- name: disable apt-daily update service shell: | systemctl mask apt-daily.service apt-daily-upgrade.service systemctl disable apt-daily.service apt-daily-upgrade.service systemctl disable apt-daily.timer apt-daily-upgrade.timer become: true - name: ensure gnupng installed shell: | apt-get update -y && apt-get install gnupg -y become: true - name: download SHA1 gpg public key for {{ansible_distribution}} get_url: url: https://iso.yunion.cn/apt/yunion.gpg-key.asc dest: /tmp/yunion.gpg-key.asc validate_certs: no become: true when: - ansible_distribution in ["Debian", "Ubuntu"] - ansible_distribution_major_version in ["10", "11", "12", "20", "22", "24"] - name: download SHA512 gpg public key for {{ansible_distribution}} get_url: url: https://iso.yunion.cn/apt/yunion2.gpg-key.asc dest: /tmp/yunion2.gpg-key.asc validate_certs: no become: true when: - ansible_distribution in ["Debian", "Ubuntu"] - ansible_distribution_major_version in ["13", "25"] - name: import SHA1 {{ansible_distribution}} sig key shell: | apt-key add /tmp/yunion.gpg-key.asc rm -fr /tmp/yunion.gpg-key.asc become: true args: executable: /bin/bash when: - ansible_distribution in ["Debian", "Ubuntu"] - ansible_distribution_major_version in ["10", "11", "12", "20", "22", "24"] - name: import SHA512 {{ansible_distribution}} sig key shell: | mv /tmp/yunion2.gpg-key.asc /etc/apt/keyrings/yunion2.gpg-key.asc become: true args: executable: /bin/bash when: - ansible_distribution in ["Debian", "Ubuntu"] - ansible_distribution_major_version in ["13", "25"] # https://iso.yunion.cn/debian/10/3.9/x86_64/ - name: apply {{ansible_distribution}} sig key shell: | curl "https://iso.yunion.cn/apt/{{ansible_distribution | lower}}-{{ ansible_distribution_major_version }}/base/cloudpods-base.sources" -o /etc/apt/sources.list.d/cloudpods-base.sources curl "https://iso.yunion.cn/apt/{{ansible_distribution | lower}}-{{ ansible_distribution_major_version }}/updates/cloudpods-updates.sources" -o /etc/apt/sources.list.d/cloudpods-updates.sources apt-get update -y become: true args: executable: /bin/bash - name: Unified Cgroup Hierarchy include_tasks: utils/unified_cgroup_hierarchy.yml when: - ansible_distribution in ["Debian", "Ubuntu"] - ansible_distribution_major_version in ["11", "12", "13", "22", "24", "25"] - onecloud_version is defined - onecloud_version is version('v3.10', '<=') - upgrade_onecloud_version is not defined or upgrade_onecloud_version is version('v3.10', '<=') - name: Append ovs_packages to common_packages if ovs_packages is defined set_fact: common_packages: "{{ common_packages + ovs_packages }}" when: - ovs_packages is defined - common_packages is defined - onecloud_version is version('v4.0', '<') - upgrade_onecloud_version is not defined or upgrade_onecloud_version is version('v4.0', '<') - name: Append ceph_packages to common_packages if ceph_packages is defined set_fact: common_packages: "{{ common_packages + ceph_packages }}" when: - ceph_packages is defined - common_packages is defined - onecloud_version is version('v4.0', '<') - upgrade_onecloud_version is not defined or upgrade_onecloud_version is version('v4.0', '<') - name: Install common packages via loop for Debian Family package: name: "{{ package_item }}" become: true with_items: - "{{ common_packages }}" loop_control: index_var: item_index label: "[{{ item_index + 1 }}/{{ common_packages|length }}] {{ package_item }}" loop_var: package_item tags: - package - name: Install latest packages via loop for debian-based system package: name: "{{ package_item }}" become: true with_items: - "{{ latest_packages }}" when: - latest_packages is defined loop_control: index_var: item_index label: "[{{ '%02d'|format(item_index + 1) }}/{{ common_packages|length }}] {{ package_item }}" loop_var: package_item tags: - package - common_packages - name: Check that if selinux config exists stat: path: /etc/selinux/config register: selinux_conf_exists - name: Turn off selinux selinux: state: disabled become: true when: - selinux_conf_exists.stat.exists - name: Import task utils/config_iptables.yml include_tasks: utils/config_iptables.yml