Ansible 抛出“无法更新 apt 缓存:W:无法安全地从这样的存储库更新”错误

问题描述 投票:0回答:2

我对 Ansible 非常陌生,我正在尝试在 EC2 实例 (Ubuntu 18.04) 上安装 kubectl 以进行课程。

我已经运行了剧本,一切进展顺利,直到遇到任务 4 然后抛出以下错误:

致命:[localhost]:失败! => {"changed": false, "msg": "无法更新 apt 缓存: W:从这样的存储库更新无法安全地完成,因此默认情况下被禁用。, W:参见 apt-secure(8 ) 存储库创建和用户配置详细信息的联机帮助页。, W:GPG 错误: https://packages.cloud.google.com/apt kubernetes-xenial InRelease: 无法验证以下签名,因为公钥不是可用:NO_PUBKEY FEEA9169307EA071 NO_PUBKEY 8B57C5C2836F4BEB,E:存储库“https://apt.kubernetes.io kubernetes-xenial InRelease”未签名。”}

现在,每当我尝试再次运行任务 1 时,它都会抛出相同的错误。有人可以建议我如何解决这个问题吗?

这是我写的剧本,它基于我完成的使用 Ansible 安装 Docker 的练习以及为我安装 kubectl 提供的命令:

- name: A playbook to install kubectl on a VM
  hosts: localhost
  user: ubuntu
  become: yes

  tasks:
  - name: 1. Update APT Package Manager
    apt:
      update_cache: yes

  - name: 2. Install dependency packages
    apt:
      name={{ item }}
    with_items:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg-agent
      - software-properties-common

  - name: 3. Get APT Key
    shell:
      cmd: curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
      cmd: echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list

  - name: 4. Update Packages
    apt:
      update_cache: yes

  - name: 5. Install Kubectl
    apt:
      update_cache: yes
      name: kubectl
kubernetes ansible
2个回答
5
投票

关于部分

- name: 3. Get APT Key
    shell:
      cmd: curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
      cmd: echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list


shell
_模块只会执行第二个
cmd
。 Ansible 只能将其中一个参数传递给模块,即最后一个。

要将文件从 HTTPS 下载到节点,您可以使用 get_url

_module,然后使用 apt_key
_module 任务来添加 apt 密钥

- name: Download apt key
  get_url:
    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
    dest: /tmp # or /etc/pki/rpm-gpg depending on the infrastructure

- name: Add a key from a file
  ansible.builtin.apt_key:
    file: /tmp/apt-key.gpg
    state: present

您也可以通过
添加

- name: Add an Apt signing key, uses whichever key is at the URL
  ansible.builtin.apt_key:
    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
    state: present

或者如果您已经知道钥匙 ID 


- name: Add missing Apt signing key by ID from a keyserver
  ansible.builtin.apt_key:
   keyserver: keyserver.ubuntu.com
   id: "{{ KEY_ID }}"

    



    

    
    
    

    

        

            

                

                    
0
投票

                    
                

            

        

        
我发现这个设置效果很好


- name: manage K8s
  hosts: k8s
  become: true

  tasks:
    - name: Install required packages
      apt:
        pkg:
          - apt-transport-https
          - ca-certificates
          - curl
          - gpg
        state: latest

    - name: Use the k8s apt key
      get_url:
        url: https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key
        dest: /etc/apt/keyrings/kubernetes-apt-keyring.asc
        mode: "0644"

    - name: Install k8s apt sources
      apt_repository:
        repo: deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.asc] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /
        state: present

    

	

    

    


  

  

    
最新问题


  





  

    © www.soinside.com 2019 - 2024. All rights reserved.