--- - name: Install prometheus repository ansible.builtin.yum_repository: name: "{{ item.name }}" description: "{{ item.description }}" file: "{{ item.file }}" baseurl: "{{ item.baseurl }}" gpgcheck: "{{ item.gpgcheck | default('no') }}" enabled: "{{ item.enabled | default('yes') }}" repo_gpgcheck: "{{ item.repo_gpgcheck | default('no') }}" gpgkey: "{{ item.gpgkey | default('omit') }}" loop: "{{ postgres_exporter_rpm_repository }}" - name: Modify crypto policy for RHEL 9 before key import when: - ansible_facts['os_family'] == 'RedHat' - ansible_facts['distribution_major_version'] == '9' block: - name: Get policy shell: update-crypto-policies --show register: cryptopolicy_before changed_when: false - name: Allow SHA1 keys shell: update-crypto-policies --set {{ cryptopolicy_before.stdout }}:SHA1 when: "'SHA1' not in cryptopolicy_before.stdout" changed_when: false - name: Import a key from a url ansible.builtin.rpm_key: key: "{{ item.1 | default('omit') }}" state: present loop: "{{ postgres_exporter_rpm_repository | subelements('gpgkey') }}" - name: Modify crypto policy for RHEL 9 after key import when: - ansible_facts['os_family'] == 'RedHat' - ansible_facts['distribution_major_version'] == '9' block: - name: Get policy shell: update-crypto-policies --show register: cryptopolicy_after changed_when: false - name: Rollback policy after key import shell: update-crypto-policies --set {{ cryptopolicy_before.stdout }} when: - cryptopolicy_before.stdout != cryptopolicy_after.stdout changed_when: false - name: Ensure {{ postgres_exporter_package_name }} version {{ postgres_exporter_version }} installed dnf: name: "{{ postgres_exporter_package }}" state: present - name: Enable and start {{ postgres_exporter_unit_name }} systemd: name: "{{ postgres_exporter_unit_name }}" state: started enabled: yes masked: no daemon_reload: yes