logan2211/repo-apt-keys.yml

## repo-apt-keys.yml
---

- name: Install apt keys to repo
  tags: repo-apt-keys
  hosts: repo_all[0]
  user: root
  pre_tasks:
    - name: Ensure apt-key destination directory exists
      file:
        path: "{{ key_dir }}"
        state: directory
    - name: Ensure gnupg package is installed
      apt:
        update_cache: yes
        cache_valid_time: 600
        name: "{{ item }}"
        state: present
      with_items:
        - gnupg
  tasks:
    - name: Install apt-keys to repo keyring
      shell: gpg
        --no-default-keyring
        --primary-keyring "{{ keyring_file | quote }}"
        --keyserver "{{ (item.keyserver | default(primary_keyserver)) | quote }}"
        --recv-keys "{{ item.hash_id }}"
      register: add_keys
      until: add_keys|success
      ignore_errors: True
      retries: 5
      delay: 2
      changed_when: "'imported' in add_keys.stderr"
      with_items: "{{ mirror_keys }}"
      tags:
        - apt-key-mirror
        - apt-key-mirror-import
    - name: Export apt-keys to repo
      shell: gpg
        --no-default-keyring
        --primary-keyring "{{ keyring_file | quote }}"
        --export --armor "{{ item.hash_id }}"
        > "{{ key_dir | quote }}/{{ item.key_name | quote }}.asc"
      with_items: "{{ mirror_keys }}"
      tags:
        - apt-key-mirror
        - apt-key-mirror-export
  vars:
    keyring_file: /tmp/repo.gpg
    key_dir: "{{ repo_service_home_folder }}/repo/apt-keys"
    primary_keyserver: "{{ keyserver_default_primary | default('hkp://keyserver.ubuntu.com:80') }}"
    fallback_keyserver: "{{ keyserver_default_fallback | default('hkp://p80.pool.sks-keyservers.net:80') }}"
    mirror_keys:
      - key_name: ceph
        hash_id: '0xe84ac2c0460f3994'
      - key_name: haproxy
        hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd'
      - key_name: mariadb-trusty
        hash_id: '0xcbcb082a1bb943db'
      - key_name: mariadb-xenial
        hash_id: '0xF1656F24C74CD1D8'
      - key_name: percona-xtrabackup
        hash_id: '0x9334a25f8507efa5'
      - key_name: projectcalico
        hash_id: '0x67d7e35b3d40a6a7'
      - key_name: bird
        hash_id: '0xf2331238f9c59a45'
      - key_name: elasticsearch
        hash_id: '0x46095acc8548582c1a2699a9d27d666cd88e42B4'
      - key_name: zabbix
        hash_id: '082AB56BA14FE591'
      - key_name: influxdb
        hash_id: '2582E0C5'
      - key_name: keepalived
        hash_id: '7C33BDC6'
	---

	- name: Install apt keys to repo
	tags: repo-apt-keys
	hosts: repo_all[0]
	user: root
	pre_tasks:
	- name: Ensure apt-key destination directory exists
	file:
	path: "{{ key_dir }}"
	state: directory
	- name: Ensure gnupg package is installed
	apt:
	update_cache: yes
	cache_valid_time: 600
	name: "{{ item }}"
	state: present
	with_items:
	- gnupg
	tasks:
	- name: Install apt-keys to repo keyring
	shell: gpg
	--no-default-keyring
	--primary-keyring "{{ keyring_file \| quote }}"
	--keyserver "{{ (item.keyserver \| default(primary_keyserver)) \| quote }}"
	--recv-keys "{{ item.hash_id }}"
	register: add_keys
	until: add_keys\|success
	ignore_errors: True
	retries: 5
	delay: 2
	changed_when: "'imported' in add_keys.stderr"
	with_items: "{{ mirror_keys }}"
	tags:
	- apt-key-mirror
	- apt-key-mirror-import
	- name: Export apt-keys to repo
	shell: gpg
	--no-default-keyring
	--primary-keyring "{{ keyring_file \| quote }}"
	--export --armor "{{ item.hash_id }}"
	> "{{ key_dir \| quote }}/{{ item.key_name \| quote }}.asc"
	with_items: "{{ mirror_keys }}"
	tags:
	- apt-key-mirror
	- apt-key-mirror-export
	vars:
	keyring_file: /tmp/repo.gpg
	key_dir: "{{ repo_service_home_folder }}/repo/apt-keys"
	primary_keyserver: "{{ keyserver_default_primary \| default('hkp://keyserver.ubuntu.com:80') }}"
	fallback_keyserver: "{{ keyserver_default_fallback \| default('hkp://p80.pool.sks-keyservers.net:80') }}"
	mirror_keys:
	- key_name: ceph
	hash_id: '0xe84ac2c0460f3994'
	- key_name: haproxy
	hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd'
	- key_name: mariadb-trusty
	hash_id: '0xcbcb082a1bb943db'
	- key_name: mariadb-xenial
	hash_id: '0xF1656F24C74CD1D8'
	- key_name: percona-xtrabackup
	hash_id: '0x9334a25f8507efa5'
	- key_name: projectcalico
	hash_id: '0x67d7e35b3d40a6a7'
	- key_name: bird
	hash_id: '0xf2331238f9c59a45'
	- key_name: elasticsearch
	hash_id: '0x46095acc8548582c1a2699a9d27d666cd88e42B4'
	- key_name: zabbix
	hash_id: '082AB56BA14FE591'
	- key_name: influxdb
	hash_id: '2582E0C5'
	- key_name: keepalived
	hash_id: '7C33BDC6'