Use proper keyrings directory for APT version

Debian 9 → 11 : /etc/apt/trusted.gpg.d
Debian 12 : /etc/apt/keyrings
This commit is contained in:
Jérémy Lecour 2022-11-02 23:15:17 +01:00 committed by Jérémy Lecour
parent 7f3f7b3e04
commit f531460f49
38 changed files with 61 additions and 27 deletions

View File

@ -12,6 +12,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Added ### Added
* Use proper keyrings directory for APT version
* evolinux-base: replace regular kernel by cloud kernel on virtual servers * evolinux-base: replace regular kernel by cloud kernel on virtual servers
* nagios-nrpe: check_haproxy_stats supports DRAIN status * nagios-nrpe: check_haproxy_stats supports DRAIN status
* lxc-php: set php-fpm umask to 007 * lxc-php: set php-fpm umask to 007

View File

@ -25,3 +25,5 @@ apt_check_hold_cron_hour: "*/4"
apt_check_hold_cron_weekday: "*" apt_check_hold_cron_weekday: "*"
apt_check_hold_cron_day: "*" apt_check_hold_cron_day: "*"
apt_check_hold_cron_month: "*" apt_check_hold_cron_month: "*"
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -19,7 +19,7 @@
- name: Add Evolix GPG key - name: Add Evolix GPG key
copy: copy:
src: reg.asc src: reg.asc
dest: /etc/apt/trusted.gpg.d/reg.asc dest: "{{ apt_keyring_dir }}/reg.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -28,3 +28,5 @@ docker_tls_ca_key: ca/ca-key.pem
docker_tls_cert: server/cert.pem docker_tls_cert: server/cert.pem
docker_tls_key: server/key.pem docker_tls_key: server/key.pem
docker_tls_csr: server/server.csr docker_tls_csr: server/server.csr
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -19,7 +19,7 @@
- name: Add Docker's official GPG key - name: Add Docker's official GPG key
copy: copy:
src: docker-debian.asc src: docker-debian.asc
dest: /etc/apt/trusted.gpg.d/docker-debian.asc dest: "{{ apt_keyring_dir }}/docker-debian.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -29,3 +29,5 @@ elasticsearch_plugin_head_clone_dir: "{{ elasticsearch_plugin_head_home }}/www"
elasticsearch_plugin_head_tmp_dir: "{{ elasticsearch_plugin_head_home }}/tmp" elasticsearch_plugin_head_tmp_dir: "{{ elasticsearch_plugin_head_home }}/tmp"
elasticsearch_additional_scripts_dir: /usr/share/scripts elasticsearch_additional_scripts_dir: /usr/share/scripts
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed - name: Elastic GPG key is installed
copy: copy:
src: elastic.asc src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -21,6 +21,8 @@ evolinux_apt_public_sources: True
evolinux_apt_upgrade: True evolinux_apt_upgrade: True
evolinux_apt_remove_aptitude: True evolinux_apt_remove_aptitude: True
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
# etc-evolinux # etc-evolinux
evolinux_etcevolinux_include: True evolinux_etcevolinux_include: True

View File

@ -81,7 +81,7 @@
- name: HPE GPG key is installed - name: HPE GPG key is installed
copy: copy:
src: hpePublicKey2048_key1.asc src: hpePublicKey2048_key1.asc
dest: /etc/apt/trusted.gpg.d/hpePublicKey2048_key1.asc dest: "{{ apt_keyring_dir }}/hpePublicKey2048_key1.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root
@ -208,7 +208,7 @@
- name: HWRaid GPG key is installed - name: HWRaid GPG key is installed
copy: copy:
src: hwraid.le-vert.net.asc src: hwraid.le-vert.net.asc
dest: /etc/apt/trusted.gpg.d/hwraid.le-vert.net.asc dest: "{{ apt_keyring_dir }}/hwraid.le-vert.net.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -22,3 +22,5 @@ filebeat_use_config_template: False
filebeat_update_config: True filebeat_update_config: True
filebeat_force_config: True filebeat_force_config: True
filebeat_upgrade_package: False filebeat_upgrade_package: False
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed - name: Elastic GPG key is installed
copy: copy:
src: elastic.asc src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -10,3 +10,5 @@ fluentd_host_port:
fluentd_flush_interval: fluentd_flush_interval:
fluentd_heartbeat_type: fluentd_heartbeat_type:
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -21,7 +21,7 @@
- name: Add Fluentd GPG key - name: Add Fluentd GPG key
copy: copy:
src: fluentd.asc src: fluentd.asc
dest: /etc/apt/trusted.gpg.d/fluentd.asc dest: "{{ apt_keyring_dir }}/fluentd.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root
@ -32,7 +32,7 @@
- name: Fluentd sources list is available - name: Fluentd sources list is available
apt_repository: apt_repository:
repo: "deb http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib" repo: "deb [signed-by={{ apt_keyring_dir }}/fluentd.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
filename: treasuredata filename: treasuredata
update_cache: yes update_cache: yes
state: present state: present

View File

@ -0,0 +1,3 @@
---
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -20,7 +20,7 @@
- name: Add Jenkins GPG key - name: Add Jenkins GPG key
copy: copy:
src: jenkins.asc src: jenkins.asc
dest: /etc/apt/trusted.gpg.d/jenkins.asc dest: "{{ apt_keyring_dir }}/jenkins.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -9,3 +9,5 @@ kibana_proxy_nginx: False
kibana_proxy_domain: "kibana.{{ ansible_fqdn }}" kibana_proxy_domain: "kibana.{{ ansible_fqdn }}"
kibana_proxy_ssl_cert: "/etc/ssl/certs/{{ ansible_fqdn }}.crt" kibana_proxy_ssl_cert: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
kibana_proxy_ssl_key: "/etc/ssl/private/{{ ansible_fqdn }}.key" kibana_proxy_ssl_key: "/etc/ssl/private/{{ ansible_fqdn }}.key"
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed - name: Elastic GPG key is installed
copy: copy:
src: elastic.asc src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -7,4 +7,6 @@ logstash_log_rotate_days: 365
logstash_custom_tmpdir: Null logstash_custom_tmpdir: Null
logstash_default_tmpdir: /var/lib/logstash/tmp logstash_default_tmpdir: /var/lib/logstash/tmp
logstash_log_syslog_enabled: True logstash_log_syslog_enabled: True
logstash_config_force: True logstash_config_force: True
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed - name: Elastic GPG key is installed
copy: copy:
src: elastic.asc src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -30,4 +30,4 @@ lxc_php_services:
php80: 'php8.0-fpm.service' php80: 'php8.0-fpm.service'
php81: 'php8.1-fpm.service' php81: 'php8.1-fpm.service'
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -25,7 +25,7 @@
- name: copy pub.evolix.net GPG key - name: copy pub.evolix.net GPG key
copy: copy:
src: reg.asc src: reg.asc
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/reg.asc dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/reg.asc
mode: "0644" mode: "0644"
owner: root owner: root
group: root group: root
@ -33,7 +33,7 @@
- name: copy packages.sury.org GPG Key - name: copy packages.sury.org GPG Key
copy: copy:
src: sury.gpg src: sury.gpg
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/sury.gpg dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg
mode: "0644" mode: "0644"
owner: root owner: root
group: root group: root

View File

@ -25,7 +25,7 @@
- name: copy pub.evolix.net GPG key - name: copy pub.evolix.net GPG key
copy: copy:
src: reg.asc src: reg.asc
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/reg.asc dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/reg.asc
mode: "0644" mode: "0644"
owner: root owner: root
group: root group: root
@ -33,7 +33,7 @@
- name: copy packages.sury.org GPG Key - name: copy packages.sury.org GPG Key
copy: copy:
src: sury.gpg src: sury.gpg
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/sury.gpg dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg
mode: "0644" mode: "0644"
owner: root owner: root
group: root group: root

View File

@ -28,3 +28,5 @@ metricbeat_tags: Null
# metricbeat_fields: # metricbeat_fields:
# - "env: staging" # - "env: staging"
metricbeat_fields: Null metricbeat_fields: Null
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -29,7 +29,7 @@
- name: Elastic GPG key is installed - name: Elastic GPG key is installed
copy: copy:
src: elastic.asc src: elastic.asc
dest: /etc/apt/trusted.gpg.d/elastic.asc dest: "{{ apt_keyring_dir }}/elastic.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -7,4 +7,6 @@ mongodb_bind: 127.0.0.1
# otherwise it can disable important settings, like authorization :/ # otherwise it can disable important settings, like authorization :/
mongodb_force_config: False mongodb_force_config: False
mongodb_version: 4.4 mongodb_version: 4.4
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -21,7 +21,7 @@
- name: Add MongoDB GPG key - name: Add MongoDB GPG key
copy: copy:
src: "server-{{mongodb_version}}.asc" src: "server-{{mongodb_version}}.asc"
dest: "/etc/apt/trusted.gpg.d/mongodb-server-{{mongodb_version}}.asc" dest: "{{ apt_keyring_dir }}/mongodb-server-{{mongodb_version}}.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -15,7 +15,7 @@
- name: Add MongoDB GPG key - name: Add MongoDB GPG key
copy: copy:
src: "server-{{mongodb_version}}.asc" src: "server-{{mongodb_version}}.asc"
dest: "/etc/apt/trusted.gpg.d/mongodb-server-{{mongodb_version}}.asc" dest: "{{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -5,3 +5,5 @@ newrelic_php: False
newrelic_license: "" newrelic_license: ""
newrelic_appname: "" newrelic_appname: ""
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -15,7 +15,7 @@
- name: Add NewRelic GPG key - name: Add NewRelic GPG key
copy: copy:
src: newrelic.asc src: newrelic.asc
dest: /etc/apt/trusted.gpg.d/newrelic.asc dest: "{{ apt_keyring_dir }}/newrelic.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -4,3 +4,5 @@
nodejs_apt_version: 'node_16.x' nodejs_apt_version: 'node_16.x'
nodejs_install_yarn: False nodejs_install_yarn: False
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -32,7 +32,7 @@
- name: NodeJS GPG key is installed - name: NodeJS GPG key is installed
copy: copy:
src: nodesource.asc src: nodesource.asc
dest: /etc/apt/trusted.gpg.d/nodesource.asc dest: "{{ apt_keyring_dir }}/nodesource.asc"
mode: "0644" mode: "0644"
owner: root owner: root
group: root group: root

View File

@ -25,7 +25,7 @@
- name: Yarn GPG key is installed - name: Yarn GPG key is installed
copy: copy:
src: yarn.asc src: yarn.asc
dest: /etc/apt/trusted.gpg.d/yarn.asc dest: "{{ apt_keyring_dir }}/yarn.asc"
mode: "0644" mode: "0644"
owner: root owner: root
group: root group: root

View File

@ -2,3 +2,5 @@
percona__install_xtrabackup: True percona__install_xtrabackup: True
percona__xtrabackup_package_name: percona-xtrabackup-24 percona__xtrabackup_package_name: percona-xtrabackup-24
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -18,7 +18,7 @@
- name: Add Percona GPG key - name: Add Percona GPG key
copy: copy:
src: percona.asc src: percona.asc
dest: /etc/apt/trusted.gpg.d/percona.asc dest: "{{ apt_keyring_dir }}/percona.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root

View File

@ -8,3 +8,5 @@ php_symfony_requirements: False
php_modules_mysqlnd: False php_modules_mysqlnd: False
php_fpm_remove_default_pool: False php_fpm_remove_default_pool: False
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -3,7 +3,7 @@
- name: Setup deb.sury.org repository - Add GPG key - name: Setup deb.sury.org repository - Add GPG key
copy: copy:
src: sury.gpg src: sury.gpg
dest: /etc/apt/trusted.gpg.d/sury.gpg dest: "{{ apt_keyring_dir }}/sury.gpg"
mode: "0644" mode: "0644"
owner: root owner: root
group: root group: root

View File

@ -20,3 +20,5 @@ locales_default: fr_FR.UTF-8
# PostGIS # PostGIS
postgresql_install_postgis: False postgresql_install_postgis: False
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -23,7 +23,7 @@
- name: Add PGDG GPG key - name: Add PGDG GPG key
copy: copy:
src: postgresql.asc src: postgresql.asc
dest: /etc/apt/trusted.gpg.d/postgresql.asc dest: "{{ apt_keyring_dir }}/postgresql.asc"
force: yes force: yes
mode: "0644" mode: "0644"
owner: root owner: root