Make Zabbix repository gpg key URL customizable

changelogs/fragments/1186-custom_gpg_key_url.yml

@@ -0,0 +1,7 @@
+minor_changes:
+  - agent, javagateway, proxy, server, and web role - introduced default variable zabbix_<role>_gpg_key_url with value http://repo.zabbix.com/zabbix-official-repo.key
+  - agent, javagateway, proxy, server, and web role - used zabbix_<role>_gpg_key_url in "Debian | Download gpg key" instead of hardcoded url
+  - agent, javagateway, proxy, server, and web role - added the http_proxy and https_proxy environment variables to "Debian | Download gpg key" analog to other tasks
+  - agent, javagateway, proxy, server, and web role - introduced default variable zabbix_<role>_include_deb_src with value true
+  - agent, javagateway, proxy, server, and web role - used variable zabbix_<role>_include_deb_src in "Debian | Installing repository" to determine whether deb-src should be added to /etc/apt/sources.list.d/zabbix.sources
+  - agent, javagateway, proxy, server, and web role - removed superfluous slash in zabbix_gpg_key of the Debian vars and renamed key to zabbix-repo instead of zabbix-official-repo

roles/zabbix_agent/defaults/main.yml

@@ -26,6 +26,9 @@ zabbix_agent2_deny_key: "{{ zabbix_agent_deny_key }}"
 # Selinux related vars
 selinux_allow_zabbix_run_sudo: false
 
+zabbix_agent_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_agent_include_deb_src: true
+
 zabbix_agent_install_agent_only: false
 zabbix_agent_packages:
   - "{{ zabbix_agent_package }}"

roles/zabbix_agent/tasks/Debian.yml

@@ -67,7 +67,7 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_agent_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
@@ -85,7 +85,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_agent_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

roles/zabbix_agent/vars/Debian.yml

@@ -44,5 +44,5 @@ zabbix_valid_agent_versions:
     - 6.0
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}"

roles/zabbix_javagateway/defaults/main.yml

@@ -31,3 +31,6 @@ zabbix_javagateway_pidfile: /run/zabbix/zabbix_java_gateway.pid
 zabbix_javagateway_listenip: 0.0.0.0
 zabbix_javagateway_listenport: 10052
 zabbix_javagateway_startpollers: 5
+
+zabbix_javagateway_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_javagateway_include_deb_src: true

roles/zabbix_javagateway/tasks/Debian.yml

@@ -48,10 +48,13 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_javagateway_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
   become: true
   tags:
     - install
@@ -63,7 +66,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_javagateway_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

roles/zabbix_javagateway/vars/Debian.yml

@@ -26,5 +26,5 @@ zabbix_valid_javagateway_versions:
     - 6.0
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}"

roles/zabbix_proxy/defaults/main.yml

@@ -38,6 +38,7 @@ zabbix_proxy_tls_config:
   cert: "certificate"
 zabbix_proxy_version_minor: "*"
 
+
 # Yum/APT Variables
 zabbix_repo_yum_schema: https
 zabbix_repo_yum_gpgcheck: 0
@@ -61,6 +62,8 @@ zabbix_repo_yum:
     state: present
 zabbix_proxy_apt_priority:
 zabbix_proxy_package_state: present
+zabbix_proxy_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_proxy_include_deb_src: true
 
 # Proxy Configuration Variables (Only ones with role provided defaults)
 zabbix_proxy_allowroot: 0

roles/zabbix_proxy/tasks/Debian.yml

@@ -73,10 +73,13 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_proxy_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
   register: are_zabbix_proxy_dependency_packages_installed
   until: are_zabbix_proxy_dependency_packages_installed is succeeded
   become: true
@@ -90,7 +93,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_proxy_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

roles/zabbix_proxy/vars/Debian.yml

@@ -51,7 +51,7 @@ mysql_plugin:
   "10": mysql_native_password
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}"
 _zabbix_proxy_fping6location: /usr/bin/fping6
 _zabbix_proxy_fpinglocation: /usr/bin/fping

roles/zabbix_server/defaults/main.yml

@@ -61,6 +61,8 @@ zabbix_repo_yum:
 zabbix_server_apt_priority:
 zabbix_server_install_recommends: true
 zabbix_server_conf_mode: 0640
+zabbix_server_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_server_include_deb_src: true
 
 # Server Configuration Variables (Only ones with role provided defaults)
 zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts

roles/zabbix_server/tasks/Debian.yml

@@ -72,10 +72,13 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_server_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
   register: zabbix_server_repo_files_installed
   until: zabbix_server_repo_files_installed is succeeded
   become: true
@@ -89,7 +92,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_server_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

roles/zabbix_server/vars/Debian.yml

@@ -29,7 +29,7 @@ zabbix_valid_server_versions:
     - 6.0
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}"
 _zabbix_server_fping6location: /usr/bin/fping6
 _zabbix_server_fpinglocation: /usr/bin/fping

roles/zabbix_web/defaults/main.yml

@@ -87,6 +87,9 @@ zabbix_server_history_types:
   - "dbl"
 
 zabbix_selinux: false
+
+zabbix_web_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_web_include_deb_src: true
 # selinux_allow_zabbix_can_network: false
 # zabbix_apache_can_connect_ldap: false
 

roles/zabbix_web/tasks/Debian.yml

@@ -90,10 +90,13 @@
 - name: "Debian | Download gpg key"
   when: not ansible_check_mode  # Because get_url always has changed status in check_mode.
   ansible.builtin.get_url:
-    url: http://repo.zabbix.com/zabbix-official-repo.key
+    url: "{{ zabbix_web_gpg_key_url }}"
     dest: "{{ zabbix_gpg_key }}"
     mode: "0644"
     force: true
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
   become: true
   tags:
     - install
@@ -105,7 +108,7 @@
     group: root
     mode: 0644
     content: |
-      Types: deb deb-src
+      Types: deb{{ ' deb-src' if zabbix_web_include_deb_src }}
       Enabled: yes
       URIs: {{ zabbix_repo_deb_url }}
       Suites: {{ ansible_distribution_release }}

roles/zabbix_web/vars/Debian.yml

@@ -47,5 +47,5 @@ zabbix_valid_web_versions:
     - 6.0
 
 debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
 _zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}"