Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Simplify repo key handling #1233

Merged
merged 1 commit into from
May 24, 2024
+30 −102
Merged

Simplify repo key handling #1233

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/ZABBIX_AGENT_ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ The following is an overview of all available configuration default for this rol
* `zabbix_agent_disable_repo`: A list of repos to disable during install. Default `epel`.
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key` (or `https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg` for Ubuntu 24.04 repo).
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### SElinux
Expand Down
2 changes: 1 addition & 1 deletion docs/ZABBIX_JAVAGATEWAY_ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ The `zabbix_javagateway_version` is optional. The latest available major.minor v
* `zabbix_javagateway_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key` (or `https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg` for Ubuntu 24.04 repo).
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### Java Gatewaty
Expand Down
2 changes: 1 addition & 1 deletion docs/ZABBIX_PROXY_ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ The following is an overview of all available configuration default for this rol
* `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key` (or `https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg` for Ubuntu 24.04 repo).
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### SElinux
Expand Down
2 changes: 1 addition & 1 deletion docs/ZABBIX_SERVER_ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ The following is an overview of all available configuration default for this rol
* `zabbix_service_enabled`: Default: `True` Can be overridden to `False` if needed
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key` (or `https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg` for Ubuntu 24.04 repo).
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### SElinux
Expand Down
2 changes: 1 addition & 1 deletion docs/ZABBIX_WEB_ROLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ The following is an overview of all available configuration defaults for this ro
* `zabbix_web_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key` (or `https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg` for Ubuntu 24.04 repo).
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### Zabbix Web specific
Expand Down
1 change: 1 addition & 0 deletions roles/zabbix_agent/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity"
# Selinux related vars
selinux_allow_zabbix_run_sudo: false

zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true

zabbix_agent_install_agent_only: false
Expand Down
6 changes: 3 additions & 3 deletions roles/zabbix_agent/tasks/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: "{{ zabbix_repo_deb_gpg_key_url | default(_zabbix_repo_default_deb_gpg_key_url_by_distrib[ansible_distribution_major_version]) }}"
dest: "{{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}"
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
Expand All @@ -64,7 +64,7 @@
Suites: {{ ansible_distribution_release }}
Components: {{ zabbix_repo_deb_component }}
Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
Signed-By: {{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}
Signed-By: {{ zabbix_gpg_key }}
become: true
tags:
- install
Expand Down
19 changes: 1 addition & 18 deletions roles/zabbix_agent/vars/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,21 +45,4 @@ zabbix_valid_agent_versions:
- 6.0

debian_keyring_path: /etc/apt/keyrings/
_zabbix_gpg_key_default_by_distrib:
"12": "{{ debian_keyring_path }}zabbix-repo.asc"
"11": "{{ debian_keyring_path }}zabbix-repo.asc"
"10": "{{ debian_keyring_path }}zabbix-repo.asc"
"9": "{{ debian_keyring_path }}zabbix-repo.asc"
"24": "{{ debian_keyring_path }}zabbix-repo.gpg"
"22": "{{ debian_keyring_path }}zabbix-repo.asc"
"20": "{{ debian_keyring_path }}zabbix-repo.asc"
"18": "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_default_deb_gpg_key_url_by_distrib:
"12": https://repo.zabbix.com/zabbix-official-repo.key
"11": https://repo.zabbix.com/zabbix-official-repo.key
"10": https://repo.zabbix.com/zabbix-official-repo.key
"9": https://repo.zabbix.com/zabbix-official-repo.key
"24": https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg
"22": https://repo.zabbix.com/zabbix-official-repo.key
"20": https://repo.zabbix.com/zabbix-official-repo.key
"18": https://repo.zabbix.com/zabbix-official-repo.key
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
1 change: 1 addition & 0 deletions roles/zabbix_javagateway/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,5 @@ zabbix_javagateway_listenip: 0.0.0.0
zabbix_javagateway_listenport: 10052
zabbix_javagateway_startpollers: 5

zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true
6 changes: 3 additions & 3 deletions roles/zabbix_javagateway/tasks/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: "{{ zabbix_repo_deb_gpg_key_url | default(_zabbix_repo_default_deb_gpg_key_url_by_distrib[ansible_distribution_major_version]) }}"
dest: "{{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}"
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
Expand All @@ -45,7 +45,7 @@
Suites: {{ ansible_distribution_release }}
Components: {{ zabbix_repo_deb_component }}
Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
Signed-By: {{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}
Signed-By: {{ zabbix_gpg_key }}
register: zabbix_repo
become: true
tags:
Expand Down
17 changes: 1 addition & 16 deletions roles/zabbix_javagateway/vars/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,19 +29,4 @@ zabbix_valid_javagateway_versions:
- 6.0

debian_keyring_path: /etc/apt/keyrings/
_zabbix_gpg_key_default_by_distrib:
"12": "{{ debian_keyring_path }}zabbix-repo.asc"
"11": "{{ debian_keyring_path }}zabbix-repo.asc"
"10": "{{ debian_keyring_path }}zabbix-repo.asc"
"24": "{{ debian_keyring_path }}zabbix-repo.gpg"
"22": "{{ debian_keyring_path }}zabbix-repo.asc"
"20": "{{ debian_keyring_path }}zabbix-repo.asc"
"18": "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_default_deb_gpg_key_url_by_distrib:
"12": https://repo.zabbix.com/zabbix-official-repo.key
"11": https://repo.zabbix.com/zabbix-official-repo.key
"10": https://repo.zabbix.com/zabbix-official-repo.key
"24": https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg
"22": https://repo.zabbix.com/zabbix-official-repo.key
"20": https://repo.zabbix.com/zabbix-official-repo.key
"18": https://repo.zabbix.com/zabbix-official-repo.key
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
1 change: 1 addition & 0 deletions roles/zabbix_proxy/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ zabbix_repo_yum:
state: present
zabbix_proxy_apt_priority:
zabbix_proxy_package_state: present
zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true

# Proxy Configuration Variables (Only ones with role provided defaults)
Expand Down
6 changes: 3 additions & 3 deletions roles/zabbix_proxy/tasks/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: "{{ zabbix_repo_deb_gpg_key_url | default(_zabbix_repo_default_deb_gpg_key_url_by_distrib[ansible_distribution_major_version]) }}"
dest: "{{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}"
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
Expand All @@ -71,7 +71,7 @@
Suites: {{ ansible_distribution_release }}
Components: {{ zabbix_repo_deb_component }}
Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
Signed-By: {{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}
Signed-By: {{ zabbix_gpg_key }}
become: true
tags:
- install
Expand Down
17 changes: 1 addition & 16 deletions roles/zabbix_proxy/vars/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,22 +64,7 @@ mysql_plugin:
"10": mysql_native_password

debian_keyring_path: /etc/apt/keyrings/
_zabbix_gpg_key_default_by_distrib:
"12": "{{ debian_keyring_path }}zabbix-repo.asc"
"11": "{{ debian_keyring_path }}zabbix-repo.asc"
"10": "{{ debian_keyring_path }}zabbix-repo.asc"
"24": "{{ debian_keyring_path }}zabbix-repo.gpg"
"22": "{{ debian_keyring_path }}zabbix-repo.asc"
"20": "{{ debian_keyring_path }}zabbix-repo.asc"
"18": "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_default_deb_gpg_key_url_by_distrib:
"12": https://repo.zabbix.com/zabbix-official-repo.key
"11": https://repo.zabbix.com/zabbix-official-repo.key
"10": https://repo.zabbix.com/zabbix-official-repo.key
"24": https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg
"22": https://repo.zabbix.com/zabbix-official-repo.key
"20": https://repo.zabbix.com/zabbix-official-repo.key
"18": https://repo.zabbix.com/zabbix-official-repo.key
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_proxy_fping6location: /usr/bin/fping6
_zabbix_proxy_fpinglocation: /usr/bin/fping

Expand Down
1 change: 1 addition & 0 deletions roles/zabbix_server/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ zabbix_repo_yum:
state: present
zabbix_server_apt_priority:
zabbix_server_conf_mode: 0640
zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true

