-
-
Notifications
You must be signed in to change notification settings - Fork 853
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add GPG keys to /apt/keyrings
instead of /apt/trusted.gpg.d
, Update task Add Docker apt key
#436
Conversation
This worked for me! |
tasks/setup-Debian.yml
Outdated
curl -sSL {{ docker_apt_gpg_key }} | apt-key add - | ||
when: add_repository_key is failed and docker_add_repo | bool | ||
curl -fsSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes | ||
changed_when: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure of a way around this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, there is: https://stackoverflow.com/questions/71585303/how-can-i-manage-keyring-files-in-trusted-gpg-d-with-ansible-playbook-since-apt
You can just skip the gpg --dearmor
and save the file directly into /etc/apt/keyrings/
with a .asc
extension. This means you can skip the shell
module completely and only use get_url
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really all that needs to be changed here is the dest: /etc/apt/trusted.gpg.d/docker.asc
from the Add Docker apt key.
task needs to be dest: /etc/apt/keyrings/docker.asc
instead.
This also affects Ubuntu.
EDIT: Actually, although the ansible-role-docker/defaults/main.yml Line 41 in 8ff4a24
so this doesn't even have to necessarily be changed yet. All I had to do was delete the EDIT2: Yea okay I see now this was discussed in #434. The filename was changed in c3a1271. This is a breaking change as we see by these issues and PRs, but to be fair it was changed when going from role version 6.2.0 to 7.0.0 so a new major version. All is well if you pin your role versions and read through every commit and diff before updating... |
Thank you @jantari and @geerlingguy for the information. I will update this PR and @ you again when it is ready. |
Hello, apologies for the delay. I was out on vacation with limited internet connectivity. I've updated the PR to only contain edits to save to |
This also fix raspbian compatibility.
https://docs.docker.com/engine/install/raspberry-pi-os/#install-using-the-repository |
@geerlingguy sorry for the tag but could you take a look whenever you get a chance? Thanks |
it would be pritty wonderful. I've got the same problem. Very wait when it will be merged |
LGTM. Docker install script also uses |
Motivation ---------- We were running into geerlingguy/ansible-role-docker#436 It seems we just have to uninstall the pip packages and remove these files: ``` sudo rm /etc/apt/sources.list.d/docker.list sudo rm /etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list ``` How to test ----------- 1. Remove the files 2. Run the ansible playbook 3. `docker-compose` should be uninstalled 4. `docker compose` should be on v2
…g /etc/apt/keyrings/docker.asc key Related to: - #3337 - geerlingguy/ansible-role-docker#436
…g /etc/apt/keyrings/docker.asc key Related to: - spantaleev#3337 - geerlingguy/ansible-role-docker#436
#435
I started this issue because I faced a similar problem as #434
when adding the docker apt repository
Signed-By regarding source https://download.docker.com/linux/ubuntu/ jammy: │ /etc/apt/trusted.gpg.d/docker.asc != ,
Which I then had to fix by:
and then running the changes in this branch.
I did some research and noticed that GPG keys should not be placed in
/etc/apt/trusted.gpg.d/
(please see #435)After updating the tasks to mirror the installation method in https://docs.docker.com/engine/install/debian/#install-using-the-repository, I was still getting an error:
until I noticed that the task here
ansible-role-docker/tasks/setup-Debian.yml
Line 30 in 8ff4a24
was saving the GPG key in binary whereas in the docker docs, the key is converted to an ASCII-encoded format.
I updated the ansible tasks to use the fallback curl/shell method and added a few more tasks to mirror the installation method of the docker docs.
With these changes, I'm not getting any errors and able to successfully run the role on version 7.0.2.
@geerlingguy (or any maintainer) Please let me know what you think of these changes:
/etc/apt/keyrings
(as per docker) or/usr/share/keyrings
(as per debian)If using the task
ansible.builtin.get_url
is preferred, I believe a task like this might be required as well directly afterwards: