make sure gpg is installed, and add a commented out section for using…

… untrusted repos. (#577)

ansible/setup-offline-sources.yml

@@ -49,6 +49,10 @@
 - name: Set up offline repositories and remove online ones
   hosts: k8s-cluster:etcd:restund:cassandra:elasticsearch:minio
   tasks:
+    - name: Bail if GPG is not installed or installable.
+      apt:
+        name: gpg
+        state: present
     - name: Remove /etc/apt/sources.list to remove all online debian package repos
       file:
         path: /etc/apt/sources.list
@@ -57,13 +61,34 @@
       file:
         path: /etc/apt/sources.list.d/
         state: absent
+
+#######################################################################
+# If your offline repo's debian key has expired, uncomment this block.
+#############
+# If you had to uncomment this block, comment out the docker-ce repo logic in
+# that starts at line 56 of
+# roles-external/kubespray/roles/container-engine/docker/tasks/main.yml
+# . comment out the 'ensure docker-ce repository public key is installed', and
+# the 'ensure docker-ce repository is enabled' blocks.
+#######################################################################
+#    - name: trust anything
+#      copy:
+#        dest: /etc/apt/apt.conf.d/90-baroque
+#        content: |
+#          Acquire::Check-Valid-Until false;
+#          Acquire::AllowInsecureRepositories true;
+#          Apt::Get::AllowUnauthenticated true;
+#############################
+# Otherwise, trust the repo.
+#############################
     - name: Register offline repo key
       apt_key:
         url: "{{ ubuntu_repo_gpgkey }}"
         state: present
+
     - name: Register offline repo
       apt_repository:
-        repo: "deb {{ ubuntu_repo_base_url  }} bionic main"
+        repo: "deb {{ ubuntu_repo_base_url }} bionic main"
         state: present
     - name: Apt update
       apt: