fix rpm key import

This commit is contained in:
ace 2023-08-10 18:39:24 +03:00
parent 7ac3ecc744
commit 9b0347dc5b
Signed by: ace
GPG Key ID: 2C08973DD37A76FD
2 changed files with 41 additions and 4 deletions

View File

@ -11,7 +11,44 @@
gpgkey: "{{ item.gpgkey | default('omit') }}" gpgkey: "{{ item.gpgkey | default('omit') }}"
loop: "{{ postgres_exporter_rpm_repository }}" loop: "{{ postgres_exporter_rpm_repository }}"
- name: Ensure {{ postgres_exporter_package }} version {{ postgres_exporter_version }} installed - name: Modify crypto policy for RHEL 9 before key import
when:
- ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version'] == '9'
block:
- name: Get policy
shell: update-crypto-policies --show
register: cryptopolicy_before
changed_when: false
- name: Allow SHA1 keys
shell: update-crypto-policies --set {{ cryptopolicy_before.stdout }}:SHA1
when: "'SHA1' not in cryptopolicy_before.stdout"
changed_when: false
- name: Import a key from a url
ansible.builtin.rpm_key:
key: "{{ item.1 | default('omit') }}"
state: present
loop: "{{ postgres_exporter_rpm_repository | subelements('gpgkey') }}"
- name: Modify crypto policy for RHEL 9 after key import
when:
- ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version'] == '9'
block:
- name: Get policy
shell: update-crypto-policies --show
register: cryptopolicy_after
changed_when: false
- name: Rollback policy after key import
shell: update-crypto-policies --set {{ cryptopolicy_before.stdout }}
when:
- cryptopolicy_before.stdout != cryptopolicy_after.stdout
changed_when: false
- name: Ensure {{ postgres_exporter_package_name }} version {{ postgres_exporter_version }} installed
dnf: dnf:
name: "{{ postgres_exporter_package }}" name: "{{ postgres_exporter_package }}"
state: present state: present

View File

@ -5,9 +5,9 @@ postgres_exporter_rpm_repository:
baseurl: "https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch" baseurl: "https://packagecloud.io/prometheus-rpm/release/el/$releasever/$basearch"
repo_gpgcheck: yes repo_gpgcheck: yes
gpgcheck: yes gpgcheck: yes
gpgkey: >- gpgkey:
https://packagecloud.io/prometheus-rpm/release/gpgkey - https://packagecloud.io/prometheus-rpm/release/gpgkey
https://raw.githubusercontent.com/lest/prometheus-rpm/master/RPM-GPG-KEY-prometheus-rpm - https://raw.githubusercontent.com/lest/prometheus-rpm/master/RPM-GPG-KEY-prometheus-rpm
postgres_exporter_package_name: "postgres_exporter" postgres_exporter_package_name: "postgres_exporter"
postgres_exporter_package: "{{ postgres_exporter_package_name }}-{{ postgres_exporter_version }}" postgres_exporter_package: "{{ postgres_exporter_package_name }}-{{ postgres_exporter_version }}"