remove key from trusted.gpg only if file is present

2021-05-06 10:42:12 +02:00 · 2021-05-06 10:42:12 +02:00 · 83705a48b8
parent 9f2125e287
commit 83705a48b8
15 changed files with 192 additions and 44 deletions
--- a/apt/tasks/evolix_public.yml
+++ b/apt/tasks/evolix_public.yml
@ -1,9 +1,17 @@
 ---

+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+  tags:
+    - apt
+
 - name: Evolix GPG embedded key is absent
  apt_key:
    id: "B8612B5D"
    state: absent
+  when: apt_trusted_gpg.stat.exists
  tags:
    - apt

--- a/elasticsearch/tasks/packages.yml
+++ b/elasticsearch/tasks/packages.yml
@ -5,16 +5,25 @@
    name: apt-transport-https
    state: present
  tags:
-  - elasticsearch
-  - packages
+    - elasticsearch
+    - packages
+
+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+  tags:
+    - elasticsearch
+    - packages

 - name: Elastic GPG embedded key is absent
  apt_key:
    id: "D88E42B4"
    state: absent
+  when: apt_trusted_gpg.stat.exists
  tags:
-  - elasticsearch
-  - packages
+    - elasticsearch
+    - packages

 - name: Elastic GPG key is installed
  copy:
@ -23,8 +32,8 @@
    force: yes
    mode: "0644"
  tags:
-  - elasticsearch
-  - packages
+    - elasticsearch
+    - packages

 - name: Elastic sources list is available
  apt_repository:
@ -33,16 +42,16 @@
    state: present
    update_cache: yes
  tags:
-  - elasticsearch
-  - packages
+    - elasticsearch
+    - packages

 - name: Elasticsearch is installed
  apt:
    name: elasticsearch
    state: present
  tags:
-  - elasticsearch
-  - packages
+    - elasticsearch
+    - packages

 - name: Elasticsearch service is enabled
  service:
--- a/evolinux-base/tasks/hardware.yml
+++ b/evolinux-base/tasks/hardware.yml
@ -37,10 +37,16 @@

 - name: HPE Smart Storage Administrator (ssacli) is present
  block:
+    - name: Look for /etc/apt/trusted.gpg
+      stat:
+        path: /etc/apt/trusted.gpg
+      register: apt_trusted_gpg
+
    - name: HPE GPG is absent in embedded database
      apt_key:
        id: "26C2B797"
        state: absent
+      when: apt_trusted_gpg.stat.exists

    - name: HPE GPG key is installed
      copy:
@ -100,11 +106,18 @@

 - name: MegaRAID SAS package is present
  block:
+    - name: Look for /etc/apt/trusted.gpg
+      stat:
+        path: /etc/apt/trusted.gpg
+      register: apt_trusted_gpg
+
    - name: HWRaid GPG embedded key is absent
      apt_key:
        id: "23B3D3B4"
        state: absent
-      when: ansible_distribution_major_version is version('9', '>=')
+      when:
+        - apt_trusted_gpg.stat.exists
+        - ansible_distribution_major_version is version('9', '>=')

    - name: HWRaid GPG key is installed
      copy:
--- a/filebeat/tasks/main.yml
+++ b/filebeat/tasks/main.yml
@ -5,16 +5,25 @@
    name: apt-transport-https
    state: present
  tags:
-  - filebeat
-  - packages
+    - filebeat
+    - packages
+
+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+  tags:
+    - filebeat
+    - packages

 - name: Elastic GPG embedded key is absent
  apt_key:
    id: "D88E42B4"
    state: absent
+  when: apt_trusted_gpg.stat.exists
  tags:
-  - filebeat
-  - packages
+    - filebeat
+    - packages

 - name: Elastic GPG key is installed
  copy:
@ -23,8 +32,8 @@
    force: yes
    mode: "0644"
  tags:
-  - filebeat
-  - packages
+    - filebeat
+    - packages

 - name: Elastic sources list is available
  apt_repository:
@ -33,8 +42,8 @@
    state: present
    update_cache: yes
  tags:
-  - filebeat
-  - packages
+    - filebeat
+    - packages

 - name: Filebeat is installed
  apt:
--- a/fluentd/tasks/main.yml
+++ b/fluentd/tasks/main.yml
@ -1,9 +1,18 @@
 ---

+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+  tags:
+    - packages
+    - fluentd
+
 - name: Fluentd GPG embedded key is absent
  apt_key:
    id: "AB97ACBE"
    state: absent
+  when: apt_trusted_gpg.stat.exists
  tags:
    - packages
    - fluentd
--- a/jenkins/tasks/main.yml
+++ b/jenkins/tasks/main.yml
@ -5,10 +5,16 @@
 # http://mirrors.jenkins.io/.*
 # http://jenkins.mirror.isppower.de/.*

+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+
 - name: Jenkins GPG embedded key is absent
  apt_key:
    id: "D50582E6"
    state: absent
+  when: apt_trusted_gpg.stat.exists

 - name: Add Jenkins GPG key
  copy:
--- a/kibana/tasks/main.yml
+++ b/kibana/tasks/main.yml
@ -5,16 +5,25 @@
    name: apt-transport-https
    state: present
  tags:
-  - kibana
-  - packages
+    - kibana
+    - packages
+
+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+  tags:
+    - kibana
+    - packages

 - name: Elastic GPG embedded key is absent
  apt_key:
    id: "D88E42B4"
    state: absent
+  when: apt_trusted_gpg.stat.exists
  tags:
-  - kibana
-  - packages
+    - kibana
+    - packages

 - name: Elastic GPG key is installed
  copy:
@ -23,8 +32,8 @@
    force: yes
    mode: "0644"
  tags:
-  - kibana
-  - packages
+    - kibana
+    - packages

 - name: Elastic sources list is available
  apt_repository:
@ -33,14 +42,15 @@
    state: present
    update_cache: yes
  tags:
-  - kibana
-  - packages
+    - kibana
+    - packages

 - name: Kibana is installed
  apt:
    name: kibana
    state: present
  tags:
+    - kibana
    - packages

 - name: kibana server host configuration
@ -50,6 +60,8 @@
    regexp: '^server.host:'
    insertafter: '^#server.host:'
  notify: restart kibana
+  tags:
+    - kibana

 - name: kibana server basepath configuration
  lineinfile:
@ -58,6 +70,8 @@
    regexp: '^server.basePath:'
    insertafter: '^#server.basePath:'
  notify: restart kibana
+  tags:
+    - kibana

 - name: kibana log destination is present
  file:
@ -66,6 +80,8 @@
    group: kibana
    mode: "0750"
    state: directory
+  tags:
+    - kibana

 - name: kibana log messages go to custom file
  lineinfile:
@ -74,12 +90,16 @@
    regexp: '^logging.dest:'
    insertafter: '^#logging.dest:'
  notify: restart kibana
+  tags:
+    - kibana

 - name: Kibana service is enabled and started
  systemd:
    name: kibana
    enabled: yes
    state: started
+  tags:
+    - kibana

 - name: Logrotate configuration is enabled
  copy:
@ -88,6 +108,8 @@
    mode: "0644"
    owner: root
    group: root
+  tags:
+    - kibana

 # - name: Get mount options for /usr partition
 #   shell: "mount | grep 'on /usr type'"
--- a/logstash/tasks/main.yml
+++ b/logstash/tasks/main.yml
@ -5,16 +5,25 @@
    name: apt-transport-https
    state: present
  tags:
-  - logstash
-  - packages
+    - logstash
+    - packages
+
+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+  tags:
+    - logstash
+    - packages

 - name: Elastic GPG embedded key is absent
  apt_key:
    id: "D88E42B4"
    state: absent
+  when: apt_trusted_gpg.stat.exists
  tags:
-  - logstash
-  - packages
+    - logstash
+    - packages

 - name: Elastic GPG key is installed
  copy:
@ -23,8 +32,8 @@
    force: yes
    mode: "0644"
  tags:
-  - logstash
-  - packages
+    - logstash
+    - packages

 - name: Elastic sources list is available
  apt_repository:
@ -33,20 +42,23 @@
    state: present
    update_cache: yes
  tags:
-  - logstash
-  - packages
+    - logstash
+    - packages

 - name: Logstash is installed
  apt:
    name: logstash
    state: present
  tags:
+    - logstash
    - packages

 - name: Logstash service is enabled
  systemd:
    name: logstash
    enabled: yes
+  tags:
+    - logstash

 - name: JVM Heap size (min) is set
  lineinfile:
@ -54,6 +66,7 @@
    regexp: "^-Xms"
    line: "-Xms{{ logstash_jvm_xms }}"
  tags:
+    - logstash
    - config

 - name: JVM Heap size (max) is set
@ -62,6 +75,7 @@
    regexp: "^-Xmx"
    line: "-Xmx{{ logstash_jvm_xmx }}"
  tags:
+    - logstash
    - config

 - name: Add a configuration
@ -80,6 +94,9 @@
      - "templates/logstash/logstash.default.conf.j2"
      - "templates/logstash.default.conf.j2"
  register: logstash_template
+  tags:
+    - logstash
+    - config

 - debug:
    var: logstash_template
--- a/metricbeat/tasks/main.yml
+++ b/metricbeat/tasks/main.yml
@ -5,16 +5,25 @@
    name: apt-transport-https
    state: present
  tags:
-  - metricbeat
-  - packages
+    - metricbeat
+    - packages
+
+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+  tags:
+    - metricbeat
+    - packages

 - name: Elastic GPG embedded key is absent
  apt_key:
    id: "D88E42B4"
    state: absent
+  when: apt_trusted_gpg.stat.exists
  tags:
-  - metricbeat
-  - packages
+    - metricbeat
+    - packages

 - name: Elastic GPG key is installed
  copy:
@ -23,8 +32,8 @@
    force: yes
    mode: "0644"
  tags:
-  - metricbeat
-  - packages
+    - metricbeat
+    - packages

 - name: Elastic sources list is available
  apt_repository:
@ -33,8 +42,8 @@
    state: present
    update_cache: yes
  tags:
-  - metricbeat
-  - packages
+    - metricbeat
+    - packages

 - name: Metricbeat is installed
  apt:
--- a/mongodb/tasks/main_buster.yml
+++ b/mongodb/tasks/main_buster.yml
@ -1,9 +1,15 @@
 ---

+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+
 - name: MongoDB GPG embedded key is absent
  apt_key:
    id: "B8612B5D"
    state: absent
+  when: apt_trusted_gpg.stat.exists

 - name: Add MongoDB GPG key
  copy:
--- a/newrelic/tasks/sources.yml
+++ b/newrelic/tasks/sources.yml
@ -1,9 +1,15 @@
 ---

+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+
 - name: NewRelic GPG embedded key is absent
  apt_key:
    id: "548C16BF"
    state: absent
+  when: apt_trusted_gpg.stat.exists

 - name: Add NewRelic GPG key
  copy:
--- a/nodejs/tasks/main.yml
+++ b/nodejs/tasks/main.yml
@ -7,11 +7,22 @@
  tags:
    - system
    - packages
+    - nodejs
+
+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+  tags:
+    - system
+    - packages
+    - nodejs

 - name: NodeJS GPG embedded key is absent
  apt_key:
    id: "68576280"
    state: absent
+  when: apt_trusted_gpg.stat.exists
  tags:
    - system
    - packages
--- a/nodejs/tasks/yarn.yml
+++ b/nodejs/tasks/yarn.yml
@ -1,9 +1,20 @@
 ---

- name: NodeJS GPG  embedded key is absent
+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+  tags:
+    - system
+    - packages
+    - nodejs
+    - yarn
+
+- name: NodeJS GPG embedded key is absent
  apt_key:
    id: "86E50310"
    state: absent
+  when: apt_trusted_gpg.stat.exists
  tags:
    - system
    - packages
--- a/percona/tasks/main.yml
+++ b/percona/tasks/main.yml
@ -3,10 +3,16 @@
 - set_fact:
    percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb"

+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+
 - name: Percona GPG embedded key is absent
  apt_key:
    id: "8507EFA5"
    state: absent
+  when: apt_trusted_gpg.stat.exists

 - name: Add Percona GPG key
  copy:
--- a/postgresql/tasks/pgdg-repo.yml
+++ b/postgresql/tasks/pgdg-repo.yml
@ -13,10 +13,16 @@
    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
    update_cache: yes

+- name: Look for /etc/apt/trusted.gpg
+  stat:
+    path: /etc/apt/trusted.gpg
+    register: apt_trusted_gpg
+
 - name: PGDG GPG embedded key is absent
  apt_key:
    id: "ACCC4CF8"
    state: absent
+  when: apt_trusted_gpg.stat.exists

 - name: Add PGDG GPG key
  copy: