Manage apt repositores and keys using deb822_repository module
The apt-key module is deprecated so the code is refactored to allow any of the deb822_repository features to used instead. Change-Id: I968826fec65272e6a978d86c2d97425c8ccfc80c
This commit is contained in:
Dmitriy Rabotyagov
parent
9c4ff72a6c
commit
a5df30bd04
62
files/gpg/0EBFCD88
Normal file
62
files/gpg/0EBFCD88
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
|
||||||
|
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
|
||||||
|
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
|
||||||
|
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
|
||||||
|
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
|
||||||
|
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
|
||||||
|
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
|
||||||
|
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
|
||||||
|
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
|
||||||
|
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
|
||||||
|
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
|
||||||
|
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
|
||||||
|
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
|
||||||
|
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
|
||||||
|
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
|
||||||
|
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
|
||||||
|
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
|
||||||
|
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
|
||||||
|
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
|
||||||
|
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
|
||||||
|
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
|
||||||
|
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
|
||||||
|
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
|
||||||
|
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
|
||||||
|
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
|
||||||
|
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
|
||||||
|
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
|
||||||
|
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
|
||||||
|
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
|
||||||
|
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
|
||||||
|
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
|
||||||
|
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
|
||||||
|
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
|
||||||
|
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
|
||||||
|
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
|
||||||
|
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
|
||||||
|
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
|
||||||
|
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
|
||||||
|
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
|
||||||
|
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
|
||||||
|
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
|
||||||
|
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
|
||||||
|
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
|
||||||
|
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
|
||||||
|
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
|
||||||
|
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
|
||||||
|
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
|
||||||
|
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
|
||||||
|
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
|
||||||
|
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
|
||||||
|
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
|
||||||
|
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
|
||||||
|
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
|
||||||
|
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
|
||||||
|
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
|
||||||
|
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
|
||||||
|
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
|
||||||
|
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
|
||||||
|
=0YYh
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
@ -32,32 +32,55 @@
|
|||||||
version: "{{ zun_containerd_package_version }}"
|
version: "{{ zun_containerd_package_version }}"
|
||||||
priority: 1000
|
priority: 1000
|
||||||
|
|
||||||
- name: Get apt gpg key
|
- name: Validate repo config is deb822 format
|
||||||
get_url:
|
vars:
|
||||||
url: "{{ item.gpg_uri }}"
|
_repo_check: "{{ zun_docker_repo | selectattr('repo', 'defined') | map(attribute='repo') }}"
|
||||||
dest: "/tmp/{{ item.name }}"
|
ansible.builtin.assert:
|
||||||
mode: "0440"
|
that: _repo_check | length == 0
|
||||||
with_items: "{{ zun_docker_repo }}"
|
fail_msg: "The following repository definitions must be updated to deb822 format {{ _repo_check }}"
|
||||||
|
|
||||||
- name: Add Apt signing key on remote server to keyring
|
# NOTE(jrosser) remove this task for the 2025.2 release
|
||||||
apt_key:
|
- name: Clean up legacy repository config not in deb822 format
|
||||||
file: "/tmp/{{ item.name }}"
|
file:
|
||||||
state: present
|
path: "/etc/apt/sources.list.d/docker-ce.list"
|
||||||
with_items: "{{ zun_docker_repo }}"
|
state: absent
|
||||||
|
register: _cleanup_apt_repositories
|
||||||
|
|
||||||
- name: Add apt repository
|
- name: Ensure python3-debian package is available
|
||||||
apt_repository:
|
apt:
|
||||||
repo: "{{ item.repo }}"
|
name: python3-debian
|
||||||
state: present
|
|
||||||
filename: "{{ item.name }}"
|
- name: Manage apt repositories
|
||||||
update_cache: no
|
ansible.builtin.deb822_repository:
|
||||||
|
allow_downgrade_to_insecure: "{{ item.allow_downgrade_to_insecure | default(omit) }}"
|
||||||
|
allow_insecure: "{{ item.allow_insecure | default(omit) }}"
|
||||||
|
allow_weak: "{{ item.allow_weak | default(omit) }}"
|
||||||
|
architectures: "{{ item.architectures | default(omit) }}"
|
||||||
|
by_hash: "{{ item.by_hash | default(omit) }}"
|
||||||
|
check_date: "{{ item.check_date | default(omit) }}"
|
||||||
|
check_valid_until: "{{ item.check_valid_until | default(omit) }}"
|
||||||
|
components: "{{ item.components | default(omit) }}"
|
||||||
|
date_max_future: "{{ item.date_max_future | default(omit) }}"
|
||||||
|
enabled: "{{ item.enabled | default(omit) }}"
|
||||||
|
inrelease_path: "{{ item.inrelease_path | default(omit) }}"
|
||||||
|
languages: "{{ item.languages | default(omit) }}"
|
||||||
|
mode: "{{ item.mode | default(omit) }}"
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
pdiffs: "{{ item.pdiffs | default(omit) }}"
|
||||||
|
signed_by: "{{ item.signed_by | default(omit) }}"
|
||||||
|
state: "{{ item.state | default(omit) }}"
|
||||||
|
suites: "{{ item.suites | default(omit) }}"
|
||||||
|
targets: "{{ item.targets | default(omit) }}"
|
||||||
|
trusted: "{{ item.trusted | default(omit) }}"
|
||||||
|
types: "{{ item.types | default(omit) }}"
|
||||||
|
uris: "{{ item.uris | default(omit) }}"
|
||||||
with_items: "{{ zun_docker_repo }}"
|
with_items: "{{ zun_docker_repo }}"
|
||||||
register: add_nv_repos
|
register: add_nv_repos
|
||||||
|
|
||||||
- name: Update Apt cache
|
- name: Update Apt cache
|
||||||
apt:
|
apt:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
when: add_nv_repos is changed
|
when: (add_nv_repos is changed) or (_cleanup_apt_repositories is changed)
|
||||||
register: update_apt_cache
|
register: update_apt_cache
|
||||||
until: update_apt_cache is success
|
until: update_apt_cache is success
|
||||||
retries: 5
|
retries: 5
|
||||||
|
|||||||
@ -16,12 +16,21 @@
|
|||||||
_zun_docker_package_version: "5:20.10.24~*"
|
_zun_docker_package_version: "5:20.10.24~*"
|
||||||
_zun_containerd_package_version: "1.6.20-1"
|
_zun_containerd_package_version: "1.6.20-1"
|
||||||
|
|
||||||
|
_zun_architecture_mapping:
|
||||||
|
x86_64: amd64
|
||||||
|
ppc64le: ppc64el
|
||||||
|
s390x: s390x
|
||||||
|
armv7l: armhf
|
||||||
|
aarch64: arm64
|
||||||
|
|
||||||
zun_docker_repo:
|
zun_docker_repo:
|
||||||
- name: "docker-ce"
|
- name: "docker-ce"
|
||||||
repo: >-
|
suites: "{{ ansible_facts['distribution_release'] | lower }}"
|
||||||
deb [arch=amd64] https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }} {{
|
uris: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}"
|
||||||
ansible_facts['distribution_release'] | lower }} stable
|
signed_by: "{{ lookup('file', 'gpg/0EBFCD88') }}"
|
||||||
gpg_uri: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg"
|
components: stable
|
||||||
|
architectures: "{{ _zun_architecture_mapping.get(ansible_facts['architecture']) }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
# Common apt packages
|
# Common apt packages
|
||||||
zun_distro_packages:
|
zun_distro_packages:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user