ansible-scylla-node: Enforces the installation of each APT key set

Before this patch, if a key with a specific ID already installed was updated (because it was expired, for example), the key won't be locally updated causing and APT failure. This patch removes the key and install it, enforcing using the latest one available. Signed-off-by: Eduardo Benzecri <[email protected]>
ebenzecri · Jan 21, 2024 · 589f6fc · 589f6fc
1 parent d9ebf24
commit 589f6fc
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/ansible-scylla-node/tasks/Debian.yml b/ansible-scylla-node/tasks/Debian.yml
@@ -1,6 +1,20 @@
 ---
 - name: Add Scylla repos
   block:
+  - name: "Purge keyring '{{ scylla_repo_keyringfile }}'"
+    ansible.builtin.file:
+      path: "{{ scylla_repo_keyringfile }}"
+      state: absent
+    when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0)
+
+  - name: Remove an apt key by id
+    ansible.builtin.apt_key:
+      keyserver: "{{ scylla_repo_keyserver }}"
+      id: "{{ item }}"
+      state: absent
+    with_items: "{{ scylla_repo_keys }}"
+    when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0)
+
   - name: Install gnupg2 dependency
     apt:
       name: "gnupg2"