This repository has been archived by the owner on May 7, 2022. It is now read-only.
forked from computology/packagecloud-ansible-role
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(computology#8): idempotency and dry-run mode + refact: debian and…
… redhat separated files
- Loading branch information
Romain CASTAGNET
committed
Apr 2, 2020
1 parent
f55eac0
commit 6fccb09
Showing
5 changed files
with
122 additions
and
111 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
--- | ||
- name: Setting facts | ||
set_fact: | ||
url_tmp_file_path: /tmp/packagecloud_{{repository |replace("/", "_")}}_url | ||
tmp_file_path: /tmp/packagecloud_{{repository |replace("/", "_")}}_key | ||
|
||
- name: Update APT package cache | ||
apt: | ||
update_cache: true | ||
changed_when: false | ||
|
||
- name: Install debian-archive-keyring and apt-transport-https | ||
apt: | ||
pkg: | ||
- debian-archive-keyring | ||
- apt-transport-https | ||
state: present | ||
|
||
# {{ repository }}/gpgkey URL works for both legacy and modern public repositories. | ||
- name: Add {{repository}} GPG key to apt-key | ||
apt_key: | ||
url: https://packagecloud.io/{{ repository }}/gpgkey | ||
state: present | ||
when: master_token is undefined | ||
|
||
# If master_token AND legacy_gpg = true given, then use the legacy GPG key located at /gpg.key | ||
- name: Add packagecloud.io GPG key to apt-key | ||
apt_key: | ||
url: https://packagecloud.io/gpg.key | ||
state: present | ||
when: master_token is defined and legacy_gpg is defined | ||
|
||
- name: Get GPG key URL for {{ repository }} | ||
uri: | ||
url: "{{ debian_gpg_key_url }}" | ||
user: "{{ master_token }}" | ||
force_basic_auth: true | ||
return_content: true | ||
register: gpg_url | ||
check_mode: false | ||
when: master_token is defined and legacy_gpg is undefined | ||
|
||
- name: Get GPG key for {{ repository }} | ||
uri: | ||
url: "https://{{ gpg_url.content.split('@')[1] | trim }}" | ||
user: "{{ gpg_url.content.split('@')[0] | replace ('https://', '') }}" | ||
force_basic_auth: true | ||
return_content: true | ||
register: gpg_key | ||
check_mode: false | ||
when: master_token is defined and legacy_gpg is undefined | ||
|
||
- name: Add {{repository}} GPG key to apt-key | ||
apt_key: | ||
data: "{{ gpg_key.content | trim }}" | ||
state: present | ||
when: master_token is defined and legacy_gpg is undefined | ||
|
||
- name: "Adding packagecloud.io repository: {{ repository }}" | ||
get_url: | ||
url: "{{ debian_config_file_url }}" | ||
dest: "{{ debian_config_file_location }}" | ||
force: false | ||
register: added_deb_repository | ||
when: master_token is undefined | ||
|
||
- name: "Adding packagecloud.io repository: {{ repository }} with generated read token" | ||
get_url: | ||
url: "{{ debian_config_file_url }}" | ||
dest: "{{ debian_config_file_location }}" | ||
url_username: "{{ master_token }}" | ||
force_basic_auth: true | ||
force: false | ||
register: added_deb_repository_with_token | ||
when: master_token is defined | ||
|
||
- name: Update APT package cache | ||
apt: | ||
update_cache: true | ||
when: added_deb_repository.changed or added_deb_repository_with_token.changed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,113 +1,8 @@ | ||
- name: Setting facts | ||
set_fact: | ||
url_tmp_file_path: /tmp/packagecloud_{{repository |replace("/", "_")}}_url | ||
tmp_file_path: /tmp/packagecloud_{{repository |replace("/", "_")}}_key | ||
--- | ||
- name: Debian tasks | ||
import_tasks: debian.yml | ||
when: ansible_os_family == "Debian" | ||
|
||
- name: Install debian-archive-keyring and apt-transport-https | ||
apt: pkg={{ packages }} state=present update_cache=true | ||
vars: | ||
packages: | ||
- debian-archive-keyring | ||
- apt-transport-https | ||
when: ansible_os_family == "Debian" | ||
|
||
- name: Install pygpgme and yum-utils | ||
yum: name={{ packages }} state=present update_cache=true | ||
vars: | ||
packages: | ||
- pygpgme | ||
- yum-utils | ||
- name: RedHat tasks | ||
import_tasks: redhat.yml | ||
when: ansible_os_family == "RedHat" | ||
|
||
# {{ repository }}/gpgkey URL works for both legacy and modern public repositories. | ||
- name: Add {{repository}} GPG key to apt-key | ||
apt_key: url=https://packagecloud.io/{{ repository }}/gpgkey state=present | ||
when: ansible_os_family == "Debian" and master_token is undefined | ||
|
||
# If master_token AND legacy_gpg = true given, then use the legacy GPG key located at /gpg.key | ||
- name: Add packagecloud.io GPG key to apt-key | ||
apt_key: url=https://packagecloud.io/gpg.key state=present | ||
when: ansible_os_family == "Debian" and master_token is defined and legacy_gpg is defined | ||
|
||
