I think something changed somewhere ( not sure if at clients servers because they are newer releases) but suddenly my tasks using the package module are failing because of gpg signature check at Oracle linux and Rhel servers .
I know its an issue from ansible because I see with verbose the gpg check being forced from the ansible play .
We use generic playbooks with the package module (which in time is calling to zypper yum apt etc for each distribution specific package manager) , I know at the yum module we can use
disable_gpg_check: yes
But if I use that option with the package module, it works when running on rhel servers, but fails when running against debian / sles or whatever not using yum module because only yum module has that option, and the other package modules do not .
I would love to find a solution in order to avoid gpg check with yum and still use the generic package module .
The manual command yum install at the server works flawless . Also when I run anisble with verbose (-vvv…) I see the gpgcheck yes being pushed
2
Answers
The real solution was adding at playbook time a module defaults for package, with the default(omit) in order to avoid failures when the module package called zypper or apt .
We did that at our "masterplaybooks" that load all the roles :
Modifying every package task as stated by Zeitounator is not a feasible option since we have more than 100 tasks using the package module into our repositories, but may be an option for others .
What I think is it would be nice that ansible allows direct modification of module defaults directly from group_vars or host_vars
The real solution to your problem is reactivating gpg checks on the given targets and fix the configuration so it succeeds because it should not be disabled.
That being said, a possible workaround here:
package
module. I’ll call this groupbad_hosts
belowgroup_vars/bad_hosts.yml
package
task):