128 lines
4.5 KiB
YAML
128 lines
4.5 KiB
YAML
---
|
|
- name: Install apt-transport-https
|
|
apt:
|
|
update_cache: yes
|
|
name: apt-transport-https
|
|
state: present
|
|
when: not ansible_check_mode
|
|
|
|
- name: Install gnupg
|
|
apt:
|
|
update_cache: yes
|
|
name: gnupg
|
|
state: present
|
|
when: not ansible_check_mode
|
|
|
|
- name: "Check if {{ datadog_apt_usr_share_keyring }} exists with correct mode"
|
|
stat:
|
|
path: "{{ datadog_apt_usr_share_keyring }}"
|
|
register: apt_keyring_file
|
|
|
|
- name: "Ensure {{ datadog_apt_usr_share_keyring }} exists"
|
|
file:
|
|
path: "{{ datadog_apt_usr_share_keyring }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
state: touch
|
|
when: not ansible_check_mode and (not apt_keyring_file.stat.exists or not apt_keyring_file.stat.mode == "0644")
|
|
|
|
- name: Install apt keys from default URLs
|
|
include_tasks: _apt-key-import.yml
|
|
with_items:
|
|
"{{ datadog_apt_default_keys }}"
|
|
when: datadog_apt_key_url_new is not defined and not ansible_check_mode
|
|
|
|
- name: Install apt keys from custom URL
|
|
include_tasks: _apt-key-import.yml
|
|
with_items:
|
|
- key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE
|
|
value: "{{ datadog_apt_key_url_new }}"
|
|
- key: D75CEA17048B9ACBF186794B32637D44F14F620E
|
|
value: "{{ datadog_apt_key_url_new }}"
|
|
when: datadog_apt_key_url_new is defined and not ansible_check_mode
|
|
|
|
- name: "Ensure {{ datadog_apt_trusted_d_keyring }} exists with same contents as {{ datadog_apt_usr_share_keyring }} for older distro versions"
|
|
copy:
|
|
src: "{{ datadog_apt_usr_share_keyring }}"
|
|
dest: "{{ datadog_apt_trusted_d_keyring }}"
|
|
mode: "0644"
|
|
remote_src: yes
|
|
when: ((ansible_distribution == 'Debian' and ansible_distribution_major_version|int < 9) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int < 16)) and not ansible_check_mode
|
|
|
|
- name: Ensure Datadog non-https repositories and repositories not using signed-by option are deprecated
|
|
apt_repository:
|
|
repo: "{{ item }}"
|
|
state: "absent"
|
|
update_cache: yes
|
|
with_items:
|
|
- "deb http://apt.datadoghq.com/ stable main"
|
|
- "deb http://apt.datadoghq.com/ stable 6"
|
|
- "deb http://apt.datadoghq.com/ stable 7"
|
|
- "deb https://apt.datadoghq.com/ stable main"
|
|
- "deb https://apt.datadoghq.com/ stable 6"
|
|
- "deb https://apt.datadoghq.com/ stable 7"
|
|
when: not ansible_check_mode
|
|
|
|
- name: Ensure Datadog repository is up-to-date
|
|
apt_repository:
|
|
filename: "ansible_datadog_{{ item.key }}"
|
|
repo: "{{ item.value }}"
|
|
state: "{% if item.key == datadog_agent_major_version|int and datadog_apt_repo | length == 0 %}present{% else %}absent{% endif %}"
|
|
update_cache: yes
|
|
when: (not ansible_check_mode)
|
|
with_dict:
|
|
5: '{{ datadog_agent5_apt_repo }}'
|
|
6: '{{ datadog_agent6_apt_repo }}'
|
|
7: '{{ datadog_agent7_apt_repo }}'
|
|
|
|
- name: Initialize custom repo file deletion flag to False
|
|
set_fact:
|
|
datadog_remove_custom_repo_file: "False"
|
|
|
|
- name: Check if custom repository file exists
|
|
stat:
|
|
path: /etc/apt/sources.list.d/ansible_datadog_custom.list
|
|
register: datadog_custom_repo_file
|
|
|
|
- name: Fetch custom repository file
|
|
slurp:
|
|
src: /etc/apt/sources.list.d/ansible_datadog_custom.list
|
|
register: datadog_custom_repo_file_contents
|
|
when: datadog_custom_repo_file.stat.exists
|
|
|
|
- name: Flag custom repository file for deletion if different from current repository config
|
|
set_fact:
|
|
datadog_remove_custom_repo_file: "{{ datadog_repo_file_contents != datadog_apt_repo }}"
|
|
vars:
|
|
datadog_repo_file_contents: "{{ datadog_custom_repo_file_contents['content'] | b64decode | trim }}"
|
|
when: datadog_custom_repo_file.stat.exists
|
|
|
|
- name: (Custom) Remove Datadog custom repository file when not set or updated
|
|
file:
|
|
path: /etc/apt/sources.list.d/ansible_datadog_custom.list
|
|
state: absent
|
|
when: (datadog_apt_repo | length == 0) or datadog_remove_custom_repo_file and (not ansible_check_mode)
|
|
|
|
- name: (Custom) Ensure Datadog repository is up-to-date
|
|
apt_repository:
|
|
filename: ansible_datadog_custom
|
|
repo: "{{ datadog_apt_repo }}"
|
|
state: present
|
|
update_cache: yes
|
|
when: (datadog_apt_repo | length > 0) and (not ansible_check_mode)
|
|
|
|
- include_tasks: pkg-debian/install-pinned.yml
|
|
when: datadog_agent_debian_version is defined
|
|
|
|
- include_tasks: pkg-debian/install-latest.yml
|
|
when: datadog_agent_debian_version is not defined
|
|
|
|
- name: Install latest datadog-signing-keys package
|
|
apt:
|
|
name: datadog-signing-keys
|
|
state: latest # noqa 403
|
|
# we don't use update_cache: yes, as that was just done by the install-pinned/install-latest
|
|
register: datadog_signing_keys_install
|
|
when: not ansible_check_mode
|