Use in-repo GPG keys

We make remote network hits to get the GPG keys which are quite
unreliable, and apt_key does not support using a proxy properly [1]
so let's store them inside the role and use them.

The implementation here is derived from that which was done in the
galera_server role in I9443f10e8c803599cbebfc2a53cb9c432bfa60d1,
but opts to use a mechanism that will be simpler to maintain.

[1] https://github.com/ansible/ansible/issues/31691
Change-Id: I520ccbadf3320b0d07fc83e3dbec9ea2bd16ec83
This commit is contained in:
Jesse Pretorius 2018-12-14 15:47:10 +00:00
parent 587d90e4a8
commit 6c7aee86f5
10 changed files with 315 additions and 95 deletions

View File

@ -31,6 +31,14 @@ galera_client_minor_version: 17
galera_client_repo: "{{ _galera_client_repo }}"
# Set the gpg keys needed to be imported
# This should be a list of dicts, with each dict
# giving a set of arguments to the applicable
# package module. The following is an example for
# systems using the apt package manager.
# galera_client_gpg_keys:
# - id: '0xF1656F24C74CD1D8'
# keyserver: 'hkp://keyserver.ubuntu.com:80'
# validate_certs: no
galera_client_gpg_keys: "{{ _galera_client_gpg_keys | default([]) }}"
# This is only applied if the ansible_pkg_mgr is 'apt'

99
files/gpg/C74CD1D8 Normal file
View File

@ -0,0 +1,99 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBFb8EKsBEADwGmleOSVThrbCyCVUdCreMTKpmD5p5aPz/0jc66050MAb71Hv
TVcfuMqHYO8O66qXLpEdqZpuk4D+rw1oKyC+d8uPD2PSHRqBXnR0Qf+LVTZvtO92
3R7pYnC2x6V6iVGpKQYFP8cwh2B1qgIa+9y/N8cQIqfD+0ghyiUjjTYek3YFBnqa
L/2h2V0Mt0DkBrDK80LqEY10PAFDfJjINAW9XNHZzi2KqUx5w1z8rItokXV6fYE5
ItyGMR6WVajJg5D4VCiZd0ymuQP2bGkrRbl6FH5vofVSkahKMJeHs2lbvMvNyS3c
n8vxoBvbbcwSAV1gvB1uzXXxv0kdkFZjhU1Tss4+Dak8qeEmIrC5qYycLxIdVEhT
Z8N8+P7Dll+QGOZKu9+OzhQ+byzpLFhUHKys53eXo/HrfWtw3DdP21yyb5P3QcgF
scxfZHzZtFNUL6XaVnauZM2lqquUW+lMNdKKGCBJ6co4QxjocsxfISyarcFj6ZR0
5Hf6VU3Y7AyuFZdL0SQWPv9BSu/swBOimrSiiVHbtE49Nx1x/d1wn1peYl07WRUv
C10eF36ZoqEuSGmDz59mWlwB3daIYAsAAiBwgcmN7aSB8XD4ZPUVSEZvwSm/IwuS
Rkpde+kIhTLjyv5bRGqU2P/Mi56dB4VFmMJaF26CiRXatxhXOAIAF9dXCwARAQAB
tC1NYXJpYURCIFNpZ25pbmcgS2V5IDxzaWduaW5nLWtleUBtYXJpYWRiLm9yZz6I
RgQSEQgABgUCVvwkVgAKCRDLywgqG7lD2ydgAKCHeJ3jUJhMcQs5D/KaPi2K4W3W
VwCfclT3AfemKEz0hK+h64afDAeFwqeJAhwEEgEIAAYFAlb8JIQACgkQkXEYmZXk
Wp7XVw/8DdCG+qV65FpehLlqkhjeWsMvv1ajRuTJ0ze7YW30SpVUbnNm+WZZpdvD
nCQ+HNrthSOsPvKVoTvniUcjjyMmncpjtGiwKVj8q6TnoYkj9KgwrHi/nXykBuhn
iGNj0xiCaIC5kRjHkhu/WmPT6GTNEjvz5/r53lBNDrL/flmNJIlwGAIwCv8lGyY6
Qe7pxjqo6mriDya9EBfmK9GbhTETaCfFnJ3YuNjb9LaQJm8dZVpm6JMPQRTWNg+g
6jp+FzzOOzkVZLnoLW+ntoU4YG+wfeXBgBiLUrZL78HieqmK1gnP9PTMXPPJh7tk
bvsNcoP9dqMPbYjNEYqOh5U8UHH7ZXRgIKlZmSqR9nYO3dBVb/9AilWw4meZqqiU
ODWzGhoERgG0K2i9TTCHWldbB+fsiCMiQ82XQBTyZbwuX3VYX4uyz+gytQkwpUN6
dMnr9k7Tpz4kWU/t1LdgYyyJ/CDLlpsDhfLgZakCzIQzryaqwlRztkA1lxAAqvr4
OvLNJ8g6WyfeQnM61v9zcmFWZuUQ7pfN19kkr9rE86neYXWgQGgnnp8bA7a6yBXB
APIu3cmKW4msK8xIEv0q0FlatNkfm3etMw3Q1QAvLgS13pjxX3iLxzk2LEwPKNFT
tookADC1S/Et3XZ2q1pey68bLMttHgQNP9DkN8sLUNlamC1S0JWJAhwEEgEIAAYF
Alb8JLYACgkQQd3AtA2lbyIxSg/8CMUrJn6KdBMjaMkkEG2suPFrFlIbmCAKi+jB
afw1a/ptAGbZW6thUqG9jXFTLGgtjwo34y+h5N2kHe7vP4zrH4J1+hMapZDbJqk4
LR4QkEU74YWGjZYTSayI7QhpUmvN0VM8TQRhHYEfOIu7QMNJkAN7VZgSqSStmwI2
CLoQyeCZfaH4MrYaULdba1j2xzrcOyDONwwE725iakePqeLOwisROqi5U1QItPS3
yIRNrbkx6Gr8j3YjvRB95u/tHh4yuz61ZcrI9TQ6NX7xvyxpmy/XGf3xSR5fBjHg
kjTg5PCcF4kbzI+sYME7mK5ya1oK/AZDdzvqoGK+sDx4XPdrNHFBhZaIWuQSVOD4
L8TzclBaCo+89mQjlQe8HAGpyghcbXkAmhcD9lYgHyc8pYppXkoOdjcMG4DiuHky
HLfHBwL/bYT8KZkxeNRS8OeU+BcJgBhTQUFsaTsmlJhrC0190A3ZcFE+rmwMosvF
+3HsPy4RIldcCU/GhGHvHUCt0Yz4SjCUknTGkg0FpPRn8eTSPE0gURqTv3r9Z4ap
7B04iSJ0Czi2mlR/OiyVrkr6pd9bCaFwqanADijKcTzAhqhem2iLz6vFrDg3rABe
VKtXF4JVOdvv5Rj8FPZbHohDXQL2OuyPpch98y+eAiKcIP0LO9p2avsEQjEq3Us/
6AYDxmCJAhwEEgEKAAYFAlgTqgMACgkQvthEn87o2ognbg/5AU1rY75DWssqtCK4
/DhDvejv9uVSkU251l94IOkNtSAnTW7VEedY7ItzKSdqu0CiwUMkimBxdjkjyOwE
g7khk9EL9QrFkHdFg6GPj1vJIP1E1qkfKr5jnqP0lSjPq2QoUF37qDzkSPx33bjE
zVSdEJL1x8j1bR9K6dsKLYJcttcUXtX6bc67VJVgYgDGkyfhFfJh+6p4HnBE5HYY
DkR/pPdLlvKHV1FISCesFOgQ22nmfsnCxz2kOh+O1pSQ7zniXjkioVqsaMIdnC01
Ep3aVwoUyd3WNLSd8aRRufeo0lqbWpoZbHiBdpPzjlWxhhVNvG2QqL6o9Qig7JjH
g0Sbp8JnLAfvag/5+ZRP99t9IdrmPXft1GqiSRHpEWOcQwGXpYfCCqpSp4hPq325
XpZbNf2U2uhkUAUv917sffWIhG5lybfwNRk5+NV/2CXB67jIW+4ntxC3JDJ0VAlX
gsYNP8Lx71NatXX+BYzIwZCVmxFZr6H4V8VRxxC19J1em9LG1d+in59VCYmBRSX3
aOHgr2Nz1rqsinm/VDXISCzaJLnT9X80xKYRwTVcw7EW319f1P5eYoBZnwvbmWkg
uwdPeYFVaukd1trBRqIGn16XGGfq0WJMVHuoDt2VTJasj4wyUg3BJnYABe+YDYhq
Mf9QiWHGi3GZI2JlghDpRsPd+TiJAjMEEAEKAB0WIQSbL/nYfaStF2O753b4ZBy6
EO8tSAUCWXLjjAAKCRD4ZBy6EO8tSCSND/9zeYHF8mbrIsAkPizg6Cw+/ilyn8Qq
Y9x3O2ZbT+CXCilRmar2g2jdUwwIa26ytCCkALN9SV6y701aU8IHeiVmR4a6DKCj
TO5AEqznl4bts/MwvJ9KosrKiBihxoZziWl/iVu+W/HLftgZWsanBP2Ly3ZES0zq
I8oNwwyyBW02WoV2rcWzYdqq3SbUSSxfr8ZIiuMrgtkRw+SWsY+9RLdL6qTC5oYT
+NfGdwTiMVBH1JgfoAevpWS3UIb0OCmv4+HQj2fQlGScFihRnWrnVZ0X3jo2mVeQ
KyR3NYZEeAxQLPdl6EXUXOkqB871l3RhmyaK9X+Dp+tTD9NrI/2DEo+3vPYuzHPK
HxftyDpMC90b0lsbQ/I8lPVNnyqmM/8+2o9yUewdBAhsZIMVbNEznOeFL7myDLDw
VYiePDwmPGg5YxrnTjrgR8Z5vaNl/C1GKYkAktYR/8me87vv2dd/lhu9RmB9dpfu
T9y8JWRTwzugLvHyjoXQ/YuHoWCieSUoR4hG1kFQ1nQuT05KFWqVT3+/Xower8TK
78xuzQN6fe9iCJjE4FHxzMPVaHi+wqIZ87NDqha2L8MJRFX6JNiElzuZJYzpJPNQ
WvScKcXHpbSP/MfpmCIUAY7IhdbYPB+MW9hFwEvVFYAQqyIXBis1X4wOieMpeOlU
HVFr3SiUutlcBYkCOAQTAQgAIgUCVvwQqwIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC
HgECF4AACgkQ8WVvJMdM0dglnQ//ZnZFRFGRJMcspn8apK89F5F54HsAj5msNqmS
kb/brGnVjDWKwI7L32m9DuGNMWF1lDvFJFSJP97bvAnFHuzgb9yTlU5WO4nMacHI
0ubAyN03U40g70+FACzaIXe6ghtVPHNeh/YXwLRZJsqARZu2qUJaVpqkOk3yMoBZ
2xCw0x1dx2knaixaJpxBHEtEQEaNVGQCKp2NiR6BDgFnQa09QsqNlYJQ2Rpq3nVv
s7tXX2dLL9Pswzuf6SphAswgcIXwsZ3dBCw2mlGeiVZVHNcx21Hb72IjbWq/qC0d
wyICDpBwoDuFqUuQJ0hLadZHyDudl5mOrleFyR40asZf/fD+b+XBzNiMxR6v6qzb
DDl7GlknuqG1K1qUTcS0v+XvMThGWSerANnQhe3EI0+7ZSi8LNmZ1mbxRZ8xIqT/
dWAvweDNhGvx+jTKPReRyQnuyde+6Gi+Jba2Objo/Ic9ZEqBbiITNSsH6GJenLeK
S3istGD+IyoqPJ+a9wT9V2YVW2x9t9FW+VpaIhYKd1FNUGQBpO7wPCsbK6BCxuMR
wr7gTbn9JoogkjCp/GnIFWGu7bXKmAQwDDVjwoLsqe0HuPOkWi0TjCm/WNkpRm7L
vWh+vuDf/Y77udYutHWadxu5PrJejfXqvnp18rM7FAkGdgXBONd9rrnIECuNAFQI
81g4qvS5Ag0EVvwQqwEQAMN8Iyy7ZTUJ0mGvjGnrPgnz3+0yekJABILwNCG1nptY
b+SzIq3YOcNDTnRcESeD7t6nMdYDZSBPSWJjTnNmYWzVftB5mvXoHskA2rp+cc51
kHROFLskRhs+uiQzFyoAUsBkkKllPnfganNbuofDONX53XcjOIId2Lr4MPl5q9jM
GpjxDOOU5duYiVjt0lQLBdMQJR+KtzqQfzoJLx9dlOR7hBhnnlWes6iYHhAao/fv
WTAEROeGWGLvj6m+LeNbTlnnHW1UzC66DLPOSx5mnVViYmrlIc0Vn+mcBAsT2BQN
NvpRZw8HBCH1LD7tqFIrviUkpibfCS3K9mHMDFs3LOzUznrJ4U/q4XAlMF80HLIw
BrpMZSE2TGUtxiPEptWagCcoJUzy3jVOUu/9rSSLyJDGq+mFUu5+SxH0ik3p3cXX
mPoZ7JW3EES/TiK/i9u4q2FbK1v6CNfhsjwICj2MYd6+a12LD9Jt4rHZgEzUwXp6
5rfusUyig4GPhftV9ALJL5ys2w5CfyckZqFhvNQMIKCdf6mo32Jm9eKwxLv3BXIP
kPIhIUO9P/mNjshfE+JvGvXQ//yV9bV3va7HIjZSJkpmnIcK3iTjvIyrgpAYsa6H
Enqro7duLZpdG7PxsupMEtxr12bH3BkW9GHqNL9IoSDt4VxjTFtvpFUi/VTAYNh9
ABEBAAGJAh8EGAEIAAkFAlb8EKsCGwwACgkQ8WVvJMdM0dgQEhAAmEVOHW7fhD7l
ud+IzZ0B0KvpPrDhjW/14+Ihh1IiZ6x4lLbJGCWktwyNbS4QD0peJG0L82b8KWep
gnMIp4hrB4eofp0iAkppdkW3VRqJrtf20MPCoAsa73uKtSutXUqH0iQzQnb1WJ3l
qZqSt1LibC3a4QhJKcKLul9WgSuj5Lu1hD2IfoA9UjCpa9xq3LdwA13ApZ9RBnpr
0hDTzGrNoyEynZXOFWtaSrcHSPZpGhlHsE0sfYjtnSCIgzwBGNmz31pNEv5J8wRD
exTE0tvcpY/+fWVIVuuTgcbOpQEF9zMRKU1zT3vQLrOcrQfQcPXX/cFOQy4+rDD5
PN7Hh2kxCWUwQpnfATJ32/ptr6eP8/UUdITL9U3ohfN3zazWVg6icpN2ZcAhE5we
dvRBTPCx3+aEHeMqEQM5XZlwFMPfIe/ybsL0b3LiFX7vJCWc+VKDcOMGndJLmv6w
45sIjLYB3fa6mheSKVZr2DsZlK6Fj2TIqp4RtrWWBddpDKQR6rHSl7GRZq82dv0l
o+sBkcONQZxetESaMTJfISVGgPgKtZfJJ7jqMK42FVWWQsajuix5/Kddr/482NCN
RG3Hx6fsz0DUWRC5EDETwohmBnNjGQaXmjk85IUIDglShE8NyuX+wjd+6rZ0g4T8
Enavx1X4t12JH6K6SFdHAlcfxFVURRI=
=gukQ
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -0,0 +1,132 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.14 (GNU/Linux)
mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis
497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM
LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8
p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn
U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb
XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j
zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx
cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H
48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ
YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu
b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3
kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I
9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3
P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb
Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF
iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl
sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0
u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2
YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b
GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ
7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD
EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb
LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk
Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3
d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo
8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr
q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6
4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI
UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl
J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B
TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF
F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6
+Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR
tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYKJAhwEEwEIAAYF
AlOoWhYACgkQJhw1C503mSxeqRAApW8UY3vvyKqjoqJu94RIyI7AIkwn4Vw5LxDS
gN623ghE2IIwF2Ytp9fMXID8BRZVjnESTrTvuBFp8GT4T1lUEv6zC8tMzZdO9BeU
pmT9odeen0h92GKgUfRwWTjViJHSDrV8wHcHhA8FX3mEVy17s7Nvvj2Ki3AIG6WW
LzZOSmbQJV+DaHXionQqecsVousCgwwuWWNqKXSJASzcOS1LRoVJDnZyGXmi1thX
thU0FcyLyaKjLfCP6ZoorGaxcEev6nxUUWAfO7MWVUTB6ij2PL/d6oRgbyOUsdne
NRBa6sblLDRivI38KKC5GCw7Eh4yoQJzG2r3QQBgJto/bDoUMJW+EFeM2qgcISCD
6eGrVy9ZHVBOPgBS8awEAvaR5/Gy/kn6YYUg5ReC8O+HCWDIxVrbrwyeCxHg+HUI
mgtVfyZfLnpBzp0p1jSAlC3N7KWviPt+/MQmW0a7+WMnbVxJiJmJQHuFoGcHFFM8
wOA8i1KUXzWgT+IYOw9/nw2qyHMwV3BO/Py9OfRUKlybGar5rGBos7uFHk7pe+Yp
7pdES5Ie83Zw7CHMDp8u7VeEJHSqxVd+jaeHl6nnuG1Hoo4AVLTm5ATbj1Zdq+td
8sNWVyMue0nRvuAtTlN0iBkH/KVor6GGf2HZYXfDcGu7zojtNHlYXngBuz60YlDL
oPeFaoeJAhwEEQEKAAYFAlOoUqcACgkQgHar3gJLs9HE1hAAxzxXG1jNu1ntjEkv
M3js4j84rS+JI1XhR+7JalndjXAbHjwMlo/KOLhRtKYXdpkXpGmrE87FDdW8mci5
nSahPMn/+vaEdVYyXqo1w0UvZChHxWnsE9FRgggOxTbCZae1P5LVSTB1XZcHZ7+9
cG0cO43FCB20AMCOHcFr8j0F4HYi+KllI3kawdV8l6qCy6q06z47v0C+ZxoFcdYj
KLYxymaBn+FE9GKEHJZiqMljiKzt41OGpkg3S1vtXl0zqUKfiebo3ZcVMF3xtio8
NVpHIQSsqg8Q7zZrLBkPTQw0smCdUFxYMjBOVSZ15z7tFCQMYuHThrf2j2wZv++F
cgt9C/6wbGalCNDuOU/dyfyiO95GPQf1nqq2N2vHGIaGMvbqS8oahprEJ3nXEisT
TJ+ofh1f+GX4QCO4mjtR1voqKbg9xkMl9Ap/fEgW3btZ1kuhegpekPDgGhGVwJ9V
N3w1XVOSUdFmKtArHvBrb6cfV6VHiOuYcPWkTwGckJOwNJhgyUPsjGWwrIp6L0+G
4emipfYoIDtFouSjkVF4eXJcr/taguuICj/pn7rsFdYlij5lbcxGVC+aPTcJrdY8
v7Zyv2wOcTIrU//7PGPLJI1cdT7gQUYlzVnAJGxhq9CLPZlNJRy9pLDTPxvVXQRz
jQxx6RX1pAUPDWJQ2wfmaEHAz0WJAhwEEwECAAYFAlOnjksACgkQDj2OcPh1SrYd
tQ/+LOsCj8V0oOzbiTHREBrjr3S7u/58HRD/8zec61rc4FoCp3Fa+3kmhFDIajLj
VeRtsSSaOr0u6cue30QsGeHE2cbGPNWIqXV3V80I57O3yXRL2DU4GmDLNIF2/ejy
wCSvbHgONEXC4UVPtamHWGqh4sh2ijyJqUx3I0/6afBFn4BVfcsAjNrRe/GwD80/
ETkfSui4flyZ330sjqM/N2Hp/YwsOTXKXfAThcjb+qZ2BRVnmpldeK593+dFvFG1
FUK3kC8VFqS49fxgxR/Zo7jNEbrltzjzdRb6BBY86tqwbcnrja8MJHA2MpGtGckV
9/K/LE2jVJN+qeyLN/EoM86Sd+WIQtVY3oxAYwiVGng83t+CI6NPazVMLIQlciwI
lAY+DAGNz+mUTeKwCv7F8sOX91v6PHaB0csvk1I2Is3qwv8zlgnhKdl2R6PzQbsU
Ix1+rvsJ99no75GJeVY/D9YzBJ4a0i0Uu7QF/k8F690qDvSTwx71unxX+0PmJqNu
2sCVQNgLFt7Qtj9+l1pzulzWlZBSDhIBs5mT0jscwjRykDgfngiWDOymfdMG8eSZ
GAK10j+F883uyWlEEFOdA/DBOV3d3Jcm935of4dT1GUmKeoAKixHMkiNT3RvGHlm
fEjMq0vdf6inZva0PTzJSkhooMWYBuROHRMZs9PjrdXRHBeIRgQSEQIABgUCU6iz
+gAKCRAcAAgvMZOT9D2+AJ9aAZIbjN/m2Jjaojkxg9L5aBWBPQCeJIMpW1iiDELi
byKoVnd08EbgxJqIXgQSEQgABgUCU6iz4wAKCRBWtwXK6VQruLL/AQCbgU3t/mfh
bMQjuvE2DsE3qXiEVMEbXnxlCiodiMF4UgEAgPIAQcV+Jo+D+p0nHrVl2ClAhhpz
W/zuJqtJ24C20ZqJAhwEEAECAAYFAlOocMMACgkQyapz7WGq1jsRNg/+NH09e7g1
CuPVa/1cBRoiprBvWXmy734MpkzW4kyVMZjBCQXBCrJFvZgvhQhYrR8jXmj+ZJEr
kfX3UHimyhWbBnu+XqIWzWwEtg7bggQN3eFyNcIV/KI9rK7IBQO92AptpTusIdgA
DQTFlJO06pF4kE89ZjBALQFbKDY1EJX3hyQEYixOzO4936xbwxoiJKR2J71ZGele
xXauhz2kpOd2jg/oMhhAOzldFaWAUBQJZPwl4vZrqVjNcMUNeINGd7++kkfBLfxL
xHJ8ynnXWHalsHVzdDRaFqp1Bna8RwrHnDd4Hwd/4Qv7iVZqmLLqEJpIgS1IDMx/
BwkrCOD0gluwmxlm3PbbeUKeR/cj6CICFt9TgUJrYm9Vh7n0y8uHKY6PE5J4NX9l
D75eoPk2SuYTNgAR4iuI5MYQIKWL7aeKh09piPgrIrja8eDQ5AsklBaDYxOYZrot
Xx+sgGXGSLK3eyvZ+hJ8hBX38mydYpswzhvr/vAyKz8TQ6bwnRVlvkMYE+LjevOD
Wm9+EfkvBRChJcgDoycoHIFVaQ47Hgu2eGyCRNoMZ3l6O1O4AN5+RXrAJAi06zFs
RUnBLqxjSMmYqPYUowAxG0ukougc2HVCl1kMD9NxvK5zOfleUA8wWb5O9Z5tllnD
qu7RtIVXAXIJgn2HRDVk+wP8xuY2qJlfo1yJAhwEEAECAAYFAlOpb/EACgkQKPqA
GkO91jd+Dg/+NF4QwqLvxgl2TiORDt5HjWHSGMBlaYFBEwrBAgNvwZEH80mAsua6
FnfZMSGiFmpVfMUqkjOJVdmA8yERxYFsyGopv/9OmOT2UxV4IZl5YYAJRsPHLjzV
MIUKiGPI1yvrhYW91hKRFGIxwqE7XHwWToufwHe5WB6AdeGyoIHtQcw0eTKSJHz2
zbpyWKBx0wAK55YqMEQ2rx9qcOjZy3vjxlotwfGnBeR4VT6Oap1DvAkNZ4XcN0Ok
AKZbFBEMbJed9fnciwDV+Y/svPb05l+zSgmqJ6axhwSvu7rct+dksfmb0BnF03kh
SzNVlu0S/85mhEPgx1/BZxIp34RDbcqWymHsgPyhxwBBlFryfVvJrtyAMWs4T8mn
RkqKrNQHMfPOTBioxi2HOyG2eSK8BlQsJS5yccnYaBnSegWaIxkU+2l/yJkYMhl5