# The following three plays are needed as a workaround since the GPG key URL uses basic auth, and that isn't | ||
# supported by lookup('url', url_with_basic_auth) yet: https://github.com/ansible/ansible/pull/43467/files | ||
# Instead, we download the generated GPG key URLfrom the GPG key URL config endpoint and save that URL to a file | ||
# which is slurp()'ed and curl()'ed by the two plays below. | ||
- name: Get GPG key URL for {{ repository }} | ||
get_url: | ||
url: "{{ debian_gpg_key_url }}" | ||
dest: "{{ url_tmp_file_path }}" | ||
url_username: "{{ master_token }}" | ||
force_basic_auth: yes | ||
when: ansible_os_family == "Debian" and master_token is defined and legacy_gpg is undefined | ||
|
||
# See above play. | ||
- name: Register GPG key URL for {{ repository }} | ||
slurp: | ||
src: "{{ url_tmp_file_path }}" | ||
register: url_tmp_file_url | ||
when: ansible_os_family == "Debian" and master_token is defined and legacy_gpg is undefined | ||
|
||
# See above play. | ||
- name: Download key located at GPG key URL for {{ repository }} | ||
get_url: | ||
url: "{{ url_tmp_file_url['content'] | b64decode | trim }}" | ||
dest: "{{ tmp_file_path }}" | ||
force_basic_auth: yes | ||
when: ansible_os_family == "Debian" and master_token is defined and legacy_gpg is undefined | ||
|
||
- name: Add {{repository}} GPG key to apt-key | ||
apt_key: file={{ tmp_file_path }} state=present | ||
when: ansible_os_family == "Debian" and master_token is defined and legacy_gpg is undefined | ||
|
||
- name: Clean up temporary GPG files | ||
file: path={{ url_tmp_file_path }} state=absent | ||
when: ansible_os_family == "Debian" and master_token is defined and legacy_gpg is undefined | ||
|
||
- name: Clean up temporary GPG files | ||
file: path={{ tmp_file_path }} state=absent | ||
when: ansible_os_family == "Debian" and master_token is defined and legacy_gpg is undefined | ||
|
||
- name: "Adding packagecloud.io repository: {{ repository }}" | ||
get_url: | ||
url: "{{ debian_config_file_url }}" | ||
dest: "{{ debian_config_file_location }}" | ||
register: added_deb_repository | ||
when: ansible_os_family == "Debian" and master_token is undefined | ||
|
||
- name: "Adding packagecloud.io repository: {{ repository }} with generated read token" | ||
get_url: | ||
url: "{{ debian_config_file_url }}" | ||
dest: "{{ debian_config_file_location }}" | ||
url_username: "{{ master_token }}" | ||
force_basic_auth: yes | ||
register: added_deb_repository_with_token | ||
when: ansible_os_family == "Debian" and master_token is defined | ||
|
||
- name: "Adding packagecloud.io repository: {{ repository }}" | ||
get_url: | ||
url: "{{ redhat_config_file_url }}" | ||
dest: "{{ redhat_config_file_location }}" | ||
register: added_rpm_repository | ||
when: ansible_os_family == "RedHat" and master_token is undefined | ||
|
||
- name: "Adding packagecloud.io repository: {{ repository }} with generated read token" | ||
get_url: | ||
url: "{{ redhat_config_file_url }}" | ||
dest: "{{ redhat_config_file_location }}" | ||
url_username: "{{ master_token }}" | ||
force_basic_auth: yes | ||
register: added_rpm_repository_with_token | ||
when: ansible_os_family == "RedHat" and master_token is defined | ||
|
||
- name: Update APT package cache | ||
apt: update_cache=true | ||
when: ansible_os_family == "Debian" and (added_deb_repository.changed or added_deb_repository_with_token.changed) | ||
|
||
- name: Update yum package cache | ||
yum: | ||
name: '*' | ||
update_cache: yes | ||
enablerepo: '{{ repository|replace("/", "_")}}' | ||
when: ansible_os_family == "RedHat" and (added_rpm_repository.changed or added_rpm_repository_with_token.changed) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- | ||
- name: Install pygpgme and yum-utils | ||
yum: name={{ packages }} state=present update_cache=true | ||
vars: | ||
packages: | ||
- pygpgme | ||
- yum-utils | ||
|
||
- name: "Adding packagecloud.io repository: {{ repository }}" | ||
get_url: | ||
url: "{{ redhat_config_file_url }}" | ||
dest: "{{ redhat_config_file_location }}" | ||
force: false | ||
register: added_rpm_repository | ||
when: master_token is undefined | ||
|
||
- name: "Adding packagecloud.io repository: {{ repository }} with generated read token" | ||
get_url: | ||
url: "{{ redhat_config_file_url }}" | ||
dest: "{{ redhat_config_file_location }}" | ||
url_username: "{{ master_token }}" | ||
force_basic_auth: yes | ||
force: false | ||
register: added_rpm_repository_with_token | ||
when: master_token is defined | ||
|
||
- name: Update yum package cache | ||
yum: | ||
name: '*' | ||
update_cache: yes | ||
enablerepo: '{{ repository|replace("/", "_")}}' | ||
when: added_rpm_repository.changed or added_rpm_repository_with_token.changed |