From d533aaa8da4d229612480b8b509065b80d0632f7 Mon Sep 17 00:00:00 2001 From: Fernando Date: Wed, 22 Jan 2025 11:47:54 -0600 Subject: [PATCH] Adding a validation to ensure that path /etc/apt/keyrings path exists before getting the gpg key Fixes: https://ibm.monday.com/boards/5591222586/pulses/8269716052 Signed-off-by: Fernando --- roles/grafana_agent/tasks/main.yml | 11 ++++++++++- roles/users/defaults/main.yml | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/roles/grafana_agent/tasks/main.yml b/roles/grafana_agent/tasks/main.yml index 11fa4002..79c70f37 100644 --- a/roles/grafana_agent/tasks/main.yml +++ b/roles/grafana_agent/tasks/main.yml @@ -18,6 +18,15 @@ loop: "{{ tcp_listen_violations }}" failed_when: true +- name: "Ensure keyrings path exists" + become: true + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + force: true + register: keyrings_exist + - name: "Import Grafana GPG key" become: true ansible.builtin.get_url: @@ -25,7 +34,7 @@ dest: /etc/apt/keyrings/grafana.gpg mode: '0644' force: true - when: ansible_pkg_mgr == "apt" + when: ansible_pkg_mgr == "apt" and keyrings_exist is defined - name: Ensure downloaded file for key is a binary keyring shell: "cat /etc/apt/keyrings/grafana.gpg | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null" diff --git a/roles/users/defaults/main.yml b/roles/users/defaults/main.yml index 92736090..22233df4 100644 --- a/roles/users/defaults/main.yml +++ b/roles/users/defaults/main.yml @@ -34,4 +34,4 @@ keys_repo_path: "~/.cache/src/keys" # Update users and pubkeys by default (this is changed to False during the play if keys_repo_head.stdout == sentinel_sha1.stdout) perform_users_role: True # Set this to True if you want to run the users tasks anyway -force_users_update: False +force_users_update: True