I am trying to execute below command which is part of Docker installation, but it got stuck.
The gpg part of the command got stuck, if I remove gpg after pipe, it works.
---
- hosts: all
become: yes
tasks:
- name: add docker GPG key
shell: "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg"
CodePudding user response:
Example for apt
To download files via HTTPS to your node you may use the get_url_module, followed by an apt_key_module task to add an the key.
- name: Download apt key
get_url:
url: https://download.docker.com/linux/ubuntu/gpg
dest: /tmp # or /etc/pki/rpm-gpg depending on the infrastructure
- name: Add a key from a file
ansible.builtin.apt_key:
file: /tmp/apt-key.gpg
state: present
You could also add it by
- name: Add an Apt signing key, uses whichever key is at the URL
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
You may need to use other modules or task for gpg or keyring.
Similar Q&A
CodePudding user response:
General Ansible advise: if you just feed all your command lines in shell tasks in Ansible, then you are doing it wrong.
Ansible does have existing module, that are purposed to server the idempotency idea that is at the root of Ansible goal and that will greatly simplify all tasks you will try to achieve.
This being said, you now have to understand what that specific line of the Docker manual is trying to achieve.
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
| gpg --dearmor -o /etc/apt/keyrings/docker.gpg
Is actually a line that would add the GPG key of Docker to a trusted keyring on the node, so it can validate the authenticity of the package you will later use in a package task.
So the purposed module, in this case is the apt_key one.
Your task ends up being:
- name: add docker GPG key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg