Use in-repo GPG keys
We make remote network hits to get the GPG keys which are quite unreliable, and apt_key does not support using a proxy properly [1] so let's store them inside the role and use them. The implementation here matches that which was done in the galera_client role in I520ccbadf3320b0d07fc83e3dbec9ea2bd16ec83 [1] https://github.com/ansible/ansible/issues/31691 Change-Id: I2715c904975b7940af72bd422904e748d3bae953
This commit is contained in:
Jesse Pretorius
Jesse Pretorius (odyssey4me)
parent
54a54babf2
commit
83affc627f
@ -51,6 +51,15 @@ rabbitmq_release_version: "{{ _rabbitmq_release_version }}"
|
||||
rabbitmq_package_sha256: "{{ _rabbitmq_package_sha256 }}"
|
||||
rabbitmq_package_path: "{{ _rabbitmq_package_path }}"
|
||||
|
||||
# Set the gpg keys needed to be imported
|
||||
# This should be a list of dicts, with each dict
|
||||
# giving a set of arguments to the applicable
|
||||
# package module. The following is an example for
|
||||
# systems using the apt package manager.
|
||||
# rabbitmq_gpg_keys:
|
||||
# - id: '0xC2E73424D59097AB'
|
||||
# keyserver: 'hkp://keyserver.ubuntu.com:80'
|
||||
# validate_certs: no
|
||||
rabbitmq_gpg_keys: "{{ _rabbitmq_gpg_keys | default([]) }}"
|
||||
|
||||
# Set the URL for the RabbitMQ repository
|
||||
|
||||
65
files/gpg/4D206F89
Normal file
65
files/gpg/4D206F89
Normal file
@ -0,0 +1,65 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.11 (GNU/Linux)
|
||||
|
||||
mQINBFu7jVkBEADBO7bMOw3KxZG5rJGpyZ/eUegI3qSvt1NtPqTp91oiCOAU4w3C
|
||||
PorCUnMQt/GMMZImlUSlvcd9aIfBaNFXSYWOiKNoKNsJSs790dpXeEScg82M8r+i
|
||||
VZUYh9lrwePtV9mU8jiVLwX0DzEfpuazPdAZY7UaKG/tJGErDYclNs+i7TcbQAca
|
||||
TT39uCM811L488OngXn2lepKUFgbEJ94dWDF8KuO8us0zP2ylTBGavDPo8m5DpaT
|
||||
ZU9t0Emwc8nsr+DAUA9E3/fY77jXITDJdhw3LK9CvLkXwlxLccMuZhaaj1L7izhZ
|
||||
1tH+kusFG0QVaZveG+MrIFPy9kgLIZ8/2HI83ZSjevu4h6Sq2qtl8hMWtPZuw8MN
|
||||
GrzgWRkuRxzZ0LMQG6uvXR1y/yy2eMcIthvyMAoUs1luuUqQKKzNkX+8FaSXikcb
|
||||
oRyjXUWLbE2MdWewsb+YO9i4dqO2KZcF4ryUIA85suHVqRYlRy1/HCB1jyMTGZC7
|
||||
LEnW+S8YRMiMifP2xTXduyrBQil4r8NqRT+G8GsE3p6RbVormIlwB3Kx6TIcPYP/
|
||||
ErOnL23TdMtYeIQnkctV67o6zxTz/9JNW1DL+YVbx2B4YOrDbiW+OvU74BKNU9lD
|
||||
zeBUdGa31SBL7nF9iEQ1FBVc+/HEbxKA7Zd/6tDBS+/iU+USbTrSgrN+RQARAQAB
|
||||
tHVodHRwczovL3BhY2thZ2VjbG91ZC5pby9yYWJiaXRtcS9yYWJiaXRtcS1zZXJ2
|
||||
ZXIgKGh0dHBzOi8vcGFja2FnZWNsb3VkLmlvL2RvY3MjZ3BnX3NpZ25pbmcpIDxz
|
||||
dXBwb3J0QHBhY2thZ2VjbG91ZC5pbz6JAjgEEwECACIFAlu7jVkCGy8GCwkIBwMC
|
||||
BhUIAgkKCwQWAgMBAh4BAheAAAoJEPTniSBNIG+JASgP/3Rc3A1OWDvbcAt1TRfT
|
||||
fHT7kniepAc76o/kBd2WJ5aT3wp634SWXS6+/fl8u/mz6FIYE14k6tmMlFW7i7IO
|
||||
8WY1BADBKUDvcbZ8eAVa5hx2wQesMrKrhnO/c+YRkqM4/008Pa2QkACzUDh4c0qD
|
||||
f/ZLD/BuBnfVDwGcYQbZwzKiCwRIxLXHyhD4KriQCdrDce/SlJhVoCnngIc+sEeY
|
||||
/R9VmORo3Lh5TRs5ivTZCB8eWXezudXTQq5oyXsu2gs4EyNsRnUD0bFx7aRsuFZS
|
||||
vu56wUgvlSo7C+ZJ8wYIcjYzap7ezOPbGbMH2E7IZ9BXEMV/85sQjK875VWeoLAr
|
||||
okzy9ydDzChgaBn92/0k1bbQyLIVCxIStGPQHCM8XbBhciSwlzXrH70QB4KlEbQN
|
||||
Kt0CpNznF50gR3gWzenO+j6NEENmMcyvKrZwjbdOKJ5sjeLBoLZTIpGqrwctz97r
|
||||
6BhCd5SZ5uqUo1twO+cwkDK/z5k5S8GNoHbejuidiFbd+FNSRx6CNDdoYI8DsyDj
|
||||
1cTGFdPHYTNPraIIYV2f1mYFXUWG28OSwkxH2vVqZhyMKtFDv23Qwng+sQaTPkSd
|
||||
KyolYNxH6HW+rynJkZDZ+Mr0zNSjQu7+WYT2d98E/JIZKW6Wonr6TPYhjrIUHOVq
|
||||
hiqfhAf2EmsI539P9SJneiSvuQINBFu7jVkBEADIrsPaPST3/NGiwCss6pducMmk
|
||||
FiC9R8O+vRTpBz1gJkEzEhHani28fJNWuhYHWCDAIoUuprvgbnM3+EtrzVATPy7u
|
||||
FD1fB0bxEVy2Bvsa2PQ5Z0Wz24OftzXCYUAp2IhOjdK3wNzTLd4o14vnQCcplGD7
|
||||
/5uVvY0bQ4Ejpo/pYxQQhQqHrLZzP2t/O6nxtOVkosxGE9ozsjIuNAttNYhBSvS6
|
||||
C4Skp0ycIPjAybvxRCOFshiAjiwwSslZOCNiPpuXjfRqndlhDyZGpRyzH02x7myj
|
||||
/gga551qym3j+LswUYId/ayVZZn7ZqtCQPQkU2tMpjxatFbqT6469UdbEqjbq5hH
|
||||
MylQVXp1gf7VHmgYa+wzjO+ZZC/Bdp3SPc3NmHJXGDIzUrp8e2tc7oF1E4BBCxX0
|
||||
Lu+GbgARsQIsbaY3BSJTIJErtltzK8YIcALbSiVR9GKRqPDQY8EQIs9eXgQh5O8u
|
||||
NjCNswFqbf1U7Kbe99zvrWoZZpl/il3sOSCLbukVa9dZhpvfATBdbpZnn4XFrzes
|
||||
