From 15c23a9c1e4fd127077d9d82a96bbc72ccba936f Mon Sep 17 00:00:00 2001
From: "von der Hagen, Patrick (SCC)" <patrick.hagen@kit.edu>
Date: Wed, 1 Mar 2023 17:58:34 +0100
Subject: [PATCH] apt_key deprecated

solution loosely based on geerlingguy/ansible-role-docker
---
 defaults/main.yml      |  4 ++++
 tasks/setup-Debian.yml | 25 ++++++++++++++++++++-----
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index d3ec0fc..38ad949 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -38,3 +38,7 @@ filebeat_elastic_cloud_enabled: false
 filebeat_elastic_cloud_id: ""
 filebeat_elastic_cloud_username: ""
 filebeat_elastic_cloud_password: ""
+
+filebeat_elastic_apt_gpg_key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
+filebeat_add_repo: true
+filebeat_apt_ignore_key_error: true
diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml
index 7772c31..7051120 100644
--- a/tasks/setup-Debian.yml
+++ b/tasks/setup-Debian.yml
@@ -7,13 +7,28 @@
     state: present
 
 - name: Add Elasticsearch apt key.
-  apt_key:
-    url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
-    id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
-    state: present
+  ansible.builtin.get_url:
+    url: "{{ filebeat_elastic_apt_gpg_key }}"
+    dest: /etc/apt/trusted.gpg.d/filebeat.asc
+    mode: '0644'
+    force: true
+  register: add_repository_key
+  ignore_errors: "{{ filebeat_apt_ignore_key_error }}"
+  when: filebeat_add_repo | bool
+
+- name: Ensure curl is present (on older systems without SNI).
+  package: name=curl state=present
+  when: add_repository_key is failed and filebeat_add_repo | bool
+
+- name: Add Elasticsearch apt key (alternative for older systems without SNI).
+  shell: >
+    curl -sSL {{ filebeat_elastic_apt_gpg_key }} | apt-key add -
+  when: add_repository_key is failed and filebeat_add_repo | bool
+
 
 - name: Add Filebeat repository.
   apt_repository:
-    repo: 'deb https://artifacts.elastic.co/packages/{{ filebeat_version }}/apt stable main'
+    repo: 'deb [signed-by=/etc/apt/trusted.gpg.d/filebeat.asc] https://artifacts.elastic.co/packages/{{ filebeat_version }}/apt stable main'
     state: present
     update_cache: true
+