT sources
- name: APT https transport is enabled import_tasks: apt_sources.yml
apt: args:
name: apt-transport-https apply:
state: present tags:
tags: - metricbeat
- metricbeat - packages
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- metricbeat
- packages
- name: Elastic embedded GPG key is absent
apt_key:
id: "D88E42B4"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- metricbeat
- packages
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- metricbeat
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: present
update_cache: yes
tags:
- metricbeat
- packages
- name: Elastic sources list is available
apt_repository:
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
filename: elastic
state: absent
update_cache: yes
tags:
- metricbeat
- packages
- name: Metricbeat is installed - name: Metricbeat is installed
apt: apt:

8
metricbeat/templates/elastic.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/elastic.asc
Enabled: yes

11
mongodb/tasks/main.yml
View File

@ -1,13 +1,14 @@
--- ---
- include: main_jessie.yml - ansible.builtin.import_tasks: main_jessie.yml
when: ansible_distribution_release == "jessie" when: ansible_distribution_release == "jessie"
- include: main_stretch.yml - ansible.builtin.import_tasks: main_stretch.yml
when: ansible_distribution_release == "stretch" when: ansible_distribution_release == "stretch"
- include: main_buster.yml - ansible.builtin.import_tasks: main_buster.yml
when: ansible_distribution_release == "buster" when: ansible_distribution_release == "buster"
- include: main_bullseye.yml - ansible.builtin.import_tasks: main_bullseye.yml
when: ansible_distribution_major_version is version('11', '>=') when: ansible_distribution_release == "bullseye"

26
mongodb/tasks/main_bullseye.yml
View File

@ -1,22 +1,10 @@
--- ---
- fail: - fail:
msg: Not compatible with Debian 11 (Bullseye) msg: MongoDB versions <4.2 are not compatible with Debian 11 (Bullseye)
when: when:
- ansible_distribution_release == "bullseye" - ansible_distribution_release == "bullseye"
- mongodb_version is version('5.0', '<') - mongodb_version is version('5.2', '<')
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: MongoDB embedded GPG key is absent
apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add MongoDB GPG key - name: Add MongoDB GPG key
copy: copy:
@ -27,19 +15,11 @@
owner: root owner: root
group: root group: root
- name: Enable APT sources list - name: Add MongoDB repository
apt_repository: apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main" repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main"
state: present state: present
filename: "mongodb-org-{{ mongodb_version }}" filename: "mongodb-org-{{ mongodb_version }}"
update_cache: yes
- name: Disable unsigned APT sources list
apt_repository:
repo: "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main"
state: absent
filename: "mongodb-org-{{ mongodb_version }}"
update_cache: yes
- name: Install packages - name: Install packages
apt: apt:

13
newrelic/tasks/php.yml
View File

@ -1,7 +1,7 @@
--- ---
- name: Pre-seed package configuration with app name - name: Pre-seed package configuration with app name
debconf: ansible.builtin.debconf:
name: newrelic-php5 name: newrelic-php5
question: "newrelic-php5/application-name" question: "newrelic-php5/application-name"
value: "{{ newrelic_appname }}" value: "{{ newrelic_appname }}"
@ -9,7 +9,7 @@
when: newrelic_appname | length > 0 when: newrelic_appname | length > 0
- name: Pre-seed package configuration with license - name: Pre-seed package configuration with license
debconf: ansible.builtin.debconf:
name: newrelic-php5 name: newrelic-php5
question: "newrelic-php5/license-key" question: "newrelic-php5/license-key"
value: "{{ newrelic_license }}" value: "{{ newrelic_license }}"
@ -17,26 +17,27 @@
when: newrelic_license | length > 0 when: newrelic_license | length > 0
- name: list newrelic config files - name: list newrelic config files
shell: "find /etc/php* -type f -name newrelic.ini" ansible.builtin.shell:
cmd: "find /etc/php* -type f -name newrelic.ini"
changed_when: False changed_when: False
check_mode: no check_mode: no
register: find_newrelic_ini register: find_newrelic_ini
- name: Disable AWS detection - name: Disable AWS detection
lineinfile: ansible.builtin.lineinfile:
dest: "{{ item }}" dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_aws' regexp: '^;?newrelic.daemon.utilization.detect_aws'
line: 'newrelic.daemon.utilization.detect_aws = false' line: 'newrelic.daemon.utilization.detect_aws = false'
loop: "{{ find_newrelic_ini.stdout_lines }}" loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Disable Docker detection - name: Disable Docker detection
lineinfile: ansible.builtin.lineinfile:
dest: "{{ item }}" dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_docker' regexp: '^;?newrelic.daemon.utilization.detect_docker'
line: 'newrelic.daemon.utilization.detect_docker = false' line: 'newrelic.daemon.utilization.detect_docker = false'
loop: "{{ find_newrelic_ini.stdout_lines }}" loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Install package for PHP - name: Install package for PHP
apt: ansible.builtin.apt:
name: newrelic-php5 name: newrelic-php5
state: present state: present

