system-config/playbooks/roles/vos-release/tasks/main.yaml

- name: Install vos release script
  copy:
    src: vos_release.sh
    dest: '/usr/local/bin/'
    owner: root
    group: root
    mode: 0755

- name: Ensure update key
  assert:
    that:
      - hostvars[item]['vos_release_keypair'] is defined
  with_inventory_hostnames: mirror-update

- name: Install vos release key
  authorized_key:
    user: 'root'
    state: present
    key: '{{ hostvars[item]["vos_release_keypair"]["public_key"] }}'
    key_options: 'command="/usr/local/bin/vos_release.sh",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty'
  with_inventory_hostnames: mirror-update