ansible-collections · pyrodie18 · Mar 7, 2024 · Dec 8, 2023 · Dec 11, 2023 · Dec 11, 2023
diff --git a/changelogs/fragments/1186-custom_gpg_key_url.yml b/changelogs/fragments/1186-custom_gpg_key_url.yml
@@ -0,0 +1,8 @@
+minor_changes:
+  - agent, javagateway, proxy, server, and web role - introduced default variable zabbix_repo_deb_gpg_key_url with value http://repo.zabbix.com/zabbix-official-repo.key
+  - agent, javagateway, proxy, server, and web role - used zabbix_repo_deb_gpg_key_url in "Debian | Download gpg key" instead of hardcoded url
+  - agent, javagateway, proxy, server, and web role - added the http_proxy and https_proxy environment variables to "Debian | Download gpg key" analog to other tasks
+  - agent, javagateway, proxy, server, and web role - introduced default variable zabbix_repo_deb_include_deb_src with value true
+  - agent, javagateway, proxy, server, and web role - used variable zabbix_repo_deb_include_deb_src in "Debian | Installing repository" to determine whether deb-src should be added to /etc/apt/sources.list.d/zabbix.sources
+  - agent, javagateway, proxy, server, and web role - removed superfluous slash in zabbix_gpg_key of the Debian vars and renamed key to zabbix-repo instead of zabbix-official-repo
+  - agent, javagateway, proxy, server, and web role - updated readme with the two new variables "zabbix_repo_deb_gpg_key_url" and "zabbix_repo_deb_include_deb_src"
diff --git a/docs/ZABBIX_AGENT_ROLE.md b/docs/ZABBIX_AGENT_ROLE.md
@@ -136,6 +136,8 @@ The following is an overview of all available configuration default for this rol
 * `zabbix_agent_disable_repo`: A list of repos to disable during install.  Default `epel`.
 * `zabbix_repo_deb_url`: The URL to the Zabbix repository.  Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
 * `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
 
 ### SElinux
 

diff --git a/docs/ZABBIX_JAVAGATEWAY_ROLE.md b/docs/ZABBIX_JAVAGATEWAY_ROLE.md
@@ -62,6 +62,8 @@ The `zabbix_javagateway_version` is optional. The latest available major.minor v
 * `zabbix_javagateway_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
 * `zabbix_repo_deb_url`: The URL to the Zabbix repository.  Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
 * `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
 
 ### Java Gatewaty
 

diff --git a/docs/ZABBIX_PROXY_ROLE.md b/docs/ZABBIX_PROXY_ROLE.md
@@ -133,6 +133,9 @@ The following is an overview of all available configuration default for this rol
 * `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages
 * `zabbix_repo_deb_url`: The URL to the Zabbix repository.  Default `http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_distribution.lower() }}`
 * `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
+
 ### SElinux
 
 * `zabbix_proxy_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run.

diff --git a/docs/ZABBIX_SERVER_ROLE.md b/docs/ZABBIX_SERVER_ROLE.md
@@ -109,6 +109,8 @@ The following is an overview of all available configuration default for this rol
 * `zabbix_service_enabled`: Default: `True` Can be overridden to `False` if needed
 * `zabbix_repo_deb_url`: The URL to the Zabbix repository.  Default `http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_distribution.lower() }}`
 * `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
 
 ### SElinux
 

diff --git a/docs/ZABBIX_WEB_ROLE.md b/docs/ZABBIX_WEB_ROLE.md
@@ -94,6 +94,8 @@ The following is an overview of all available configuration defaults for this ro
 * `zabbix_web_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
 * `zabbix_repo_deb_url`: The URL to the Zabbix repository.  Default `http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_distribution.lower() }}`
 * `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
 
 ### Zabbix Web specific
 

diff --git a/roles/zabbix_agent/defaults/main.yml b/roles/zabbix_agent/defaults/main.yml
@@ -26,6 +26,9 @@ zabbix_agent2_deny_key: "{{ zabbix_agent_deny_key }}"
 # Selinux related vars
 selinux_allow_zabbix_run_sudo: false
 
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
+
 zabbix_agent_install_agent_only: false
 zabbix_agent_packages:
   - "{{ zabbix_agent_package }}"

diff --git a/roles/zabbix_agent/tasks/Debian.yml b/roles/zabbix_agent/tasks/Debian.yml
@@ -67,7 +67,7 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_repo_deb_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
@@ -85,7 +85,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

diff --git a/roles/zabbix_agent/vars/Debian.yml b/roles/zabbix_agent/vars/Debian.yml
@@ -44,5 +44,5 @@ zabbix_valid_agent_versions:
     - 6.0
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}"
diff --git a/roles/zabbix_javagateway/defaults/main.yml b/roles/zabbix_javagateway/defaults/main.yml
@@ -31,3 +31,6 @@ zabbix_javagateway_pidfile: /run/zabbix/zabbix_java_gateway.pid
 zabbix_javagateway_listenip: 0.0.0.0
 zabbix_javagateway_listenport: 10052
 zabbix_javagateway_startpollers: 5
+
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
diff --git a/roles/zabbix_javagateway/tasks/Debian.yml b/roles/zabbix_javagateway/tasks/Debian.yml
@@ -48,10 +48,13 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_repo_deb_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
   become: true
   tags:
     - install
@@ -63,7 +66,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

diff --git a/roles/zabbix_javagateway/vars/Debian.yml b/roles/zabbix_javagateway/vars/Debian.yml
@@ -26,5 +26,5 @@ zabbix_valid_javagateway_versions:
     - 6.0
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}"
diff --git a/roles/zabbix_proxy/defaults/main.yml b/roles/zabbix_proxy/defaults/main.yml
@@ -38,6 +38,7 @@ zabbix_proxy_tls_config:
   cert: "certificate"
 zabbix_proxy_version_minor: "*"
 
+
 # Yum/APT Variables
 zabbix_repo_yum_schema: https
 zabbix_repo_yum_gpgcheck: 0
@@ -61,6 +62,8 @@ zabbix_repo_yum:
     state: present
 zabbix_proxy_apt_priority:
 zabbix_proxy_package_state: present
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
 
 # Proxy Configuration Variables (Only ones with role provided defaults)
 zabbix_proxy_allowroot: 0

diff --git a/roles/zabbix_proxy/tasks/Debian.yml b/roles/zabbix_proxy/tasks/Debian.yml
@@ -73,10 +73,13 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_repo_deb_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
   register: are_zabbix_proxy_dependency_packages_installed
   until: are_zabbix_proxy_dependency_packages_installed is succeeded
   become: true
@@ -90,7 +93,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

diff --git a/roles/zabbix_proxy/vars/Debian.yml b/roles/zabbix_proxy/vars/Debian.yml
@@ -51,7 +51,7 @@ mysql_plugin:
   "10": mysql_native_password
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}"
 _zabbix_proxy_fping6location: /usr/bin/fping6
 _zabbix_proxy_fpinglocation: /usr/bin/fping
diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml
@@ -61,6 +61,8 @@ zabbix_repo_yum:
 zabbix_server_apt_priority:
 zabbix_server_install_recommends: true
 zabbix_server_conf_mode: 0640
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
 
 # Server Configuration Variables (Only ones with role provided defaults)
 zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts

diff --git a/roles/zabbix_server/tasks/Debian.yml b/roles/zabbix_server/tasks/Debian.yml
@@ -72,10 +72,13 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_repo_deb_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
   register: zabbix_server_repo_files_installed
   until: zabbix_server_repo_files_installed is succeeded
   become: true
@@ -89,7 +92,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

diff --git a/roles/zabbix_server/vars/Debian.yml b/roles/zabbix_server/vars/Debian.yml
@@ -29,7 +29,7 @@ zabbix_valid_server_versions:
     - 6.0
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}"
 _zabbix_server_fping6location: /usr/bin/fping6
 _zabbix_server_fpinglocation: /usr/bin/fping
diff --git a/roles/zabbix_web/defaults/main.yml b/roles/zabbix_web/defaults/main.yml
@@ -87,6 +87,9 @@ zabbix_server_history_types:
   - "dbl"
 
 zabbix_selinux: false
+
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
 # selinux_allow_zabbix_can_network: false
 # zabbix_apache_can_connect_ldap: false
 

diff --git a/roles/zabbix_web/tasks/Debian.yml b/roles/zabbix_web/tasks/Debian.yml
@@ -90,10 +90,13 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_repo_deb_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
   become: true
   tags:
     - install
@@ -105,7 +108,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml
@@ -47,5 +47,5 @@ zabbix_valid_web_versions:
     - 6.0
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}"