--- - name: Fail early if Python 3 is used on CentOS / RHEL < 8 with old Ansible fail: msg: "The installation of the Agent on RedHat family systems using yum is not compatible with Python 3 with older Ansible versions. To run this role, use a Python 2 interpreter on hosts running CentOS / RHEL < 8 or upgrade Ansible to version 2.11+" # We can't compare ansible_version.full with 2.11 in the condition below, because ansible's # `semver` and `strict` version_type don't recognize it as a valid version and the `loose` # version_type considers it to be a post-release. It seems that the best course of action # is to explicitly use just major.minor for comparison with 2.11. # See https://github.com/ansible/ansible/issues/78288 when: (not datadog_ignore_old_centos_python3_error) and ("{}.{}".format(ansible_version.major, ansible_version.minor) is version("2.11", operator="lt", strict=True)) and (ansible_pkg_mgr == "yum") and (ansible_facts.python.version.major | int >= 3) - name: Find out whether to set repo_gpgcheck or not # We turn off repo_gpgcheck on custom repos and on RHEL/CentOS 8.1 because # of https://bugzilla.redhat.com/show_bug.cgi?id=1792506 set_fact: do_yum_repo_gpgcheck: >- {{ datadog_yum_repo_gpgcheck if datadog_yum_repo_gpgcheck != '' else ( 'no' if ( ansible_facts.distribution_version.startswith('8.1.') or ansible_facts.distribution_version == '8.1' or datadog_yum_repo != '' ) else 'yes' ) }} - name: Download current RPM key get_url: url: "{{ datadog_yum_gpgkey_current }}" dest: /tmp/DATADOG_RPM_KEY_CURRENT.public force: yes - name: Import current RPM key rpm_key: key: /tmp/DATADOG_RPM_KEY_CURRENT.public state: present when: not ansible_check_mode - name: Download new RPM key (Expires in 2022) get_url: url: "{{ datadog_yum_gpgkey_e09422b3 }}" dest: /tmp/DATADOG_RPM_KEY_E09422B3.public checksum: "sha256:{{ datadog_yum_gpgkey_e09422b3_sha256sum }}" - name: Import new RPM key (Expires in 2022) rpm_key: key: /tmp/DATADOG_RPM_KEY_E09422B3.public state: present when: not ansible_check_mode - name: Download new RPM key (Expires in 2024) get_url: url: "{{ datadog_yum_gpgkey_20200908 }}" dest: /tmp/DATADOG_RPM_KEY_20200908.public checksum: "sha256:{{ datadog_yum_gpgkey_20200908_sha256sum }}" - name: Import new RPM key (Expires in 2024) rpm_key: key: /tmp/DATADOG_RPM_KEY_20200908.public state: present when: not ansible_check_mode - name: Set versioned includepkgs variable set_fact: datadog_includepkgs: "{{ datadog_agent_flavor }}-{{ datadog_agent_redhat_version | regex_replace('^\\d+:', '') }}" when: datadog_agent_redhat_version is defined - name: Set plain includepkgs variable set_fact: datadog_includepkgs: "{{ datadog_agent_flavor }}" when: datadog_agent_redhat_version is not defined - name: Install Datadog Agent 5 yum repo yum_repository: name: datadog description: Datadog, Inc. baseurl: "{{ datadog_agent5_yum_repo }}" enabled: yes includepkgs: "{{ datadog_includepkgs }}" repo_gpgcheck: no # we don't sign Agent 5 repodata gpgcheck: "{{ datadog_yum_gpgcheck }}" gpgkey: [ "{{ datadog_yum_gpgkey_current }}", "{{ datadog_yum_gpgkey_20200908 }}", "{{ datadog_yum_gpgkey_e09422b3 }}", ] register: repofile5 when: (datadog_agent_major_version|int == 5) and (datadog_yum_repo | length == 0) and (not ansible_check_mode) - name: Install Datadog Agent 6 yum repo yum_repository: name: datadog description: Datadog, Inc. baseurl: "{{ datadog_agent6_yum_repo }}" enabled: yes includepkgs: "{{ datadog_includepkgs }}" repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}" gpgcheck: "{{ datadog_yum_gpgcheck }}" gpgkey: [ "{{ datadog_yum_gpgkey_current }}", "{{ datadog_yum_gpgkey_20200908 }}", "{{ datadog_yum_gpgkey_e09422b3 }}", ] register: repofile6 when: (datadog_agent_major_version|int == 6) and (datadog_yum_repo | length == 0) and (not ansible_check_mode) - name: Install Datadog Agent 7 yum repo yum_repository: name: datadog description: Datadog, Inc. baseurl: "{{ datadog_agent7_yum_repo }}" enabled: yes includepkgs: "{{ datadog_includepkgs }}" repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}" gpgcheck: "{{ datadog_yum_gpgcheck }}" gpgkey: [ "{{ datadog_yum_gpgkey_current }}", "{{ datadog_yum_gpgkey_20200908 }}", "{{ datadog_yum_gpgkey_e09422b3 }}", ] register: repofile7 when: (datadog_agent_major_version|int == 7) and (datadog_yum_repo | length == 0) and (not ansible_check_mode) - name: Install Datadog Custom yum repo yum_repository: name: datadog description: Datadog, Inc. baseurl: "{{ datadog_yum_repo }}" enabled: yes includepkgs: "{{ datadog_includepkgs }}" repo_gpgcheck: "{{ do_yum_repo_gpgcheck }}" gpgcheck: "{{ datadog_yum_gpgcheck }}" gpgkey: [ "{{ datadog_yum_gpgkey_current }}", "{{ datadog_yum_gpgkey_20200908 }}", "{{ datadog_yum_gpgkey_e09422b3 }}", ] register: repofilecustom when: (datadog_yum_repo | length > 0) and (not ansible_check_mode) - name: Clean repo metadata if repo changed # noqa 503 command: yum clean metadata --disablerepo="*" --enablerepo=datadog failed_when: false # Cleaning the metadata is only needed when downgrading a major version of the Agent, don't fail because of this args: warn: no when: repofile5.changed or repofile6.changed or repofile7.changed or repofilecustom.changed # On certain version of dnf, gpg keys aren't imported into the local db with the package install task. # This rule assures that they are correctly imported into the local db and users won't have to manually accept # them if running dnf commands on the hosts. - name: Refresh Datadog repository cache # noqa 503 command: yum -y makecache --disablerepo="*" --enablerepo=datadog failed_when: false args: warn: no when: repofile5.changed or repofile6.changed or repofile7.changed or repofilecustom.changed - name: Remove old yum repo files yum_repository: name: "ansible_datadog_{{ item }}" state: absent with_items: [ 5, 6, 7, "custom" ] - include_tasks: pkg-redhat/install-pinned.yml when: datadog_agent_redhat_version is defined - include_tasks: pkg-redhat/install-latest.yml when: datadog_agent_redhat_version is not defined