diff --git a/README.md b/README.md index 45e1c720..206acdbd 100644 --- a/README.md +++ b/README.md @@ -46,10 +46,12 @@ To deploy the Datadog Agent on hosts, add the Datadog role and your API key to y | `datadog_apt_cache_valid_time` | Override the default apt cache expiration time (defaults to 1 hour). | | `datadog_apt_key_url_new` | Override the default URL to Datadog `apt` key (key ID `382E94DE`; the deprecated `datadog_apt_key_url` variable refers to an expired key that's been removed from the role). | | `datadog_yum_repo` | Override the default Datadog `yum` repository. | +| `datadog_yum_gpgcheck` | Override the default `gpgcheck` value (`yes`) - use `no` to turn off package GPG signature verification. | | `datadog_yum_gpgkey` | Override the default URL to the Datadog `yum` key used to verify Agent v5 and v6 (up to 6.13) packages (key ID `4172A230`). | | `datadog_yum_gpgkey_e09422b3` | Override the default URL to the Datadog `yum` key used to verify Agent v6.14+ packages (key ID `E09422B3`). | | `datadog_yum_gpgkey_e09422b3_sha256sum` | Override the default checksum of the `datadog_yum_gpgkey_e09422b3` key. | | `datadog_zypper_repo` | Override the default Datadog `zypper` repository. | +| `datadog_zypper_gpgcheck` | Override the default `gpgcheck` value (`yes`) - use `no` to turn off package GPG signature verification. | | `datadog_zypper_gpgkey` | Override the default URL to the Datadog `zypper` key used to verify Agent v5 and v6 (up to 6.13) packages (key ID `4172A230`). | | `datadog_zypper_gpgkey_sha256sum` | Override the default checksum of the `datadog_zypper_gpgkey` key. | | `datadog_zypper_gpgkey_e09422b3` | Override the default URL to the Datadog `zypper` key used to verify Agent v6.14+ packages (key ID `E09422B3`). | diff --git a/defaults/main.yml b/defaults/main.yml index a2940c57..73d2f67a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -72,6 +72,7 @@ datadog_apt_backup_keyserver: hkp://pool.sks-keyservers.net:80 # Use the datadog_yum_repo variable to override the repository used. datadog_yum_repo: "" +datadog_yum_gpgcheck: yes datadog_yum_gpgkey: "https://yum.datadoghq.com/DATADOG_RPM_KEY.public" # this key expires in 2022 datadog_yum_gpgkey_e09422b3: "https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public" @@ -85,6 +86,7 @@ datadog_yum_gpgkey_20200908_sha256sum: "4d16c598d3635086762bd086074140d947370077 # Use the datadog_zypper_repo variable to override the repository used. datadog_zypper_repo: "" +datadog_zypper_gpgcheck: yes datadog_zypper_gpgkey: "https://yum.datadoghq.com/DATADOG_RPM_KEY.public" datadog_zypper_gpgkey_sha256sum: "00d6505c33fd95b56e54e7d91ad9bfb22d2af17e5480db25cba8fee500c80c46" datadog_zypper_gpgkey_e09422b3: "https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public" diff --git a/tasks/pkg-redhat.yml b/tasks/pkg-redhat.yml index b753cf3a..a86e6447 100644 --- a/tasks/pkg-redhat.yml +++ b/tasks/pkg-redhat.yml @@ -29,7 +29,7 @@ description: Datadog, Inc. baseurl: "{{ datadog_agent5_yum_repo }}" enabled: yes - gpgcheck: yes + gpgcheck: "{{ datadog_yum_gpgcheck }}" gpgkey: "{{ datadog_yum_gpgkey }}" register: repofile5 when: (datadog_agent_major_version|int == 5) and (datadog_yum_repo | length == 0) and (not ansible_check_mode) @@ -40,7 +40,7 @@ description: Datadog, Inc. baseurl: "{{ datadog_agent6_yum_repo }}" enabled: yes - gpgcheck: yes + gpgcheck: "{{ datadog_yum_gpgcheck }}" gpgkey: "{{ datadog_yum_gpgkey }}" register: repofile6 when: (datadog_agent_major_version|int == 6) and (datadog_yum_repo | length == 0) and (not ansible_check_mode) @@ -51,7 +51,7 @@ description: Datadog, Inc. baseurl: "{{ datadog_agent7_yum_repo }}" enabled: yes - gpgcheck: yes + gpgcheck: "{{ datadog_yum_gpgcheck }}" gpgkey: "{{ datadog_yum_gpgkey_20200908 }}" register: repofile7 when: (datadog_agent_major_version|int == 7) and (datadog_yum_repo | length == 0) and (not ansible_check_mode) @@ -62,7 +62,7 @@ description: Datadog, Inc. baseurl: "{{ datadog_yum_repo }}" enabled: yes - gpgcheck: yes + gpgcheck: "{{ datadog_yum_gpgcheck }}" gpgkey: "{{ datadog_yum_gpgkey }}" register: repofilecustom when: (datadog_yum_repo | length > 0) and (not ansible_check_mode) diff --git a/templates/zypper.repo.j2 b/templates/zypper.repo.j2 index 580693d0..5b10b6ba 100644 --- a/templates/zypper.repo.j2 +++ b/templates/zypper.repo.j2 @@ -15,5 +15,5 @@ autorefresh=1 baseurl={{ baseurl }} type=rpm-md -gpgcheck=1 +gpgcheck={{ datadog_zypper_gpgcheck|int }} repo_gpgcheck=0