roles/mariadb: rework package signing key and repo

2022-09-12 10:09:41 +03:00 · 2022-09-12 10:09:41 +03:00 · c317429f6d
commit c317429f6d
parent b512a7f765
1 changed files with 40 additions and 8 deletions
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@ -1,20 +1,52 @@
 ---
- name: Add GPG key for MariaDB repo
-  ansible.builtin.apt_key: id=0x177F4010FE56CA3336300305F1656F24C74CD1D8 url=https://mariadb.org/mariadb_release_signing_key.asc
-  register: add_mariadb_apt_key
-  tags: mariadb, packages
+- name: Remove MariaDB key from apt-key
+  ansible.builtin.apt_key:
+    id: 0x177F4010FE56CA3336300305F1656F24C74CD1D8
+    state: absent
+  tags:
+    - packages
+    - mariadb
+
+- name: Check MariaDB package signing key
+  ansible.builtin.stat:
+    path: /etc/apt/keyrings/mariadb_release_signing_key.asc
+  register: mariadb_signing_key_stat
+  tags:
+    - packages
+    - mariadb
+
+- name: Download MariaDB package signing key
+  ansible.builtin.get_url:
+    url: https://mariadb.org/mariadb_release_signing_key.asc
+    dest: /etc/apt/keyrings/mariadb_release_signing_key.asc
+    owner: root
+    group: root
+    mode: 0644
+  register: download_mariadb_signing_key
+  when: not mariadb_signing_key_stat.stat.exists
+  tags:
+    - packages
+    - mariadb

 - name: Add MariaDB 10.6 repo
-  ansible.builtin.template: src=mariadb.list.j2 dest=/etc/apt/sources.list.d/mariadb.list owner=root group=root mode=0644
+  ansible.builtin.apt_repository:
+    repo: 'deb [arch=amd64 signed-by=/etc/apt/keyrings/mariadb_release_signing_key.asc] https://dlm.mariadb.com/repo/mariadb-server/10.6/repo/debian {{ ansible_distribution_release }} main'
+    filename: mariadb
+    state: present
  register: add_mariadb_apt_repository
-  tags: mariadb, packages
+  tags:
+    - packages
+    - mariadb

 - name: Update apt cache
-  ansible.builtin.apt:
+  ansible.builtin.apt: # noqa no-handler
    update_cache: true
  when:
-    add_mariadb_apt_key is changed or
+    (download_mariadb_signing_key.status_code is defined and download_mariadb_signing_key.status_code == 200) or
    add_mariadb_apt_repository is changed
+  tags:
+    - packages
+    - mariadb

 - name: Install mariadb-server
  ansible.builtin.apt: name={{ item }} state=present cache_valid_time=3600