35
newrelic/tasks/sources.yml
View File

@ -1,19 +1,7 @@
--- ---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: NewRelic embedded GPG key is absent
apt_key:
id: "548C16BF"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add NewRelic GPG key - name: Add NewRelic GPG key
copy: ansible.builtin.copy:
src: newrelic.asc src: newrelic.asc
dest: "{{ apt_keyring_dir }}/newrelic.asc" dest: "{{ apt_keyring_dir }}/newrelic.asc"
force: yes force: yes
@ -21,16 +9,23 @@
owner: root owner: root
group: root group: root
- name: Install NewRelic repository - name: Install NewRelic repository (Debian <12)
apt_repository: ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/newrelic.asc] http://apt.newrelic.com/debian/ newrelic non-free" repo: "deb [signed-by={{ apt_keyring_dir }}/newrelic.asc] http://apt.newrelic.com/debian/ newrelic non-free"
state: present state: present
filename: newrelic filename: newrelic
update_cache: yes update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Desinstall unsigned NewRelic repository - name: Add NewRelic repository (Debian >=12)
apt_repository: ansible.builtin.template:
repo: "deb http://apt.newrelic.com/debian/ newrelic non-free" src: newrelic.sources.j2
state: absent dest: /etc/apt/sources.list.d/newrelic.sources
filename: newrelic state: present
register: newrelic_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes update_cache: yes
when: newrelic_sources is changed

4
newrelic/tasks/sysmond.yml
View File

@ -1,11 +1,11 @@
--- ---
- name: Install system monitor daemon - name: Install system monitor daemon
apt: ansible.builtin.apt:
name: newrelic-sysmond name: newrelic-sysmond
- name: Set license key for newrelic-sysmond - name: Set license key for newrelic-sysmond
replace: ansible.builtin.replace:
dest: /etc/newrelic/nrsysmond.cfg dest: /etc/newrelic/nrsysmond.cfg
regexp: "license_key=REPLACE_WITH_REAL_KEY" regexp: "license_key=REPLACE_WITH_REAL_KEY"
replace: "license_key={{ newrelic_license }}" replace: "license_key={{ newrelic_license }}"

8
newrelic/templates/newrelic.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://apt.newrelic.com/debian/
Suites: newrelic
Components: non-free
Signed-by: {{ apt_keyring_dir }}/newrelic.asc
Enabled: yes

