Installing repository key on 16.04 server fails
Closed this issue · 1 comments
elaske commented
The role includes trying to add the key through an ansible task and then failing over to try to use curl. This results in this on a clean 16.04.3 installation:
TASK [angstwad.docker_ubuntu : Add Docker repository key] ******************************************
fatal: [172.16.28.146]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --keyserver https://download.docker.com/linux/ubuntu/gpg --recv 9DC858229FC7DD38854AE2D88D81803C0EBFCD88", "failed":true, "msg": "Error fetching key 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 from keyserver: https://download.docker.com/linux/ubuntu/gpg", "rc": 2, "stderr": "gpg: requesting key 0EBFCD88 from https server download.docker.com\ngpg: no handler for keyserver scheme `https'\ngpg: keyserver receive failed: keyserver error\n", "stderr_lines": ["gpg: requesting key 0EBFCD88 from https server download.docker.com", "gpg: no handler for keyserver scheme `https'", "gpg: keyserver receive failed: keyserver error"], "stdout": "Executing: /tmp/tmp.AEFTbEAZNH/gpg.1.sh --keyserver\nhttps://download.docker.com/linux/ubuntu/gpg\n--recv\n9DC858229FC7DD38854AE2D88D81803C0EBFCD88\ngpgkeys: protocol `https' not supported\n", "stdout_lines": ["Executing: /tmp/tmp.AEFTbEAZNH/gpg.1.sh --keyserver", "https://download.docker.com/linux/ubuntu/gpg", "--recv", "9DC858229FC7DD38854AE2D88D81803C0EBFCD88", "gpgkeys: protocol `https' not supported"]}
...ignoring
TASK [angstwad.docker_ubuntu : Alternative | Add Docker repository key] ****************************
[WARNING]: Consider using get_url or uri module rather than running curl
fatal: [172.16.28.146]: FAILED! => {"changed": true, "cmd": "curl -sSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -", "delta": "0:00:00.064634", "end": "2017-08-17 18:54:16.919538", "failed": true, "rc": 2, "start": "2017-08-17 18:54:16.854904", "stderr": "/bin/sh: 1: curl: notfound\ngpg: no valid OpenPGP data found.", "stderr_lines": ["/bin/sh: 1: curl: not found", "gpg: novalid OpenPGP data found."], "stdout": "", "stdout_lines": []}
The two fail for different reasons:
Ansible apt-key module fails because gpg requires gnupg-curl to work with https:// keys. It needs to have a trusted root authority, which gpg doesn't by default.
The alternative method needs to ensure curl is installed first before executing if we have to resort to direct non-module calls.
So, I would recommend making sure there's a task that installs gnupg-curl and / or curl if you're going to need it as a dependency.