Manage apt repositores and keys using deb822_repository module
The apt-key module is deprecated so the code is refactored to allow any of the deb822_repository features to used instead. Change-Id: I1363c6d46e5fc6aad3887b0d6c0c439034026ee2
This commit is contained in:
parent
c4137b3169
commit
e01b9194b4
14
releasenotes/galera_repo_deb822-fc1aa6b88ee33b57.yaml
Normal file
14
releasenotes/galera_repo_deb822-fc1aa6b88ee33b57.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The apt repository setup for the galera_server role is migrated to use
|
||||||
|
the deb822_repository ansible module rather than the legacy apt_key and
|
||||||
|
apt_repository modules. The format of the `galera_repo` role default
|
||||||
|
variable is changed to match the requirements of the new module, and
|
||||||
|
is now a list to allow multiple repositories to be configured if required.
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The configuration of apt repositories for the galera_server role through
|
||||||
|
the `galera_repo` variable is changed to match the deb822_repository
|
||||||
|
ansible module. Any deployments that customise the galera_server repository
|
||||||
|
configuration should adjust their `galera_repo` override to suit.
|
@ -13,57 +13,68 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Validate repo config is deb822 format
|
||||||
|
vars:
|
||||||
|
_repo_check: "{{ galera_repo | selectattr('repo', 'defined') | map(attribute='repo') }}"
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that: _repo_check | length == 0
|
||||||
|
fail_msg: "The following repository definitions must be updated to deb822 format {{ _repo_check }}"
|
||||||
|
|
||||||
- name: Remove conflicting distro packages
|
- name: Remove conflicting distro packages
|
||||||
package:
|
package:
|
||||||
name: "{{ galera_mariadb_distro_packages_remove | default([]) }}"
|
name: "{{ galera_mariadb_distro_packages_remove | default([]) }}"
|
||||||
state: absent
|
state: absent
|
||||||
when: galera_install_method == 'external_repo'
|
when: galera_install_method == 'external_repo'
|
||||||
|
|
||||||
- name: Configure repositories for MariaDB installation
|
# NOTE(jrosser) remove this task for the 2025.2 release
|
||||||
when:
|
- name: Clean up legacy repository config not in deb822 format
|
||||||
- galera_install_method == 'external_repo'
|
vars:
|
||||||
- galera_repo
|
galera_apt_repo_cleanup:
|
||||||
block:
|
- MariaDB.list
|
||||||
- name: If a keyfile is provided, copy the gpg keyfile to the key location
|
file:
|
||||||
copy:
|
path: "/etc/apt/sources.list.d/{{ item }}"
|
||||||
src: "gpg/{{ item.id }}"
|
state: absent
|
||||||
dest: "{{ item.file }}"
|
with_items: "{{ galera_apt_repo_cleanup }}"
|
||||||
mode: '0644'
|
register: apt_repo_removed
|
||||||
with_items: "{{ galera_gpg_keys | selectattr('file', 'defined') | list }}"
|
|
||||||
|
|
||||||
- name: Install gpg keys
|
- name: Ensure python3-debian package is available
|
||||||
apt_key:
|
apt:
|
||||||
data: "{{ key['data'] | default(omit) }}"
|
name: python3-debian
|
||||||
file: "{{ key['file'] | default(omit) }}"
|
|
||||||
id: "{{ key['id'] | default(omit) }}"
|
|
||||||
state: "{{ key['state'] | default(omit) }}"
|
|
||||||
url: "{{ key['url'] | default(omit) }}"
|
|
||||||
validate_certs: "{{ key['validate_certs'] | default(omit) }}"
|
|
||||||
with_items: "{{ galera_gpg_keys }}"
|
|
||||||
loop_control:
|
|
||||||
loop_var: key
|
|
||||||
register: _add_apt_keys
|
|
||||||
until: _add_apt_keys is success
|
|
||||||
retries: 5
|
|
||||||
delay: 2
|
|
||||||
|
|
||||||
- name: Remove old repos
|
- name: Manage apt repositories
|
||||||
lineinfile:
|
vars:
|
||||||
dest: "/etc/apt/sources.list.d/{{ item.name }}.list"
|
_a: "{{ item.architectures }}"
|
||||||
regexp: "^((?!{{ item.repo }}).*)$"
|
_architecture_fixup: "{{ ((_a | d([])) is iterable and (_a | d([])) is not string) | ternary(_a, [_a]) | map('replace', 'x86_64', 'amd64') }}"
