1.1.0 is "always changed"

[532910]

TASK [andrewsomething.do-agent : create temporary file for public key] ******************
changed: [host]

TASK [andrewsomething.do-agent : download public key] ***********************************
changed: [host]

TASK [andrewsomething.do-agent : install public key to keyring] *************************
changed: [host]

[andrewsomething]

Not entirely sure how best to handle this. We need to:

• Downloaded the ASCII armored key from https://repos.insights.digitalocean.com/sonar-agent.asc
• Convert it to binary format with gpg --dearmor
• Then install that to /usr/share/keyrings/digitalocean-agent-keyring.gpg

It seems if it is downloaded to a tmp location, Ansible will always download it. Perhaps we can save the ASCII armored key to a permanent location.

[532910]

BTW

1. DO provides droplet-agent-keyring packet, could it help somehow? (eg install it without key checking)
2. Is this ansible role still actual at all? DO provides a checkbox to install it on droplet creation time, and will update sources.list on postinstall: https://docs.digitalocean.com/products/monitoring/how-to/install-agent/

[andrewsomething]

Is this ansible role still actual at all? DO provides a checkbox to install it on droplet creation time

Right. That is generally how I install it myself. I originally wrote the role to migrate from the legacy agent to the current one which required manual intervention: https://docs.digitalocean.com/products/monitoring/how-to/upgrade-legacy-agent/ But I've continued to maintain the role as it seems that some people find it useful.