Skip to main content

Ansible playbook to update your Debian repository to add a SignalWire Token

Introduction

At SureVoIP and TelcoSwitch we have FreeSWITCH in lots of different roles (30+ servers) from SBCs, Hosted VoIP, APIs etc., so we needed to update the apt repos on our Debian systems to add a SignalWire Personal Access Token for authentication due to the FreeSWITCH announcement.

I've done a small playbook to remove the old style repo, 1.8 repo, download the gpg key, create the auth file/directory for apt and create the new repo.

Hopefully it will save others a few hours writing and testing, plus loads of time updating all your instances.

freeswitch_signalwire_repo.yml

---
# Author: Gavin Henry <ghenry@surevoip.co.uk>
# Updated: 2022-03-22
#
# Run with:
# ansible-playbook -u xxxxx --limit ansible_group,hostname,etc freeswitch_signalwire_repo.yml
# Automated manual steps from - https://freeswitch.org/confluence/display/FREESWITCH/Debian
#
- name: Remove FreeSWITCH plain repo and add SignalWire protected one
hosts: hostname, group etc.
become: true
gather_facts: true

tasks:
#- name: Print all available facts
# ansible.builtin.debug:
# var: ansible_facts

- name: Fetch password protected FreeSWITCH GPG key
# username/password only available since 2.8, in older versions you need to use url_username/url_password
get_url:
url: https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg
username: signalwire
password: '{{ signalwire_freeswitch_key }}'
dest: /usr/share/keyrings/signalwire-freeswitch-repo.gpg
when: ansible_os_family == 'Debian' and ansible_distribution_major_version|int >= 9

- name: Make apt auth directory
ansible.builtin.file:
path: /etc/apt/auth.conf.d
state: directory
mode: '0755'
when: ansible_os_family == 'Debian' and ansible_distribution_major_version|int >= 9

- name: Create apt auth.conf.d freeswitch file
ansible.builtin.copy:
dest: /etc/apt/auth.conf.d/freeswitch.conf
owner: root
group: root
mode: '0700'
content: 'machine freeswitch.signalwire.com login signalwire password {{ signalwire_freeswitch_key }}'
when: ansible_os_family == 'Debian' and ansible_distribution_major_version|int >= 9

- name: "Remove vanilla FreeSWITCH repo"
ansible.builtin.apt_repository:
repo: deb http://files.freeswitch.org/repo/deb/debian-release/ {{ ansible_distribution_release }} main
state: absent
when: ansible_os_family == 'Debian' and ansible_distribution_major_version|int >= 9

- name: "Remove 1.8 FreeSWITCH repo"
ansible.builtin.apt_repository:
repo: deb http://files.freeswitch.org/repo/deb/freeswitch-1.8/ {{ ansible_distribution_release }} main
state: absent
when: ansible_os_family == 'Debian' and ansible_distribution_major_version|int >= 9

- name: "Remove 1.8 FreeSWITCH src repo"
ansible.builtin.apt_repository:
repo: deb-src http://files.freeswitch.org/repo/deb/freeswitch-1.8/ {{ ansible_distribution_release }} main
state: absent
when: ansible_os_family == 'Debian' and ansible_distribution_major_version|int >= 9

- name: "Add SignalWire FreeSWITCH repo"
ansible.builtin.apt_repository:
repo: deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ {{ ansible_distribution_release }} main
state: present
filename: freeswitch
when: ansible_os_family == 'Debian' and ansible_distribution_major_version|int >= 9

# You could set the password here or on your CLI. We set it in group_vars/all in our Ansible Inventory
# vars:
# - signalwire_freeeswitch_key: pat_XXXXX