# Server Configuration Variables (Only ones with role provided defaults)
Expand Down
6 changes: 3 additions & 3 deletions roles/zabbix_server/tasks/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: "{{ zabbix_repo_deb_gpg_key_url | default(_zabbix_repo_default_deb_gpg_key_url_by_distrib[ansible_distribution_major_version]) }}"
dest: "{{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}"
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
Expand All @@ -64,7 +64,7 @@
Suites: {{ ansible_distribution_release }}
Components: {{ zabbix_repo_deb_component }}
Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
Signed-By: {{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}
Signed-By: {{ zabbix_gpg_key }}
become: true
tags:
- install
Expand Down
17 changes: 1 addition & 16 deletions roles/zabbix_server/vars/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,22 +32,7 @@ zabbix_valid_server_versions:
- 6.0

debian_keyring_path: /etc/apt/keyrings/
_zabbix_gpg_key_default_by_distrib:
"12": "{{ debian_keyring_path }}zabbix-repo.asc"
"11": "{{ debian_keyring_path }}zabbix-repo.asc"
"10": "{{ debian_keyring_path }}zabbix-repo.asc"
"24": "{{ debian_keyring_path }}zabbix-repo.gpg"
"22": "{{ debian_keyring_path }}zabbix-repo.asc"
"20": "{{ debian_keyring_path }}zabbix-repo.asc"
"18": "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_default_deb_gpg_key_url_by_distrib:
"12": https://repo.zabbix.com/zabbix-official-repo.key
"11": https://repo.zabbix.com/zabbix-official-repo.key
"10": https://repo.zabbix.com/zabbix-official-repo.key
"24": https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg
"22": https://repo.zabbix.com/zabbix-official-repo.key
"20": https://repo.zabbix.com/zabbix-official-repo.key
"18": https://repo.zabbix.com/zabbix-official-repo.key
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"

_zabbix_server_pgsql_dependencies:
- "{{ zabbix_server_install_database_client | ternary('postgresql-client', '') }}"
Expand Down
1 change: 1 addition & 0 deletions roles/zabbix_web/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ selinux_allow_httpd_can_connect_ldap: false
selinux_allow_httpd_can_network_connect_db: false
selinux_allow_httpd_can_connect_zabbix: false

zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true

# SAML certificates
Expand Down
6 changes: 3 additions & 3 deletions roles/zabbix_web/tasks/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,8 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: "{{ zabbix_repo_deb_gpg_key_url | default(_zabbix_repo_default_deb_gpg_key_url_by_distrib[ansible_distribution_major_version]) }}"
dest: "{{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}"
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
Expand All @@ -87,7 +87,7 @@
Suites: {{ ansible_distribution_release }}
Components: {{ zabbix_repo_deb_component }}
Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
Signed-By: {{ zabbix_gpg_key | default(_zabbix_gpg_key_default_by_distrib[ansible_distribution_major_version]) }}
Signed-By: {{ zabbix_gpg_key }}
become: true
tags:
- install
Expand Down
17 changes: 1 addition & 16 deletions roles/zabbix_web/vars/Debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,19 +50,4 @@ zabbix_valid_web_versions:
- 6.0

debian_keyring_path: /etc/apt/keyrings/
_zabbix_gpg_key_default_by_distrib:
"12": "{{ debian_keyring_path }}zabbix-repo.asc"
"11": "{{ debian_keyring_path }}zabbix-repo.asc"
"10": "{{ debian_keyring_path }}zabbix-repo.asc"
"24": "{{ debian_keyring_path }}zabbix-repo.gpg"
"22": "{{ debian_keyring_path }}zabbix-repo.asc"
"20": "{{ debian_keyring_path }}zabbix-repo.asc"
"18": "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_default_deb_gpg_key_url_by_distrib:
"12": https://repo.zabbix.com/zabbix-official-repo.key
"11": https://repo.zabbix.com/zabbix-official-repo.key
"10": https://repo.zabbix.com/zabbix-official-repo.key
"24": https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg
"22": https://repo.zabbix.com/zabbix-official-repo.key
"20": https://repo.zabbix.com/zabbix-official-repo.key
"18": https://repo.zabbix.com/zabbix-official-repo.key
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
Loading