55
nodejs/tasks/main.yml
View File

@ -1,36 +1,17 @@
--- ---
- name: APT https transport is enabled - name: APT https transport is enabled (Debian <10)
apt: ansible.builtin.apt:
name: apt-transport-https name: apt-transport-https
state: present state: present
tags: tags:
- system - system
- packages - packages
- nodejs - nodejs
when: ansible_distribution_major_version is version('10', '<')
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- name: NodeJS embedded GPG key is absent
apt_key:
id: "68576280"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- system
- packages
- nodejs
- name: NodeJS GPG key is installed - name: NodeJS GPG key is installed
copy: ansible.builtin.copy:
src: nodesource.asc src: nodesource.asc
dest: "{{ apt_keyring_dir }}/nodesource.asc" dest: "{{ apt_keyring_dir }}/nodesource.asc"
mode: "0644" mode: "0644"
@ -41,8 +22,8 @@
- packages - packages
- nodejs - nodejs
- name: NodeJS sources list ({{ nodejs_apt_version }}) is available - name: Add NodeJS repository (Debian <12)
apt_repository: ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/nodesource.asc] https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main" repo: "deb [signed-by={{ apt_keyring_dir }}/nodesource.asc] https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
filename: nodesource filename: nodesource
update_cache: yes update_cache: yes
@ -51,26 +32,32 @@
- system - system
- packages - packages
- nodejs - nodejs
when: ansible_distribution_major_version is version('12', '<')
- name: Unsigned NodeJS sources list ({{ nodejs_apt_version }}) is not available - name: Add NodeJS repository (Debian >=12)
apt_repository: ansible.builtin.template:
repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main" src: nodesource.sources.j2
filename: nodesource dest: /etc/apt/sources.list.d/nodesource.sources
update_cache: yes state: present
state: absent register: nodesource_sources
tags: tags:
- system - system
- packages - packages
- nodejs - nodejs
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
when: nodesource_sources is changed
- name: NodeJS is installed - name: NodeJS is installed
apt: ansible.builtin.apt:
name: nodejs name: nodejs
state: present state: present
update_cache: yes
tags: tags:
- packages - packages
- nodejs - nodejs
- include: yarn.yml - ansible.builtin.import_tasks: yarn.yml
when: nodejs_install_yarn | bool when: nodejs_install_yarn | bool

49
nodejs/tasks/yarn.yml
View File

@ -1,29 +1,7 @@
--- ---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- yarn
- name: Yarn embedded GPG key is absent
apt_key:
id: "86E50310"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- system
- packages
- nodejs
- yarn
- name: Yarn GPG key is installed - name: Yarn GPG key is installed
copy: ansible.builtin.copy:
src: yarn.asc src: yarn.asc
dest: "{{ apt_keyring_dir }}/yarn.asc" dest: "{{ apt_keyring_dir }}/yarn.asc"
mode: "0644" mode: "0644"
@ -35,32 +13,39 @@
- nodejs - nodejs
- yarn - yarn
- name: Yarn sources list is available - name: Add Yarn repository (Debian <12)
apt_repository: ansible.builtin.apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/yarn.asc] https://dl.yarnpkg.com/debian/ stable main" repo: "deb [signed-by={{ apt_keyring_dir }}/yarn.asc] https://dl.yarnpkg.com/debian/ stable main"
filename: yarn filename: yarn
update_cache: yes
state: present state: present
tags: tags:
- system - system
- packages - packages
- nodejs - nodejs
- yarn - yarn
when: ansible_distribution_major_version is version('12', '<')
- name: Unsigned Yarn sources list is not available - name: Add Yarn repository (Debian >=12)
apt_repository: ansible.builtin.template:
repo: "deb https://dl.yarnpkg.com/debian/ stable main" src: yarn.sources.j2
filename: yarn dest: /etc/apt/sources.list.d/yarn.sources
state: present
update_cache: yes update_cache: yes
state: absent register: yarn_sources
tags: tags:
- system - system
- packages - packages
- nodejs - nodejs
- yarn - yarn
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes
when: yarn_sources is changed
- name: Yarn is installed - name: Yarn is installed
apt: ansible.builtin.apt:
name: yarn name: yarn
state: present state: present
tags: tags:

8
nodejs/templates/nodesource.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://deb.nodesource.com/{{ nodejs_apt_version }}
Suites: {{ ansible_distribution_release }}
Components: main
Signed-by: {{ apt_keyring_dir }}/nodesource.asc
Enabled: yes

8
nodejs/templates/yarn.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://dl.yarnpkg.com/debian/
Suites: stable
Components: main
Signed-by: {{ apt_keyring_dir }}/yarn.asc
Enabled: yes

60
php/tasks/sury_pre.yml
View File

@ -1,12 +1,10 @@
--- ---
- name: Setup deb.sury.org repository - Add GPG key - name: Setup deb.sury.org repository - Install apt-transport-https
copy: apt:
src: sury.gpg name: apt-transport-https
dest: "{{ apt_keyring_dir }}/sury.gpg" state: present
mode: "0644" when: ansible_distribution_major_version is version('10', '<')
owner: root
group: root
- name: copy pub.evolix.org GPG key - name: copy pub.evolix.org GPG key
copy: copy:
@ -16,18 +14,6 @@
owner: root owner: root
group: root group: root
- name: Setup deb.sury.org repository - Install apt-transport-https
apt:
state: present
name: apt-transport-https
- name: Setup deb.sury.org repository - Add preferences file
copy:
src: sury.preferences
dest: /etc/apt/preferences.d/z-sury
when:
- ansible_distribution_release != "bullseye"
- name: Setup pub.evolix.org repository - Add source list - name: Setup pub.evolix.org repository - Add source list
apt_repository: apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix {{ ansible_distribution_release }}-php81 main" repo: "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix {{ ansible_distribution_release }}-php81 main"
@ -36,17 +22,41 @@
when: when:
- ansible_distribution_release == "bullseye" - ansible_distribution_release == "bullseye"
- name: Setup deb.sury.org repository - Add source list - name: Setup deb.sury.org repository - Add preferences file
copy:
src: sury.preferences
dest: /etc/apt/preferences.d/z-sury
when:
- ansible_distribution_release != "bullseye"
- name: Setup deb.sury.org repository - Add GPG key
copy:
src: sury.gpg
dest: "{{ apt_keyring_dir }}/sury.gpg"
mode: "0644"
owner: root
group: root
- name: Add Sury repository (Debian <12)
apt_repository: apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ {{ ansible_distribution_release }} main" repo: "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
filename: sury filename: sury
state: present state: present
update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Setup deb.sury.org repository - Remove unsigned source list - name: Add Sury repository (Debian >=12)
apt_repository: ansible.builtin.template:
repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main" src: sury.sources.j2
filename: sury dest: /etc/apt/sources.list.d/sury.sources
state: absent state: present
register: sury_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
apt:
update_cache: yes
when: sury_sources is changed
- name: "Override package list for Sury (Debian 9 or later)" - name: "Override package list for Sury (Debian 9 or later)"
set_fact: set_fact:

8
php/templates/sury.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://packages.sury.org/php/
Suites: {{ ansible_distribution_release }}
Components: main
Signed-by: {{ apt_keyring_dir }}/sury.gpg
Enabled: yes

25
postgresql/tasks/main.yml
View File

@ -1,25 +1,28 @@
--- ---
- include: locales.yml - ansible.builtin.import_tasks: locales.yml
- include: packages_jessie.yml - ansible.builtin.import_tasks: packages_jessie.yml
when: ansible_distribution_release == "jessie" when: ansible_distribution_release == "jessie"
- include: packages_stretch.yml - ansible.builtin.import_tasks: packages_stretch.yml
when: ansible_distribution_release == "stretch" when: ansible_distribution_release == "stretch"
- include: packages_buster.yml - ansible.builtin.import_tasks: packages_buster.yml
when: ansible_distribution_release == "buster" when: ansible_distribution_release == "buster"
- include: packages_bullseye.yml - ansible.builtin.import_tasks: packages_bullseye.yml
when: ansible_distribution_major_version is version('11', '>=') when: ansible_distribution_release == "bullseye"
- include: config.yml - ansible.builtin.import_tasks: packages_bookworm.yml
when: ansible_distribution_release == "bookworm"
- include: nrpe.yml - ansible.builtin.import_tasks: config.yml
- include: munin.yml - ansible.builtin.import_tasks: nrpe.yml
- include: logrotate.yml - ansible.builtin.import_tasks: munin.yml
- include: postgis.yml - ansible.builtin.import_tasks: logrotate.yml
- ansible.builtin.import_tasks: postgis.yml
when: postgresql_install_postgis | bool when: postgresql_install_postgis | bool

