我在ansible中有一个playbook,它从具有无效键的存储库安装包:
- name: Add Cloudera key
apt_key:
keyserver: keys.gnupg.net
id: F36A89E33CC1BD0F71079007327574EE02A818DD
- name: Install Cloudera packages
apt:
name: {{ item }}
update_cache: yes
state: latest
allow_unautenticated: yes
with_items:
- sudo
- libssl-dev
- ....
但是ansible无法更新缓存:
"msg": "Failed to update apt cache: W:GPG error: http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease: The following signatures were invalid: F36A89E33CC1BD0F71079007327574EE02A818DD, E:The repository 'http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease' is not signed."
即使将allow_unauthenticated选项或force选项设置为yes也是如此。如何使用这些关键问题更新缓存?
编辑重现此行为的apt命令是:
sudo wget 'https://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh/cloudera.list' \ -O /etc/apt/sources.list.d/cloudera.list
sudo apt-get update
W: GPG error: http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease: The following signatures were invalid: F36A89E33CC1BD0F71079007327574EE02A818DD
W: The repository 'http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
但我可以继续发出命令
sudo apt-get install hadoop-hdfs-namenode
并在警告后安装软件包。 Ansible正在考虑上面的警告(W The following signatures were invalid),这是Cloudera方提供错误密钥或错误签名存储库的错误,但是向前移动并安装包:
dpkg -l | grep hadoop-hdfs-namenode
ii hadoop-hdfs-namenode 2.6.0+cdh5.14.2+2748-1.cdh5.14.2.p0.11~jessie-cdh5.14.2 all Name Node for Hadoop
所以我想要实现的是Ansible再现了这种行为:执行apt-get update命令并继续而不在更新部分上挽救。 Ansible可以使用选项allow_unauthenticated从未签名的存储库安装包。
编辑#2 :完整的ansible命令如下:
iveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/user/.ansible/cp/be00dd5395 -tt 192.168.9.22 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-thnmveqcmiwmvbdbabglejbbsaidohqe; /usr/bin/python /home/user/.ansible/tmp/ansible-tmp-1528224540.4225562-47865757921408/apt.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<192.168.9.22> (1, b'\r\n{"msg": "Failed to update apt cache: W:GPG error: http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease: The following signatures were invalid: F36A89E33CC1BD0F71079007327574EE02A818DD, E:The repository \'http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease\' is not signed.", "failed": true, "exception": " File \\"/tmp/ansible_RDFb3C/ansible_module_apt.py\\", line 991, in main\\n cache.update()\\n File \\"/usr/lib/python2.7/dist-packages/apt/cache.py\\", line 464, in update\\n raise FetchFailedException(e)\\n", "invocation": {"module_args": {"dpkg_options": "force-confdef,force-confold", "upgrade": null, "force": false, "force_apt_get": false, "install_recommends": null, "package": ["sudo", "build-essential", "python-dev", "python3-dev", "openjdk-8-jdk", "git", "libssl-dev", "libsqlite3-dev", "zlib1g-dev", "bzip2", "libreadline-dev", "vim", "rsync", "apt-transport-https", "vsftpd", "ftp", "tmux", "postgresql", "postgresql-client", "libpq-dev", "python-psycopg2", "ntp", "r-base"], "autoclean": false, "name": ["sudo", "build-essential", "python-dev", "python3-dev", "openjdk-8-jdk", "git", "libssl-dev", "libsqlite3-dev", "zlib1g-dev", "bzip2", "libreadline-dev", "vim", "rsync", "apt-transport-https", "vsftpd", "ftp", "tmux", "postgresql", "postgresql-client", "libpq-dev", "python-psycopg2", "ntp", "r-base"], "purge": false, "allow_unauthenticated": true, "state": "latest", "autoremove": false, "update_cache": true, "default_release": null, "only_upgrade": false, "deb": null, "cache_valid_time": 0}}}\r\n', b'Shared connection to 192.168.9.22 closed.\r\n')
<192.168.9.22> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.9.22> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/user/.ansible/cp/be00dd5395 192.168.9.22 '/bin/sh -c '"'"'rm -f -r /home/user/.ansible/tmp/ansible-tmp-1528224540.4225562-47865757921408/ > /dev/null 2>&1 && sleep 0'"'"''
<192.168.9.22> (0, b'', b'')
The full traceback is:
File "/tmp/ansible_RDFb3C/ansible_module_apt.py", line 991, in main
cache.update()
File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 464, in update
raise FetchFailedException(e)
failed: [192.168.9.22] (item=['sudo', 'build-essential', 'python-dev', 'python3-dev', 'openjdk-8-jdk', 'git', 'libssl-dev', 'libsqlite3-dev', 'zlib1g-dev', 'bzip2', 'libreadline-dev', 'vim', 'rsync', 'apt-transport-https', 'vsftpd', 'ftp', 'tmux', 'postgresql', 'postgresql-client', 'libpq-dev', 'python-psycopg2', 'ntp', 'r-base']) => {
"changed": false,
"invocation": {
"module_args": {
"allow_unauthenticated": true,
"autoclean": false,
"autoremove": false,
"cache_valid_time": 0,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"force_apt_get": false,
"install_recommends": null,
"name": [
"sudo",
"build-essential",
"python-dev",
"python3-dev",
"openjdk-8-jdk",
"git",
"libssl-dev",
"libsqlite3-dev",
"zlib1g-dev",
"bzip2",
"libreadline-dev",
"vim",
"rsync",
"apt-transport-https",
"vsftpd",
"ftp",
"tmux",
"postgresql",
"postgresql-client",
"libpq-dev",
"python-psycopg2",
"ntp",
"r-base"
],
"only_upgrade": false,
"package": [
"sudo",
"build-essential",
"python-dev",
"python3-dev",
"openjdk-8-jdk",
"git",
"libssl-dev",
"libsqlite3-dev",
"zlib1g-dev",
"bzip2",
"libreadline-dev",
"vim",
"rsync",
"apt-transport-https",
"vsftpd",
"ftp",
"tmux",
"postgresql",
"postgresql-client",
"libpq-dev",
"python-psycopg2",
"ntp",
"r-base"
],
"purge": false,
"state": "latest",
"update_cache": true,
"upgrade": null
}
},
"item": [
"sudo",
"build-essential",
"python-dev",
"python3-dev",
"openjdk-8-jdk",
"git",
"libssl-dev",
"libsqlite3-dev",
"zlib1g-dev",
"bzip2",
"libreadline-dev",
"vim",
"rsync",
"apt-transport-https",
"vsftpd",
"ftp",
"tmux",
"postgresql",
"postgresql-client",
"libpq-dev",
"python-psycopg2",
"ntp",
"r-base"
],
"msg": "Failed to update apt cache: W:GPG error: http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease: The following signatures were invalid: F36A89E33CC1BD0F71079007327574EE02A818DD, E:The repository 'http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease' is not signed."
}