ansible-container
ansible-container copied to clipboard
Published
20 hours ago •
ansible
ansible
Version 0.9.2 build failure with rpm_key module
ISSUE TYPE
- Bug Report
container.yml
version: "2"
settings:
# The Conductor container does the heavy lifting, and provides a portable
# Python runtime for building your target containers. It should be derived
# from the same distribution as you're building your target containers with.
#conductor_base: centos:7
conductor:
base: centos:7
#roles:
#- geerlingguy.java
volumes:
- temp-space:/tmp # Used to copy static content between containers
# The deployment_output_path is mounted to the Conductor container, and the
# `run` and `deployment` commands then write generated Ansible playbooks to it.
# deployment_output_path: ./ansible-deployment
# When using the k8s or openshift engines, use the following to set the namespace.
# If not set, the project name will be used. For openshift, the namespace maps to a project,
# and description and display_name are supported.
k8s_namespace:
name: elk-stack
description: Elk Stack orchestrated with Ansible Container
display_name: Elk Stack using Ansible Container
services:
elasticsearch:
from: centos:7
roles:
- role: jschulthess.elasticsearch-container
elasticsearch_java_home: /usr/lib/jvm/jre
elasticsearch_debug: True
#elasticsearch_example_enable: true
# Set example_earthquakes_create to 'true', if sameple data should be loaded
# into ncedc-earthquakes index.
- role: example_earthquakes
example_earthquakes_create: true
ports:
- 9200:9200
expose:
- 9200
- 9300
restart: always
user: elasticsearch
working_dir: /usr/share/elasticsearch/bin
command: [/usr/bin/container_command.sh]
#command: [./elasticsearch]
#entrypoint: ["/usr/bin/entrypoint.sh"]
#volumes:
#- your_volume:/usr/share/elasticsearch/data
#- your_volume:/usr/share/elasticsearch/logs
#- your_volume:/usr/share/elasticsearch/config
logstash:
from: centos:7
roles:
- role: jschulthess.logstash-container
logstash_java_home: /usr/lib/jvm/jre
# Set create_example to 'true', if sameple data should be loaded
# into apache_elk_example index.
- role: create_example
create_example: false
#- role: example_weblog
# example_weblog_create: false
## Set example_earthquakes_create to 'true', if sameple data should be loaded
## into ncedc-earthquakes index.
#- role: example_earthquakes
# example_earthquakes_create: true
ports:
- 5044:5044
links:
- elasticsearch
restart: always
working_dir: /usr/share/logstash/bin
command: [./logstash, agent, -f, /etc/logstash/conf.d]
environment:
- JAVACMD=/usr/bin/java
entrypoint: ["/usr/bin/entrypoint.sh"]
#volumes:
#- your_configuration_volume:/etc/logstash/conf.d
kibana:
from: centos:7
roles:
- role: jschulthess.kibana-container
#kibana_debug: true
ports:
- 5601:5601
user: kibana
links:
- elasticsearch
working_dir: /usr/share/kibana/bin
command: [./kibana]
registries: {}
# Add optional registries used for deployment. For example:
# google:
# url: https://gcr.io
# namespace: my-cool-project-xxxxxx
OS / ENVIRONMENT
$ ansible-container --debug version
Ansible Container, version 0.9.2
Linux, jschulthess-puzzle.ep4.puzzle.ch, 4.4.0-93-generic, #116-Ubuntu SMP Fri Aug 11 21:17:51 UTC 2017, x86_64
2.7.12 (default, Nov 19 2016, 06:48:10)
[GCC 5.4.0 20160609] /usr/bin/python
{
"ContainersPaused": 0,
"Labels": null,
"CgroupDriver": "cgroupfs",
"ContainersRunning": 1,
"ContainerdCommit": {
"Expected": "9048e5e50717ea4497b757314bad98ea3763c145",
"ID": "9048e5e50717ea4497b757314bad98ea3763c145"
},
"InitBinary": "docker-init",
"NGoroutines": 27,
"Swarm": {
"ControlAvailable": false,
"NodeID": "",
"Error": "",
"RemoteManagers": null,
"LocalNodeState": "inactive",
"NodeAddr": ""
},
"LoggingDriver": "json-file",
"OSType": "linux",
"HttpProxy": "",
"Runtimes": {
"runc": {
"path": "docker-runc"
}
},
"DriverStatus": [
[
"Root Dir",
"/var/lib/docker/aufs"
],
[
"Backing Filesystem",
"extfs"
],
[
"Dirs",
"117"
],
[
"Dirperm1 Supported",
"true"
]
],
"OperatingSystem": "Ubuntu 16.04.3 LTS",
"Containers": 7,
"HttpsProxy": "",
"BridgeNfIp6tables": true,
"MemTotal": 16710258688,
"SecurityOptions": [
"name=apparmor",
"name=seccomp,profile=default"
],
"Driver": "aufs",
"IndexServerAddress": "https://index.docker.io/v1/",
"ClusterStore": "",
"InitCommit": {
"Expected": "949e6fa",
"ID": "949e6fa"
},
"Isolation": "",
"SystemStatus": null,
"OomKillDisable": true,
"ClusterAdvertise": "",
