Use proper keyrings directory for APT version

Debian 9 → 11 : /etc/apt/trusted.gpg.d
Debian 12 : /etc/apt/keyrings
debian12-keyring
Jérémy Lecour 3 months ago committed by Jérémy Lecour
parent 7f3f7b3e04
commit f531460f49

@ -12,6 +12,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Added
* Use proper keyrings directory for APT version
* evolinux-base: replace regular kernel by cloud kernel on virtual servers
* nagios-nrpe: check_haproxy_stats supports DRAIN status
* lxc-php: set php-fpm umask to 007

@ -25,3 +25,5 @@ apt_check_hold_cron_hour: "*/4"
apt_check_hold_cron_weekday: "*"
apt_check_hold_cron_day: "*"
apt_check_hold_cron_month: "*"
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -19,7 +19,7 @@
- name: Add Evolix GPG key
copy:
src: reg.asc
dest: /etc/apt/trusted.gpg.d/reg.asc
dest: "{{ apt_keyring_dir }}/reg.asc"
force: yes
mode: "0644"
owner: root

@ -28,3 +28,5 @@ docker_tls_ca_key: ca/ca-key.pem
docker_tls_cert: server/cert.pem
docker_tls_key: server/key.pem
docker_tls_csr: server/server.csr
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -19,7 +19,7 @@
- name: Add Docker's official GPG key
copy:
src: docker-debian.asc
dest: /etc/apt/trusted.gpg.d/docker-debian.asc
dest: "{{ apt_keyring_dir }}/docker-debian.asc"
force: yes
mode: "0644"
owner: root

@ -29,3 +29,5 @@ elasticsearch_plugin_head_clone_dir: "{{ elasticsearch_plugin_head_home }}/www"
elasticsearch_plugin_head_tmp_dir: "{{ elasticsearch_plugin_head_home }}/tmp"
elasticsearch_additional_scripts_dir: /usr/share/scripts
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root

@ -21,6 +21,8 @@ evolinux_apt_public_sources: True
evolinux_apt_upgrade: True
evolinux_apt_remove_aptitude: True
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
# etc-evolinux
evolinux_etcevolinux_include: True

@ -81,7 +81,7 @@
- name: HPE GPG key is installed
copy:
src: hpePublicKey2048_key1.asc
dest: /etc/apt/trusted.gpg.d/hpePublicKey2048_key1.asc
dest: "{{ apt_keyring_dir }}/hpePublicKey2048_key1.asc"
force: yes
mode: "0644"
owner: root
@ -208,7 +208,7 @@
- name: HWRaid GPG key is installed
copy:
src: hwraid.le-vert.net.asc
dest: /etc/apt/trusted.gpg.d/hwraid.le-vert.net.asc
dest: "{{ apt_keyring_dir }}/hwraid.le-vert.net.asc"
force: yes
mode: "0644"
owner: root

@ -22,3 +22,5 @@ filebeat_use_config_template: False
filebeat_update_config: True
filebeat_force_config: True
filebeat_upgrade_package: False
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root

@ -10,3 +10,5 @@ fluentd_host_port:
fluentd_flush_interval:
fluentd_heartbeat_type:
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -21,7 +21,7 @@
- name: Add Fluentd GPG key
copy:
src: fluentd.asc
dest: /etc/apt/trusted.gpg.d/fluentd.asc
dest: "{{ apt_keyring_dir }}/fluentd.asc"
force: yes
mode: "0644"
owner: root
@ -32,7 +32,7 @@
- name: Fluentd sources list is available
apt_repository:
repo: "deb http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
repo: "deb [signed-by={{ apt_keyring_dir }}/fluentd.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
filename: treasuredata
update_cache: yes
state: present

@ -0,0 +1,3 @@
---
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -20,7 +20,7 @@
- name: Add Jenkins GPG key
copy:
src: jenkins.asc
dest: /etc/apt/trusted.gpg.d/jenkins.asc
dest: "{{ apt_keyring_dir }}/jenkins.asc"
force: yes
mode: "0644"
owner: root

@ -9,3 +9,5 @@ kibana_proxy_nginx: False
kibana_proxy_domain: "kibana.{{ ansible_fqdn }}"
kibana_proxy_ssl_cert: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
kibana_proxy_ssl_key: "/etc/ssl/private/{{ ansible_fqdn }}.key"
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root

@ -7,4 +7,6 @@ logstash_log_rotate_days: 365
logstash_custom_tmpdir: Null
logstash_default_tmpdir: /var/lib/logstash/tmp
logstash_log_syslog_enabled: True
logstash_config_force: True
logstash_config_force: True
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root

