From 11bbf187c66f8debd58321f8ab6f631b85f15311 Mon Sep 17 00:00:00 2001 From: June Date: Tue, 18 Jun 2024 01:14:00 +0200 Subject: [PATCH] Ensure NGINX repo and install before apt update, so that it works Ensure NGINX repo and install on nginx_hosts before apt update, so that the latest NGINX key is deployed and apt update won't fail on an invalid signature on these hosts. Also only run the gnupg install if gnupg isn't present in the nginx repo_setup.yaml to make that work. --- playbooks/maintenance.yaml | 13 +++++++++++++ playbooks/roles/nginx/tasks/main/repo_setup.yaml | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/playbooks/maintenance.yaml b/playbooks/maintenance.yaml index 9a7150b..e5838df 100644 --- a/playbooks/maintenance.yaml +++ b/playbooks/maintenance.yaml @@ -1,3 +1,16 @@ +- name: Ensure NGINX repo and install on nginx_hosts + hosts: nginx_hosts + tasks: + - name: make sure NGINX repos are setup + ansible.builtin.include_role: + name: nginx + tasks_from: main/repo_setup + + - name: make sure NGINX is installed + ansible.builtin.include_role: + name: nginx + tasks_from: main/nginx_install + - name: Make Sure System Package Are Up-To-Date hosts: all roles: diff --git a/playbooks/roles/nginx/tasks/main/repo_setup.yaml b/playbooks/roles/nginx/tasks/main/repo_setup.yaml index d563821..9edc156 100644 --- a/playbooks/roles/nginx/tasks/main/repo_setup.yaml +++ b/playbooks/roles/nginx/tasks/main/repo_setup.yaml @@ -1,9 +1,14 @@ +- name: gather package facts + ansible.builtin.package_facts: + manager: apt + - name: make sure `gnupg` package is installed ansible.builtin.apt: name: gnupg state: present update_cache: true become: true + when: "'gnupg' not in ansible_facts.packages" - name: make sure NGINX signing key is added ansible.builtin.get_url: