Skip to content

Commit

Permalink
ansible-scylla-node: Enforces the installation of each APT key set
Browse files Browse the repository at this point in the history
Before this patch, if a key with a specific ID already installed was updated (because it was expired, for example), the key won't be locally updated causing and APT failure.

This patch removes the key and install it, enforcing using the latest one available.

Signed-off-by: Eduardo Benzecri <[email protected]>
  • Loading branch information
ebenzecri committed Jan 21, 2024
1 parent d9ebf24 commit f55b8c5
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions ansible-scylla-node/tasks/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,14 @@
update_cache: yes
when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0)

- name: Remove an apt key by id from a keyserver
apt_key:
keyserver: "{{ scylla_repo_keyserver }}"
id: "{{ item }}"
state: absent
with_items: "{{ scylla_repo_keys }}"
when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0)

- name: Add an apt key by id from a keyserver
apt_key:
keyserver: "{{ scylla_repo_keyserver }}"
Expand All @@ -23,6 +31,15 @@
mode: '1755'
owner: "root"

- name: Remove an apt key by id from a keyserver to {{ scylla_repo_keyringfile }}
ansible.builtin.apt_key:
id: "{{ item }}"
keyserver: "{{ scylla_repo_keyserver }}"
keyring: "{{ scylla_repo_keyringfile }}"
state: absent
with_items: "{{ scylla_repo_keys }}"
when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0)

- name: Add an apt key by id from a keyserver to {{ scylla_repo_keyringfile }}
ansible.builtin.apt_key:
id: "{{ item }}"
Expand Down

0 comments on commit f55b8c5

Please sign in to comment.