Can't get gpg key accepted automatically for new repo on CentOS 7

806 views

Skip to first unread message

lu...@getadmiral.com

unread,

Feb 16, 2017, 4:39:37 PM2/16/17

to Ansible Project

Here's the play I've tried:

- hosts: eliza
  tags:
    - grafana
  roles:
    - role: service_restart

  tasks:
    - name: Add grafana repository
      yum_repository:
        name: grafana
        description: grafana
        baseurl: https://packagecloud.io/grafana/stable/el/6/$basearch
        gpgcheck: True
        repo_gpgcheck: True
        gpgkey: https://packagecloud.io/gpg.key https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana
        sslcacert: /etc/pki/tls/certs/ca-bundle.crt

    - rpm_key:
        state: present
        key: "{{ item }}"
      with_items:
        - https://packagecloud.io/gpg.key
        - https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana

    - name: Install grafana
      package:
        name: grafana

This results is:

[vagrant@jolly ansible-repo]$ ./run-ansible-vagrant playbooks/prometheus/grafana.yml

PLAY [eliza] *******************************************************************

TASK [setup] *******************************************************************
ok: [eliza]

TASK [Add grafana repository] **************************************************
changed: [eliza]

TASK [rpm_key] *****************************************************************
changed: [eliza] => (item=https://packagecloud.io/gpg.key)
changed: [eliza] => (item=https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana)

TASK [Install grafana] *********************************************************
fatal: [eliza]: FAILED! => {"changed": false, "failed": true, "msg": "Failure talking to yum: failure: repodata/repomd.xml from grafana: [Errno 256] No more mirrors to try.\nhttps://packagecloud.io/grafana/stable/el/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for grafana"}

NO MORE HOSTS LEFT *************************************************************

PLAY RECAP *********************************************************************
eliza                      : ok=3    changed=2    unreachable=0    failed=1

[vagrant@jolly ansible-repo]$

If I run 'yum -y install grafana' it works and accepts the gpg keys. How am I supposed to do this correctly in ansible?

lu...@getadmiral.com

unread,

Mar 28, 2017, 5:41:38 PM3/28/17

to Ansible Project

There's a issue open for this exact case: https://github.com/ansible/ansible/issues/20711

Reply all

Reply to author

Forward

0 new messages