ansible-role-nginx/tasks/keys/setup-keys.yml

32 lines
1.1 KiB
YAML
Raw Permalink Normal View History

---
2020-09-19 17:32:17 +02:00
- name: (Alpine Linux) Set up signing key
2020-09-15 21:27:06 +02:00
block:
2020-09-19 17:32:17 +02:00
- name: (Alpine Linux) Set up NGINX signing key URL
2020-09-15 21:27:06 +02:00
set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['rsa_pub']) }}"
2020-09-19 17:32:17 +02:00
- name: (Alpine Linux) Download NGINX signing key
2020-09-15 21:27:06 +02:00
get_url:
url: "{{ keysite }}"
dest: /etc/apk/keys/nginx_signing.rsa.pub
mode: 0400
when: ansible_facts['os_family'] == "Alpine"
2020-09-19 17:32:17 +02:00
- name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL
2020-09-15 21:27:06 +02:00
set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['pgp']) }}"
when: ansible_facts['os_family'] != "Alpine"
2020-09-19 17:32:17 +02:00
- name: (Debian/Ubuntu) Add NGINX signing key
2020-09-15 21:27:06 +02:00
apt_key:
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
url: "{{ keysite }}"
when: ansible_facts['os_family'] == "Debian"
2020-09-19 17:32:17 +02:00
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key
2020-09-15 21:27:06 +02:00
rpm_key:
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
key: "{{ keysite }}"
validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}"
when: ansible_facts['os_family'] in ['RedHat', 'Suse']