如何使用 ansible 安装 yum 存储库密钥?
How to install yum repository key with ansible?
我试过了two ways:
- name: Add repository
yum_repository:
# from https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
name: passenger
description: Passenger repository
baseurl: https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch
repo_gpgcheck: 1
gpgcheck: 0
enabled: 1
gpgkey: https://packagecloud.io/gpg.key
sslverify: 1
sslcacert: /etc/pki/tls/certs/ca-bundle.crt
- name: Add repository key (option 1)
rpm_key:
key: https://packagecloud.io/gpg.key
- name: Add repository key (option 2)
command: rpm --import https://packagecloud.io/gpg.key
- name: Install nginx with passenger
yum: name={{ item }}
with_items: [nginx, passenger]
但要让它工作,我需要通过 ssh 连接到机器,确认导入密钥(通过 运行 任何 yum
命令,例如 yum list installed
),然后继续配置.有没有办法自动完成?
UPD 这是 ansible
所说的:
TASK [nginx : Add repository key] **********************************************
changed: [default]
TASK [nginx : Install nginx with passenger] ************************************
failed: [default] (item=[u'nginx', u'passenger']) => {"failed": true, "item": ["nginx", "passenger"], "msg": "Failure talking
to yum: failure: repodata/repomd.xml from passenger: [Errno 256] No more mirrors to try.\nhttps://oss-binaries.phusionpassen
ger.com/yum/passenger/el/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for passenger"}
因此,两种情况下确实导入了密钥,但必须确认才能使用。
通过 运行 yum
直接使用 -y
开关修复了它(并使用 rpm_key
模块,如果有的话):
- name: Install nginx with passenger
command: yum -y install {{ item }}
with_items: [nginx, passenger]
添加存储库和存储库密钥后,只需更新该存储库的元数据:
- name: update repo cache for the new repo
command: yum -q makecache -y --disablerepo=* --enablerepo=passenger
然后像以前一样yum: name=...
。
我试过了two ways:
- name: Add repository
yum_repository:
# from https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
name: passenger
description: Passenger repository
baseurl: https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch
repo_gpgcheck: 1
gpgcheck: 0
enabled: 1
gpgkey: https://packagecloud.io/gpg.key
sslverify: 1
sslcacert: /etc/pki/tls/certs/ca-bundle.crt
- name: Add repository key (option 1)
rpm_key:
key: https://packagecloud.io/gpg.key
- name: Add repository key (option 2)
command: rpm --import https://packagecloud.io/gpg.key
- name: Install nginx with passenger
yum: name={{ item }}
with_items: [nginx, passenger]
但要让它工作,我需要通过 ssh 连接到机器,确认导入密钥(通过 运行 任何 yum
命令,例如 yum list installed
),然后继续配置.有没有办法自动完成?
UPD 这是 ansible
所说的:
TASK [nginx : Add repository key] **********************************************
changed: [default]
TASK [nginx : Install nginx with passenger] ************************************
failed: [default] (item=[u'nginx', u'passenger']) => {"failed": true, "item": ["nginx", "passenger"], "msg": "Failure talking
to yum: failure: repodata/repomd.xml from passenger: [Errno 256] No more mirrors to try.\nhttps://oss-binaries.phusionpassen
ger.com/yum/passenger/el/7/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for passenger"}
因此,两种情况下确实导入了密钥,但必须确认才能使用。
通过 运行 yum
直接使用 -y
开关修复了它(并使用 rpm_key
模块,如果有的话):
- name: Install nginx with passenger
command: yum -y install {{ item }}
with_items: [nginx, passenger]
添加存储库和存储库密钥后,只需更新该存储库的元数据:
- name: update repo cache for the new repo
command: yum -q makecache -y --disablerepo=* --enablerepo=passenger
然后像以前一样yum: name=...
。