У меня есть книга игр на ansible, которая устанавливает пакеты из репозитория с недействительными ключами:
- name: Add Cloudera key
apt_key:
keyserver: keys.gnupg.net
id: F36A89E33CC1BD0F71079007327574EE02A818DD
- name: Install Cloudera packages
apt:
name: {{ item }}
update_cache: yes
state: latest
allow_unautenticated: yes
with_items:
- sudo
- libssl-dev
- ....
, но ansible не может обновить кэш:
"msg": "Failed to update apt cache: W:GPG error: http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease: The following signatures were invalid: F36A89E33CC1BD0F71079007327574EE02A818DD, E:The repository 'http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease' is not signed."
даже с allow_unauthenticated опция или force опция установлена на да.Как я могу обновить кэш с этими ключевыми проблемами?
EDIT Команда apt, которая воспроизводит это поведение:
sudo wget 'https://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh/cloudera.list' \ -O /etc/apt/sources.list.d/cloudera.list
sudo apt-get update
W: GPG error: http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease: The following signatures were invalid: F36A89E33CC1BD0F71079007327574EE02A818DD
W: The repository 'http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Но я могу продолжить ивведите команду
sudo apt-get install hadoop-hdfs-namenode
и она установит пакет после предупреждения.Ansible рассматривает предупреждение выше (W The following signatures were invalid), ошибку со стороны Cloudera, которая предоставила неправильный ключ или неверный подписанный репозиторий, но движется вперед и устанавливает пакет:
dpkg -l | grep hadoop-hdfs-namenode
ii hadoop-hdfs-namenode 2.6.0+cdh5.14.2+2748-1.cdh5.14.2.p0.11~jessie-cdh5.14.2 all Name Node for Hadoop
, так что яПопытка добиться этого заключается в том, что Ansible воспроизводит это поведение: выполните команду apt-get update и продолжайте, не выполняя функцию обновления.Ansible может установить пакет из неподписанного репозитория с параметром allow_unauthenticated.
EDIT # 2 : полная команда ansible приведена ниже:
iveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/user/.ansible/cp/be00dd5395 -tt 192.168.9.22 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-thnmveqcmiwmvbdbabglejbbsaidohqe; /usr/bin/python /home/user/.ansible/tmp/ansible-tmp-1528224540.4225562-47865757921408/apt.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<192.168.9.22> (1, b'\r\n{"msg": "Failed to update apt cache: W:GPG error: http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease: The following signatures were invalid: F36A89E33CC1BD0F71079007327574EE02A818DD, E:The repository \'http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease\' is not signed.", "failed": true, "exception": " File \\"/tmp/ansible_RDFb3C/ansible_module_apt.py\\", line 991, in main\\n cache.update()\\n File \\"/usr/lib/python2.7/dist-packages/apt/cache.py\\", line 464, in update\\n raise FetchFailedException(e)\\n", "invocation": {"module_args": {"dpkg_options": "force-confdef,force-confold", "upgrade": null, "force": false, "force_apt_get": false, "install_recommends": null, "package": ["sudo", "build-essential", "python-dev", "python3-dev", "openjdk-8-jdk", "git", "libssl-dev", "libsqlite3-dev", "zlib1g-dev", "bzip2", "libreadline-dev", "vim", "rsync", "apt-transport-https", "vsftpd", "ftp", "tmux", "postgresql", "postgresql-client", "libpq-dev", "python-psycopg2", "ntp", "r-base"], "autoclean": false, "name": ["sudo", "build-essential", "python-dev", "python3-dev", "openjdk-8-jdk", "git", "libssl-dev", "libsqlite3-dev", "zlib1g-dev", "bzip2", "libreadline-dev", "vim", "rsync", "apt-transport-https", "vsftpd", "ftp", "tmux", "postgresql", "postgresql-client", "libpq-dev", "python-psycopg2", "ntp", "r-base"], "purge": false, "allow_unauthenticated": true, "state": "latest", "autoremove": false, "update_cache": true, "default_release": null, "only_upgrade": false, "deb": null, "cache_valid_time": 0}}}\r\n', b'Shared connection to 192.168.9.22 closed.\r\n')
<192.168.9.22> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.9.22> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/user/.ansible/cp/be00dd5395 192.168.9.22 '/bin/sh -c '"'"'rm -f -r /home/user/.ansible/tmp/ansible-tmp-1528224540.4225562-47865757921408/ > /dev/null 2>&1 && sleep 0'"'"''
<192.168.9.22> (0, b'', b'')
The full traceback is:
File "/tmp/ansible_RDFb3C/ansible_module_apt.py", line 991, in main
cache.update()
File "/usr/lib/python2.7/dist-packages/apt/cache.py", line 464, in update
raise FetchFailedException(e)
failed: [192.168.9.22] (item=['sudo', 'build-essential', 'python-dev', 'python3-dev', 'openjdk-8-jdk', 'git', 'libssl-dev', 'libsqlite3-dev', 'zlib1g-dev', 'bzip2', 'libreadline-dev', 'vim', 'rsync', 'apt-transport-https', 'vsftpd', 'ftp', 'tmux', 'postgresql', 'postgresql-client', 'libpq-dev', 'python-psycopg2', 'ntp', 'r-base']) => {
"changed": false,
"invocation": {
"module_args": {
"allow_unauthenticated": true,
"autoclean": false,
"autoremove": false,
"cache_valid_time": 0,
"deb": null,
"default_release": null,
"dpkg_options": "force-confdef,force-confold",
"force": false,
"force_apt_get": false,
"install_recommends": null,
"name": [
"sudo",
"build-essential",
"python-dev",
"python3-dev",
"openjdk-8-jdk",
"git",
"libssl-dev",
"libsqlite3-dev",
"zlib1g-dev",
"bzip2",
"libreadline-dev",
"vim",
"rsync",
"apt-transport-https",
"vsftpd",
"ftp",
"tmux",
"postgresql",
"postgresql-client",
"libpq-dev",
"python-psycopg2",
"ntp",
"r-base"
],
"only_upgrade": false,
"package": [
"sudo",
"build-essential",
"python-dev",
"python3-dev",
"openjdk-8-jdk",
"git",
"libssl-dev",
"libsqlite3-dev",
"zlib1g-dev",
"bzip2",
"libreadline-dev",
"vim",
"rsync",
"apt-transport-https",
"vsftpd",
"ftp",
"tmux",
"postgresql",
"postgresql-client",
"libpq-dev",
"python-psycopg2",
"ntp",
"r-base"
],
"purge": false,
"state": "latest",
"update_cache": true,
"upgrade": null
}
},
"item": [
"sudo",
"build-essential",
"python-dev",
"python3-dev",
"openjdk-8-jdk",
"git",
"libssl-dev",
"libsqlite3-dev",
"zlib1g-dev",
"bzip2",
"libreadline-dev",
"vim",
"rsync",
"apt-transport-https",
"vsftpd",
"ftp",
"tmux",
"postgresql",
"postgresql-client",
"libpq-dev",
"python-psycopg2",
"ntp",
"r-base"
],
"msg": "Failed to update apt cache: W:GPG error: http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease: The following signatures were invalid: F36A89E33CC1BD0F71079007327574EE02A818DD, E:The repository 'http://archive.cloudera.com/cdh5/debian/jessie/amd64/cdh jessie-cdh5 InRelease' is not signed."
}