summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-12-18 14:44:28 +0000
committerGerrit Code Review <review@openstack.org>2018-12-18 14:44:28 +0000
commit1d84ae7ae0ab899b373b771b9468616c03fa9878 (patch)
treea7522c266043c5354cf1696ae858c998a33f318f
parenta6c67fa482072ba8ddc76485a03a7e5747661257 (diff)
parentc2b73bff5229257ab5b976f503b9ef21531600f7 (diff)
Merge "Normalise in-repo GPG key implementation"
-rw-r--r--defaults/main.yml8
-rw-r--r--files/gpg/RPM-GPG-KEY-MariaDB (renamed from files/gpg/1BB943DB)0
-rw-r--r--files/gpg/RPM-GPG-KEY-percona (renamed from files/gpg/CD2EFD2A)0
-rw-r--r--releasenotes/notes/galera-gpg-keys-96ed45fd1ec4cb14.yaml12
-rw-r--r--tasks/galera_install_apt.yml11
-rw-r--r--tasks/galera_install_yum.yml9
-rw-r--r--tasks/galera_install_zypper.yml13
-rw-r--r--vars/redhat-7.yml8
-rw-r--r--vars/suse.yml5
-rw-r--r--vars/ubuntu.yml12
10 files changed, 40 insertions, 38 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
index ceec824..d77b75d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -51,6 +51,14 @@ galera_repo_url: "{{ _galera_repo_url }}"
51galera_repo: "{{ _galera_repo }}" 51galera_repo: "{{ _galera_repo }}"
52 52
53# Set the gpg keys needed to be imported 53# Set the gpg keys needed to be imported
54# This should be a list of dicts, with each dict
55# giving a set of arguments to the applicable
56# package module. The following is an example for
57# systems using the apt package manager.
58# galera_gpg_keys:
59# - id: '0xF1656F24C74CD1D8'
60# keyserver: 'hkp://keyserver.ubuntu.com:80'
61# validate_certs: no
54galera_gpg_keys: "{{ _galera_gpg_keys | default([]) }}" 62galera_gpg_keys: "{{ _galera_gpg_keys | default([]) }}"
55 63
56# Set the rpo information for the Percona Xtrabackup repository 64# Set the rpo information for the Percona Xtrabackup repository
diff --git a/files/gpg/1BB943DB b/files/gpg/RPM-GPG-KEY-MariaDB
index b0d722a..b0d722a 100644
--- a/files/gpg/1BB943DB
+++ b/files/gpg/RPM-GPG-KEY-MariaDB
diff --git a/files/gpg/CD2EFD2A b/files/gpg/RPM-GPG-KEY-percona
index 1c78566..1c78566 100644
--- a/files/gpg/CD2EFD2A
+++ b/files/gpg/RPM-GPG-KEY-percona
diff --git a/releasenotes/notes/galera-gpg-keys-96ed45fd1ec4cb14.yaml b/releasenotes/notes/galera-gpg-keys-96ed45fd1ec4cb14.yaml
new file mode 100644
index 0000000..a690dec
--- /dev/null
+++ b/releasenotes/notes/galera-gpg-keys-96ed45fd1ec4cb14.yaml
@@ -0,0 +1,12 @@
1---
2upgrade:
3 - |
4 The data structure for ``galera_gpg_keys`` has been changed to be
5 a dict passed directly to the applicable apt_key/rpm_key module. As such
6 any overrides would need to be reviewed to ensure that they do not pass
7 any key/value pairs which would cause the module to fail.
8 - |
9 The default values for ``galera_gpg_keys`` have been changed for
10 all supported platforms will use vendored keys. This means that the task
11 execution will no longer reach out to the internet to add the keys,
12 making offline or proxy-based installations easier and more reliable.
diff --git a/tasks/galera_install_apt.yml b/tasks/galera_install_apt.yml
index 793565e..a107c05 100644
--- a/tasks/galera_install_apt.yml
+++ b/tasks/galera_install_apt.yml
@@ -20,16 +20,13 @@
20 20
21- name: If a keyfile is provided, copy the gpg keyfile to the key location 21- name: If a keyfile is provided, copy the gpg keyfile to the key location
22 copy: 22 copy:
23 src: "{{ item.keyfile }}" 23 src: "gpg/{{ item.id }}"
24 dest: "{{ item.key }}" 24 dest: "{{ item.file }}"
25 mode: '0644' 25 mode: '0644'
26 with_items: "{{ galera_gpg_keys | selectattr('keyfile','defined') | list }}" 26 with_items: "{{ galera_gpg_keys | selectattr('file','defined') | list }}"
27 27
28- name: Install gpg keys 28- name: Install gpg keys
29 apt_key: 29 apt_key: "{{ key }}"
30 id: "{{ key.id }}"
31 file: "{{ key.key | default(omit) }}"
32 state: "{{ key.state | default('present') }}"
33 with_items: "{{ galera_gpg_keys }}" 30 with_items: "{{ galera_gpg_keys }}"
34 loop_control: 31 loop_control:
35 loop_var: key 32 loop_var: key
diff --git a/tasks/galera_install_yum.yml b/tasks/galera_install_yum.yml
index 2454afc..c90ef4c 100644
--- a/tasks/galera_install_yum.yml
+++ b/tasks/galera_install_yum.yml
@@ -51,16 +51,13 @@
51 51
52- name: If a keyfile is provided, copy the gpg keyfile to the key location 52- name: If a keyfile is provided, copy the gpg keyfile to the key location
53 copy: 53 copy:
54 src: "{{ item.keyfile }}" 54 src: "gpg/{{ item.key | basename }}"
55 dest: "{{ item.key }}" 55 dest: "{{ item.key }}"
56 mode: '0644' 56 mode: '0644'
57 with_items: "{{ galera_gpg_keys | selectattr('keyfile','defined') | list }}" 57 with_items: "{{ galera_gpg_keys }}"
58 58
59- name: Install gpg keys 59- name: Install gpg keys
60 rpm_key: 60 rpm_key: "{{ key }}"
61 key: "{{ key.key }}"
62 validate_certs: "{{ key.validate_certs | default(omit) }}"
63 state: "{{ key.state | default('present') }}"
64 with_items: "{{ galera_gpg_keys }}" 61 with_items: "{{ galera_gpg_keys }}"
65 loop_control: 62 loop_control:
66 loop_var: key 63 loop_var: key
diff --git a/tasks/galera_install_zypper.yml b/tasks/galera_install_zypper.yml
index 3040fe5..b960489 100644
--- a/tasks/galera_install_zypper.yml
+++ b/tasks/galera_install_zypper.yml
@@ -32,21 +32,18 @@
32 32
33- name: If a keyfile is provided, copy the gpg keyfile to the key location 33- name: If a keyfile is provided, copy the gpg keyfile to the key location
34 copy: 34 copy:
35 src: "{{ item.keyfile }}" 35 src: "gpg/{{ item.key | basename }}"
36 dest: "{{ item.key }}" 36 dest: "{{ item.key }}"
37 mode: '0644' 37 mode: '0644'
38 with_items: "{{ galera_gpg_keys | selectattr('keyfile','defined') | list }}" 38 with_items: "{{ galera_gpg_keys }}"
39 39
40- name: Install gpg keys 40- name: Install gpg keys
41 rpm_key: 41 rpm_key: "{{ key }}"
42 key: "{{ key.key }}"
43 validate_certs: "{{ key.validate_certs | default(omit) }}"
44 state: "{{ key.state | default('present') }}"
45 with_items: "{{ galera_gpg_keys }}" 42 with_items: "{{ galera_gpg_keys }}"
46 loop_control: 43 loop_control:
47 loop_var: key 44 loop_var: key
48 register: _add_yum_keys 45 register: _add_zypper_keys
49 until: _add_yum_keys is success 46 until: _add_zypper_keys is success
50 retries: 5 47 retries: 5
51 delay: 2 48 delay: 2
52 49
diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml
index 5994fcf..3484c71 100644
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@@ -16,13 +16,9 @@
16# Galera GPG Keys 16# Galera GPG Keys
17_galera_gpg_keys: 17_galera_gpg_keys:
18 # MariaDB Package Signing Key <package-signing-key@mariadb.org> 18 # MariaDB Package Signing Key <package-signing-key@mariadb.org>
19 - name: mariadb 19 - key: /etc/pki/rpm-gpg/RPM-GPG-KEY-MariaDB
20 key: /etc/pki/rpm-gpg/RPM-GPG-KEY-MariaDB
21 keyfile: 'gpg/1BB943DB'
22 # Percona MySQL Development Team <mysql-dev@percona.com> 20 # Percona MySQL Development Team <mysql-dev@percona.com>
23 - key_name: percona 21 - key: /etc/pki/rpm-gpg/RPM-GPG-KEY-percona
24 key: /etc/pki/rpm-gpg/RPM-GPG-KEY-percona
25 keyfile: 'gpg/CD2EFD2A'
26 22
27# Default private device setting 23# Default private device setting
28# This provides some additional security, but it causes problems with creating 24# This provides some additional security, but it causes problems with creating
diff --git a/vars/suse.yml b/vars/suse.yml
index ce27631..d28ca8a 100644
--- a/vars/suse.yml
+++ b/vars/suse.yml
@@ -15,9 +15,8 @@
15 15
16# Galera GPG Keys 16# Galera GPG Keys
17_galera_gpg_keys: 17_galera_gpg_keys:
18 - name: mariadb 18 # MariaDB Package Signing Key <package-signing-key@mariadb.org>
19 key: /etc/pki/RPM-GPG-KEY-MariaDB 19 - key: /etc/pki/RPM-GPG-KEY-MariaDB
20 keyfile: 'gpg/1BB943DB'
21 20
22# Default private device setting 21# Default private device setting
23_galera_disable_privatedevices: yes 22_galera_disable_privatedevices: yes
diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml
index 86f0877..fddbd34 100644
--- a/vars/ubuntu.yml
+++ b/vars/ubuntu.yml
@@ -22,15 +22,11 @@ _galera_disable_privatedevices: yes
22# Galera GPG Keys 22# Galera GPG Keys
23_galera_gpg_keys: 23_galera_gpg_keys:
24 # MariaDB Signing Key <signing-key@mariadb.org> 24 # MariaDB Signing Key <signing-key@mariadb.org>
25 - name: mariadb 25 - id: C74CD1D8
26 id: C74CD1D8 26 file: /etc/ssl/mariadb-key
27 key: /etc/ssl/mariadb-key
28 keyfile: 'gpg/C74CD1D8'
29 # Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com> 27 # Percona MySQL Development Team (Packaging key) <mysql-dev@percona.com>
30 - key_name: percona 28 - id: 8507EFA5
31 id: 8507EFA5 29 file: /etc/ssl/percona-pkg-key
32 key: /etc/ssl/percona-pkg-key
33 keyfile: 'gpg/8507EFA5'
34 30
35galera_server_required_distro_packages: 31galera_server_required_distro_packages:
36 - apt-transport-https 32 - apt-transport-https