ansible: Default to not checking GPG signatures on distro YUM repos

The official CentOS 7 boxes not not contain the necessary public keys
so, rather than forcing this to be overridden in configuration, just
default to 'no'.

Signed-off-by: Martin Schwenke <martin@meltin.net>

diff --git a/ansible/node/roles/common/tasks/redhat/packages.yml b/ansible/node/roles/common/tasks/redhat/packages.yml
index 888ccaeabaa8fbb8ad83a8f29a58742aa7a73c06..3491a820657e60e77f521ab964d988a620c0d4fb 100644 (file)
--- a/ansible/node/roles/common/tasks/redhat/packages.yml
+++ b/ansible/node/roles/common/tasks/redhat/packages.yml
@@ -30,7 +30,8 @@
     name: "autocluster-{{ repo.name }}"
     description: "{{ repo.name }}"
     baseurl: "{{ repo.baseurl | default(repository_baseurl) }}/{{ repo.path }}"
-    gpgcheck: "{{ repo.gpgcheck | default('yes') }}"
+    # Official CentOS 7 boxes do not contain necessary public keys
+    gpgcheck: "{{ repo.gpgcheck | default('no') }}"
     proxy: _none_
   when: repo.type == "distro"
   with_list: "{{ repositories }}"