6
postgresql/tasks/packages_bookworm.yml
View File

@ -1,15 +1,15 @@
--- ---
- name: "Set variables (Debian 12)" - name: "Set variables (Debian 12)"
set_fact: ansible.builtin.set_fact:
postgresql_version: '15' postgresql_version: '15'
when: postgresql_version is none or postgresql_version | length == 0 when: postgresql_version is none or postgresql_version | length == 0
- include: pgdg-repo.yml - ansible.builtin.import_tasks: pgdg-repo.yml
when: postgresql_version != '15' when: postgresql_version != '15'
- name: Install postgresql package - name: Install postgresql package
apt: ansible.builtin.apt:
name: name:
- "postgresql-{{ postgresql_version }}" - "postgresql-{{ postgresql_version }}"
- pgtop - pgtop

1
postgresql/tasks/packages_bullseye.yml
View File

@ -14,3 +14,4 @@
- "postgresql-{{ postgresql_version }}" - "postgresql-{{ postgresql_version }}"
- pgtop - pgtop
- libdbd-pg-perl - libdbd-pg-perl
update_cache: yes

1
postgresql/tasks/packages_buster.yml
View File

@ -14,3 +14,4 @@
- "postgresql-{{ postgresql_version }}" - "postgresql-{{ postgresql_version }}"
- pgtop - pgtop
- libdbd-pg-perl - libdbd-pg-perl
update_cache: yes

10
postgresql/tasks/packages_jessie.yml
View File

@ -10,8 +10,8 @@
- name: Install postgresql package - name: Install postgresql package
apt: apt:
name: '{{ item }}' name:
loop: - "postgresql-{{ postgresql_version }}"
- "postgresql-{{ postgresql_version }}" - ptop
- ptop - libdbd-pg-perl
- libdbd-pg-perl update_cache: yes

1
postgresql/tasks/packages_stretch.yml
View File

@ -14,3 +14,4 @@
- "postgresql-{{ postgresql_version }}" - "postgresql-{{ postgresql_version }}"
- ptop - ptop
- libdbd-pg-perl - libdbd-pg-perl
update_cache: yes

31
postgresql/tasks/pgdg-repo.yml
View File

@ -8,18 +8,6 @@
- meta: flush_handlers - meta: flush_handlers
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: PGDG embedded GPG key is absent
apt_key:
id: "ACCC4CF8"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add PGDG GPG key - name: Add PGDG GPG key
copy: copy:
src: postgresql.asc src: postgresql.asc
@ -29,16 +17,25 @@
owner: root owner: root
group: root group: root
- name: Add PGDG repository - name: Add PGDG repository (Debian <12)
apt_repository: apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main" repo: "deb [signed-by={{ apt_keyring_dir }}/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
filename: postgresql
update_cache: yes update_cache: yes
when: ansible_distribution_major_version is version('12', '<')
- name: Remove unsigned PGDG repository - name: Add PGDG repository (Debian >=12)
apt_repository: ansible.builtin.template:
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main" src: postgresql.sources.j2
dest: /etc/apt/sources.list.d/postgresql.sources
state: present
register: postgresql_sources
when: ansible_distribution_major_version is version('12', '>=')
- name: Update APT cache
ansible.builtin.apt:
update_cache: yes update_cache: yes
state: absent when: elastic_sources is changed
- name: Add APT preference file - name: Add APT preference file
template: template:

1
postgresql/tasks/postgis.yml
View File

@ -5,3 +5,4 @@
- postgis - postgis
- "postgresql-{{ postgresql_version }}-postgis-2.5" - "postgresql-{{ postgresql_version }}-postgis-2.5"
- "postgresql-{{ postgresql_version }}-postgis-2.5-scripts" - "postgresql-{{ postgresql_version }}-postgis-2.5-scripts"
update_cache: yes

8
postgresql/templates/postgresql.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://apt.postgresql.org/pub/repos/apt/
Suites: {{ ansible_distribution_release }}-pgdg
Components: main
Signed-by: {{ apt_keyring_dir }}/postgresql.asc
Enabled: yes