Replace apt_key with get_url (#170)

* Replace apt_key with get_url Removing deprecated call to apt_key and replacing with a direct download of the key into trusted.gpg.d due to the apt-key command returning an error on newer releases. * Dearmor GPG key * Use new apt keyring method when supported Changed playbook logic to run classic apt-key task for older Debian releases and use new keyring location for newer releases
2025-07-17 08:46:37 +00:00 · 2023-03-14 13:50:34 -05:00
parent f915bc0bd9
commit 6f6fdf7f5e
1 changed files with 78 additions and 40 deletions
--- a/tasks/Debian.yml
+++ b/tasks/Debian.yml
@ -37,37 +37,88 @@
    - not apt_https_transport.stat.exists
  become: yes

- name: "Debian | Download Telegraf apt key"
-  apt_key:
-    url: "https://repos.influxdata.com/influxdata-archive.key"
-    id: 7df8b07e
-    state: present
-  register: are_telegraf_dependencies_keys_installed
-  until: are_telegraf_dependencies_keys_installed is succeeded
-  become: yes
+- name: "Debian | Configure Telegraf apt repository"
  when:
    - telegraf_agent_package_method == "repo"
+  block:
+    - when: (ansible_distribution == "Debian" and ansible_distribution_major_version|int < 9) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int < 18)
+      name: "Debian | Download Telegraf apt key"
+      apt_key:
+        url: "https://repos.influxdata.com/influxdata-archive.key"
+        id: 7df8b07e
+        state: present
+      register: are_telegraf_dependencies_keys_installed
+      until: are_telegraf_dependencies_keys_installed is succeeded
+      become: yes
+    - when: (ansible_distribution == "Debian" and ansible_distribution_major_version|int >= 9) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int >= 18)
+      block:  
+        - name: "Debian | Ensure the shared keyrings directory exists"
+          stat:
+            path: /usr/share/keyrings
+          register: usr_share_keyrings

- name: "Debian | Add Telegraf repository (using LSB)"
-  apt_repository:
-    repo: "deb https://repos.influxdata.com/{{ ansible_distribution|lower }} {{ ansible_lsb.codename }} stable"
-    filename: "telegraf"
-    state: present
-  become: yes
-  when:
-    - telegraf_agent_package_method == "repo"
-    - ansible_lsb is defined
-    - ansible_lsb.codename is defined
+        - name: "Debian | Create shared keyrings directory"
+          file:
+            state: directory
+            path: /usr/share/keyrings
+            owner: root
+            group: root
+            mode: 0755
+          when:
+            - not usr_share_keyrings.stat.exists
+          become: yes
+          
+        - name: "Debian | Install Telegraf apt key"
+          get_url:
+            url: https://repos.influxdata.com/influxdata-archive.key
+            dest: /usr/share/keyrings/influxdata-archive.asc
+          register: are_telegraf_dependencies_keys_installed
+          until: are_telegraf_dependencies_keys_installed is succeeded
+          become: yes

- name: "Debian | Add Telegraf repository"
-  apt_repository:
-    repo: "deb https://repos.influxdata.com/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
-    filename: "telegraf"
-    state: present
-  become: yes
-  when:
-    - telegraf_agent_package_method == "repo"
-    - ansible_lsb is not defined or ansible_lsb.codename is not defined
+        - name: "Debian | Set Telegraf apt repository parameters"
+          set_fact: 
+            telegraf_repository_params: "[signed-by=/usr/share/keyrings/influxdata-archive.asc]"
+
+    - name: "Debian | Add Telegraf repository (using LSB)"
+      copy:
+        content: "deb {{ telegraf_repository_params | default('') }} https://repos.influxdata.com/{{ ansible_distribution|lower }} {{ ansible_lsb.codename }} stable"
+        dest: /etc/apt/sources.list.d/telegraf.list
+      when:
+        - ansible_lsb is defined
+        - ansible_lsb.codename is defined
+
+    - name: "Debian | Add Telegraf repository"
+      copy:
+        content: "deb {{ telegraf_repository_params | default('') }} https://repos.influxdata.com/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
+        dest: /etc/apt/sources.list.d/telegraf.list
+      become: yes
+      when:
+        - ansible_lsb is not defined or ansible_lsb.codename is not defined
+    
+    - name: "Debian | Install Telegraf package (repo)"
+      apt:
+        name: "{{ telegraf_agent_package }}"
+        state: "{{ telegraf_agent_package_state }}"
+        update_cache: yes
+      register: is_telegraf_package_installed
+      until: is_telegraf_package_installed is succeeded
+      notify: "Restart Telegraf"
+      become: yes
+      when:
+        - telegraf_agent_package_method == "repo"
+      ignore_errors: "{{ ansible_check_mode }}"
+
+    - name: "Debian | Install Telegraf package (repo)"
+      apt:
+        name: "{{ telegraf_agent_package }}"
+        state: "{{ telegraf_agent_package_state }}"
+        update_cache: yes
+      register: is_telegraf_package_installed
+      until: is_telegraf_package_installed is succeeded
+      notify: "Restart Telegraf"
+      become: yes
+      ignore_errors: "{{ ansible_check_mode }}"

 - name: "Debian | Download Telegraf package (online)"
  get_url:
@ -80,19 +131,6 @@
  when:
    - telegraf_agent_package_method == "online"

- name: "Debian | Install Telegraf package (repo)"
-  apt:
-    name: "{{ telegraf_agent_package }}"
-    state: "{{ telegraf_agent_package_state }}"
-    update_cache: yes
-  register: is_telegraf_package_installed
-  until: is_telegraf_package_installed is succeeded
-  notify: "Restart Telegraf"
-  become: yes
-  when:
-    - telegraf_agent_package_method == "repo"
-  ignore_errors: "{{ ansible_check_mode }}"
-
 - name: "Debian | Install Telegraf package (online)"
  apt:
    deb: "{{ telegraf_agent_package_path }}/{{ telegraf_agent_package }}"