From 24c26c93beef75ace443986c663d9bf05f8449ba Mon Sep 17 00:00:00 2001 From: Eduardo Benzecri Date: Sun, 21 Jan 2024 10:20:21 -0300 Subject: [PATCH] ansible-scylla-node: Enforces the installation of each APT key set Before this patch, if a key with a specific ID already installed was updated (because it was expired, for example), the key won't be locally updated causing and APT failure. This patch removes the key and install it, enforcing using the latest one available. Fixes: #329 Signed-off-by: Eduardo Benzecri --- ansible-scylla-node/tasks/Debian.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ansible-scylla-node/tasks/Debian.yml b/ansible-scylla-node/tasks/Debian.yml index 8cec5bb2..e13c0e86 100644 --- a/ansible-scylla-node/tasks/Debian.yml +++ b/ansible-scylla-node/tasks/Debian.yml @@ -8,6 +8,19 @@ update_cache: yes when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0) + - name: "Purge keyring '{{ scylla_repo_keyringfile }}'" + ansible.builtin.file: + path: "{{ scylla_repo_keyringfile }}" + state: absent + when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0) + + - name: Remove an apt key by id previously added + ansible.builtin.apt_key: + id: "{{ item }}" + state: absent + with_items: "{{ scylla_repo_keys }}" + when: install_type == 'online' and scylla_repo_keyserver is defined and scylla_repo_keys is defined and (scylla_repo_keys|length > 0) + - name: Add an apt key by id from a keyserver apt_key: keyserver: "{{ scylla_repo_keyserver }}"