skip to Main Content

I am trying to execute below command which is part of Docker installation, but it got stuck.

The gpg part of the command got stuck, if I remove gpg after pipe, it works.

---
- hosts: all
  become: yes

  tasks:

    - name: add docker GPG key
      shell: "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg"

3

Answers


  1. Example for apt

    To download files via HTTPS to your node you may use the get_url_module, followed by an apt_key_module task to add a key.

    - name: Download apt key
      get_url:
        url: https://download.docker.com/linux/ubuntu/gpg
        dest: /tmp # or /etc/pki/rpm-gpg depending on the infrastructure
    
    - name: Add a key from a file
      ansible.builtin.apt_key:
        file: /tmp/gpg
        state: present
    

    You could also add it by

    - name: Add an Apt signing key, uses whichever key is at the URL
      ansible.builtin.apt_key:
        url: https://download.docker.com/linux/ubuntu/gpg
        state: present
    

    You may need to use other modules or task for gpg or keyring.

    Similar Q&A

    Login or Signup to reply.
  2. General Ansible advise: if you just feed all your command lines in shell tasks in Ansible, then you are doing it wrong.
    Ansible does have existing module, that are purposed to serve the idempotency idea that is at the root of Ansible goal and that will greatly simplify all tasks you will try to achieve.


    This being said, you now have to understand what that specific line of the Docker manual is trying to achieve.

    curl -fsSL https://download.docker.com/linux/ubuntu/gpg  
    | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
    

    It’s actually a line that would add the GPG key of Docker to a trusted keyring on the node, so it can validate the authenticity of the package you will later use in a package task.

    So the purposed module, in this case is the apt_key one.

    Your task ends up being:

    - name: add docker GPG key
      apt_key:
        url: https://download.docker.com/linux/ubuntu/gpg
    
    Login or Signup to reply.
  3. Got the same problem today, as I don’t want to use the apt_key module because apt-key command, that the module use under the hood, is deprecated. I was following the same approach than you.

    As @Zeitounator mention, the issue is caused because gpg is running in the nteractive mode and waiting a confirmation, and I’m sure that is because the destination file already exist (probably because you run the task before), so it’s asking you to override that file.
    So the solution in this case is to use the creates option in the shell module pointing to the path where you are storing the gpg key. Whit this the task would not run again if the file exist. See https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html#parameter-creates

    - name: add docker GPG key
      shell: |
        curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
        gpg --dearmor -o /etc/apt/keyrings/docker.gpg
      creates: /etc/apt/keyrings/docker.gpg
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search