Hi
No problem.
So the 'ansible way' is to use native modules wherever possible. The
shell/command task should be used only if there is no reasonable way
to achieve things using native modules.
In your case the ansible way could look something like this:
tasks:
- name: Find RPM GPG keys
find:
paths: /etc/pki/rpm-gpg
register: gpg_found
- name: Ensure found keys are trusted
rpm_key:
key: "{{ item.path }}"
state: present
loop: "{{ gpg_found.files }}"
You will find that once run, subsequent runs will not actually do
anything anymore as the desired state will have been reached after the
first run: idempotence.
You can optionally tune these tasks, for instance to fit the pattern
of the key names, etc.
On Thu, 7 May 2020 at 13:43, Quad Zero <[email protected]> wrote:
>
> Hi Dick,
>
> Yes, so I may have replied to your comment above in my reply back to Michael.
>
> I guess my knowledge on Ansible is still very new, so currently just getting
> things done, until I get to grips with better understanding.
>
> Could anyone please recommend any good books that covers most of the modules
> in depth? Just trying to learn and last night was quite frustrating for me.
>
> Thank you once again.
>
> On Thursday, May 7, 2020 at 12:50:17 AM UTC-4, Dick Visser wrote:
>>
>> Indeed.
>> I've noticed quite a few people are frantically trying to shoehorn shell
>> commands into ansible. This works yes but lacks all the goodies that ansible
>> brings such as idempotency etc.
>> The questions then tend to narrow down to why the output of a dozen twelve
>> cat/grep/sed/awk pipes doesn't do what they want.
>>
>> In this case it's not clear why you'd want to blindly add all rpm keys. This
>> once again looks like a sledgehammer and should instead be done by iterating
>> over the keys you actually want, with rpm_key.
>>
>>
>> On Thu, 7 May 2020 at 01:16, Michael Mullay <[email protected]> wrote:
>>>
>>> Quad Zero,
>>> You didn't even indicate if you tried using the module JYL took the time to
>>> point out to you. There are examples there and everything. If you want
>>> pre-written Ansible code without doing any research or leg work you should
>>> look on galaxy.ansible.com.
>>>
>>> And that is really weak criticizing someone that took more time to try to
>>> solve your problem than you did. People are likely going to stop responding
>>> to you after that comment.
>>>
>>>
>>> On Wed, May 6, 2020 at 4:01 PM Quad Zero <[email protected]> wrote:
>>>>
>>>> Thanks for your reply but really is not helpful bud.
>>>>
>>>> This is like if i asked how i can get to a destination, you are telling me
>>>> to go to a train or bus station.
>>>>
>>>>
>>>> On Wednesday, May 6, 2020 at 7:32:08 AM UTC-4, Jean-Yves LENHOF wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> There's a module to import key, please use it !
>>>>>
>>>>> https://docs.ansible.com/ansible/latest/modules/rpm_key_module.html
>>>>>
>>>>> Regards,
>>>>>
>>>>> JYL
>>>>>
>>>>> Le 06/05/2020 à 12:17, Quad Zero a écrit :
>>>>>
>>>>> Hi all,
>>>>>
>>>>> Thank you for your help in my last post. I have come quite a way (small
>>>>> compared to many of you) but nevertheless making good progress each day.
>>>>>
>>>>> I hit roadblocks quite a bit and thankfully google has helped me quite a
>>>>> bit. I have come across this problem now which I hope some of you can
>>>>> explain and then help me with finding a solution. This is my code so far:
>>>>>
>>>>> ---
>>>>> - hosts: all
>>>>> serial: 3
>>>>> become: yes
>>>>> tasks:
>>>>> - name: ping all the machines
>>>>> ping:
>>>>>
>>>>> - name: Import all GPG keys for repo
>>>>> command: "rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-*"
>>>>>
>>>>>
>>>>> When I am trying to run the rpm --import as a command, I get this error
>>>>> on my 3 test hosts:
>>>>> 1. What does it mean, why is this producing an error? I can enter this
>>>>> directly as a command in shell and it works just fine, so where is
>>>>> Ansible having issues?
>>>>> 2. How can I fix this and find a solution so that all my keys from the
>>>>> pki directory is imported as I have a mixture of RHEL and CentOS systems?
>>>>>
>>>>> TASK [Import all GPG keys for repo]
>>>>> *****************************************************************************************************
>>>>> [WARNING]: Consider using the yum, dnf or zypper module rather than
>>>>> running 'rpm'. If you need to use command because yum, dnf or
>>>>> zypper is insufficient you can add 'warn: false' to this command task or
>>>>> set 'command_warnings=False' in ansible.cfg to get rid of this
>>>>> message.
>>>>> fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["rpm",
>>>>> "--import", "/etc/pki/rpm-gpg/RPM-GPG-KEY-*"], "delta": "0:00:00.029904",
>>>>> "end": "2020-05-06 05:08:49.909745", "msg": "non-zero return code", "rc":
>>>>> 1, "start": "2020-05-06 05:08:49.879841", "stderr": "error:
>>>>> /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2).", "stderr_lines":
>>>>> ["error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2)."],
>>>>> "stdout": "", "stdout_lines": []}
>>>>> fatal: [testb_centos78]: FAILED! => {"changed": true, "cmd": ["rpm",
>>>>> "--import", "/etc/pki/rpm-gpg/RPM-GPG-KEY-*"], "delta": "0:00:00.027775",
>>>>> "end": "2020-05-06 05:08:50.031696", "msg": "non-zero return code", "rc":
>>>>> 1, "start": "2020-05-06 05:08:50.003921", "stderr": "error:
>>>>> /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2).", "stderr_lines":
>>>>> ["error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2)."],
>>>>> "stdout": "", "stdout_lines": []}
>>>>> fatal: [testa_centos78]: FAILED! => {"changed": true, "cmd": ["rpm",
>>>>> "--import", "/etc/pki/rpm-gpg/RPM-GPG-KEY-*"], "delta": "0:00:00.027843",
>>>>> "end": "2020-05-06 05:08:50.035566", "msg": "non-zero return code", "rc":
>>>>> 1, "start": "2020-05-06 05:08:50.007723", "stderr": "error:
>>>>> /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2).", "stderr_lines":
>>>>> ["error: /etc/pki/rpm-gpg/RPM-GPG-KEY-*: import read failed(2)."],
>>>>> "stdout": "", "stdout_lines": []}
>>>>>
>>>>> Thanks in advance everyone.
>>>>> --
>>>>> You received this message because you are subscribed to the Google Groups
>>>>> "Ansible Project" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send an
>>>>> email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/ansible-project/cf399d8a-bba9-49b8-afe9-6d07516eb99f%40googlegroups.com.
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups
>>>> "Ansible Project" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send an
>>>> email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/ansible-project/ae9486f0-9769-4363-8803-7060273a6878%40googlegroups.com.
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/CAH4rTPu7FOXar2aZdcpxhcsmenCx-LO_KwcjwrCvTP8%2Bfoi57g%40mail.gmail.com.
>>
>> --
>> Sent from a mobile device - please excuse the brevity, spelling and
>> punctuation.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/fea4c8a6-a046-44dc-a87c-db7ae9f7eb87%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAL8fbwOO%3Dt-spsCFDo6qD8a9iacAeuGTEjVu0gR7B7_oiT4k0A%40mail.gmail.com.
