Installing Passenger fails: "repomd.xml signature could not be verified for passenger" but works interactively
3,305 views
Skip to first unread message
TJG
Apr 3, 2016, 8:18:00 AM4/3/16
to Ansible Project
Hi all;
I'm pretty new to Ansible, but have generally made good progress with a playbook to set up a (vagrant) CentOS 7 box. One point of grief is my translation of Phusion's instructions for installing Passenger, from here.
Running the following playbook (as root) fails with "[Errno -1] repomd.xml signature could not be verified for passenger"
yet works perfectly when done interactively.
Any ideas what the difference is?
Thanks,
Tim
- name: Passenger | Add Phusion's EL7 YUM repository
shell: sudo curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
- name: Passenger | Set root as owner of passenger.repo and allow only root to read and write passenger.repo
file: path=/etc/yum.repos.d/passenger.repo owner=root mode=600
- name: Passenger | Install mod_passenger
yum: name={{ item }} state=present enablerepo=passenger
with_items:
- mod_passengerResults in:
^@failed: [localhost] (item=[u'mod_passenger']) => {"failed": true, "invocation": {"module_args": {"conf_file": null, "disable_gpg_check": false, "disablerepo": null, "enablerepo": "passenger", "exclude": null, "install_repoquery": true, "list": null, "name": ["mod_passenger"], "state": "present", "update_cache": false, "validate_certs": true}, "module_name": "yum"}, "item": ["mod_passenger"], "msg": "Failure talking to yum: failure: repodata/repomd.xml from passenger: [Errno 256] No more mirrors to try.\nhttps://oss-binaries.phusionpassenger.com/yum/passenger/el/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for passenger"}Transcript of interactive installation:
[vagrant@test-httpd ~]$ sudo yum install -y mod_passenger
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
epel/x86_64/metalink | 11 kB 00:00:00
epel | 4.3 kB 00:00:00
extras | 3.4 kB 00:00:00
passenger/7/x86_64/signature | 836 B 00:00:00
Retrieving key from https://packagecloud.io/gpg.key
Importing GPG key 0xD59097AB:
Userid : "packagecloud ops (production key) <o...@packagecloud.io>"
Fingerprint: 418a 7f2f b0e1 e6e7 eabf 6fe8 c2e7 3424 d590 97ab
From : https://packagecloud.io/gpg.key
passenger/7/x86_64/signature | 1.0 kB 00:00:00 !!!
passenger-source/7/signature
...
...
Total 337 kB/s | 6.4 MB 00:00:19
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
Userid : "Fedora EPEL (7) <ep...@fedoraproject.org>"
Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
Package : epel-release-7-5.noarch (@extras)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : selinux-policy-3.13.1-60.el7_2.3.noarch 1/8
Installing : 1:rubygem-rack-1.6.4-2.el7.noarch 2/8
Installing : rubygem-rake-0.9.6-25.el7_1.noarch 3/8
Installing : passenger-5.0.26-8.el7.x86_64 4/8
Installing : mod_passenger-5.0.26-8.el7.x86_64 5/8
...
Installed:
mod_passenger.x86_64 0:5.0.26-8.el7
Dependency Installed:
passenger.x86_64 0:5.0.26-8.el7 rubygem-rack.noarch 1:1.6.4-2.el7 rubygem-rake.noarch 0:0.9.6-25.el7_1
Dependency Updated:
selinux-policy.noarch 0:3.13.1-60.el7_2.3 selinux-policy-targeted.noarch 0:3.13.1-60.el7_2.3
Complete!
[vagrant@test-httpd ~]$
Kacper Patro
May 9, 2016, 10:51:18 AM5/9/16
to Ansible Project
Hi Tim,
I had similar issue with VirtualBox repo. In my case, removing line repo_gpgcheck=1 from repo file (i.e.
I had similar issue with VirtualBox repo. In my case, removing line repo_gpgcheck=1 from repo file (i.e.
el-passenger.repo) helped.
Best Regards,
Kacper
Tim Griffin
May 9, 2016, 11:17:58 AM5/9/16
to ansible...@googlegroups.com
Thanks, Kacper.
I'll give that a shot!
Tim
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/03758adc-132b-4830-af9f-4866ab097c30%40googlegroups.com.--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/dHuToEsVqOc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
Johannes Kastl
May 9, 2016, 11:24:38 AM5/9/16
to ansible...@googlegroups.com
On 08.05.16 21:37 Kacper Patro wrote:
> Hi Tim,
>
> I had similar issue with VirtualBox repo. In my case, removing line
> *repo_gpgcheck=1* from repo file (i.e. el-passenger.repo) helped.
> Hi Tim,
>
> I had similar issue with VirtualBox repo. In my case, removing line
DONT! You lose all security provided by gpg signatures of the
packages. (Sorry for the yelling... ;-))
I would rather add the rpm-key with the corresponding module, the link
is in your output:
https://packagecloud.io/gpg.key
Johannes
Tim Griffin
May 9, 2016, 11:30:15 AM5/9/16
to ansible...@googlegroups.com
Ah, okay. Good point, Johannes.
And, on RHEL, turning of the GPG check wouldn't be a good plan anyways!
Tim
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/dHuToEsVqOc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5730ABA6.1010706%40ojkastl.de.
Johannes Kastl
May 9, 2016, 3:23:12 PM5/9/16
to ansible...@googlegroups.com
On 09.05.16 17:29 Tim Griffin wrote:
> Ah, okay. Good point, Johannes.
>
> And, on RHEL, turning of the GPG check wouldn't be a good plan anyways!
On CentOS-machines I use this snippet to install the epel-release
> Ah, okay. Good point, Johannes.
>
> And, on RHEL, turning of the GPG check wouldn't be a good plan anyways!
package and import the rpm-key:
- name: CentOS - install epel-release
yum: name=epel-release state=latest
when: ansible_os_family == "RedHat"
- name: CentOS - install epel-release Key
rpm_key: key="/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{
ansible_distribution_major_version }}" state=present
when: ansible_os_family == "RedHat"
Johannes
Tim Griffin
May 9, 2016, 4:22:03 PM5/9/16
to ansible...@googlegroups.com
Johannes... I appreciate you sharing your snippet of code. That should save me some time!
Tim
Johannes
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/dHuToEsVqOc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5730E393.7050908%40ojkastl.de.
Jubz Madagascar
Dec 19, 2016, 3:17:34 PM12/19/16
to Ansible Project
This is the snippet that worked for me, in case anyone experiences the same problem:
# Extra Packages for Enterprise Linux (EPEL)
- name: Extra Packages for Enterprise Linux (EPEL)
yum: name=epel-release state=latest
- name: EPEL repository key
rpm_key:
key: "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
state: present
Reply all
Reply to author
Forward
0 new messages