0

Can anyone tell me why does this old key work for me with the apt-key module of the ansible-playbook and this new key doesn't (404)?

The initial key worked for a short while (when I was developing these scripts) but when it expired (2019-12-06), apt's update_cache (correctly) started failing and it was advised to switch to the new key, which I cannot get to work with the apt-key module. It works well without ansible-playbook:

$ wget -O- https://build.opensuse.org/projects/home:jgeboski/public_key | sudo apt-key add -.

Both addresses seem to behave more or less the same when looking at them in the browser. Headers are a bit different though. As are file extensions.

Details:

This is relevant part of my script. Some other apt-key and apt-repository and apt uses are working fine.

- name: "Install purple-facebook: key" become: yes apt_key: # url: https://build.opensuse.org/projects/home:jgeboski/public_key url: https://download.opensuse.org/repositories/home:jgeboski/xUbuntu_18.04/Release.key - name: "Install purple-facebook: repo" become: yes apt_repository: repo: "deb https://download.opensuse.org/repositories/home:/jgeboski/xUbuntu_18.04/ /" - name: "Install purple-facebook: package" apt: pkg: purple-facebook

If I use the new key, it will 404. All output from running is with the -vvvv flag.

fatal: [localhost]: FAILED! => { "changed": false, "invocation": { "module_args": { "data": null, "file": null, "id": null, "key": null, "keyring": null, "keyserver": null, "state": "present", "url": "https://build.opensuse.org/projects/home:jgeboski/public_key", "validate_certs": true } }, "msg": "Failed to download key at https://build.opensuse.org/projects/home:jgeboski/public_key: HTTP Error 404: Not Found" }

If I use the old key, it will fail at first update_cache: yes (which is the default for apt-repository).

The full traceback is: WARNING: The below traceback may *not* be related to the actual failure. File "/tmp/ansible_apt_repository_payload_drREvW/ansible_apt_repository_payload.zip/ansible/modules/packaging/os/apt_repository.py", line 548, in main File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 559, in update raise FetchFailedException(e) fatal: [localhost]: FAILED! => { "changed": false, "invocation": { "module_args": { "codename": null, "filename": null, "install_python_apt": true, "mode": null, "repo": "deb http://download.opensuse.org/repositories/home:/jgeboski/xUbuntu_18.04/ /", "state": "present", "update_cache": true, "validate_certs": true } }, "msg": "apt cache update failed" }

Background:

I am automating personal PC setups for practical reasons as well as to learn more about Ansible and Ansible-playbooks.

Thanks!

Improve this question

2 Answers 2

Reset to default
1

The solution was using a more complete address.

Initial url I was given:

https://build.opensuse.org/projects/home:jgeboski/public_key

Works:

https://build.opensuse.org/projects/home:jgeboski/public_key.pub
Improve this answer
0

You may run the playbook with -vvv option which will give you more clue on what went wrong, and the other option is to add validate_certs: no to the task name: "Install purple-facebook: key" which will ignore cert validation.

Improve this answer
1
  • Thanks. The pasted output is already from running it with -vvvv. validate_certs: no for the old expired key or the new key that gets 404? Commented Dec 16, 2019 at 8:24

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.