Fix default apt keyring dir not existing on older Ubuntu

Recent Chef client versions use it
2026-04-12 09:10:58 +04:00
parent f0314e0b99
commit a3be57afbc
1 changed files with 31 additions and 25 deletions
--- a/site-cookbooks/kosmos-base/recipes/default.rb
+++ b/site-cookbooks/kosmos-base/recipes/default.rb
@@ -24,11 +24,17 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.

-include_recipe 'apt'
-include_recipe 'timezone_iii'
-include_recipe 'ntp'
-include_recipe 'kosmos-base::journald_conf'
-include_recipe 'kosmos-base::systemd_emails'
+include_recipe "apt"
+
+directory "/etc/apt/keyrings" do
+  mode "0755"
+  action :create
+end
+
+include_recipe "timezone_iii"
+include_recipe "ntp" if node["platform"] == "ubuntu" && node["platform_version"].to_f < 24.04
+include_recipe "kosmos-base::journald_conf"
+include_recipe "kosmos-base::systemd_emails"

 node.override["apt"]["unattended_upgrades"]["enable"] = true
 node.override["apt"]["unattended_upgrades"]["mail_only_on_error"] = false
@@ -43,57 +49,57 @@ node.override["apt"]["unattended_upgrades"]["allowed_origins"] = [
 ]
 node.override["apt"]["unattended_upgrades"]["mail"] = "ops@kosmos.org"
 node.override["apt"]["unattended_upgrades"]["syslog_enable"] = true
-include_recipe 'apt::unattended-upgrades'
+include_recipe "apt::unattended-upgrades"

-package 'mailutils'
-package 'mosh'
-package 'vim'
+package "mailutils"
+package "mosh"
+package "vim"

 # Don't create users and rewrite the sudo config in development environment.
 # It breaks the vagrant user
 unless node.chef_environment == "development"
  # Searches data bag "users" for groups attribute "sysadmin".
  # Places returned users in Unix group "sysadmin" with GID 2300.
-  users_manage 'sysadmin' do
+  users_manage "sysadmin" do
    group_id 2300
-    action [:remove, :create]
+    action %i[remove create]
  end

  sudo "sysadmin" do
    groups "sysadmin"
    nopasswd true
    defaults [
-    # not default on Ubuntu, explicitely enable. Uses a minimal white list of
-    # environment variables
-    'env_reset',
-    # Send emails on unauthorized attempts
-    'mail_badpass',
-    'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"',
+      # not default on Ubuntu, explicitely enable. Uses a minimal white list of
+      # environment variables
+      "env_reset",
+      # Send emails on unauthorized attempts
+      "mail_badpass",
+      'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"'
    ]
  end

  include_recipe "kosmos-base::firewall"

-  include_recipe 'kosmos-postfix'
+  include_recipe "kosmos-postfix"

-  node.override['set_fqdn'] = '*'
-  include_recipe 'hostname'
+  node.override["set_fqdn"] = "*"
+  include_recipe "hostname"

-  package 'ca-certificates'
+  package "ca-certificates"

-  directory '/usr/local/share/ca-certificates/cacert' do
+  directory "/usr/local/share/ca-certificates/cacert" do
    action :create
  end

-  ['http://www.cacert.org/certs/root.crt', 'http://www.cacert.org/certs/class3.crt'].each do |cert|
+  ["http://www.cacert.org/certs/root.crt", "http://www.cacert.org/certs/class3.crt"].each do |cert|
    remote_file "/usr/local/share/ca-certificates/cacert/#{File.basename(cert)}" do
      source cert
      action :create_if_missing
-      notifies :run, 'execute[update-ca-certificates]', :immediately
+      notifies :run, "execute[update-ca-certificates]", :immediately
    end
  end

-  execute 'update-ca-certificates' do
+  execute "update-ca-certificates" do
    action :nothing
  end
 end