postgres-exporter/tasks/RedHat.yaml

63 lines
2.0 KiB
YAML
Raw Normal View History

2023-08-10 14:14:07 +00:00
---
- name: Install prometheus repository
ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
file: "{{ item.file }}"
baseurl: "{{ item.baseurl }}"
gpgcheck: "{{ item.gpgcheck | default('no') }}"
enabled: "{{ item.enabled | default('yes') }}"
repo_gpgcheck: "{{ item.repo_gpgcheck | default('no') }}"
2023-08-11 09:56:24 +00:00
gpgkey: "{{ item.gpgkey | default(omit) }}"
2023-08-10 14:14:07 +00:00
loop: "{{ postgres_exporter_rpm_repository }}"
2023-08-10 15:39:24 +00:00
- name: Modify crypto policy for RHEL 9 before key import
when:
- ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version'] == '9'
block:
- name: Get policy
shell: update-crypto-policies --show
register: cryptopolicy_before
changed_when: false
- name: Allow SHA1 keys
shell: update-crypto-policies --set {{ cryptopolicy_before.stdout }}:SHA1
when: "'SHA1' not in cryptopolicy_before.stdout"
changed_when: false
- name: Import a key from a url
ansible.builtin.rpm_key:
key: "{{ item.1 | default('omit') }}"
state: present
loop: "{{ postgres_exporter_rpm_repository | subelements('gpgkey') }}"
- name: Modify crypto policy for RHEL 9 after key import
when:
- ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version'] == '9'
block:
- name: Get policy
shell: update-crypto-policies --show
register: cryptopolicy_after
changed_when: false
- name: Rollback policy after key import
shell: update-crypto-policies --set {{ cryptopolicy_before.stdout }}
when:
- cryptopolicy_before.stdout != cryptopolicy_after.stdout
changed_when: false
- name: Ensure {{ postgres_exporter_package_name }} version {{ postgres_exporter_version }} installed
2023-08-10 14:14:07 +00:00
dnf:
name: "{{ postgres_exporter_package }}"
state: present
- name: Enable and start {{ postgres_exporter_unit_name }}
systemd:
name: "{{ postgres_exporter_unit_name }}"
state: started
enabled: yes
masked: no
daemon_reload: yes