Skip to content

Commit

Permalink
ansible-scylla-node: Enforces the installation of each APT key set
Browse files Browse the repository at this point in the history
Before this patch, if a key with a specific ID already installed was updated (because it was expired, for example), the key won't be locally updated causing and APT failure.

This patch removes the key and install it, enforcing using the latest one available.

Fixes: scylladb#329

Signed-off-by: Eduardo Benzecri <[email protected]>
  • Loading branch information
ebenzecri committed Jan 21, 2024
1 parent d9ebf24 commit bffa5c8
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions ansible-scylla-node/tasks/Debian.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,19 @@
---
- name: Add Scylla repos
block:
- name: "Purge keyring '{{ scylla_repo_keyringfile }}'"
ansible.builtin.file:
path: "{{ scylla_repo_keyringfile }}"
state: absent
when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0)

- name: Remove an apt key by id previously added
ansible.builtin.apt_key:
id: "{{ item }}"
state: absent
with_items: "{{ scylla_repo_keys }}"
when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0)

- name: Install gnupg2 dependency
apt:
name: "gnupg2"
Expand Down

0 comments on commit bffa5c8

Please sign in to comment.