Make rabbitmq role idempotent by replacing shell commands with apt_key

2026-02-11 18:16:24 +05:00 · 2023-06-06 11:18:14 -04:00
parent ef5595ac01
commit 35fee5ccdf
2 changed files with 18 additions and 8 deletions
--- a/data/ansible/roles/install_rabbitmq/defaults/main.yaml
+++ b/data/ansible/roles/install_rabbitmq/defaults/main.yaml
@@ -5,6 +5,12 @@ rabbitmq_dependencies:
  - debian-keyring
  - debian-archive-keyring
  - apt-transport-https
+rabbitmq_main_key: "0A9AF2115F4687BD29803A206B73A36E6026DFCA"
+rabbitmq_main_keyring: "/usr/share/keyrings/com.rabbitmq.team.gpg"
+erlang_key: "f77f1eda57ebb1cc"
+erlang_keyring: "/usr/share/keyrings/net.launchpad.ppa.rabbitmq.erlang.gpg"
+rabbitmq_repo_key_url: "https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey"
+rabbitmq_repo_keyring: "/usr/share/keyrings/io.packagecloud.rabbitmq.gpg"
 erlang_packages:
  - erlang-base
  - erlang-asn1
--- a/data/ansible/roles/install_rabbitmq/tasks/main.yaml
+++ b/data/ansible/roles/install_rabbitmq/tasks/main.yaml
@@ -1,4 +1,3 @@
-# tasks/main.yml
 ---
 - name: Install RabbitMQ dependencies
  become: yes
@@ -10,18 +9,23 @@

 - name: Import RabbitMQ's main signing key
  become: yes
-  shell: |
-    curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null
+  apt_key:
+    id: "{{ rabbitmq_main_key }}"
+    keyring: "{{ rabbitmq_main_keyring }}"
+    url: "https://keys.openpgp.org/vks/v1/by-fingerprint/{{ rabbitmq_main_key }}"

- name: Download Erlang GPG key
+- name: Import Erlang GPG key
  become: yes
-  shell: |
-    curl -1sLf "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xf77f1eda57ebb1cc" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/net.launchpad.ppa.rabbitmq.erlang.gpg > /dev/null
+  apt_key:
+    id: "{{ erlang_key }}"
+    keyring: "{{ erlang_keyring }}"
+    url: "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x{{ erlang_key }}"

 - name: Import PackageCloud RabbitMQ repository
  become: yes
-  shell: |
-    curl -1sLf "https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/io.packagecloud.rabbitmq.gpg > /dev/null
+  apt_key:
+    url: "{{ rabbitmq_repo_key_url }}"
+    keyring: "{{ rabbitmq_repo_keyring }}"

 - name: Add apt repositories maintained by Team RabbitMQ
  become: yes