remove apt keys specifically from embedded database

2021-05-06 13:43:59 +02:00 · 2021-05-06 13:43:59 +02:00 · 58bf79218f
parent 403ea45eeb
commit 58bf79218f
15 changed files with 18 additions and 128 deletions
--- a/apt/tasks/evolix_public.yml
+++ b/apt/tasks/evolix_public.yml
@ -1,17 +1,10 @@
 ---

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-  register: apt_trusted_gpg
-  tags:
-    - apt
-
 - name: Evolix embedded GPG key is absent
  apt_key:
    id: "B8612B5D"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists
  tags:
    - apt

--- a/elasticsearch/tasks/packages.yml
+++ b/elasticsearch/tasks/packages.yml
@ -8,19 +8,11 @@
    - elasticsearch
    - packages

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-  tags:
-    - elasticsearch
-    - packages
-
 - name: Elastic embedded GPG key is absent
  apt_key:
    id: "D88E42B4"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists
  tags:
    - elasticsearch
    - packages
--- a/evolinux-base/tasks/hardware.yml
+++ b/evolinux-base/tasks/hardware.yml
@ -37,16 +37,11 @@

 - name: HPE Smart Storage Administrator (ssacli) is present
  block:
-    - name: Look for /etc/apt/trusted.gpg
-      stat:
-        path: /etc/apt/trusted.gpg
-      register: apt_trusted_gpg
-
-    - name: HPE GPG is absent in embedded database
+    - name: HPE GPG embedded key is absent
      apt_key:
        id: "26C2B797"
+        keyring: /etc/apt/trusted.gpg
        state: absent
-      when: apt_trusted_gpg.stat.exists

    - name: HPE GPG key is installed
      copy:
@ -106,18 +101,12 @@

 - name: MegaRAID SAS package is present
  block:
-    - name: Look for /etc/apt/trusted.gpg
-      stat:
-        path: /etc/apt/trusted.gpg
-      register: apt_trusted_gpg
-
    - name: HWRaid embedded GPG key is absent
      apt_key:
        id: "23B3D3B4"
+        keyring: /etc/apt/trusted.gpg
        state: absent
-      when:
-        - apt_trusted_gpg.stat.exists
-        - ansible_distribution_major_version is version('9', '>=')
+      when: ansible_distribution_major_version is version('9', '>=')

    - name: HWRaid GPG key is installed
      copy:
--- a/filebeat/tasks/main.yml
+++ b/filebeat/tasks/main.yml
@ -8,19 +8,11 @@
    - filebeat
    - packages

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-  tags:
-    - filebeat
-    - packages
-
 - name: Elastic embedded GPG key is absent
  apt_key:
    id: "D88E42B4"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists
  tags:
    - filebeat
    - packages
--- a/fluentd/tasks/main.yml
+++ b/fluentd/tasks/main.yml
@ -1,18 +1,10 @@
 ---

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-  tags:
-    - packages
-    - fluentd
-
 - name: Fluentd embedded GPG key is absent
  apt_key:
    id: "AB97ACBE"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists
  tags:
    - packages
    - fluentd
--- a/jenkins/tasks/main.yml
+++ b/jenkins/tasks/main.yml
@ -5,16 +5,11 @@
 # http://mirrors.jenkins.io/.*
 # http://jenkins.mirror.isppower.de/.*

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-
 - name: Jenkins embedded GPG key is absent
  apt_key:
    id: "D50582E6"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists

 - name: Add Jenkins GPG key
  copy:
--- a/kibana/tasks/main.yml
+++ b/kibana/tasks/main.yml
@ -8,19 +8,11 @@
    - kibana
    - packages

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-  tags:
-    - kibana
-    - packages
-
 - name: Elastic embedded GPG key is absent
  apt_key:
    id: "D88E42B4"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists
  tags:
    - kibana
    - packages
--- a/logstash/tasks/main.yml
+++ b/logstash/tasks/main.yml
@ -8,19 +8,11 @@
    - logstash
    - packages

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-  tags:
-    - logstash
-    - packages
-
 - name: Elastic embedded GPG key is absent
  apt_key:
    id: "D88E42B4"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists
  tags:
    - logstash
    - packages
--- a/metricbeat/tasks/main.yml
+++ b/metricbeat/tasks/main.yml
@ -8,19 +8,11 @@
    - metricbeat
    - packages

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-  tags:
-    - metricbeat
-    - packages
-
 - name: Elastic embedded GPG key is absent
  apt_key:
    id: "D88E42B4"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists
  tags:
    - metricbeat
    - packages
--- a/mongodb/tasks/main_buster.yml
+++ b/mongodb/tasks/main_buster.yml
@ -1,15 +1,10 @@
 ---

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-
 - name: MongoDB embedded GPG key is absent
  apt_key:
    id: "B8612B5D"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists

 - name: Add MongoDB GPG key
  copy:
--- a/newrelic/tasks/sources.yml
+++ b/newrelic/tasks/sources.yml
@ -1,15 +1,10 @@
 ---

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-
 - name: NewRelic embedded GPG key is absent
  apt_key:
    id: "548C16BF"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists

 - name: Add NewRelic GPG key
  copy:
--- a/nodejs/tasks/main.yml
+++ b/nodejs/tasks/main.yml
@ -9,20 +9,11 @@
    - packages
    - nodejs

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-  tags:
-    - system
-    - packages
-    - nodejs
-
 - name: NodeJS embedded GPG key is absent
  apt_key:
    id: "68576280"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists
  tags:
    - system
    - packages
--- a/nodejs/tasks/yarn.yml
+++ b/nodejs/tasks/yarn.yml
@ -1,20 +1,10 @@
 ---

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-  tags:
-    - system
-    - packages
-    - nodejs
-    - yarn
-
 - name: NodeJS embedded GPG key is absent
  apt_key:
    id: "86E50310"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists
  tags:
    - system
    - packages
--- a/percona/tasks/main.yml
+++ b/percona/tasks/main.yml
@ -3,16 +3,11 @@
 - set_fact:
    percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb"

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-
 - name: Percona embedded GPG key is absent
  apt_key:
    id: "8507EFA5"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists

 - name: Add Percona GPG key
  copy:
--- a/postgresql/tasks/pgdg-repo.yml
+++ b/postgresql/tasks/pgdg-repo.yml
@ -13,16 +13,11 @@
    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
    update_cache: yes

- name: Look for /etc/apt/trusted.gpg
-  stat:
-    path: /etc/apt/trusted.gpg
-    register: apt_trusted_gpg
-
 - name: PGDG embedded GPG key is absent
  apt_key:
    id: "ACCC4CF8"
+    keyring: /etc/apt/trusted.gpg
    state: absent
-  when: apt_trusted_gpg.stat.exists

 - name: Add PGDG GPG key
  copy: