search

rvm / rvm1-ansible

The official ansible RVM role to install and manage your Ruby versions.
MIT License
271 stars 136 forks source link

Better way to import gpg keys for ubuntu server #115

Closed krazedkrish closed 7 years ago

krazedkrish commented 7 years ago

In my server the task to import gpg keys didn't work. Therefore, I modified the task to solve the problem. This pull request not only fixes gpg key problem, but it is also dynamic, adjusting to changes in the keys.

krazedkrish commented 7 years ago

Thanks for this awesome ansible script in ansible galaxy :+1:

:smiley_cat:

pkuczynski commented 7 years ago

@krazedkrish why do you think getting gpg key with curl is better than taking it from gpg repository (which seems to be safer)?

krazedkrish commented 7 years ago

@pkuczynski I get your point thanks.

pkuczynski commented 7 years ago

@krazedkrish its interesting why pulling keys from gnupg was failing for you? Was it the protocol being blocked by your firewall?

krazedkrish commented 7 years ago

@pkuczynski I am not sure of the problem causing it. The error message i get is gpg: no valid OpenPGP data found.

Here is the full log. The server is my virtualbox vm running in localhost through vagrant. Can you help me find the cause.

TASK [rvm : Import GPG keys] ***************************************************
task path: /home/codekathmandu/projects/ansible/roles/rvm/tasks/rvm.yml:35
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/commands/command.py
<localhost> ESTABLISH SSH CONNECTION FOR USER: vagrant
<localhost> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=2222 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/codekathmandu/.ansible/cp/ansible-ssh-%h-%p-%r localhost '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1479443347.39-163141856025646 `" && echo ansible-tmp-1479443347.39-163141856025646="` echo $HOME/.ansible/tmp/ansible-tmp-1479443347.39-163141856025646 `" ) && sleep 0'"'"''
<localhost> PUT /tmp/tmp9yum7Q TO /home/vagrant/.ansible/tmp/ansible-tmp-1479443347.39-163141856025646/command.py
<localhost> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o Port=2222 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/codekathmandu/.ansible/cp/ansible-ssh-%h-%p-%r '[localhost]'
<localhost> ESTABLISH SSH CONNECTION FOR USER: vagrant
<localhost> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=2222 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/codekathmandu/.ansible/cp/ansible-ssh-%h-%p-%r localhost '/bin/sh -c '"'"'chmod u+x /home/vagrant/.ansible/tmp/ansible-tmp-1479443347.39-163141856025646/ /home/vagrant/.ansible/tmp/ansible-tmp-1479443347.39-163141856025646/command.py && sleep 0'"'"''
<localhost> ESTABLISH SSH CONNECTION FOR USER: vagrant
<localhost> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=2222 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/codekathmandu/.ansible/cp/ansible-ssh-%h-%p-%r -tt localhost '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-ggtnitiwcxqbwdzvqhgqekhguhzgvnjt; /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1479443347.39-163141856025646/command.py; rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1479443347.39-163141856025646/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''
fatal: [localhost]: FAILED! => {
    "changed": false, 
    "cmd": [
        "gpg", 
        "--keyserver", 
        "hkp://keys.gnupg.net", 
        "--recv-keys", 
        "D39DC0E3"
    ], 
    "delta": "0:00:00.894829", 
    "end": "2016-11-18 04:29:08.759092", 
    "failed": true, 
    "invocation": {
        "module_args": {
            "_raw_params": "gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3", 
            "_uses_shell": false, 
            "chdir": null, 
            "creates": null, 
            "executable": null, 
            "removes": null, 
            "warn": true
        }, 
        "module_name": "command"
    }, 
    "rc": 2, 
    "start": "2016-11-18 04:29:07.864263", 
    "stderr": "gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net\ngpg: no valid OpenPGP data found.\ngpg: Total number processed: 0", 
    "stdout": "?: keys.gnupg.net: Host not found\ngpgkeys: HTTP fetch error 7: couldn't connect: Success", 
    "stdout_lines": [
        "?: keys.gnupg.net: Host not found", 
        "gpgkeys: HTTP fetch error 7: couldn't connect: Success"
    ], 
    "warnings": []
}
    to retry, use: --limit @/home/codekathmandu/projects/ansible/plays/webserver.retry
pkuczynski commented 7 years ago

Could you post output of following commands run on this box:

gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3 -v gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 -v