Define GPG key for repo

With update of GPG key that was made in [1] we broke upgrade path, since new key is not being updated by gpg_key module and it results with OK state despite new content it placed to GPG keyfile With that patch we replace usage of gpg_key with defining gpgkey option for yum_repository, which treats it way more properly and fixes upgrade path as well as simplifying overall flow. [1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/879150 Change-Id: Ie322e0e69c5e7b2acd55bc18cf23fed1fa8f4f17
2023-04-05 21:18:49 +02:00 · 2023-04-05 21:18:49 +02:00 · 670e88071b
parent da511a2a19
commit 670e88071b
2 changed files with 1 additions and 10 deletions
--- a/tasks/galera_install_dnf.yml
+++ b/tasks/galera_install_dnf.yml
@ -92,16 +92,6 @@
    mode: '0644'
  with_items: "{{ galera_gpg_keys }}"

- name: Install gpg keys
-  rpm_key: "{{ key }}"
-  with_items: "{{ galera_gpg_keys }}"
-  loop_control:
-    loop_var: key
-  register: _add_yum_keys
-  until: _add_yum_keys is success
-  retries: 5
-  delay: 2
-
 - name: Add galera repo
  yum_repository:
    name: "{{ galera_repo.name }}"
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -65,6 +65,7 @@ _galera_repo:
  name: MariaDB
  description: "MariaDB Repo"
  baseurl: "{{ galera_repo_url }}"
+  gpgkey: "file://{{ galera_gpg_keys | map(attribute='key') | join('file://') }}"

 galera_wsrep_provider: "/usr/lib64/galera-4/libgalera_smm.so"