rpm--import issues
248 views
Skip to first unread message
Quad Zero
May 6, 2020, 6:17:17 AM5/6/20
to Ansible Project
Hi all,
Thank you for your help in my last post. I have come quite a way (small compared to many of you) but nevertheless making good progress each day.
I hit roadblocks quite a bit and thankfully google has helped me quite a bit. I have come across this problem now which I hope some of you can explain and then help me with finding a solution. This is my code so far:
---
- hosts: all
serial: 3
become: yes
tasks:
- name: ping all the machines
ping:
- name: Import all GPG keys for repo
command: "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-*"
- hosts: all
serial: 3
become: yes
tasks:
- name: ping all the machines
ping:
- name: Import all GPG keys for repo
command: "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-*"
When I am trying to run the rpm --import as a command, I get this error on my 3 test hosts:
1. What does it mean, why is this producing an error? I can enter this directly as a command in shell and it works just fine, so where is Ansible having issues?
2. How can I fix this and find a solution so that all my keys from the pki directory is imported as I have a mixture of RHEL and CentOS systems?
TASK [Import all GPG keys for repo] *****************************************************************************************************
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If you need to use command because yum, dnf or
zypper is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["rpm", "--import", "/etc/pki/rpm-gpg/RPM-GPG-KEY-*"], "delta": "0:00:00.029904", "end": "2020-05-06 05:08:49.909745", "msg": "non-zero return code", "rc": 1, "start": "2020-05-06 05:08:49.879841", "stderr": "error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2).", "stderr_lines": ["error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2)."], "stdout": "", "stdout_lines": []}
fatal: [testb_centos78]: FAILED! => {"changed": true, "cmd": ["rpm", "--import", "/etc/pki/rpm-gpg/RPM-GPG-KEY-*"], "delta": "0:00:00.027775", "end": "2020-05-06 05:08:50.031696", "msg": "non-zero return code", "rc": 1, "start": "2020-05-06 05:08:50.003921", "stderr": "error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2).", "stderr_lines": ["error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2)."], "stdout": "", "stdout_lines": []}
fatal: [testa_centos78]: FAILED! => {"changed": true, "cmd": ["rpm", "--import", "/etc/pki/rpm-gpg/RPM-GPG-KEY-*"], "delta": "0:00:00.027843", "end": "2020-05-06 05:08:50.035566", "msg": "non-zero return code", "rc": 1, "start": "2020-05-06 05:08:50.007723", "stderr": "error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2).", "stderr_lines": ["error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2)."], "stdout": "", "stdout_lines": []}
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If you need to use command because yum, dnf or
zypper is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["rpm", "--import", "/etc/pki/rpm-gpg/RPM-GPG-KEY-*"], "delta": "0:00:00.029904", "end": "2020-05-06 05:08:49.909745", "msg": "non-zero return code", "rc": 1, "start": "2020-05-06 05:08:49.879841", "stderr": "error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2).", "stderr_lines": ["error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2)."], "stdout": "", "stdout_lines": []}
fatal: [testb_centos78]: FAILED! => {"changed": true, "cmd": ["rpm", "--import", "/etc/pki/rpm-gpg/RPM-GPG-KEY-*"], "delta": "0:00:00.027775", "end": "2020-05-06 05:08:50.031696", "msg": "non-zero return code", "rc": 1, "start": "2020-05-06 05:08:50.003921", "stderr": "error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2).", "stderr_lines": ["error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2)."], "stdout": "", "stdout_lines": []}
fatal: [testa_centos78]: FAILED! => {"changed": true, "cmd": ["rpm", "--import", "/etc/pki/rpm-gpg/RPM-GPG-KEY-*"], "delta": "0:00:00.027843", "end": "2020-05-06 05:08:50.035566", "msg": "non-zero return code", "rc": 1, "start": "2020-05-06 05:08:50.007723", "stderr": "error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2).", "stderr_lines": ["error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2)."], "stdout": "", "stdout_lines": []}
Thanks in advance everyone.
Jean-Yves LENHOF
May 6, 2020, 7:32:08 AM5/6/20
to ansible...@googlegroups.com
Hi,
There's a module to import key, please use it !
https://docs.ansible.com/ansible/latest/modules/rpm_key_module.html
Regards,
JYL
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cf399d8a-bba9-49b8-afe9-6d07516eb99f%40googlegroups.com.
Neha Pithadiya
May 6, 2020, 7:35:45 AM5/6/20
to Ansible Project
I tried locally on my setup and faced same issue.
seems this rpm command uses shell , so you need to use "shell" module instead of "command" module.
eg : shell: "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-*"
Results of execution:
changed: [localhost] => {
"changed": true,
"cmd": "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-*",
"delta": "0:00:00.072035",
"end": "2020-05-06 16:57:24.092604",
"invocation": {
"module_args": {
"_raw_params": "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-*",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"rc": 0,
"start": "2020-05-06 16:57:24.020569",
"stderr": "",
"stderr_lines": [],
"stdout": "",
"stdout_lines": []
"changed": true,
"cmd": "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-*",
"delta": "0:00:00.072035",
"end": "2020-05-06 16:57:24.092604",
"invocation": {
"module_args": {
"_raw_params": "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-*",
"_uses_shell": true,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"rc": 0,
"start": "2020-05-06 16:57:24.020569",
"stderr": "",
"stderr_lines": [],
"stdout": "",
"stdout_lines": []
Thanks and Regards,
Neha Pithadiya.
Quad Zero
May 6, 2020, 7:01:20 PM5/6/20
to Ansible Project
Thanks for your reply but really is not helpful bud.
This is like if i asked how i can get to a destination, you are telling me to go to a train or bus station.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.
Quad Zero
May 6, 2020, 7:04:35 PM5/6/20
to Ansible Project
Neha,
This is amazing! Thank you so much for your reply and the time you took to actually run it for me.
Stay awesome as you are Neha :)
Michael Mullay
May 6, 2020, 7:16:14 PM5/6/20
to ansible...@googlegroups.com
Quad Zero,
You didn't even indicate if you tried using the module JYL took the time to point out to you. There are examples there and everything. If you want pre-written Ansible code without doing any research or leg work you should look on galaxy.ansible.com.
And that is really weak criticizing someone that took more time to try to solve your problem than you did. People are likely going to stop responding to you after that comment.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ae9486f0-9769-4363-8803-7060273a6878%40googlegroups.com.
Dick Visser
May 7, 2020, 12:50:17 AM5/7/20
to ansible...@googlegroups.com
Indeed.
I've noticed quite a few people are frantically trying to shoehorn shell commands into ansible. This works yes but lacks all the goodies that ansible brings such as idempotency etc.
The questions then tend to narrow down to why the output of a dozen twelve cat/grep/sed/awk pipes doesn't do what they want.
In this case it's not clear why you'd want to blindly add all rpm keys. This once again looks like a sledgehammer and should instead be done by iterating over the keys you actually want, with rpm_key.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAH4rTPu7FOXar2aZdcpxhcsmenCx-LO_KwcjwrCvTP8%2Bfoi57g%40mail.gmail.com.
Sent from a mobile device - please excuse the brevity, spelling and punctuation.
Stefan Hornburg (Racke)
May 7, 2020, 2:02:31 AM5/7/20
to ansible...@googlegroups.com
On 5/7/20 1:01 AM, Quad Zero wrote:
> Thanks for your reply but really is not helpful bud.
>
> This is like if i asked how i can get to a destination, you are telling me to go to a train or bus station.
>
That was a bad move from you if you ask me.
> Thanks for your reply but really is not helpful bud.
>
> This is like if i asked how i can get to a destination, you are telling me to go to a train or bus station.
>
Regards
Racke
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/cf399d8a-bba9-49b8-afe9-6d07516eb99f%40googlegroups.com
>> <https://groups.google.com/d/msgid/ansible-project/cf399d8a-bba9-49b8-afe9-6d07516eb99f%40googlegroups.com?utm_medium=email&utm_source=footer>.
>> https://groups.google.com/d/msgid/ansible-project/cf399d8a-bba9-49b8-afe9-6d07516eb99f%40googlegroups.com
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/ae9486f0-9769-4363-8803-7060273a6878%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/ae9486f0-9769-4363-8803-7060273a6878%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
Quad Zero
May 7, 2020, 7:40:33 AM5/7/20
to Ansible Project
Hi Michael,
So I did search all the modules. My question was how to import all the keys from the /etc/pki... all i could find was individual loads, it was so that I run multiple CentOS and RedHat servers and some have different repos enabled, so bulk import would be a better solution I thought?
Sure, my bad, though I just asked myself how I would go about if someone asked me the same question. I would only reply directly to their question but that is just me. Anyways, don't want to stir anything further so apologies to all esp to JYL for my rude comment.
Thank you to those that helped me and to everyone that replied to this thread :)
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ae9486f0-9769-4363-8803-7060273a6878%40googlegroups.com.
Quad Zero
May 7, 2020, 7:43:36 AM5/7/20
to Ansible Project
Hi Dick,
Yes, so I may have replied to your comment above in my reply back to Michael.
I guess my knowledge on Ansible is still very new, so currently just getting things done, until I get to grips with better understanding.
Could anyone please recommend any good books that covers most of the modules in depth? Just trying to learn and last night was quite frustrating for me.
Thank you once again.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ae9486f0-9769-4363-8803-7060273a6878%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAH4rTPu7FOXar2aZdcpxhcsmenCx-LO_KwcjwrCvTP8%2Bfoi57g%40mail.gmail.com.
Quad Zero
May 7, 2020, 7:44:52 AM5/7/20
to Ansible Project
Apologies to you also Racke. Thank you for pointing this out.
Dick Visser
May 7, 2020, 12:23:32 PM5/7/20
to ansible...@googlegroups.com
Hi
No problem.
So the 'ansible way' is to use native modules wherever possible. The
shell/command task should be used only if there is no reasonable way
to achieve things using native modules.
In your case the ansible way could look something like this:
tasks:
- name: Find RPM GPG keys
find:
paths: /etc/pki/rpm-gpg
register: gpg_found
- name: Ensure found keys are trusted
rpm_key:
key: "{{ item.path }}"
state: present
loop: "{{ gpg_found.files }}"
You will find that once run, subsequent runs will not actually do
anything anymore as the desired state will have been reached after the
first run: idempotence.
You can optionally tune these tasks, for instance to fit the pattern
of the key names, etc.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fea4c8a6-a046-44dc-a87c-db7ae9f7eb87%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
No problem.
So the 'ansible way' is to use native modules wherever possible. The
shell/command task should be used only if there is no reasonable way
to achieve things using native modules.
In your case the ansible way could look something like this:
tasks:
- name: Find RPM GPG keys
find:
paths: /etc/pki/rpm-gpg
register: gpg_found
- name: Ensure found keys are trusted
rpm_key:
key: "{{ item.path }}"
state: present
loop: "{{ gpg_found.files }}"
You will find that once run, subsequent runs will not actually do
anything anymore as the desired state will have been reached after the
first run: idempotence.
You can optionally tune these tasks, for instance to fit the pattern
of the key names, etc.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fea4c8a6-a046-44dc-a87c-db7ae9f7eb87%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
Reply all
Reply to author
Forward
0 new messages