5nssy4VbuLDpF1r2q6T4tdJIjYweTs4acf2sAsaVZJugM6qb5Nlrv5hOvmWnlqmC
|
||||
TYPICrFcBQYvYleu1lcr/tHMOC18iplRiUQ0jIZP/gxrDDyBnKnhPGP0hEeOtTsc
|
||||
vFxC3ddEKLLwaFvSGQARAQABiQQ+BBgBAgAJBQJbu41ZAhsuAikJEPTniSBNIG+J
|
||||
wV0gBBkBAgAGBQJbu41ZAAoJEPZgnmDcYoFOaM8P/3CyZAaPE1C06S3p2DE8L7u/
|
||||
GOOTxn7XCqApReBwo5hdw9cGMWPe/gJzrWs+ZulIsGqJeGeKeaHtyGp1m6n/P/4T
|
||||
6CDHLmCNsAPySu8s6JOhjQ01IuMn9Z/wRtISpAbNTbT6n2A/p12CCJhi+G6dywYh
|
||||
BbBN6YkDxd0VkY6gLb42rxgtLQlXOCLJ9GWxAHoBz1bi7e4/ErhIqPJKxDiqyNzS
|
||||
8EFlLQWSkWFNzyyBYTA1FD26s2hWFPqqKW4D92qLd393S8wvmRbDgBS2+rikqQri
|
||||
8Co/2cSs4k+vmkghyd9IrNMa1XERbYZz4XPpheKFMXibdRR+opL6oUG2lc5M6kAw
|
||||
v94ObWZJxYdyJ61NyZiUaeg6K/6x/6oRDTudVNe1StRANbtxcfCp3MvCRMN62Epk
|
||||
HnwnXJA11G12Zm6RhurWrYww+v3GQ7HKP11ABWkekds/FUQ6DaGTYHwvnO1ZBCOq
|
||||
HANM636X8a2EJnoR3dUHMdB6xuo7gyv47JPpunPLt00N6gI/Oblpo9vKFvSXiKc3
|
||||
MfQhj7SjtwJkd/NC7JU5e1juy5hvFBSG7ZxLUwm18Xh4kJ1Czxi2BkP3sw9DXk+7
|
||||
5nWVnfQ4hYQ9VhYwtru1RTJUirO9fGi8/1b6JWG7+blifGqjNBTX5lVSE1Vgp7QD
|
||||
/Jl1/RyoFw5s2uZjA+1+oCgP+QFvBiTKRPMKS7N5qNZ4pHPXbI8vBGQP3tPNTgFz
|
||||
no8yfdx97hhoVSPcRgZta6n1S1DC/qd6lGuabGwHBzhI2InNY/AeFMpQnyoltS6c
|
||||
w23lJUVhb0937KDb9/cDfGE6tqwqJM605VPU+5tKTWBgIN3s9LdcpkWAd02qVdhb
|
||||
tQ98+s5BI1nxNzYr8uexuFMDaJjB/Yk0YPo14Q8oee50dZv1PryXNt3BSfUdoW/e
|
||||
gcUshx0r35gzQhMqucqXjo4xaG4gNTH7e0WBVTzsSHC03huZytHxZkTIyhnpuIgX
|
||||
hy+z2LpaP5xqJUfcrnhr2+O/j67g+Ha+O0605TgKsm0NBbPVbr6411/BNekQt6gk
|
||||
qorHnOwFofysX2yI500i+XU7q0lqgc0ajg1laiILSAoK4q/NLTsvrqVHEd5Sbods
|
||||
1bfYxeBJnihHkZm/GDDE8T4hdldVSgugifsz601WfStl3QB/Iz3R4ea+OYJ4ccER
|
||||
w0mMCSZe5beBd65M6vufBsfOaVxFnCLhuXyTOs8d4Su0LvIZnzdknmWiTBnAYme+
|
||||
8pW2QDeOJE3UgpLD0V3fg8fREQ+7VvoHSwCrm5Iv71Cl6gndNaK5EjviSjxUzovl
|
||||
b2YnngicVK1goXboBQeRmP5qAd8sO32sSejyfaBq1Dalh8D+85z2I8SsU1JU+D0B
|
||||
PF1z
|
||||
=AD8w
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
52
files/gpg/A14F4FCA
Normal file
52
files/gpg/A14F4FCA
Normal file
@ -0,0 +1,52 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1
