Feat/compatibility (#46)

Author: digiserg

README.md

@@ -17,13 +17,13 @@ offering flexibility for those who prefer different automation solutions.
 ## Before you start
 
 > ⚠️ **BREAKING CHANGE NOTICE**
-> **IMPORTANT**: Between releases **v0.2.x** and **v0.3.x**, the default Apache Cassandra installation method has changed.  
-> 
-> - **Previous default**: `cassandra_install_format: pkg`  
-> - **New default**: `cassandra_install_format: tar`  
-> 
-> The `tar` method is **strongly recommended** as it simplifies **upgrades and downgrades** compared to package-based installations.  
-> 
+> **IMPORTANT**: Between releases **v0.2.x** and **v0.3.x**, the default Apache Cassandra installation method has changed.
+>
+> - **Previous default**: `cassandra_install_format: pkg`
+> - **New default**: `cassandra_install_format: tar`
+>
+> The `tar` method is **strongly recommended** as it simplifies **upgrades and downgrades** compared to package-based installations.
+>
 > 🔧 If you are **upgrading from a previous version** of this role, please **review your configuration** and explicitly set the `cassandra_install_format` to match your environment.
 
 ## Role Documentation

cli/README.md

@@ -277,4 +277,4 @@ Delete all scheduled repair jobs:
 
 ```shell
 $ pipenv run python axonops.py scheduledrepair --deleteall
-```
+```

cli/tests/test_axonops_basic_unittest.py

@@ -23,6 +23,3 @@ def test_dash_url_uses_given_base_url_and_strips_trailing_slash(self):
 
 if __name__ == "__main__":
     unittest.main()
-
-
-

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: axonops
 name: axonops
-version: 0.3.0
+version: 0.3.1
 readme: README.md
 authors:
   - AxonOps <support@axonops.com>

roles/agent/tasks/repo/Debian.yml

@@ -5,27 +5,45 @@
     state: present
     update_cache: true
 
-- name: Add AxonOps apt repository key.
-  ansible.builtin.apt_key:
+- name: Ensure keyrings directory exists
+  ansible.builtin.file:
+    path: /usr/share/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Download AxonOps apt repository key
+  ansible.builtin.get_url:
     url: https://packages.axonops.com/apt/repo-signing-key.gpg
-    validate_certs: true
+    dest: /tmp/axonops-repo-signing-key.gpg
+    mode: '0644'
+
+- name: Dearmor and save the AxonOps key
+  ansible.builtin.shell:
+    cmd: gpg --dearmor < /tmp/axonops-repo-signing-key.gpg > /usr/share/keyrings/axonops-archive-keyring.gpg
+    creates: /usr/share/keyrings/axonops-archive-keyring.gpg
 
+- name: Set correct permissions on AxonOps keyring file
+  ansible.builtin.file:
+    path: /usr/share/keyrings/axonops-archive-keyring.gpg
+    mode: '0644'
+    owner: root
+    group: root
 
 - name: Set AxonOps apt repository to {{ axon_agent_public_repository }}.
   ansible.builtin.apt_repository:
-    repo: "deb https://packages.axonops.com/apt axonops-apt main"
+    repo: "deb [signed-by=/usr/share/keyrings/axonops-archive-keyring.gpg] https://packages.axonops.com/apt axonops-apt main"
     state: "{{ axon_agent_public_repository }}"
     update_cache: true
 
 - name: Set AxonOps beta apt repository to {{ axon_agent_beta_repository }}.
   ansible.builtin.apt_repository:
-    repo: "deb https://packages.axonops.com/apt axonops-apt-beta main"
+    repo: "deb [signed-by=/usr/share/keyrings/axonops-archive-keyring.gpg] https://packages.axonops.com/apt axonops-apt-beta main"
     state: "{{ axon_agent_beta_repository }}"
     update_cache: true
 
 - name: Set AxonOps dev apt repository to {{ axon_agent_dev_repository }}.
   ansible.builtin.apt_repository:
-    repo: "deb https://packages.axonops.com/apt axonops-apt-dev main"
+    repo: "deb [signed-by=/usr/share/keyrings/axonops-archive-keyring.gpg] https://packages.axonops.com/apt axonops-apt-dev main"
     state: "{{ axon_agent_dev_repository }}"
     update_cache: true
 

roles/cassandra/tasks/main.yml

@@ -132,7 +132,6 @@
         group: cassandra
         mode: '0640'
       loop: "{{ cassandra_ssl_files }}"
-      no_log: true
       when: item is defined
 
 - name: Deploy configuration

roles/cqlai/tasks/repo/Debian.yml

@@ -5,27 +5,45 @@
     state: present
     update_cache: true
 
-- name: Add AxonOps apt repository key.
-  ansible.builtin.apt_key:
+- name: Ensure keyrings directory exists
+  ansible.builtin.file:
+    path: /usr/share/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Download AxonOps apt repository key
+  ansible.builtin.get_url:
     url: https://packages.axonops.com/apt/repo-signing-key.gpg
-    validate_certs: true
+    dest: /tmp/axonops-repo-signing-key.gpg
+    mode: '0644'
+
+- name: Dearmor and save the AxonOps key
+  ansible.builtin.shell:
+    cmd: gpg --dearmor < /tmp/axonops-repo-signing-key.gpg > /usr/share/keyrings/axonops-archive-keyring.gpg
+    creates: /usr/share/keyrings/axonops-archive-keyring.gpg
 
+- name: Set correct permissions on AxonOps keyring file
+  ansible.builtin.file:
+    path: /usr/share/keyrings/axonops-archive-keyring.gpg
+    mode: '0644'
+    owner: root
+    group: root
 
 - name: Set AxonOps apt repository to {{ axon_agent_public_repository }}.
   ansible.builtin.apt_repository:
-    repo: "deb https://packages.axonops.com/apt axonops-apt main"
+    repo: "deb [signed-by=/usr/share/keyrings/axonops-archive-keyring.gpg] https://packages.axonops.com/apt axonops-apt main"
     state: "{{ axon_agent_public_repository }}"
     update_cache: true
 
 - name: Set AxonOps beta apt repository to {{ axon_agent_beta_repository }}.
   ansible.builtin.apt_repository:
-    repo: "deb https://packages.axonops.com/apt axonops-apt-beta main"
+    repo: "deb [signed-by=/usr/share/keyrings/axonops-archive-keyring.gpg] https://packages.axonops.com/apt axonops-apt-beta main"
     state: "{{ axon_agent_beta_repository }}"
     update_cache: true
 
 - name: Set AxonOps dev apt repository to {{ axon_agent_dev_repository }}.
   ansible.builtin.apt_repository:
-    repo: "deb https://packages.axonops.com/apt axonops-apt-dev main"
+    repo: "deb [signed-by=/usr/share/keyrings/axonops-archive-keyring.gpg] https://packages.axonops.com/apt axonops-apt-dev main"
     state: "{{ axon_agent_dev_repository }}"
     update_cache: true
 

roles/dash/tasks/repo/Debian.yml

@@ -6,20 +6,39 @@
     update_cache: true
 
 
-- name: Add AxonOps apt repository key.
-  ansible.builtin.apt_key:
+- name: Ensure keyrings directory exists
+  ansible.builtin.file:
+    path: /usr/share/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Download AxonOps apt repository key
+  ansible.builtin.get_url:
     url: https://packages.axonops.com/apt/repo-signing-key.gpg
-    validate_certs: true
+    dest: /tmp/axonops-repo-signing-key.gpg
+    mode: '0644'
+
+- name: Dearmor and save the AxonOps key
+  ansible.builtin.shell:
+    cmd: gpg --dearmor < /tmp/axonops-repo-signing-key.gpg > /usr/share/keyrings/axonops-archive-keyring.gpg
+    creates: /usr/share/keyrings/axonops-archive-keyring.gpg
+
+- name: Set correct permissions on AxonOps keyring file
+  ansible.builtin.file:
+    path: /usr/share/keyrings/axonops-archive-keyring.gpg
+    mode: '0644'
+    owner: root
+    group: root
 
 - name: "Set AxonOps apt repository to {{ axon_agent_public_repository }}"
   ansible.builtin.apt_repository:
-    repo: "deb https://packages.axonops.com/apt axonops-apt main"
+    repo: "deb [signed-by=/usr/share/keyrings/axonops-archive-keyring.gpg] https://packages.axonops.com/apt axonops-apt main"
     state: "{{ axon_agent_public_repository }}"
     update_cache: true
 
 - name: "Set AxonOps beta apt repository to {{ axon_agent_beta_repository }}"
   ansible.builtin.apt_repository:
-    repo: "deb https://packages.axonops.com/apt axonops-apt-beta main"
+    repo: "deb [signed-by=/usr/share/keyrings/axonops-archive-keyring.gpg] https://packages.axonops.com/apt axonops-apt-beta main"
     state: "{{ axon_agent_beta_repository }}"
     update_cache: true
 

roles/java/tasks/main.yml

@@ -41,26 +41,33 @@
         state: present
         update_cache: true
 
-    - name: Add APT GPG Key
-      ansible.builtin.apt_key:
-        id: "{{ _zulu_jdk.apt_repo.key_id }}"
-        url: "{{ _zulu_jdk.apt_repo.key_url }}"
-        state: present
+    - name: Ensure keyrings directory exists
+      ansible.builtin.file:
+        path: /usr/share/keyrings
+        state: directory
+        mode: '0755'
 
-    - name: Download and dearmor key
-      ansible.builtin.uri:
+    - name: Download Azul repository key
+      ansible.builtin.get_url:
         url: "{{ _zulu_jdk.apt_repo.key_url }}"
-        return_content: true
-      register: key_content
+        dest: /tmp/azul-repo.key
+        mode: '0644'
 
-    - name: "Dearmor and save the key"
+    - name: Dearmor and save the key
       ansible.builtin.shell:
-        cmd: echo "{{ key_content.content }}" | gpg --dearmor -o /usr/share/keyrings/azul.gpg
+        cmd: gpg --dearmor < /tmp/azul-repo.key > /usr/share/keyrings/azul.gpg
         creates: /usr/share/keyrings/azul.gpg
 
-    - name: "Add Repository URL"
+    - name: Set correct permissions on keyring file
+      ansible.builtin.file:
+        path: /usr/share/keyrings/azul.gpg
+        mode: '0644'
+        owner: root
+        group: root
+
+    - name: Add Zulu repository with signed-by
       ansible.builtin.apt_repository:
-        repo: "{{ _zulu_jdk.apt_repo.repo_line }}"
+        repo: "deb [signed-by=/usr/share/keyrings/azul.gpg] https://repos.azul.com/zulu/deb stable main"
         state: present
         filename: zulu
 

roles/server/tasks/repo/Debian.yml

@@ -5,14 +5,33 @@
     state: present
     update_cache: true
 
-- name: Add AxonOps apt repository key.
-  ansible.builtin.apt_key:
+- name: Ensure keyrings directory exists
+  ansible.builtin.file:
+    path: /usr/share/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Download AxonOps apt repository key
+  ansible.builtin.get_url:
     url: https://packages.axonops.com/apt/repo-signing-key.gpg
-    validate_certs: true
+    dest: /tmp/axonops-repo-signing-key.gpg
+    mode: '0644'
+
+- name: Dearmor and save the AxonOps key
+  ansible.builtin.shell:
+    cmd: gpg --dearmor < /tmp/axonops-repo-signing-key.gpg > /usr/share/keyrings/axonops-archive-keyring.gpg
+    creates: /usr/share/keyrings/axonops-archive-keyring.gpg
+
+- name: Set correct permissions on AxonOps keyring file
+  ansible.builtin.file:
+    path: /usr/share/keyrings/axonops-archive-keyring.gpg
+    mode: '0644'
+    owner: root
+    group: root
 
 - name: Set AxonOps apt repository
   ansible.builtin.apt_repository:
-    repo: "{{ axonops_debian_repository }}"
+    repo: "deb [signed-by=/usr/share/keyrings/axonops-archive-keyring.gpg] {{ axonops_debian_repository.split('deb ')[1] }}"
     state: "present"
     update_cache: true
     validate_certs: "{{ axon_server_validate_certs | default(true) }}"