Include the apt keys from lxc host in cache generation

This generates apt key dump of the lxc host, copies it to the container, loads it and then removes the temporary file for it. All non-interactively. This only applies for ubuntu {14,16}.04 Change-Id: I74650b5924cbe5ded16ce2dfa683e2c110c4e943 Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
2016-05-19 11:50:38 +01:00 · 2016-05-19 11:50:38 +01:00 · 81d904bc78
commit 81d904bc78
parent 5671312dbd
3 changed files with 26 additions and 0 deletions
--- a/tasks/lxc_cache_preparation.yml
+++ b/tasks/lxc_cache_preparation.yml
@ -13,6 +13,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: Generate apt keys from LXC host for the container cache
+  shell: apt-key exportall > /root/repo.keys
+  changed_when: False
+  when:
+    - ansible_pkg_mgr == 'apt'
+  tags:
+    - lxc-cache
+    - lxc-cache-apt-keys
+
 # TODO(evrardjp): replace this with a copy with remote_src: True
 # when ansible2.0 will be supported
 - name: Rsyncing files from the LXC host to the container cache
@ -81,3 +90,14 @@
  tags:
    - lxc-cache
    - lxc-cache-update
+
+- name: Remove generated apt keys from LXC host
+  file:
+    path: /root/repo.keys
+    state: absent
+  when:
+    - ansible_pkg_mgr == 'apt'
+  changed_when: False
+  tags:
+    - lxc-cache
+    - lxc-cache-apt-keys
--- a/vars/ubuntu-14.04.yml
+++ b/vars/ubuntu-14.04.yml
@ -44,6 +44,7 @@ lxc_cache_map:
    - /etc/apt/sources.list
    - /etc/apt/sources.list.d/
    - /etc/apt/apt.conf.d/
+    - /root/repo.keys
  cache_prep_commands: |
    rm /run/resolvconf/resolv.conf
    # This enforces the resolvers from within the image
@ -54,6 +55,8 @@ lxc_cache_map:
    echo "# NONE" > /etc/resolvconf/resolv.conf.d/tail
    echo "# NONE" > /etc/resolvconf/resolv.conf.d/original
    rm -rf /var/lib/apt/lists/*
+    apt-key add /root/repo.keys
+    rm /root/repo.keys
    {{ lxc_cache_install_command }} {{ lxc_cache_packages | join(' ') }}
    apt-get -y upgrade
    rm -f /usr/bin/python
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@ -47,6 +47,7 @@ lxc_cache_map:
    - /etc/apt/sources.list
    - /etc/apt/sources.list.d/
    - /etc/apt/apt.conf.d/
+    - /root/repo.keys
  cache_prep_commands: |
    rm /run/resolvconf/resolv.conf
    # This enforces the resolvers from within the image
@ -57,6 +58,8 @@ lxc_cache_map:
    echo "# NONE" > /etc/resolvconf/resolv.conf.d/tail
    echo "# NONE" > /etc/resolvconf/resolv.conf.d/original
    rm -rf /var/lib/apt/lists/*
+    apt-key add /root/repo.keys
+    rm /root/repo.keys
    {{ lxc_cache_install_command }} {{ lxc_cache_packages | join(' ') }}
    apt-get -y upgrade
    rm -f /usr/bin/python