search

galaxyproject / ansible-postgresql

An Ansible role for managing a PostgreSQL server
https://galaxy.ansible.com/galaxyproject/postgresql
122 stars 58 forks source link

MIT PGP service unavailable #24

Closed vanch closed 2 years ago

vanch commented 4 years ago

When using pgdg flavor, there may be an issue with MIT PGP server

TASK [galaxyproject.postgresql : Install pgdg package signing key (Debian/pgdg)] ************************************************************************************************
FAILED - RETRYING: Install pgdg package signing key (Debian/pgdg) (5 retries left).
FAILED - RETRYING: Install pgdg package signing key (Debian/pgdg) (4 retries left).
FAILED - RETRYING: Install pgdg package signing key (Debian/pgdg) (3 retries left).
FAILED - RETRYING: Install pgdg package signing key (Debian/pgdg) (2 retries left).
FAILED - RETRYING: Install pgdg package signing key (Debian/pgdg) (1 retries left).
fatal: [db2]: FAILED! => {"attempts": 5, "changed": false, "cmd": "/usr/bin/apt-key adv --no-tty --keyserver pgp.mit.edu --recv ACCC4CF8", "msg": "Error fetching key ACCC4CF8 from keyserver: pgp.mit.edu", "rc": 2, "stderr": "Warning: apt-key output should not be parsed (stdout is not a terminal)\ngpg: keyserver receive failed: No data\n", "stderr_lines": ["Warning: apt-key output should not be parsed (stdout is not a terminal)", "gpg: keyserver receive failed: No data"], "stdout": "Executing: /tmp/apt-key-gpghome.PRoLspfaKj/gpg.1.sh --no-tty --keyserver pgp.mit.edu --recv ACCC4CF8\n", "stdout_lines": ["Executing: /tmp/apt-key-gpghome.PRoLspfaKj/gpg.1.sh --no-tty --keyserver pgp.mit.edu --recv ACCC4CF8"]}

And there is nothing I can do with that :(

jeanmonet commented 3 years ago

IMO if MIT server fails, a another task (before or after) could be added to try and get the key from URL on postgresql.org: https://www.postgresql.org/media/keys/ACCC4CF8.asc

EDIT what I did is add (on my local branch of this repo), before this task:

https://github.com/galaxyproject/ansible-postgresql/blob/fc1e5c224fcfd099bf4c2b1d2238a91ce9ae402b/tasks/debian.yml#L3-L11

the following task (at the beginning of the file):

- name: Install pgdg package signing key from Postgresql.org URL (Debian/pgdg)
  apt_key:
    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
    id: ACCC4CF8
  register: __postgresql_apt_key_result
  until: __postgresql_apt_key_result is succeeded
  retries: 5
  delay: 5
  when: postgresql_flavor is defined and postgresql_flavor == "pgdg"

and modify the when clause on the initial task as follows (adding __postgresql_apt_key_result is not succeeded):

when:
  - postgresql_flavor is defined and postgresql_flavor == "pgdg"
  - __postgresql_apt_key_result is not succeeded  # added: don't ask the MIT server for key if got key from postgresql.org
fubar2 commented 3 years ago

This worked for me today when the MIT server failed consistently. Thanks @vanch !

joystein commented 2 years ago

This can probably be closed now that PR #35 has been merged.

renejahn commented 2 years ago

@joystein I think this should stay open until a version containing the changes is released! @natefoo do you have plans to create a new tag? Currently having the keyserver issues and would love to see this released soon :+1:

natefoo commented 2 years ago

Thanks for the ping, tagged as 1.1.1 and released.