|
||||
|
||||
mQINBE8v+uABEACgAlBUDDjc6PF7uI6mlTGnkemHF4trRINtocZKzvyKBmN+pPiV
|
||||
CjJ3o6NwGmN/McHHyN1sB40n5IZbPtECi5hm+GmHWTkPG0jNQ0f9VDxoIb2eK/Xn
|
||||
un2KmwJy7W0gth0++Eja5qE4G37o7AUr6hnwSUhFoQ8scahBxiAtya1M4FEeitsY
|
||||
qY0azafah1Pl6c9I/sdyoH2T3casDByI6aiLK5iP+B5x2j1HKzGGkuTbOdMM0Jos
|
||||
/pV8HbPBMCQdDhPOKSSEktKr3qgSD/fMzleusCQ5BYzlhAhr5OscCDny/LMiDBOF
|
||||
8Au92q5DCkjsAlKz49DdpLjep4FwvBLq4DDGj9d8Bz28uUkKnYU8b+c8oPtf9E7D
|
||||
Uc93i9Ddl6EmZ4QdaTZzR37oUIovKIChYNUh0FLNExhY6VsB3E/BJncaT5D2HkRQ
|
||||
chUPl2lHVikeJhuHFGY3EkROXMYOxf6FrdVOJa13DflOBssDVwoul45ec9rxW/aA
|
||||
UG7KCh4ySZ7C1ywSZSr6GXOfVdHjIaYgJpzee86TPnYxF81QpoXsH45tDOxMqMC2
|
||||
C1keWbzxvv3qxSGFAsCXSeKWNirCRPqsmEW1NpmLNIb2fm8LOru1hl/UknKu3Y1G
|
||||
gJ/n6pJOB5cRLpconnssQ2iULSJeyrbVVNyXjQbHjj1DOhtrdDmmIEB/IQARAQAB
|
||||
tDVFcmxhbmcgU29sdXRpb25zIEx0ZC4gPHBhY2thZ2VzQGVybGFuZy1zb2x1dGlv
|
||||
bnMuY29tPokCOAQTAQIAIgUCTy/64AIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
|
||||
F4AACgkQ0ghQfKFPT8qeaQ//YAdT+Q206nwe9CauCKFzKfZVizWSXRa9n1pWyPWh
|
||||
Cimag9gwCZisBasqVoQDP4qVgH6rJf97Z2/2//hK06hmnrtAodLWH2BgTE5nrDaa
|
||||
XgAxIKDQJvJGKf+SMkZjL22ustpS1rHQ8R/vT9+XodGFVb/tzimN5mfWTlmAAl0/
|
||||
eRBbm7eEU41vij5P4NEE9hWFTclkxVws5m6iOLvJ+M8vQxt68ZaY6WBUgHxZXKHt
|
||||
Mn/2OCnX2vg3mYzKWkhMUqgBzOWIBw6oH0kLOo34VqKyeqCubWO7Uu5JekrNrXT7
|
||||
K03wT+MAgIbmaYkVirTEF4JAqA8s37YFErOoM807pOTyE8Biao42v98F6h/l63qB
|
||||
s1HBOG7LfuVXyG/reOlgGAlDFD8ShE2HP+UZ3/A/+LchKFAYt4bQG22KJtgWHgSk
|
||||
ZNNaU7GPb2ai5TbjdvesZu9Wqq10T1dZC1txsZxl0uTDJh2HzzOshUCFxF7Yc2uq
|
||||
+QBuX0aa9Z4x5Ls/UxTSV8a/XclOcTSIsSttUK5RIZNb2vaqF0Lh0kXaTErQiSq/
|
||||
SktmzFB09JqiYwXwiIYlYHpHBtWD9eiYtOuiRCf7qmV6g046n6QBq1j2d07SuqZM
|
||||
AMpiDVY9zueUUpLWZvv77IBVE2TQ4kG7qSFPxSh+pPKoIwaDlo464WRrKqhijFl4
|
||||
m5y5Ag0ETy/64AEQAK1kcuQd5/vkEnionds1dGti5WPXKgmxYJEOE0K5ERYeZOZz
|
||||
jHKKyn1sONY5BlZiHC97ISGSv8zuV2ER4GdJI8jH1OV7tx8dhy3ju2Uky5GiLwkJ
|
||||
snfRLBFSBDD95Js4soZogIqsS9DxomfHD0nfet9ggR5ZYur/053xrY97ylPPvd96
|
||||
TYRXgNWz5qJX9YzExkAPhNUb6Qcw+Wr54n8lMBQQGl8rKZzVILRtiAo/XzhVWNAg
|
||||
Ns4tSJlrcsS2qgn9vThtfkiFCwkPuTng+vUoRNSVvuHg1BcG/E5hhc/Gitmrynec
|
||||
u1Exr2+FeuaG/1j2tQqBS7uwGgtJlDo0Ag1wKMoy790LX9uHS+0xx1x//wnkSQfY
|
||||
Ob8cJWhWMsxZVngt9Pjs3ZL+bW2xxu/IOQ9OjXQMhJEwyf8/nMrcWnB0arIhqz+M
|
||||
MX/XAfy/JwKD04LDdxngQD3NUOuuLIZWKuvx5WZr8+lSuc3gtthPFt43olIjY2Yi
|
||||
HQhlcVKnV3xnXbaqaXptjXEkqi/K7jHtVn9Fpb3JAWNnIf5gaYTbdE2qQFiqPfWs
|
||||
CQ1w5CHj2KPV3m/ckHiKu1oSvWFamocsEF0C3zYLdoDHKiuHesF0ZqCqIE9c0qkJ
|
||||
gH+dxcbPhByCDIQbiyiHvXbs1SBM3VwTGhjvzlpLSCquBG5cAGMAnzNaMHr9ABEB
|
||||
AAGJAh8EGAECAAkFAk8v+uACGwwACgkQ0ghQfKFPT8rwlw/+IGJTucS2T7+0FLDp
|
||||
TKsdsBidPEOFEa19QBrIFM9sXdJXGyVRw/u/sVYOJYBYCZmGuqA/EB3mPNZHbsHX
|
||||
pBRTIMGecH9qg55fm5t4WT93TbfbOjJCbbtsVONpig/NOYhVA63UUGasaLzVQ/6E
|
||||
Ip4bmqSH4XhLrOT1J0yFe13MdfkJ6fxHJML1YeLrZhoVWApLQ9B70/CVfxqX5+oQ
|
||||
Uwlxiiu6x2tExWCMrY2y9qXQOfk6bYZsNceoHrhXD876nn4pdMrJJoefD02OhT7L
|
||||
/heeGCRolEzT5JsbTOr/HqyDoz6XP0Na30I4rJYRZKVUEDGT/XJaxhwX93QI2Kr/
|
||||
TvhgLtPDDngclxBuwfZ/gJMb8T83vN+fuhgjL8pHKaiQeneVuOMNpm5yxyAFr2ep
|
||||
ux6ipe2UL9kUn7ZnfeiJc385cMTY9cZ30GjgdQr1o1EDwHiYm+ly4Licg5w5mYYx
|
||||
Vx2bzOJLsGm9xAKp6G4xJHY89PE8y3bksO8pctGkkWmBPCCeH5PPFWrPhLcyiS9P
|
||||
lvijXzabGtFaVDmxV5oGHW8orpirR3CMgn0DKE5QcH8412d9ByvjK3UcmBTwEnQk
|
||||
Og0Ce4+ypBIERtufK1osg9lALv/abGtow2S6pdzfdFlISyiLA3HOUQ/spkuPvAe8
|
||||
ctmKvzuuerI6mVQjg/80PJ4fEV0=
|
||||
=VAR1
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
12
releasenotes/notes/rabbitmq-gpg-keys-042a47164265ea40.yaml
Normal file
12
releasenotes/notes/rabbitmq-gpg-keys-042a47164265ea40.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
The data structure for ``rabbitmq_gpg_keys`` has been changed to be
|
||||
a dict passed directly to the applicable apt_key/rpm_key module. As such
|
||||
any overrides would need to be reviewed to ensure that they do not pass
|
||||
any key/value pairs which would cause the module to fail.
|
||||
- |
|
||||
The default values for ``rabbitmq_gpg_keys`` have been changed for
|
||||
all supported platforms will use vendored keys. This means that the task
|
||||
execution will no longer reach out to the internet to add the keys,
|
||||
making offline or proxy-based installations easier and more reliable.
|
||||
@ -27,38 +27,26 @@
|
||||
version: "{{ rabbitmq_erlang_version_spec }}"
|
||||
priority: 1000
|
||||
|
||||
- block:
|
||||
- name: Add rabbitmq apt-keys
|
||||
apt_key:
|
||||
id: "{{ item.hash_id }}"
|
||||
keyserver: "{{ item.keyserver | default(omit) }}"
|
||||
data: "{{ item.data | default(omit) }}"
|
||||
url: "{{ item.url | default(omit) }}"
|
||||
state: "present"
|
||||
register: add_keys
|
||||
until: add_keys is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: "{{ rabbitmq_gpg_keys }}"
|
||||
tags:
|
||||
- rabbitmq-apt-keys
|
||||
- name: If a keyfile is provided, copy the gpg keyfile to the key location
|
||||
copy:
|
||||
src: "gpg/{{ item.id }}"
|
||||
dest: "{{ item.file }}"
|
||||
mode: '0644'
|
||||
with_items: "{{ rabbitmq_gpg_keys | selectattr('file','defined') | list }}"
|
||||
tags:
|
||||
- rabbitmq-apt-keys
|
||||
|
||||
rescue:
|
||||
- name: Add rabbitmq apt-keys using fallback keyserver
|
||||
apt_key:
|
||||
id: "{{ item.hash_id }}"
|
||||
keyserver: "{{ item.fallback_keyserver | default(omit) }}"
|
||||
url: "{{ item.fallback_url | default(omit) }}"
|
||||
state: "present"
|
||||
register: add_keys_fallback
|
||||
until: add_keys_fallback is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
with_items: "{{ rabbitmq_gpg_keys }}"
|
||||
when:
|
||||
- (item.fallback_keyserver is defined or item.fallback_url is defined)
|
||||
tags:
|
||||
- rabbitmq-apt-keys
|
||||
- name: Install gpg keys
|
||||
apt_key: "{{ key }}"
|
||||
with_items: "{{ rabbitmq_gpg_keys }}"
|
||||
loop_control:
|
||||
loop_var: key
|
||||
register: _add_apt_keys
|
||||
until: _add_apt_keys is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
tags:
|
||||
- rabbitmq-apt-keys
|
||||
|
||||
# When updating the cache in the apt_repository
|
||||
# task, and the update fails, a retry does not
|
||||
|
||||
@ -21,13 +21,10 @@ _rabbitmq_package_sha256: "11f70dd68e098e4dc32e3eda49ab68c795e599f3ac0b8b858014c
|
||||
_rabbitmq_package_path: "/opt/rabbitmq-server.deb"
|
||||
|
||||
_rabbitmq_gpg_keys:
|
||||
- key_name: 'packagecloud-rabbitmq'
|
||||
url: 'https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey'
|
||||
hash_id: '0xC2E73424D59097AB'
|
||||
- key_name: 'erlang_solutions'
|
||||
keyserver: 'hkp://keyserver.ubuntu.com:80'
|
||||
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
|
||||
hash_id: '0xd208507ca14f4fca'
|
||||
- id: 4D206F89
|
||||
file: /etc/ssl/packagecloud-key
|
||||
- id: A14F4FCA
|
||||
file: /etc/ssl/erlang-key
|
||||
|
||||
_rabbitmq_repo_url: "https://packagecloud.io/rabbitmq/rabbitmq-server/{{ ansible_distribution | lower }}"
|
||||
_rabbitmq_repo:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user