Merge pull request #14 from TantorLabs/TTS-373_repo_fix

Change repo

Author: HimuraKrd

inventory/group_vars/prepare_nodes.yml

@@ -3,14 +3,11 @@
 
 add_nexus_repo: "false"
 
-nexus_username: ""
-nexus_password: ""
-
 nexus_key_url: "https://public.tantorlabs.ru/tantorlabs.ru.asc"
-nexus_apt_astra_1_7: "deb [arch=amd64] https://nexus.tantorlabs.ru/repository/astra-smolensk-1.7 smolensk main"
-nexus_apt_astra_1_8: "deb [arch=amd64] https://nexus.tantorlabs.ru/repository/astra-1.8 1.8_x86-64 main"
-nexus_apt_ubuntu_22_04: "deb [arch=amd64] https://nexus.tantorlabs.ru/repository/ubuntu-22.04 jammy main"
-nexus_apt_ubuntu_20_04: "deb [arch=amd64] https://nexus.tantorlabs.ru/repository/ubuntu-20.04 focal main"
-nexus_yum_redos_7_3: "https://nexus.tantorlabs.ru/repository/redos-7.3/"
-nexus_yum_redos_8_0: "https://nexus.tantorlabs.ru/repository/redos-8/"
-nexus_yum_altlinux_c10f2: "https://nexus.tantorlabs.ru/repository/altrepo_c10f2/"
+nexus_apt_astra_1_7: "deb [signed-by=/etc/apt/keyrings/tantor-nexus.gpg arch=amd64] https://nexus-public.tantorlabs.ru/repository/astra-smolensk-1.7/ smolensk main"
+nexus_apt_astra_1_8: "deb [signed-by=/etc/apt/keyrings/tantor-nexus.gpg arch=amd64] https://nexus-public.tantorlabs.ru/repository/astra-1.8/ 1.8_x86-64 main"
+nexus_apt_ubuntu_22_04: "deb [arch=amd64] https://nexus-public.tantorlabs.ru/repository/ubuntu-22.04 jammy main"
+nexus_apt_ubuntu_20_04: "deb [arch=amd64] https://nexus-public.tantorlabs.ru/repository/ubuntu-20.04 focal main"
+nexus_yum_redos_7_3: "https://nexus-public.tantorlabs.ru/repository/redos-7.3/"
+nexus_yum_redos_8_0: "https://nexus-public.tantorlabs.ru/repository/redos-8/"
+nexus_yum_altlinux_c10f2: "https://nexus-public.tantorlabs.ru/repository/altrepo_c10f2/"

roles/prepare_nodes/tasks/debian.yml

@@ -12,27 +12,33 @@
     - /etc/apt/trusted.gpg.d
     - /etc/apt/auth.conf.d
 
-- name: Configure nexus repository key
+
+- name: Ensure APT keyrings directory exists
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
   when:
-    - add_nexus_repo == 'true'
+    - add_nexus_repo | bool
     - ansible_os_family != 'Altlinux'
-  ansible.builtin.apt_key:
-    url: "{{ nexus_key_url }}"
-    state: present
 
-- name: Configure APT authentication for Tantor Nexus repositories
+- name: Download Tantor GPG key (ASCII)
+  ansible.builtin.get_url:
+    url: "{{ nexus_key_url }}"
+    dest: /etc/apt/keyrings/tantor-nexus.asc
+    mode: '0644'
   when:
-    - add_nexus_repo == 'true'
-  ansible.builtin.copy:
-    dest: "/etc/apt/auth.conf.d/tantor_auth.conf"
-    content: |
-      machine nexus.tantorlabs.ru
-      login {{ nexus_username }}
-      password {{ nexus_password }}
-    owner: root
-    group: root
-    mode: "0644"
+    - add_nexus_repo | bool
+    - ansible_os_family != 'Altlinux'
 
+- name: Convert Tantor GPG key to binary .gpg format
+  ansible.builtin.command: >
+    gpg --dearmor -o /etc/apt/keyrings/tantor-nexus.gpg /etc/apt/keyrings/tantor-nexus.asc
+  args:
+    creates: /etc/apt/keyrings/tantor-nexus.gpg
+  when:
+    - add_nexus_repo | bool
+    - ansible_os_family != 'Altlinux'
 - name: Block for Altlinux
   when:
     - add_nexus_repo == 'true'

roles/prepare_nodes/tasks/rhel.yml

@@ -29,8 +29,6 @@
         name: tantorlabs
         description: Tantorlabs repository for RedOS 7.3
         baseurl: "{{ nexus_yum_redos_7_3 }}"
-        username: "{{ nexus_username }}"
-        password: "{{ nexus_password }}"
         gpgcheck: true
         gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tantorlabs"
       when:
@@ -42,8 +40,6 @@
         name: tantorlabs
         description: Tantorlabs repository for RedOS 8.0
         baseurl: "{{ nexus_yum_redos_8_0 }}"
-        username: "{{ nexus_username }}"
-        password: "{{ nexus_password }}"
         gpgcheck: true
         gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tantorlabs"
       when: