ansible-role-do-agent icon indicating copy to clipboard operation
ansible-role-do-agent copied to clipboard

Published 20 hours ago verified publisher icon andrewsomething

1.1.0 is "always changed"

Open 532910 opened this issue 2 years ago • 3 comments 

TASK [andrewsomething.do-agent : create temporary file for public key] ******************
changed: [host]

TASK [andrewsomething.do-agent : download public key] ***********************************
changed: [host]

TASK [andrewsomething.do-agent : install public key to keyring] *************************
changed: [host]

532910 avatar Jan 15 '23 01:01 532910

Not entirely sure how best to handle this. We need to:

  • Downloaded the ASCII armored key from https://repos.insights.digitalocean.com/sonar-agent.asc
  • Convert it to binary format with gpg --dearmor
  • Then install that to /usr/share/keyrings/digitalocean-agent-keyring.gpg

It seems if it is downloaded to a tmp location, Ansible will always download it. Perhaps we can save the ASCII armored key to a permanent location.

andrewsomething avatar Jan 15 '23 16:01 andrewsomething

BTW

  1. DO provides droplet-agent-keyring packet, could it help somehow? (eg install it without key checking)
  2. Is this ansible role still actual at all? DO provides a checkbox to install it on droplet creation time, and will update sources.list on postinstall: https://docs.digitalocean.com/products/monitoring/how-to/install-agent/

532910 avatar Jan 16 '23 10:01 532910

Is this ansible role still actual at all? DO provides a checkbox to install it on droplet creation time

Right. That is generally how I install it myself. I originally wrote the role to migrate from the legacy agent to the current one which required manual intervention: https://docs.digitalocean.com/products/monitoring/how-to/upgrade-legacy-agent/ But I've continued to maintain the role as it seems that some people find it useful.

andrewsomething avatar Jan 16 '23 14:01 andrewsomething