@ -30,4 +30,4 @@ lxc_php_services:
php80: 'php8.0-fpm.service'
php81: 'php8.1-fpm.service'
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -25,7 +25,7 @@
- name: copy pub.evolix.net GPG key
copy:
src: reg.asc
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/reg.asc
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/reg.asc
mode: "0644"
owner: root
group: root
@ -33,7 +33,7 @@
- name: copy packages.sury.org GPG Key
copy:
src: sury.gpg
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/sury.gpg
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg
mode: "0644"
owner: root
group: root

@ -25,7 +25,7 @@
- name: copy pub.evolix.net GPG key
copy:
src: reg.asc
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/reg.asc
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/reg.asc
mode: "0644"
owner: root
group: root
@ -33,7 +33,7 @@
- name: copy packages.sury.org GPG Key
copy:
src: sury.gpg
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/sury.gpg
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg
mode: "0644"
owner: root
group: root

@ -28,3 +28,5 @@ metricbeat_tags: Null
# metricbeat_fields:
# - "env: staging"
metricbeat_fields: Null
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed
copy:
src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc
dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes
mode: "0644"
owner: root

@ -7,4 +7,6 @@ mongodb_bind: 127.0.0.1
# otherwise it can disable important settings, like authorization :/
mongodb_force_config: False
mongodb_version: 4.4
mongodb_version: 4.4
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -21,7 +21,7 @@
- name: Add MongoDB GPG key
copy:
src: "server-{{mongodb_version}}.asc"
dest: "/etc/apt/trusted.gpg.d/mongodb-server-{{mongodb_version}}.asc"
dest: "{{ apt_keyring_dir }}/mongodb-server-{{mongodb_version}}.asc"
force: yes
mode: "0644"
owner: root

@ -15,7 +15,7 @@
- name: Add MongoDB GPG key
copy:
src: "server-{{mongodb_version}}.asc"
dest: "/etc/apt/trusted.gpg.d/mongodb-server-{{mongodb_version}}.asc"
dest: "{{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc"
force: yes
mode: "0644"
owner: root

@ -5,3 +5,5 @@ newrelic_php: False
newrelic_license: ""
newrelic_appname: ""
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -15,7 +15,7 @@
- name: Add NewRelic GPG key
copy:
src: newrelic.asc
dest: /etc/apt/trusted.gpg.d/newrelic.asc
dest: "{{ apt_keyring_dir }}/newrelic.asc"
force: yes
mode: "0644"
owner: root

@ -4,3 +4,5 @@
nodejs_apt_version: 'node_16.x'
nodejs_install_yarn: False
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -32,7 +32,7 @@
- name: NodeJS GPG key is installed
copy:
src: nodesource.asc
dest: /etc/apt/trusted.gpg.d/nodesource.asc
dest: "{{ apt_keyring_dir }}/nodesource.asc"
mode: "0644"
owner: root
group: root

@ -25,7 +25,7 @@
- name: Yarn GPG key is installed
copy:
src: yarn.asc
dest: /etc/apt/trusted.gpg.d/yarn.asc
dest: "{{ apt_keyring_dir }}/yarn.asc"
mode: "0644"
owner: root
group: root

@ -2,3 +2,5 @@
percona__install_xtrabackup: True
percona__xtrabackup_package_name: percona-xtrabackup-24
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -18,7 +18,7 @@
- name: Add Percona GPG key
copy:
src: percona.asc
dest: /etc/apt/trusted.gpg.d/percona.asc
dest: "{{ apt_keyring_dir }}/percona.asc"
force: yes
mode: "0644"
owner: root

@ -8,3 +8,5 @@ php_symfony_requirements: False
php_modules_mysqlnd: False
php_fpm_remove_default_pool: False
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -3,7 +3,7 @@
- name: Setup deb.sury.org repository - Add GPG key
copy:
src: sury.gpg
dest: /etc/apt/trusted.gpg.d/sury.gpg
dest: "{{ apt_keyring_dir }}/sury.gpg"
mode: "0644"
owner: root
group: root

@ -20,3 +20,5 @@ locales_default: fr_FR.UTF-8
# PostGIS
postgresql_install_postgis: False
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

@ -23,7 +23,7 @@
- name: Add PGDG GPG key
copy:
src: postgresql.asc
dest: /etc/apt/trusted.gpg.d/postgresql.asc
dest: "{{ apt_keyring_dir }}/postgresql.asc"
force: yes
mode: "0644"
owner: root

Loading…
Cancel
Save