|
||||||
state: absent
|
ansible.builtin.deb822_repository:
|
||||||
with_items:
|
allow_downgrade_to_insecure: "{{ item.allow_downgrade_to_insecure | default(omit) }}"
|
||||||
- { name: "MariaDB", repo: "{{ galera_repo.repo }}" }
|
allow_insecure: "{{ item.allow_insecure | default(omit) }}"
|
||||||
when: galera_repo.repo is defined
|
allow_weak: "{{ item.allow_weak | default(omit) }}"
|
||||||
|
architectures: "{{ (_architecture_fixup | length > 0) | ternary(_architecture_fixup, omit) }}"
|
||||||
|
by_hash: "{{ item.by_hash | default(omit) }}"
|
||||||
|
check_date: "{{ item.check_date | default(omit) }}"
|
||||||
|
check_valid_until: "{{ item.check_valid_until | default(omit) }}"
|
||||||
|
components: "{{ item.components | default(omit) }}"
|
||||||
|
date_max_future: "{{ item.date_max_future | default(omit) }}"
|
||||||
|
enabled: "{{ item.enabled | default(omit) }}"
|
||||||
|
inrelease_path: "{{ item.inrelease_path | default(omit) }}"
|
||||||
|
languages: "{{ item.languages | default(omit) }}"
|
||||||
|
mode: "{{ item.mode | default(omit) }}"
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
pdiffs: "{{ item.pdiffs | default(omit) }}"
|
||||||
|
signed_by: "{{ item.signed_by | default(omit) }}"
|
||||||
|
state: "{{ item.state | default(omit) }}"
|
||||||
|
suites: "{{ item.suites | default(omit) }}"
|
||||||
|
targets: "{{ item.targets | default(omit) }}"
|
||||||
|
trusted: "{{ item.trusted | default(omit) }}"
|
||||||
|
types: "{{ item.types | default(omit) }}"
|
||||||
|
uris: "{{ item.uris | default(omit) }}"
|
||||||
|
with_items: "{{ galera_repo }}"
|
||||||
|
register: deb822_repos
|
||||||
|
|
||||||
- name: Add galera repo
|
- name: Update apt repositories when config is changed
|
||||||
apt_repository:
|
apt:
|
||||||
repo: "{{ galera_repo.repo }}"
|
update_cache: yes
|
||||||
filename: "{{ galera_repo.filename | default(omit) }}"
|
when: (apt_repo_removed is changed) or (deb822_repos is changed)
|
||||||
state: "{{ galera_repo.state }}"
|
|
||||||
update_cache: yes
|
|
||||||
register: add_galera_repo
|
|
||||||
when: galera_repo.repo is defined
|
|
||||||
|
|
||||||
- name: Preseed galera password(s)
|
- name: Preseed galera password(s)
|
||||||
debconf:
|
debconf:
|
||||||
|
@ -19,12 +19,6 @@ cache_timeout: 600
|
|||||||
# Default private device setting
|
# Default private device setting
|
||||||
_galera_disable_privatedevices: yes
|
_galera_disable_privatedevices: yes
|
||||||
|
|
||||||
# Galera GPG Keys
|
|
||||||
_galera_gpg_keys:
|
|
||||||
# MariaDB Signing Key <signing-key@mariadb.org>
|
|
||||||
- id: C74CD1D8
|
|
||||||
file: /etc/ssl/mariadb-key
|
|
||||||
|
|
||||||
galera_server_required_distro_packages:
|
galera_server_required_distro_packages:
|
||||||
- apt-transport-https
|
- apt-transport-https
|
||||||
- debconf-utils
|
- debconf-utils
|
||||||
@ -78,9 +72,13 @@ _galera_repo_url: >-
|
|||||||
http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_major_version }}.{{ galera_minor_version }}/repo/{{ ansible_facts['distribution'] | lower }}
|
http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_major_version }}.{{ galera_minor_version }}/repo/{{ ansible_facts['distribution'] | lower }}
|
||||||
|
|
||||||
_galera_repo:
|
_galera_repo:
|
||||||
repo: "deb {{ galera_repo_url }} {{ ansible_facts['distribution_release'] }} main"
|
- name: "MariaDB"
|
||||||
state: "present"
|
suites: "{{ ansible_facts['distribution_release'] | lower }}"
|
||||||
filename: "MariaDB"
|
uris: "{{ galera_repo_url }}"
|
||||||
|
signed_by: "{{ lookup('file', 'gpg/C74CD1D8') }}"
|
||||||
|
components: main
|
||||||
|
architectures: "{{ ansible_facts['architecture'] }}"
|
||||||
|
state: "{{ (galera_install_method == 'external_repo') | ternary('present', 'absent') }}"
|
||||||
|
|
||||||
galera_wsrep_provider: "/usr/lib/galera/libgalera_smm.so"
|
galera_wsrep_provider: "/usr/lib/galera/libgalera_smm.so"
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user