chore!: separated galaxy deps and own collections; modified ansible script generation to use two paths for collections

REQUIRES REGENERATING ansible.cfg!
This commit is contained in:
NaeiKinDus 2025-02-23 00:00:00 +00:00
parent 4af69c31ce
commit 888590ed9f
Signed by: WoodSmellParticle
GPG key ID: 8E52ADFF7CA8AE56
188 changed files with 30 additions and 30 deletions

View file

@ -0,0 +1,62 @@
---
# APT repository is unreliable, not working when this code was developed, so the zip solution is favored
- name: install required packages
become: true
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
force_apt_get: true
pkg:
- gpg
- curl
- coreutils
- name: create vault group
become: true
ansible.builtin.group:
name: '{{ hc_vault_runas }}'
system: true
- name: create vault user
become: true
ansible.builtin.user:
comment: vault dedicated user
create_home: true
home: '{{ hc_vault_root_dir }}'
group: '{{ hc_vault_runas }}'
name: '{{ hc_vault_runas }}'
password_lock: true
shell: '{{ hc_vault_default_shell }}'
state: present
system: true
umask: '{{ hc_vault_default_umask }}'
- name: check HC GPG key is imported
become: true
ansible.builtin.command: gpg --list-keys 'HashiCorp Security'
register: gpg_list_keys
changed_when: false
failed_when: false
- name: import and verify HC GPG key
become: true
block:
- name: fetch HC GPG key
ansible.builtin.get_url:
url: 'https://www.hashicorp.com/.well-known/pgp-key.txt'
dest: '{{ tmp_file.path }}/pgp-key.txt'
mode: '0600'
- name: import HC GPG key
ansible.builtin.command: 'gpg --import {{ tmp_file.path }}/pgp-key.txt'
- name: check GPG key ID
ansible.builtin.command: "gpg --list-keys 'HashiCorp Security' | grep -iE '{{ hc_vault_gpg_key_id_regexp }}'"
- name: check GPG key fingerprint
ansible.builtin.command: "gpg --fingerprint --list-signatures 'HashiCorp Security' | grep -iE '{{ hc_vault_gpg_key_fingerprint_regexp }}'"
when: gpg_list_keys.rc != 0
rescue:
- name: remove invalid GPG key
ansible.builtin.command: "gpg --delete-keys --batch --yes 'HashiCorp Security'"
- name: stop the playbook run
ansible.builtin.debug:
msg: 'Task "{{ ansible_failed_task }}" found an inconsistency with the imported GPG key; something somewhere is deeply wrong.'
failed_when: true