af30c978bd
Allow deployers to specificy a remote URL to download apt signing
keys from.
Example:
galera_client_gpg_keys:
- key_name: 'mariadb'
url: "https://some.webserver.com/mariadb.gpg"
fallback_url: "https://other.webserver.com/mariadb.gpg"
hash_id: '0xcbcb082a1bb943db'
- key_name: 'percona-xtrabackup'
keyserver: 'hkp://keyserver.ubuntu.com:80'
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
hash_id: '0x1c4cbdcdcd2efd2a'
Change-Id: I781cb8f5744c4e1e8e728a8ad308d135d2e5922c
78 lines
2.2 KiB
YAML
78 lines
2.2 KiB
YAML
---
|
|
# Copyright 2015, Serge van Ginderachter <serge@vanginderachter.be>
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Remove revoked ceph apt-keys
|
|
apt_key:
|
|
id: "{{ item }}"
|
|
state: "absent"
|
|
register: revoke_keys
|
|
with_items: ceph_revoked_gpg_keys
|
|
tags:
|
|
- ceph-apt-keys
|
|
|
|
- name: Add ceph apt-keys
|
|
apt_key:
|
|
id: "{{ item.hash_id }}"
|
|
keyserver: "{{ item.keyserver | default(omit) }}"
|
|
data: "{{ item.data | default(omit) }}"
|
|
url: "{{ item.url | default(omit) }}"
|
|
state: "present"
|
|
register: add_keys
|
|
until: add_keys|success
|
|
ignore_errors: True
|
|
retries: 5
|
|
delay: 2
|
|
with_items: ceph_gpg_keys
|
|
tags:
|
|
- ceph-apt-keys
|
|
|
|
- name: Add ceph apt-keys using fallback keyserver
|
|
apt_key:
|
|
id: "{{ item.hash_id }}"
|
|
keyserver: "{{ item.fallback_keyserver | default(omit) }}"
|
|
url: "{{ item.fallback_url | default(omit) }}"
|
|
state: "present"
|
|
register: add_keys_fallback
|
|
until: add_keys_fallback|success
|
|
retries: 5
|
|
delay: 2
|
|
with_items: ceph_gpg_keys
|
|
when: add_keys|failed and (item.fallback_keyserver is defined or item.fallback_url is defined)
|
|
tags:
|
|
- ceph-apt-keys
|
|
|
|
- name: Add ceph repo(s)
|
|
apt_repository:
|
|
repo: "{{ ceph_apt_repo.repo }}"
|
|
state: "{{ ceph_apt_repo.state }}"
|
|
register: add_repos
|
|
until: add_repos|success
|
|
retries: 5
|
|
delay: 2
|
|
tags:
|
|
- ceph-repos
|
|
|
|
# This is being added specifically for when a key is revoked, but should apply
|
|
# to other tasks also. The cache needs updating after changing keys but
|
|
# ceph_install.yml (where packages get installed) only does so if cache > 600
|
|
# seconds.
|
|
- name: Update apt cache
|
|
apt:
|
|
update_cache: yes
|
|
when: revoke_keys|changed or add_keys|changed or add_keys_fallback|changed or add_repos|changed
|
|
tags:
|
|
- ceph-apt-keys
|
|
- ceph-repos
|