Yuri Kanivetsky
2017-Mar-05 11:51 UTC
[CentOS] How to automatically confirm importing repo key?
Hi, I'm trying to set up provisioning LXC container running CentOS. And among other things, I need to install nginx + passenger from a non-official repo (the docs: https://www.phusionpassenger.com/library/install/nginx/install/oss/el7/). With this playbook: - hosts: all tasks: # https://docs.ansible.com/ansible/yum_repository_module.html - name: Add repository yum_repository: # from https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo name: passenger description: Passenger repository baseurl: https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch repo_gpgcheck: 1 gpgcheck: 0 enabled: 1 gpgkey: https://packagecloud.io/gpg.key sslverify: 1 sslcacert: /etc/pki/tls/certs/ca-bundle.crt # http://docs.ansible.com/ansible/command_module.html - name: (1) Add repository key (shell command) command: rpm --import https://packagecloud.io/gpg.key # # http://docs.ansible.com/ansible/rpm_key_module.html # - name: (2) Add repository key (python code) # rpm_key: # key: https://packagecloud.io/gpg.key # http://docs.ansible.com/ansible/yum_module.html - name: Install nginx yum: name={{ item }} with_items: nginx ansible fails performing the last task with: Failure talking to yum: failure: repodata/repomd.xml from passenger: [Errno 256] No more mirrors to try. https://oss-binaries.phusionpassenger.com/yum/passenger/el/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for passenger no matter which way of importing key I choose (1 or 2). If I then ssh to container and run `yum install nginx` manually, it says: Retrieving key from https://packagecloud.io/gpg.key Importing GPG key 0xD59097AB: Userid : "packagecloud ops (production key) <ops at packagecloud.io>" Fingerprint: 418a 7f2f b0e1 e6e7 eabf 6fe8 c2e7 3424 d590 97ab From : https://packagecloud.io/gpg.key Is this ok [y/N]: And I suppose this extra confirmation request is what makes ansible fail. Can it be confirmed automatically? I tried to make it clear for those who don't use ansible, but feel free to ask questions. Thanks in advance. Related Stack Overflow question (just in case): http://stackoverflow.com/questions/38327406/how-to-install-yum-repository-key-with-ansible/41882838 Regards, Yuri
Yuri Kanivetsky
2017-Mar-05 13:08 UTC
[CentOS] How to automatically confirm importing repo key?
Now that I think about it, I should've reproduced it with just shell script and didn't involve ansible, when asking the question. Things are more or less clear now. The only thing I'd like to confirm if this makes for a good way of automatically confirming importing repo key? yum makecache -y --disablerepo=* --enablerepo=passenger Regards, Yuri
Possibly Parallel Threads
- How do I confirm importing repo key without user intervention?
- How do I confirm importing repo key without user intervention?
- How do I confirm importing repo key without user intervention?
- passenger with ruby enterprise edition
- Detecting unicorn / defining after_fork after master startup