ansible-roles/postgresql/tasks/pgdg-repo.yml

48 lines
1.2 KiB
YAML

---
- name: Open firewall for PGDG repository
replace:
name: /etc/default/minifirewall
regexp: "^(HTTPSITES='((?!apt\\.postgresql\\.org|0\\.0\\.0\\.0).)*)'$"
replace: "\\1 apt.postgresql.org'"
notify: Restart minifirewall
- meta: flush_handlers
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: PGDG embedded GPG key is absent
apt_key:
id: "ACCC4CF8"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add PGDG GPG key
copy:
src: postgresql.asc
dest: "{{ apt_keyring_dir }}/postgresql.asc"
force: yes
mode: "0644"
owner: root
group: root
- name: Add PGDG repository
apt_repository:
repo: "deb [signed-by={{ apt_keyring_dir }}/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
update_cache: yes
- name: Remove unsigned PGDG repository
apt_repository:
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
update_cache: yes
state: absent
- name: Add APT preference file
template:
src: postgresql.pref.j2
dest: /etc/apt/preferences.d/postgresql.pref
mode: "0644"