From 99d86d3adee51d1b584634c1ae27edcd69482b37 Mon Sep 17 00:00:00 2001 From: Julien Girardin Date: Tue, 28 Nov 2023 15:05:39 +0100 Subject: [PATCH] Install haproxy without using apt-key. Unifies Debian and Ubuntu --- roles/apiserver_haproxy/defaults/main.yml | 2 + roles/apiserver_haproxy/handlers/main.yml | 2 +- .../tasks/haproxy_repo_Debian.yml | 42 ++++++++++++++++--- .../tasks/haproxy_repo_Ubuntu.yml | 18 -------- roles/apiserver_haproxy/tasks/main.yml | 15 ++++++- roles/apiserver_haproxy/tasks/pkg_Debian.yml | 8 ++-- roles/apiserver_haproxy/vars/os_Debian.yml | 4 ++ roles/apiserver_haproxy/vars/os_Ubuntu.yml | 3 ++ 8 files changed, 64 insertions(+), 30 deletions(-) delete mode 100644 roles/apiserver_haproxy/tasks/haproxy_repo_Ubuntu.yml create mode 100644 roles/apiserver_haproxy/vars/os_Debian.yml create mode 100644 roles/apiserver_haproxy/vars/os_Ubuntu.yml diff --git a/roles/apiserver_haproxy/defaults/main.yml b/roles/apiserver_haproxy/defaults/main.yml index fd9a2d3..833d2fa 100644 --- a/roles/apiserver_haproxy/defaults/main.yml +++ b/roles/apiserver_haproxy/defaults/main.yml @@ -2,6 +2,8 @@ apiserver_proxy_apiserver_port: 6443 _apiserver_proxy_haproxy_version: '2.6.*' force_apt_update: false +haproxy_repo_url: '{{ haproxy_upstream_repo_url }}' +haproxy_gpg_url: '{{ haproxy_upstream_gpg_url }}' # From apiserver_docker apiserver_proxy_stack_dir: '/etc/docker-compose/apiserver-proxy' diff --git a/roles/apiserver_haproxy/handlers/main.yml b/roles/apiserver_haproxy/handlers/main.yml index ce25b0a..198f923 100644 --- a/roles/apiserver_haproxy/handlers/main.yml +++ b/roles/apiserver_haproxy/handlers/main.yml @@ -5,4 +5,4 @@ state: reloaded when: - apiserver_docker_compose.stat.exists != True - - not(haproxy_repo_just_added is changed and ansible_check_mode) + - not(_haproxy_repo_just_added is changed and ansible_check_mode) diff --git a/roles/apiserver_haproxy/tasks/haproxy_repo_Debian.yml b/roles/apiserver_haproxy/tasks/haproxy_repo_Debian.yml index 29d505a..184f3ed 100644 --- a/roles/apiserver_haproxy/tasks/haproxy_repo_Debian.yml +++ b/roles/apiserver_haproxy/tasks/haproxy_repo_Debian.yml @@ -1,19 +1,51 @@ --- +- name: 'Install software-properties-common if installing ppa' + apt: + name: software-properties-common + when: haproxy_repo_url.startswith('ppa:') + +- name: 'Create directory to store keys' + file: + dest: /etc/apt/keyrings + state: directory + register: _apt_keyring_directory + when: haproxy_gpg_url is not none and haproxy_gpg_url|length > 0 + - name: 'Add HAProxy repo signing key' - apt_key: - url: 'https://haproxy.debian.net/bernat.debian.org.gpg' + ansible.builtin.get_url: + url: '{{ haproxy_gpg_url }}' + dest: /etc/apt/keyrings/haproxy.asc' + force: true + when: + - haproxy_gpg_url is not none and haproxy_gpg_url|length > 0 + - not(_apt_keyring_directory is changed and ansible_check_mode) + +- name: 'Add the HAProxy repository (in dry-run to check change)' + apt_repository: + repo: '{{ haproxy_repo_url }}' + filename: haproxy state: present + update_cache: false + check_mode: true + register: _haproxy_repo_dry_run + +- name: 'Remove repository file if modification exists.' + file: + dest: /etc/apt/sources.list.d/haproxy.list + state: absent + when: _haproxy_repo_dry_run is changed - name: 'Add the HAProxy repository' apt_repository: - repo: 'deb http://haproxy.debian.net bullseye-backports-{{ _apiserver_proxy_haproxy_version | regex_replace("^(\d+[.]\d+)[.].+", "\1") }} main' + repo: '{{ haproxy_repo_url }}' filename: haproxy state: present - register: haproxy_repo_just_added + update_cache: false + register: _haproxy_repo_just_added - name: 'refresh source list' apt: update_cache: true when: >- - haproxy_repo_just_added is changed + _haproxy_repo_just_added is changed or force_apt_update|bool diff --git a/roles/apiserver_haproxy/tasks/haproxy_repo_Ubuntu.yml b/roles/apiserver_haproxy/tasks/haproxy_repo_Ubuntu.yml deleted file mode 100644 index 1646cc0..0000000 --- a/roles/apiserver_haproxy/tasks/haproxy_repo_Ubuntu.