Resolve alertlogic#32

Import Alert Logic GPG key, validate the fingerprint, verify RPM.
deekayen · May 16, 2022 · 01dce3a · 01dce3a
1 parent 800bded
commit 01dce3a
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,4 +1,4 @@
 ---
 
 # KLUDGE: See https://github.com/alertlogic/al-agents-ansible-playbooks/issues/32
-disable_gpg_check: true
+disable_gpg_check: false
diff --git a/tasks/install_agent.yml b/tasks/install_agent.yml
@@ -10,6 +10,14 @@
       until: install_result is success
       when: ansible_os_family == "Debian"
 
+    - name: Import Alert Logic Atlas GPG key.
+      ansible.builtin.rpm_key:
+        key: "{{ al_agent_gpg_key }}"
+        fingerprint: "{{ al_agent_gpg_fingerprint }}"
+        state: present
+      when:
+        - ansible_os_family == "RedHat"
+
     - name: Install Alert Logic Agent on CentOS/RHEL
       ansible.builtin.yum:
         name: "{{ al_agent_pkg_url }}"

diff --git a/vars/RedHat.yml b/vars/RedHat.yml
@@ -1,8 +1,11 @@
 ---
+
 al_agent_initscript: 'rsyslog'
 al_agent_pkg_name_arch: "{{ ansible_architecture }}"
 al_agent_pkg_name_ext: 'rpm'
 al_agent_syslog_ng_source: "{{ ( ansible_distribution_major_version >= '6' ) | ternary('s_all', 's_sys') }}"
 al_agent_base_url: 'https://scc.alertlogic.net'
 al_agent_pkg_name_prefix: 'al-agent-LATEST-1.'
 al_agent_pkg_url: "{{ al_agent_base_url }}/software/{{ al_agent_pkg_name_prefix }}{{al_agent_pkg_name_arch}}.{{al_agent_pkg_name_ext}}"
+al_agent_gpg_key: "{{ al_agent_base_url }}/software/al-agent-pkg-key.asc"
+al_agent_gpg_fingerprint: '9a2a3e9a817127b121b2b2fb00802f0e0186cc36'