Ensure NGINX repo and install before apt update, so that it works

Ensure NGINX repo and install on nginx_hosts before apt update, so that the latest NGINX key is deployed and apt update won't fail on an invalid signature on these hosts. Also only run the gnupg install if gnupg isn't present in the nginx repo_setup.yaml to make that work.
2024-06-18 01:14:00 +02:00 · 2024-06-18 01:14:00 +02:00 · 11bbf187c6
parent fb4aabc772
commit 11bbf187c6
2 changed files with 18 additions and 0 deletions
--- a/playbooks/maintenance.yaml
+++ b/playbooks/maintenance.yaml
@ -1,3 +1,16 @@
+- name: Ensure NGINX repo and install on nginx_hosts
+  hosts: nginx_hosts
+  tasks:
+    - name: make sure NGINX repos are setup
+      ansible.builtin.include_role:
+        name: nginx
+        tasks_from: main/repo_setup
+
+    - name: make sure NGINX is installed
+      ansible.builtin.include_role:
+        name: nginx
+        tasks_from: main/nginx_install
+
 - name: Make Sure System Package Are Up-To-Date
  hosts: all
  roles:
--- a/playbooks/roles/nginx/tasks/main/repo_setup.yaml
+++ b/playbooks/roles/nginx/tasks/main/repo_setup.yaml
@ -1,9 +1,14 @@
+- name: gather package facts
+  ansible.builtin.package_facts:
+    manager: apt
+
 - name: make sure `gnupg` package is installed
  ansible.builtin.apt:
    name: gnupg
    state: present
    update_cache: true
  become: true
+  when: "'gnupg' not in ansible_facts.packages"

 - name: make sure NGINX signing key is added
  ansible.builtin.get_url: