-
Notifications
You must be signed in to change notification settings - Fork 225
/
Copy pathpkg-debian.yml
138 lines (120 loc) · 5.15 KB
/
pkg-debian.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---
- name: Install apt-transport-https
apt:
update_cache: true
name: apt-transport-https
state: present
when: not ansible_check_mode
- name: Install gnupg
apt:
update_cache: true
name: gnupg
state: present
when: not ansible_check_mode
- name: Check if keyring exists with correct mode, keyring={{ datadog_apt_usr_share_keyring }}
stat:
path: "{{ datadog_apt_usr_share_keyring }}"
register: agent_apt_keyring_file
- name: Ensure keyring exists, keyring={{ datadog_apt_usr_share_keyring }}
file:
path: "{{ datadog_apt_usr_share_keyring }}"
owner: root
group: root
mode: "0644"
state: touch
when: not ansible_check_mode and (not agent_apt_keyring_file.stat.exists or not agent_apt_keyring_file.stat.mode == "0644")
- name: Install apt keys from default URLs
include_tasks: _apt-key-import.yml
with_items: "{{ datadog_apt_default_keys }}"
when: datadog_apt_key_url_new is not defined and not ansible_check_mode
- name: Install apt keys from custom URL
include_tasks: _apt-key-import.yml
with_items:
- key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE
value: "{{ datadog_apt_key_url_new }}"
- key: D75CEA17048B9ACBF186794B32637D44F14F620E
value: "{{ datadog_apt_key_url_new }}"
- key: 5F1E256061D813B125E156E8E6266D4AC0962C7D
value: "{{ datadog_apt_key_url_new }}"
- key: D18886567EABAD8B2D2526900D826EB906462314
value: "{{ datadog_apt_key_url_new }}"
when: datadog_apt_key_url_new is defined and not ansible_check_mode
- name: Ensure keyring1 exists with same contents as keyring2 for older distro versions.
keyring1,keyring2= {{ datadog_apt_trusted_d_keyring, datadog_apt_usr_share_keyring }}
copy:
src: "{{ datadog_apt_usr_share_keyring }}"
dest: "{{ datadog_apt_trusted_d_keyring }}"
mode: "0644"
remote_src: true
when: ((ansible_distribution == 'Debian' and ansible_distribution_major_version|int < 9) or
(ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int < 16)) and not ansible_check_mode
- name: Ensure Datadog non-https repositories and repositories not using signed-by option are deprecated
apt_repository:
repo: "{{ item }}"
state: absent
update_cache: true
with_items:
- deb http://apt.datadoghq.com/ stable main
- deb http://apt.datadoghq.com/ stable 6
- deb http://apt.datadoghq.com/ stable 7
- deb https://apt.datadoghq.com/ stable main
- deb https://apt.datadoghq.com/ stable 6
- deb https://apt.datadoghq.com/ stable 7
when: not ansible_check_mode
- name: Ensure Datadog repository is up-to-date
apt_repository:
filename: ansible_datadog_{{ item.key }}
repo: "{{ item.value }}"
state: "{% if item.key == agent_datadog_agent_major_version | int and datadog_apt_repo | length == 0 %}present{% else %}absent{% endif %}"
update_cache: true
when: (not ansible_check_mode)
with_dict:
5: "{{ datadog_agent5_apt_repo }}"
6: "{{ datadog_agent6_apt_repo }}"
7: "{{ datadog_agent7_apt_repo }}"
- name: Initialize custom repo file deletion flag to False
set_fact:
agent_datadog_remove_custom_repo_file: "False"
- name: Check if custom repository file exists
stat:
path: /etc/apt/sources.list.d/ansible_datadog_custom.list
register: agent_datadog_custom_repo_file
- name: Fetch custom repository file
slurp:
src: /etc/apt/sources.list.d/ansible_datadog_custom.list
register: agent_datadog_custom_repo_file_contents
when: agent_datadog_custom_repo_file.stat.exists
- name: Flag custom repository file for deletion if different from current repository config
set_fact:
agent_datadog_remove_custom_repo_file: "{{ agent_datadog_repo_file_contents != datadog_apt_repo }}"
vars:
agent_datadog_repo_file_contents: "{{ agent_datadog_custom_repo_file_contents['content'] | b64decode | trim }}"
when: agent_datadog_custom_repo_file.stat.exists
- name: (Custom) Remove Datadog custom repository file when not set or updated
file:
path: /etc/apt/sources.list.d/ansible_datadog_custom.list
state: absent
when: (datadog_apt_repo | length == 0) or agent_datadog_remove_custom_repo_file and (not ansible_check_mode)
- name: (Custom) Ensure Datadog repository is up-to-date
apt_repository:
filename: ansible_datadog_custom
repo: "{{ datadog_apt_repo }}"
state: present
update_cache: true
when: (datadog_apt_repo | length > 0) and (not ansible_check_mode)
- name: Include installer setup
include_tasks: installer-setup.yml
when: datadog_installer_enabled
- name: Include debian pinned version install task
include_tasks: pkg-debian/install-pinned.yml
when: not agent_datadog_skip_install and agent_datadog_agent_debian_version is defined
- name: Include debian latest version install task
include_tasks: pkg-debian/install-latest.yml
when: not agent_datadog_skip_install and agent_datadog_agent_debian_version is not defined
- name: Install latest datadog-signing-keys package
apt:
name: datadog-signing-keys
state: latest # noqa package-latest
# we don't use update_cache: yes, as that was just done by the "Ensure Datadog repository is up-to-date" task above
register: agent_datadog_signing_keys_install
when: not ansible_check_mode