Add ability to use third-party repos for debootstrap

At the moment in case an arbitrary repository is defined for
`lxc_apt_mirror` debootsrap may fail with being impossible to verify
gpg key. This patch provides an option to supply arbitrary path to
the gpg against which Release file will be verified.

Change-Id: I3e81c9296361ef621b933be06b0803ca09a8b127
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>

defaults/main.yml

@@ -232,5 +232,7 @@ lxc_centos_repos: "{{ _lxc_centos_repos }}"
 # DEB repository options
 lxc_ubuntu_mirror: "{{ (ansible_facts['architecture'] == 'x86_64') | ternary('http://archive.ubuntu.com/ubuntu', 'http://ports.ubuntu.com/ubuntu-ports') }}"
 lxc_apt_mirror: "{{ (ansible_facts['distribution'] == 'Ubuntu') | ternary(lxc_ubuntu_mirror, 'http://deb.debian.org/debian') }}"
+lxc_apt_mirror_gpg_check: true
+lxc_apt_mirror_gpg_file: ''
 
 lxc_sysctl_file: "{{ openstack_sysctl_file | default('/etc/sysctl.conf') }}"

releasenotes/notes/debootstrap_gpg_verify-dea6004d7f5d505c.yaml

@@ -0,0 +1,11 @@
+---
+features:
+  - |
+    Added variable ``lxc_apt_mirror_gpg_check`` to either enforce or disable
+    gpg check during LXC image preparation through debootstrap. It is enabled
+    by default.
+
+  - |
+    Added variable ``lxc_apt_mirror_gpg_file`` which provides path on the
+    remote host to GPG file location, against which to verify packages
+    from ``lxc_apt_mirror`` during debootstrap process.

vars/debian.yml

@@ -16,6 +16,8 @@
 _lxc_hosts_container_build_command: >-
   debootstrap --variant minbase
   --include ca-certificates
+  {{ (lxc_apt_mirror_gpg_check | bool) | ternary('--force-check-gpg', '--no-check-gpg') }}
+  {{ (lxc_apt_mirror_gpg_file | length > 0) | ternary('--keyring=' ~ lxc_apt_mirror_gpg_file, '') }}
   {{ ansible_facts['distribution_release'] }}
   /var/lib/machines/{{ lxc_container_base_name }}
   {{ lxc_apt_mirror }}