"SystemTime": "2017-09-12T20:50:51.716448717+02:00",
"Name": "jschulthess-puzzle.ep4.puzzle.ch",
"CPUSet": true,
"RegistryConfig": {
"InsecureRegistryCIDRs": [
"127.0.0.0/8"
],
"IndexConfigs": {
"docker.io": {
"Official": true,
"Name": "docker.io",
"Secure": true,
"Mirrors": []
}
},
"Mirrors": []
},
"DefaultRuntime": "runc",
"ContainersStopped": 6,
"NCPU": 4,
"NFd": 22,
"Architecture": "x86_64",
"KernelMemory": true,
"CpuCfsQuota": true,
"Debug": false,
"ID": "4UKG:O4RS:EBU6:ZGXD:W2NR:LXD4:PDTT:7SMO:EBQO:QCXQ:MXWT:FNKU",
"IPv4Forwarding": true,
"KernelVersion": "4.4.0-93-generic",
"BridgeNfIptables": true,
"NoProxy": "",
"LiveRestoreEnabled": false,
"ServerVersion": "17.05.0-ce",
"CpuCfsPeriod": true,
"ExperimentalBuild": false,
"MemoryLimit": true,
"SwapLimit": false,
"Plugins": {
"Volume": [
"local"
],
"Network": [
"bridge",
"host",
"macvlan",
"null",
"overlay"
],
"Authorization": []
},
"Images": 62,
"DockerRootDir": "/var/lib/docker",
"NEventsListener": 0,
"CPUShares": true,
"RuncCommit": {
"Expected": "9c2d8d184e5da67c95d601382adf14862e4f2228",
"ID": "9c2d8d184e5da67c95d601382adf14862e4f2228"
}
}
{
"KernelVersion": "4.4.0-93-generic",
"Arch": "amd64",
"BuildTime": "2017-05-04T22:10:54.638119411+00:00",
"ApiVersion": "1.29",
"Version": "17.05.0-ce",
"MinAPIVersion": "1.12",
"GitCommit": "89658be",
"Os": "linux",
"GoVersion": "go1.7.5"
}
SUMMARY
Using 0.9.2, a task like the following:
- name: Add Elasticsearch GPG key.
rpm_key:
key: https://packages.elastic.co/GPG-KEY-elasticsearch
state: present
fails with: fatal: [elasticsearch]: FAILED! => {"changed": false, "failed": true, "msg": "gpg: no valid OpenPGP data found.\ngpg: processing message failed: Unknown system error\n"} even though the URL shows seemingly valid GPG key data.
STEPS TO REPRODUCE
ansible-container build
EXPECTED RESULTS
ACTUAL RESULTS
$ ansible-container build
Building Docker Engine context...
Starting Docker build of Ansible Container Conductor image (please be patient)...
Parsing conductor CLI args.
Docker™ daemon integration engine loaded. Build starting. project=elk-stack-container
Building service... project=elk-stack-container service=elasticsearch
PLAY [elasticsearch] ***********************************************************
TASK [Gathering Facts] *********************************************************
ok: [elasticsearch]
TASK [jschulthess.elasticsearch-container : Add Elasticsearch GPG key.] ********
fatal: [elasticsearch]: FAILED! => {"changed": false, "failed": true, "msg": "gpg: no valid OpenPGP data found.\ngpg: processing message failed: Unknown system error\n"}
to retry, use: --limit @/tmp/tmpNibXb_/playbook.retry
PLAY RECAP *********************************************************************
elasticsearch : ok=1 changed=0 unreachable=0 failed=1
ERROR Error applying role! engine=<container.docker.engine.Engine object at 0x1648150> exit_code=2 playbook=[{'hosts': u'elasticsearch', 'roles': [ordereddict([('elasticsearch_java_home', '/usr/lib/jvm/jre'), ('elasticsearch_debug', True), ('role', 'jschulthess.elasticsearch-container')])], 'vars': {}}]
Traceback (most recent call last):
File "/usr/bin/conductor", line 11, in <module>
load_entry_point('ansible-container', 'console_scripts', 'conductor')()
File "/_ansible/container/__init__.py", line 19, in __wrapped__
return fn(*args, **kwargs)
File "/_ansible/container/cli.py", line 399, in conductor_commandline
**params)
File "/_ansible/container/__init__.py", line 19, in __wrapped__
return fn(*args, **kwargs)
File "/_ansible/container/core.py", line 813, in conductorcmd_build
raise RuntimeError('Build failed.')
RuntimeError: Build failed.
Conductor terminated. Cleaning up. command_rc=1 conductor_id=e51f4081ffed961787e02a90f9b0cd7792237e14278694628059e3a855c73635 save_container=False
ERROR Conductor exited with status 1
The key in question is: Version: GnuPG v2.0.14 (GNU/Linux)
Could it be that the ansible "rpm_key" module uses v1.x?
I am experiencing the same issue using the rpm_key module in Vagrant VM using the vagrant image centos/7 and ansible-2.4.0.0
EDIT: After some testing I have noticed that these combinations work:
- ansible-2.4.0.0 with vagrant image
geerlingguy/centos7works OK - ansible-2.3.2.0 with vagrant image
centos/7works OK - ansible-2.4.0.0 with vagrant image
centos/7FAILS
I have found a workaround by installing the epel-release rpm before trying to add the keys. Not sure why it solves it.