2 files changed, 33 insertions, 31 deletions
diff --git a/ansible/roles/apt-repos/tasks/main.yml b/ansible/roles/apt-repos/tasks/main.yml
index 2789073..96ffd7d 100644
--- a/ansible/roles/apt-repos/tasks/main.yml
+++ b/ansible/roles/apt-repos/tasks/main.yml
@@ -1,4 +1,17 @@
 - with_dict: "{{ apt_repos if apt_repos is defined else {} }}"
+  name: apt-key adv --recv-keys
+  shell: apt-key adv --recv-keys {{ item.value.key_id|default("") }}
+  become: yes
+#  debug:
+#    msg: apt-key adv --recv-keys {{ item.value.key_id|default("") }}
+  vars:
+    state: "{{ item.value.state | default('present') }}"
+  when:
+    - apt_repos_refresh_keys | default(false)
+    - item.value.key_id
+  ignore_errors: true
+
+- with_dict: "{{ apt_repos if apt_repos is defined else {} }}"
   include_tasks: repo.yml
   vars:
     state: "{{ item.value.state | default('present') }}"
diff --git a/ansible/roles/apt-repos/tasks/repo.yml b/ansible/roles/apt-repos/tasks/repo.yml
index a338ce1..2b8719f 100644
--- a/ansible/roles/apt-repos/tasks/repo.yml
+++ b/ansible/roles/apt-repos/tasks/repo.yml
@@ -1,42 +1,30 @@
-- name: Check if PGP key is installed ({{ item.key }})
-  command: "apt-key export {{ item.value.key_id }}"
-  register: pgp_key
-  failed_when: no
-  changed_when: no
-
-- set_fact:
-    key_missing: "{{ 'nothing exported' in pgp_key.stderr }}"
-
-- become: yes
-  when: key_missing and item.key_url is defined
-  block:
-    - name: Download ES PGP key
-      become: yes
-      get_url:
-        url: "{{ item.key_url }}"
-        dest: /tmp/apt-repo.pgp
-      when: key_missing
+# Keys needs to be refreshed sometimes, so always import them
+#- name: Check if PGP key is installed ({{ item.key }})
+#  command: "apt-key export {{ item.value.key_id }}"
+#  register: pgp_key
+#  failed_when: no
+#  changed_when: no
+#
+#- set_fact:
+#    key_missing: "{{ 'nothing exported' in pgp_key.stderr }}"
 
-    - name: Install ES key
-      become: yes
-      command: apt-key add /tmp/apt-repo.pgp
-      when: key_missing
-      notify: apt update
-
-    - name: rm /tmp/apt-repo.pgp
-      become: yes
-      file:
-        path: /tmp/apt-repo.pgp
-        state: absent
-      when: key_missing
+- name: "apt-key add {{ item.key }} (url)"
+  become: yes
+  apt_key:
+    id: "{{ item.value.key_id }}"
+    url: "{{ item.value.key_url }}"
+    state: "{{ state }}"
+  when: item.value.key_url is defined
+  failed_when: no
 
 - name: "apt-key add {{ item.key }} (keyserver)"
   apt_key:
     id: "{{ item.value.key_id }}"
     keyserver: "{{ item.value.keyserver }}"
     state: "{{ state }}"
-  when: key_missing and item.value.keyserver is defined and item.value.key_id is defined
+  when: item.value.keyserver is defined and item.value.key_id is defined
   notify: apt update
+  failed_when: no
 
 - name: "add repo {{ item.key }}"
   when: item.value.url is defined and state == "present"
@@ -47,6 +35,7 @@
     content: |
       deb {{ item.value.url }} {{ item.value.distro }} {{ item.value.sections }}
   notify: apt update
+  failed_when: no
 
 - name: "remove repo {{ item.key }}"
   when: state == "absent"