search

nginxinc / ansible-role-nginx

Ansible role for installing NGINX
https://galaxy.ansible.com/nginxinc/nginx
Apache License 2.0
644 stars 348 forks source link

Instalation error fingerprint. #759

Open arturmon opened 3 months ago

arturmon commented 3 months ago

Describe the bug

Instalattion error

To reproduce

Steps to reproduce the bug:

  1. I have deployed/run the Ansible NGINX role using the following playbook.yml: 
    ---
- name: Install nginx
ansible.builtin.include_role:
name: nginx
  2. I have seen the following error(s) on my terminal output/logs: 
    {"changed": false, "msg": "The specified fingerprint, '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62', does not match the key fingerprint '8540A6F18833A80E9C1653A42FD21310B49F6B46'"}

Expected behavior

nginx installation

Your environment

galaxy.yml

collections:
  - name: community.crypto
    version: '2.21.1'

  - name: ansible.posix
    version: '1.4.0'

  - name: community.general
    version: '9.2.0'

  - name: community.docker 
    version: '3.2.1'

  - name: nginxinc.nginx_core
    version: '0.8.0'

Additional context (optional)

https://docs.nginx.com/nginx-agent/installation-upgrade/installation-oss/ the documentation indicates the fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62

alessfg commented 3 months ago

Heya! This is technically an issue with the Ansible NGINX core collection and it being outdated. You can easily bypass the issue by installing this role separately and using it instead of the NGINX collection 😄

arturmon commented 3 months ago

Heya! This is technically an issue with the Ansible NGINX core collection and it being outdated. You can easily bypass the issue by installing this role separately and using it instead of the NGINX collection 😄

Even if Core is outdated and not supported, this does not change the fact that your fingerprint is incorrect. you have 8540A6F18833A80E9C1653A42FD21310B49F6B46 installed and it should be 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62. link to repository: https://github.com/nginxinc/ansible-role-nginx/blob/455866657ce790351a5661828e8d7503e050685b/tasks/keys/setup-keys.yml#L22 link to documentation: https://docs.nginx.com/nginx-agent/installation-upgrade/installation-oss/

I don't think changing my role will help me. since the core version includes your nginxinc.nginx role.

alessfg commented 3 months ago

The collection includes an outdated version of this role that does not incorporate this PR https://github.com/nginxinc/ansible-role-nginx/commit/f0ec588fa724d33ed6400618a2cb3ed6aa07eb9a.

The PR you opened would fundamentally revert back this role to the version you are using by using the collection right now. The collection does not pull the latest role release, it has a hardcoded version.

The docs you linked are for the nginx agent, not nginx, but at any rate they use a key that has expired. The key expiration has been updated, but for some reason Ansible does not seem to like the new expiration date. The key id found on this role right now is the actual new key that NGINX will be moving to in the near future.

I am leaving this issue open until the collection is updated, but it is not an issue with this role.