From 54db26af414069c378f55b9b85aa9fda5ea93294 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Mon, 6 Jan 2020 19:29:08 +0100
Subject: apt-repos: Better implementation.

---
 ansible/roles/apt-repos/tasks/repo.yml | 68 ++++++++++++++++------------------
 1 file changed, 31 insertions(+), 37 deletions(-)

diff --git a/ansible/roles/apt-repos/tasks/repo.yml b/ansible/roles/apt-repos/tasks/repo.yml
index ff9d6e5..a338ce1 100644
--- a/ansible/roles/apt-repos/tasks/repo.yml
+++ b/ansible/roles/apt-repos/tasks/repo.yml
@@ -1,47 +1,41 @@
-# - become: yes
-#   name: Check if elasticsearch PGP key is installed
-#   command: apt-key export 46095ACC8548582C1A2699A9D27D666CD88E42B4
-#   register: elasticsearch_pgp_key
-#   failed_when: no
-#   changed_when: no
-#
-# - set_fact:
-#     pgp_missing: "{{ 'nothing exported' in elasticsearch_pgp_key.stderr }}"
-#
-# - name: Download ES PGP key
-#   become: yes
-#   get_url:
-#     url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
-#     dest: /tmp/es.pgp
-#   when: pgp_missing
-#
-# - name: Install ES key
-#   become: yes
-#   command: apt-key add /tmp/es.pgp
-#   when: pgp_missing
-#   notify: apt update
-#
-# - name: rm /tmp/es.pgp
-#   become: yes
-#   file:
-#     path: /tmp/es.pgp
-#     state: absent
-#   when: pgp_missing
+- name: Check if PGP key is installed ({{ item.key }})
+  command: "apt-key export {{ item.value.key_id }}"
+  register: pgp_key
+  failed_when: no
+  changed_when: no
 
-- name: "apt-key add {{ item.key }} (key url)"
-  apt_key:
-    id: "{{ item.value.key_id }}"
-    url: "{{ item.value.key_url }}"
-    state: "{{ state }}"
-  when: item.value.key_url is defined and item.value.key_id is defined
-  notify: apt update
+- set_fact:
+    key_missing: "{{ 'nothing exported' in pgp_key.stderr }}"
+
+- become: yes
+  when: key_missing and item.key_url is defined
+  block:
+    - name: Download ES PGP key
+      become: yes
+      get_url:
+        url: "{{ item.key_url }}"
+        dest: /tmp/apt-repo.pgp
+      when: key_missing
+
+    - name: Install ES key
+      become: yes
+      command: apt-key add /tmp/apt-repo.pgp
+      when: key_missing
+      notify: apt update
+
+    - name: rm /tmp/apt-repo.pgp
+      become: yes
+      file:
+        path: /tmp/apt-repo.pgp
+        state: absent
+      when: key_missing
 
 - name: "apt-key add {{ item.key }} (keyserver)"
   apt_key:
     id: "{{ item.value.key_id }}"
     keyserver: "{{ item.value.keyserver }}"
     state: "{{ state }}"
-  when: item.value.keyserver is defined and item.value.key_id is defined
+  when: key_missing and item.value.keyserver is defined and item.value.key_id is defined
   notify: apt update
 
 - name: "add repo {{ item.key }}"
-- 
cgit v1.2.3