如何使用 ansible 安装 yum 存储库密钥?

How to install yum repository key with ansible?

我试过了two ways:

- name: Add repository
  yum_repository:
    # from https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
    name: passenger
    description: Passenger repository
    baseurl: https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch
    repo_gpgcheck: 1
    gpgcheck: 0
    enabled: 1
    gpgkey: https://packagecloud.io/gpg.key
    sslverify: 1
    sslcacert: /etc/pki/tls/certs/ca-bundle.crt

- name: Add repository key (option 1)
  rpm_key:
    key: https://packagecloud.io/gpg.key

- name: Add repository key (option 2)
  command: rpm --import https://packagecloud.io/gpg.key

- name: Install nginx with passenger
  yum: name={{ item }}
  with_items: [nginx, passenger]

但要让它工作,我需要通过 ssh 连接到机器,确认导入密钥(通过 运行 任何 yum 命令,例如 yum list installed),然后继续配置.有没有办法自动完成?

UPD 这是 ansible 所说的:

TASK [nginx : Add repository key] **********************************************
changed: [default]

TASK [nginx : Install nginx with passenger] ************************************
failed: [default] (item=[u'nginx', u'passenger']) => {"failed": true, "item": ["nginx", "passenger"], "msg": "Failure talking
 to yum: failure: repodata/repomd.xml from passenger: [Errno 256] No more mirrors to try.\nhttps://oss-binaries.phusionpassen
ger.com/yum/passenger/el/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for passenger"}

因此,两种情况下确实导入了密钥,但必须确认才能使用。

通过 运行 yum 直接使用 -y 开关修复了它(并使用 rpm_key 模块,如果有的话):

- name: Install nginx with passenger
  command: yum -y install {{ item }}
  with_items: [nginx, passenger]

添加存储库和存储库密钥后,只需更新该存储库的元数据:

- name: update repo cache for the new repo
  command: yum -q makecache -y --disablerepo=* --enablerepo=passenger

然后像以前一样yum: name=...