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: 'Install software-properties-common' - apt: - name: software-properties-common - -- name: 'Add the HAProxy repository' - apt_repository: - repo: 'ppa:vbernat/haproxy-{{ _apiserver_proxy_haproxy_version | regex_replace("^(\d+[.]\d+)[.].+", "\1") }}' - filename: haproxy - state: present - register: haproxy_repo_just_added - -- name: 'refresh source list' - apt: - update_cache: true - when: >- - haproxy_repo_just_added is changed - or force_apt_update|bool diff --git a/roles/apiserver_haproxy/tasks/main.yml b/roles/apiserver_haproxy/tasks/main.yml index 012d92b..d439042 100644 --- a/roles/apiserver_haproxy/tasks/main.yml +++ b/roles/apiserver_haproxy/tasks/main.yml @@ -2,8 +2,19 @@ - name: 'Detect if compose-based apiserver proxy exists' include_tasks: upgrade_from_docker.yml +- name: 'Include HAproxy OS variables' + include_vars: '{{ file_vars }}' + loop_control: + loop_var: file_vars + with_fileglob: + - 'vars/os_{{ ansible_os_family }}.yml' + - 'vars/os_{{ ansible_distribution }}.yml' + - 'vars/os_{{ ansible_distribution }}_{{ ansible_distribution_release }}.yml' + - name: 'Add HAProxy repository' - include_tasks: '{{ item }}' + include_tasks: '{{ file_tasks }}' + loop_control: + loop_var: file_tasks with_first_found: - 'haproxy_repo_{{ ansible_distribution }}_{{ ansible_distribution_release }}.yml' - 'haproxy_repo_{{ ansible_distribution }}.yml' @@ -27,7 +38,7 @@ mode: 0600 notify: 'Reload HAProxy' when: - - not(haproxy_repo_just_added is changed and ansible_check_mode) + - not(_haproxy_repo_just_added is changed and ansible_check_mode) - name: 'export vars' set_fact: diff --git a/roles/apiserver_haproxy/tasks/pkg_Debian.yml b/roles/apiserver_haproxy/tasks/pkg_Debian.yml index e3375ae..dac2dc3 100644 --- a/roles/apiserver_haproxy/tasks/pkg_Debian.yml +++ b/roles/apiserver_haproxy/tasks/pkg_Debian.yml @@ -1,13 +1,13 @@ --- -- name: 'Get version of kubelet package' +- name: 'Get version of haproxy package' package_facts: -- name: 'find version of kubeadm to install' +- name: 'find version of haproxy to install' pkg_version_match: name: haproxy version: '{{ _apiserver_proxy_haproxy_version }}' when: - - not(haproxy_repo_just_added is changed and ansible_check_mode) + - not(_haproxy_repo_just_added is changed and ansible_check_mode) - packages.haproxy|default([])|select('match', _apiserver_proxy_haproxy_version)|list|length == 0 register: haproxy_version @@ -28,4 +28,4 @@ apt: name: 'haproxy' state: 'present' - when: not(haproxy_repo_just_added is changed and ansible_check_mode) + when: not(_haproxy_repo_just_added is changed and ansible_check_mode) diff --git a/roles/apiserver_haproxy/vars/os_Debian.yml b/roles/apiserver_haproxy/vars/os_Debian.yml new file mode 100644 index 0000000..2ead758 --- /dev/null +++ b/roles/apiserver_haproxy/vars/os_Debian.yml @@ -0,0 +1,4 @@ +--- +_haproxy_version: '{{ _apiserver_proxy_haproxy_version | regex_replace("^(\d+[.]\d+)[.].+", "\1") }}' +haproxy_upstream_repo_url: 'deb [signed-by=/usr/share/keyrings/haproxy.asc] http://haproxy.debian.net {{ ansible_distribution_release }}-backports-{{ _haproxy_version }}' +haproxy_upstream_gpg_url: 'https://haproxy.debian.net/bernat.debian.org.gpg' diff --git a/roles/apiserver_haproxy/vars/os_Ubuntu.yml b/roles/apiserver_haproxy/vars/os_Ubuntu.yml new file mode 100644 index 0000000..958463d --- /dev/null +++ b/roles/apiserver_haproxy/vars/os_Ubuntu.yml @@ -0,0 +1,3 @@ +--- +haproxy_upstream_repo_url: 'ppa:vbernat/haproxy-{{ _haproxy_version }}' +haproxy_upstream_gpg_url: