From 72871fee3512bd20e133e2d344124cde9fcd41f4 Mon Sep 17 00:00:00 2001 From: "Patrick J. Roddy" Date: Thu, 4 Jan 2024 16:08:19 +0000 Subject: [PATCH 1/5] Update default RPM keys --- roles/provision/defaults/main.yml | 2 +- tests/molecule/resources/inventory/group_vars/all.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/provision/defaults/main.yml b/roles/provision/defaults/main.yml index d7f996c7..b1f2a8cf 100644 --- a/roles/provision/defaults/main.yml +++ b/roles/provision/defaults/main.yml @@ -1,3 +1,3 @@ --- -postgresql_rpm_gpg_key_pgdg: "https://www.postgresql.org/download/keys/RPM-GPG-KEY-PGDG" # not needed for CentOS 7 +postgresql_rpm_gpg_key_pgdg: "https://apt.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL" # not needed for CentOS 7 server_locale: "en_GB.UTF-8" diff --git a/tests/molecule/resources/inventory/group_vars/all.yml b/tests/molecule/resources/inventory/group_vars/all.yml index f9eb561a..09fc49bf 100644 --- a/tests/molecule/resources/inventory/group_vars/all.yml +++ b/tests/molecule/resources/inventory/group_vars/all.yml @@ -35,7 +35,7 @@ internal_zone_ports: - "5432" # mirsg.infrastructure.postgresql -postgresql_rpm_gpg_key_pgdg: "https://www.postgresql.org/download/keys/RPM-GPG-KEY-PGDG" +postgresql_rpm_gpg_key_pgdg: "https://apt.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL" postgresql_use_ssl: false postgresql_database: database_name: "database" From a19696cd8265f31d3a21848cfa2b1f1986a96560 Mon Sep 17 00:00:00 2001 From: "Patrick J. Roddy" Date: Thu, 4 Jan 2024 16:10:09 +0000 Subject: [PATCH 2/5] Pick up architecture --- roles/provision/tasks/Rocky.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/provision/tasks/Rocky.yml b/roles/provision/tasks/Rocky.yml index 3075b17e..1e02bd77 100644 --- a/roles/provision/tasks/Rocky.yml +++ b/roles/provision/tasks/Rocky.yml @@ -14,7 +14,7 @@ - name: Import postgresql rpm key ansible.builtin.rpm_key: state: present - key: "{{ postgresql_rpm_gpg_key_pgdg }}" + key: "{{ postgresql_rpm_gpg_key_pgdg[ansible_architecture] }}" - name: Check if locale already set ansible.builtin.shell: | From 6b0fea842bfa4f0ecfa8662767e7ec3262a32fbc Mon Sep 17 00:00:00 2001 From: "Patrick J. Roddy" Date: Thu, 4 Jan 2024 16:15:00 +0000 Subject: [PATCH 3/5] Update README --- roles/postgresql/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql/README.md b/roles/postgresql/README.md index aa6f4032..2d1d2031 100644 --- a/roles/postgresql/README.md +++ b/roles/postgresql/README.md @@ -71,7 +71,7 @@ To use this role with a dual-server setup (a dartase `db` and a web server `web` - name: Import postgresql rpm key ansible.builtin.rpm_key: state: present - key: "{{ postgresql_rpm_gpg_key_pgdg }}" + key: "{{ postgresql_rpm_gpg_key_pgdg[ansible_architecture] }}" - name: Create client SSL certificate hosts: web From fd38facc1cb8dfb82ec2e15e4d3ea63e689381da Mon Sep 17 00:00:00 2001 From: "Patrick J. Roddy" Date: Fri, 5 Jan 2024 10:14:46 +0000 Subject: [PATCH 4/5] Use flat variables for rpm key --- roles/postgresql/README.md | 10 +++++----- roles/provision/README.md | 2 +- roles/provision/defaults/main.yml | 7 ++++++- roles/provision/tasks/Rocky.yml | 4 +++- .../resources/roles/inventory/group_vars/all.yml | 3 ++- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/roles/postgresql/README.md b/roles/postgresql/README.md index 2d1d2031..ef53a384 100644 --- a/roles/postgresql/README.md +++ b/roles/postgresql/README.md @@ -14,10 +14,10 @@ There are also several **required** variables you will need to set before using ### Variables required by both the server and client -| Name | Description | -| ----------------------------- | ------------------------------------------------------------------- | -| `postgresql_rpm_gpg_key_pgdg` | URL from which to download the RPM GPP key; not needed for CentOS 7 | -| `postgresql_use_ssl` | Whether to use SSL | +| Name | Description | +| ------------------------------------ | ------------------------------------------------------------------- | +| `postgresql_rpm_gpg_key_pgdg_x86_64` | URL from which to download the RPM GPP key; not needed for CentOS 7 | +| `postgresql_use_ssl` | Whether to use SSL | ### Required variables for the PostgreSQL server @@ -71,7 +71,7 @@ To use this role with a dual-server setup (a dartase `db` and a web server `web` - name: Import postgresql rpm key ansible.builtin.rpm_key: state: present - key: "{{ postgresql_rpm_gpg_key_pgdg[ansible_architecture] }}" + key: "{{ postgresql_rpm_gpg_key_pgdg_x86_64 }}" - name: Create client SSL certificate hosts: web diff --git a/roles/provision/README.md b/roles/provision/README.md index 9547093f..535f4284 100644 --- a/roles/provision/README.md +++ b/roles/provision/README.md @@ -8,7 +8,7 @@ If you would like to run Ansible Molecule to test this role, the requirements ar ## Role Variables -`postgresql_rpm_gpg_key_pgdg`: the postgresql key. This is not needed for CentOS 7. +`postgresql_rpm_gpg_key_pgdg_x86_64`: the postgresql key. This is not needed for CentOS 7. `server_locale`: the sets the user's language, region, etc. This is set to "en_GB.UTF-8" diff --git a/roles/provision/defaults/main.yml b/roles/provision/defaults/main.yml index b1f2a8cf..6a443be6 100644 --- a/roles/provision/defaults/main.yml +++ b/roles/provision/defaults/main.yml @@ -1,3 +1,8 @@ --- -postgresql_rpm_gpg_key_pgdg: "https://apt.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL" # not needed for CentOS 7 +# not needed for CentOS 7 +postgresql_rpm_gpg_key_pgdg_x86_64: >- + https://apt.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL +# not needed for CentOS 7 +postgresql_rpm_gpg_key_pgdg_aarch64: >- + https://apt.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-AARCH64-RHEL server_locale: "en_GB.UTF-8" diff --git a/roles/provision/tasks/Rocky.yml b/roles/provision/tasks/Rocky.yml index 1e02bd77..dd669f7e 100644 --- a/roles/provision/tasks/Rocky.yml +++ b/roles/provision/tasks/Rocky.yml @@ -14,7 +14,9 @@ - name: Import postgresql rpm key ansible.builtin.rpm_key: state: present - key: "{{ postgresql_rpm_gpg_key_pgdg[ansible_architecture] }}" + key: >- + {{ lookup('vars', + 'postgresql_rpm_gpg_key_pgdg_' + ansible_architecture) }} - name: Check if locale already set ansible.builtin.shell: | diff --git a/tests/molecule/resources/roles/inventory/group_vars/all.yml b/tests/molecule/resources/roles/inventory/group_vars/all.yml index e3bdb94a..d4f4f525 100644 --- a/tests/molecule/resources/roles/inventory/group_vars/all.yml +++ b/tests/molecule/resources/roles/inventory/group_vars/all.yml @@ -48,7 +48,8 @@ firewalld_internal_zone_ports: - "5432" # mirsg.infrastructure.postgresql -postgresql_rpm_gpg_key_pgdg: "https://apt.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL" +postgresql_rpm_gpg_key_pgdg_x86_64: >- + https://apt.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL postgresql_use_ssl: false postgresql_database: database_name: "database" From e40ab377621631fcdf08468577f4174ec093c370 Mon Sep 17 00:00:00 2001 From: "Patrick J. Roddy" Date: Fri, 5 Jan 2024 10:23:59 +0000 Subject: [PATCH 5/5] Update docs --- roles/postgresql/README.md | 9 +++++---- roles/provision/README.md | 4 +++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/postgresql/README.md b/roles/postgresql/README.md index ef53a384..35bdc2f7 100644 --- a/roles/postgresql/README.md +++ b/roles/postgresql/README.md @@ -14,10 +14,11 @@ There are also several **required** variables you will need to set before using ### Variables required by both the server and client -| Name | Description | -| ------------------------------------ | ------------------------------------------------------------------- | -| `postgresql_rpm_gpg_key_pgdg_x86_64` | URL from which to download the RPM GPP key; not needed for CentOS 7 | -| `postgresql_use_ssl` | Whether to use SSL | +| Name | Description | +| ------------------------------------ | ----------------------------------------------------------------------------------- | +| `postgresql_rpm_gpg_key_pgdg_x86_64` | URL from which to download the RPM GPP key for Intel chips; not needed for CentOS 7 | +| `postgresql_rpm_gpg_key_pgdg_x86_64` | URL from which to download the RPM GPP key for ARM chips; not needed for CentOS 7 | +| `postgresql_use_ssl` | Whether to use SSL | ### Required variables for the PostgreSQL server diff --git a/roles/provision/README.md b/roles/provision/README.md index 535f4284..8038fd31 100644 --- a/roles/provision/README.md +++ b/roles/provision/README.md @@ -8,7 +8,9 @@ If you would like to run Ansible Molecule to test this role, the requirements ar ## Role Variables -`postgresql_rpm_gpg_key_pgdg_x86_64`: the postgresql key. This is not needed for CentOS 7. +`postgresql_rpm_gpg_key_pgdg_x86_64`: the postgresql key for Intel chips. +`postgresql_rpm_gpg_key_pgdg_x86_64`: the postgresql key for ARM chips. These +are not needed for CentOS 7. `server_locale`: the sets the user's language, region, etc. This is set to "en_GB.UTF-8"