sXdlmqcTtwv+R+acDkEPe9BQstn0+xOWL6hqpA0EM710LJCkQnB4c/JNgW5CL08k
CevBVole5jYJL5rXmUL0U+ZWGZMakFrrrkhuQMEjxecyuOHs4jrnsVVGz/e0hqWv
0NnRY9m5UyKEZIA1si8tFIrtrTSgZ5/sGH9/pksQ2HObrKe4LY6zVSyJLXwX1htQ
/j0st83YkDZ5mEY0r+Hh/1XOzhWgQ0ONR/MOIKNyjVTHldCrb4WPM4mJAZwEEAEC
AAYFAlOo8v0ACgkQrgrV97KweO9sfgv+NKYxgCiWrRjYW80hJE74OEJrjBGQDOJ5
MPVvPSH7StOfSMpckLoNWedJJ7RuInOzuUY0lAUH6/ql+Krf4ysHlSGjuu+dDy0d
HN3gu994YrjT6hVzEG1OV+sJcTuvgn2qTVYu1ksIV/SZ48l0PRMwPXcu3FSzKvti
G1gHFNx1cyzjxwmdT42afKCpR8RvwmWPfbDmEz500iFXsw78EEBXEWo81bXncWdZ
Eic8QeVyTWKFldIrZLkL7+RQY3hViu0G5C7gSP39ZU4ZTegqMaEhHzuKtCiNO5Y2
+hkYZgRNnUOSrmWO+wkLUNRtG2Strx5Sy9p94fn/decfuRsEJo4L1aMCFGEDfRSD
bc3pBG3tr9qvNBAegTTMQlZJcxa52Z7EI56rQGYEPw8kvt/uOqMYybUIxwVATgIt
fRy9Jsyz+0DwZfEINkuEFA/S2KCwWys5aZfPDCsqwh0gS/olvT06v97loF8XED0P
0irX4/6BHFHDlM8aNnN11p02p5lrTpLGuQQNBEtohLgQEAClnTC/GlBWVno4QVr1
IFDl5yVEg6NeMqqRgaS8jH6NSaoJh86B8+LE4ZhLlDYrAc3PhcQ4g4DWTIKUCgAC
A4QZTGPwLGdsGTXQhWj8kE42N2opg9nZg114gispcSZqLiLmErkB9kejKqxXlqrE
aQZ5VSO79yjJEljotryIv5EG7GJG5Q9bKYaO0hIBHp9KI3x/+RGXL/L0uYw7wlw6
l6J6otQU8roq7OEjgXScWQcmlk8M04ceX4aYBn5KpnGYiumQbKZ3fqFMrFbieWc3
qSpzWAzB2fUv+78P4L+OExtNOyyqIxl7I/24WacwHeWzU1Xw7G9vFxMEbQzuDgCV
99RAqlSs2EgGgLdHtRthDcJNlfVCn9MHNt9ECAaF1YFANAR3f8uX0bhBoKz0j7hb
ryuQCvt7sjKUfJ8SL2hhCRcUgR5oCGIQ2YkGlwulqz/I0mgtrKrM+xD6VE2DeiYW
e0+1miWQyLqitE2LGuBdXrib/TVg2OYEVOqynnA6raPRyZORs5ap2eWYY+DYSXW5
95slzphZLWcWbphGk38HdBu0CdqvUJv4geWvSFpM5iFCn5cU36TVuuqz5K59rz+v
Po3m2yb5bkaMcq8evbgVNrTa7cfiUio2U0GTNlkqHMCHERaInPBz9/a6kbm92mWs
z9gJT5dOi1g9vlkRdB7aYP+tcwADBQ//R/UM4kh+cyuHWj/dEqoOryTu2W/YYQS/
RUSeHy3Lh0xvwOizYzU5zgq/1AsHcNdxLj8vglbm8XRCBIDOrWvmgFPXNoxyoNLo
5SUetZSLxoM23kQ9C4QZ0/b+JMN4Crivx4JisdELt6CV3JFmuZY19xk3r8b0r4lK
OFZ9JZZIFEipv5TFxA0KnqLq29VLEJ8srVHg/iQD9ngKja/LAh9V8+Ed3mchY2XX
KX07evTgYI1OPPCy/92FQYMUhWyCGB6Fm4vQFvuEO7K9nZKEAu6Znm3uZT9InaE6
TeSU77ZsgkHSCq5SRaf/iDWHZOn1dVasjXHoZQHFFiTALi1ZqPNZ5ULmFwNUB2pg
3QfQdWP8ISCsRaUJW/WEnQlgCyNfwKPVC5kHWLfh+MSSDJsyOjegJTkYJKI2a+1N
5Sl7HJj/uIcB3KhkcVP59BLzhUxgoVPi1Ngf7mNNrrbJ8+GfrdNg+iutHJOobxol
AudzObQ03lHmauJglCOvg+Pw9JLBZyT8a3xHm9v4Lr365cg0Ho4qqEbrFTRuqcIj
G3c6FVLu/RJ8eOfT6KX8k5z96/3CbobkXGYRY6hjCJuZoPMd9z03UcxHONMQ0jt/
Ik80WP0gOSnCTgTfKWuS5WXYoSZgMn1P2fLhQydDtJvrDn1SHEwgW1FM82lAlYJZ
d+FZQCjhZ8KISQQYEQIACQUCS2iEuAIbDAAKCRDLywgqG7lD29OGAJ4gfMkLP5Az
y7iIJOsZon3D/6PDPgCdGF1dwVW/uy+3ao53fvgS0JKO/bg=
=bSQ3
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -0,0 +1,12 @@
---
upgrade:
- |
The data structure for ``galera_client_gpg_keys`` has been changed to be
a dict passed directly to the applicable apt_key/rpm_key module. As such
any overrides would need to be reviewed to ensure that they do not pass
any key/value pairs which would cause the module to fail.
- |
The default values for ``galera_client_gpg_keys`` have been changed for
all supported platforms will use vendored keys. This means that the task
execution will no longer reach out to the internet to add the keys,
making offline or proxy-based installations easier and more reliable.

View File

@ -26,38 +26,26 @@
tags:
- galera-client-apt-packages
- name: Add galera apt-keys
block:
- name: Add keys (primary keyserver)
apt_key:
id: "{{ item.hash_id }}"
keyserver: "{{ item.keyserver | default(omit) }}"
data: "{{ item.data | default(omit) }}"
url: "{{ item.url | default(omit) }}"
state: "present"
with_items: "{{ galera_client_gpg_keys }}"
register: add_keys
until: add_keys is success
retries: 5
delay: 2
tags:
- galera-client-apt-keys
- name: If a keyfile is provided, copy the gpg keyfile to the key location
copy:
src: "gpg/{{ item.id }}"
dest: "{{ item.file }}"
mode: '0644'
with_items: "{{ galera_client_gpg_keys | selectattr('file','defined') | list }}"
tags:
- galera-client-apt-keys
rescue:
- name: Add keys (fallback keyserver)
apt_key:
id: "{{ item.hash_id }}"
keyserver: "{{ item.fallback_keyserver | default(omit) }}"
url: "{{ item.fallback_url | default(omit) }}"
state: "present"
register: add_keys_fallback
until: add_keys_fallback is success
retries: 5
delay: 2
with_items: "{{ galera_client_gpg_keys }}"
when: item.fallback_keyserver is defined or item.fallback_url is defined
tags:
- galera-client-apt-keys
- name: Install gpg keys
apt_key: "{{ key }}"
with_items: "{{ galera_client_gpg_keys }}"
loop_control:
loop_var: key
register: _add_apt_keys
until: _add_apt_keys is success
retries: 5
delay: 2
tags:
- galera-client-apt-keys
- name: Ensure the sources.list.d folder exists
file:

View File

@ -65,40 +65,33 @@
tags:
- galera-config
- name: Add galera gpg-keys
block:
- name: Add keys (primary keyserver)
rpm_key:
state: present
key: "{{ item.keyserver }}/{{ item.key_name }}"
register: add_keys
until: add_keys is success
retries: 5
delay: 2
with_items: "{{ galera_client_gpg_keys }}"
tags:
- galera-gpg-keys
- name: If a keyfile is provided, copy the gpg keyfile to the key location
copy:
src: "gpg/{{ item.key | basename }}"
dest: "{{ item.key }}"
mode: '0644'
with_items: "{{ galera_client_gpg_keys }}"
tags:
- galera-gpg-keys
rescue:
- name: Add keys (fallback keyserver)
rpm_key:
state: present
key: "{{ item.fallback_keyserver }}/{{ item.key_name }}"
register: add_keys
until: add_keys is success
retries: 5
delay: 2
with_items: "{{ galera_client_gpg_keys }}"
when: item.fallback_keyserver is defined
tags:
- galera-gpg-keys
- name: Install gpg keys
rpm_key: "{{ key }}"
with_items: "{{ galera_client_gpg_keys }}"
loop_control:
loop_var: key
register: _add_yum_keys
until: _add_yum_keys is success
retries: 5
delay: 2
tags:
- galera-gpg-keys
- name: Add galera repo
yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
baseurl: "{{ item.baseurl }}"
gpgkey: "{{ item.gpgkey }}"
gpgkey: "{{ item.gpgkey | default(omit) }}"
gpgcheck: yes
enabled: yes
register: add_repos

View File

@ -41,33 +41,26 @@
tags:
- galera-config
- name: Add galera gpg-keys
block:
- name: Add keys (primary keyserver)
rpm_key:
state: present
key: "{{ item.keyserver }}/{{ item.key_name }}"
register: add_keys
until: add_keys is success
retries: 5
delay: 2
with_items: "{{ galera_client_gpg_keys }}"
tags:
- galera-gpg-keys
- name: If a keyfile is provided, copy the gpg keyfile to the key location
copy:
src: "gpg/{{ item.key | basename }}"
dest: "{{ item.key }}"
mode: '0644'
with_items: "{{ galera_client_gpg_keys }}"
tags:
- galera-gpg-keys
rescue:
- name: Add keys (fallback keyserver)
rpm_key:
state: present
key: "{{ item.fallback_keyserver }}/{{ item.key_name }}"
register: add_keys
until: add_keys is success
retries: 5
delay: 2
with_items: "{{ galera_client_gpg_keys }}"
when: item.fallback_keyserver is defined
tags:
- galera-gpg-keys
- name: Install gpg keys
rpm_key: "{{ key }}"
with_items: "{{ galera_client_gpg_keys }}"
loop_control:
loop_var: key
register: _add_zypper_keys
until: _add_zypper_keys is success
retries: 5
delay: 2
tags:
- galera-gpg-keys
- name: Add galera repo
zypper_repository:

View File

@ -20,7 +20,6 @@ _galera_client_repo:
description: "MariaDB Repo"
file: "{{ mariadb_repo_filename }}"
baseurl: "{{ galera_client_repo_url }}"
gpgkey: "http://yum.mariadb.org/RPM-GPG-KEY-MariaDB"
# Packages conflicting with MariaDB
# These are evaluated using case-sensitivity!
@ -35,6 +34,5 @@ galera_client_distro_packages:
# Galera GPG Keys
_galera_client_gpg_keys:
- key_name: 'RPM-GPG-KEY-MariaDB'
keyserver: 'https://yum.mariadb.org'
fallback_keyserver: 'http://yum.mariadb.org'
# MariaDB Package Signing Key <package-signing-key@mariadb.org>
- key: /etc/pki/rpm-gpg/RPM-GPG-KEY-MariaDB

View File

@ -27,6 +27,4 @@ galera_client_distro_packages:
# Galera GPG Keys
_galera_client_gpg_keys:
- key_name: 'RPM-GPG-KEY-MariaDB'
keyserver: 'https://yum.mariadb.org'
fallback_keyserver: 'http://yum.mariadb.org'
- key: /etc/pki/RPM-GPG-KEY-MariaDB

View File

@ -24,7 +24,6 @@ galera_client_distro_packages:
# Galera GPG Keys
_galera_client_gpg_keys:
- key_name: 'mariadb'
keyserver: 'hkp://keyserver.ubuntu.com:80'
fallback_keyserver: 'hkp://p80.pool.sks-keyservers.net:80'
hash_id: '0xF1656F24C74CD1D8'
# MariaDB Signing Key <signing-key@mariadb.org>
- id: C74CD1D8
file: /etc/ssl/mariadb-key