Allow non-url Elastic gpg key specification
It is currently the case that the elastic GPG key must be specified as a remote URL within the elastic_repositories role. This causes issues in the case that remote URLs specifying the GPG key are inaccessible due to e.g. firewalls at deploy time. In analogy to Change-ID I7ac1a5e3a05aa3d0b4fae86c4a325ef147a9a528, this commit allows the GPG key to be provided not only via a remote URL, but also in-data or through a file by allowing the full range of apt_key input types (url, file, data etc) to be provided. The default behaviour is changed to use the vendor key in the role files. Change-Id: Ic48db01029c4b94845ccacfba7440b13a59ab873
This commit is contained in:
parent
80e8bedcf0
commit
b875cc30b1
@ -23,4 +23,9 @@ elastic_repo_distro_packages: []
|
|||||||
# elastic_apt_repo:
|
# elastic_apt_repo:
|
||||||
# repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
|
# repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
|
||||||
# state: "{{ ((elk_package_state | default('present')) == 'absent') | ternary('absent', 'present') }}"
|
# state: "{{ ((elk_package_state | default('present')) == 'absent') | ternary('absent', 'present') }}"
|
||||||
# key_url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
|
|
||||||
|
# This should be a list of dicts, with each dict
|
||||||
|
# giving a set of arguments to the applicable
|
||||||
|
# package module. Defaults to the remote url
|
||||||
|
# https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||||||
|
elastic_gpg_keys: "{{ _elastic_gpg_keys | default([]) }}"
|
||||||
|
@ -0,0 +1,31 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2.0.14 (GNU/Linux)
|
||||||
|
|
||||||
|
mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBD
|
||||||
|
A+bGFOwyhbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9
|
||||||
|
CUliQe324qvObU2QRtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZ
|
||||||
|
j3SF1SPO+TB5QrHkrQHBsmX+Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd
|
||||||
|
1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD
|
||||||
|
2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEBAAG0RUVsYXN0aWNzZWFyY2gg
|
||||||
|
KEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3BzQGVsYXN0aWNzZWFy
|
||||||
|
Y2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
|
||||||
|
F4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
|
||||||
|
nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/
|
||||||
|
7C2GuGCOlbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKm
|
||||||
|
TxcDTFrV7SmVPxCBcQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe
|
||||||
|
8d7sw+XvxB2aN4gnTlRzjL1nTRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/
|
||||||
|
eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUl
|
||||||
|
zcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNMKGTABFG1yRx9r+wa/fvqP6OT
|
||||||
|
RzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hplnpU+PBQZJ5XJ2I+
|
||||||
|
1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA07xx7Bj+
|
||||||
|
Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
|
||||||
|
KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0Kww
|
||||||
|
EwSk/UDuToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0
|
||||||
|
c3MIAIE9hAR20mqJWLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12J
|
||||||
|
TavnJ5MLaETlggXY+zDef9syTPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j
|
||||||
|
6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZEyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7
|
||||||
|
vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWgR7U2r+a210W6vnUxU4oN0PmM
|
||||||
|
cursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNtfllxIu9XYmiBERQ/
|
||||||
|
qPDlGRlOgVTd9xUfHFkzB52c70E=
|
||||||
|
=92oX
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
@ -13,13 +13,21 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: add Elastic search public GPG key
|
- name: If a keyfile is provided, copy the gpg keyfile to the key location
|
||||||
apt_key:
|
copy:
|
||||||
url: "{{ elastic_repo.key_url }}"
|
src: "gpg/{{ item.id }}"
|
||||||
state: "present"
|
dest: "{{ item.file }}"
|
||||||
register: _apt_task
|
mode: '0644'
|
||||||
until: _apt_task is success
|
with_items: "{{ elastic_gpg_keys | selectattr('file','defined') | list }}"
|
||||||
retries: 3
|
|
||||||
|
- name: Install Elastic gpg keys
|
||||||
|
apt_key: "{{ key }}"
|
||||||
|
with_items: "{{ elastic_gpg_keys }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: key
|
||||||
|
register: _add_apt_keys
|
||||||
|
until: _add_apt_keys is success
|
||||||
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
tags:
|
tags:
|
||||||
- package_install
|
- package_install
|
||||||
|
@ -20,6 +20,9 @@ elastic_repo_distro_packages:
|
|||||||
_elastic_repo:
|
_elastic_repo:
|
||||||
repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
|
repo: 'deb https://artifacts.elastic.co/packages/7.x/apt stable main'
|
||||||
state: "{{ ((elk_package_state | default('present')) == 'absent') | ternary('absent', 'present') }}"
|
state: "{{ ((elk_package_state | default('present')) == 'absent') | ternary('absent', 'present') }}"
|
||||||
key_url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
|
|
||||||
|
|
||||||
elastic_repo: "{{ elastic_apt_repo | default(_elastic_repo) }}"
|
elastic_repo: "{{ elastic_apt_repo | default(_elastic_repo) }}"
|
||||||
|
|
||||||
|
_elastic_gpg_keys:
|
||||||
|
- id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
|
||||||
|
file: /etc/ssl/elastic-key
|
||||||
|
Loading…
Reference in New Issue
Block a user