geerlingguy / ansible-role-repo-epel Goto Github PK
View Code? Open in Web Editor NEWAnsible Role - EPEL Repository for RHEL/CentOS
Home Page: https://galaxy.ansible.com/geerlingguy/repo-epel/
License: MIT License
Ansible Role - EPEL Repository for RHEL/CentOS
Home Page: https://galaxy.ansible.com/geerlingguy/repo-epel/
License: MIT License
The use of ansible_check_mode
means that a later version of Ansible is required (2.1+). On the galaxy page it says 1.8 and later will work.
Host; Centos 7.6
Ansible: 2.9.1
Guest; Centos 7.7
TASK [geerlingguy.repo-epel : Install EPEL repo.] ******************************************************************************************************************************************************
task path: /home/vagrant/.ansible/roles/geerlingguy.repo-epel/tasks/main.yml:7
FAILED - RETRYING: Install EPEL repo. (5 retries left).
FAILED - RETRYING: Install EPEL repo. (4 retries left).
FAILED - RETRYING: Install EPEL repo. (3 retries left).
FAILED - RETRYING: Install EPEL repo. (2 retries left).
FAILED - RETRYING: Install EPEL repo. (1 retries left).
fatal: [default]: FAILED! => {"attempts": 5, "changed": false, "msg": "Failure downloading https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm, Request failed: "}
If I run yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm it installs fine. Any ideas how to fix this?
There appears to be a change in loop conditionals in Ansible 2.5 - ansible/ansible#37980
The install of the epel package works but the conditional fails, leading to retries and eventually a failure of the task.
Changing this line should resolve - https://github.com/geerlingguy/ansible-role-repo-epel/blob/master/tasks/main.yml#L11
Just a heads-up really and not an issue:
On my CentOS release 5.11 (Final) the key in /etc/pki/rpm-gpg/ is 'RPM-GPG-KEY-EPEL' and not 'RPM-GPG-KEY-EPEL-5'
I'll add a different epel_repo_gpg_key_url to the vars of my centos5 hosts.
If I'm reading the Travis output correctly, the tests aren't actually getting to try installing the EPEL repo because the Docker image already has it. The step to install EPEL is skipped on the initial and idempotence re-run.
https://travis-ci.org/geerlingguy/ansible-role-repo-epel/jobs/369346957
Recently added this to a project, appears the default config may no longer be valid? I get the following error:
fatal: [127.0.0.1]: FAILED! => changed=false
attempts: 5
msg: 'failed to fetch key at https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-2 , error was: HTTP Error 404: Not Found'
Looking at https://dl.fedoraproject.org/pub/epel/ it appears there is a GPG key for 4-7, but nothing for 1-3.
TASK [repo-epel : Install EPEL repo.] ********************************************************************************************************************************************************
fatal: [192.168.0.50]: FAILED! => {"msg": "The conditional check 'result.rc == 0' failed. The error was: error while evaluating conditional (result.rc == 0): 'dict object' has no attribute 'rc'"}
TASK: [geerlingguy.repo-epel | Install EPEL repo.] ****************************
fatal: [ec2-54-237-72-83.compute-1.amazonaws.com] => One or more undefined variables: 'dict object' has no attribute u'NA'
Using geerlingguy/docker-ubi8-ansible:latest
I am getting:
TASK [geerlingguy.repo-epel : Check if EPEL repo is already configured.] *******
Thursday 24 September 2020 11:07:41 +0200 (0:00:04.626) 0:00:15.583 ****
ok: [rhel8]
TASK [geerlingguy.repo-epel : Import EPEL GPG key.] ****************************
Thursday 24 September 2020 11:07:45 +0200 (0:00:04.745) 0:00:20.329 ****
fatal: [rhel8]: FAILED! => changed=false
msg: Not a valid key /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
[root@rhel8 /]# ls /etc/pki/rpm-gpg/
RPM-GPG-KEY-redhat-beta RPM-GPG-KEY-redhat-release
It would looks like the EPEL key is only available by default on Centos and not rhel/ubi ?
TASK [geerlingguy.repo-epel : Import EPEL GPG key.] ****************************
Thursday 04 February 2021 12:04:54 +0000 (0:00:00.556) 0:02:09.191 *****
�[1;30mFAILED - RETRYING: Import EPEL GPG key. (5 retries left).�[0m
�[1;30mFAILED - RETRYING: Import EPEL GPG key. (4 retries left).�[0m
�[1;30mFAILED - RETRYING: Import EPEL GPG key. (3 retries left).�[0m
�[1;30mFAILED - RETRYING: Import EPEL GPG key. (2 retries left).�[0m
�[1;30mFAILED - RETRYING: Import EPEL GPG key. (1 retries left).�[0m
�[0;31mfatal: [i-0301e3f7*********]: FAILED! => {"attempts": 5, "changed": false, "msg": "error: cannot open Packages index using db5 - Permission denied (13)\nerror: cannot open Packages database in /var/lib/rpm\nerror: /tmp/tmpNqccQQ: key 1 import failed.\n"}�[0m
It's version 3.0.0 of geerlingguy.repo-epel
Tested the epel_repo_gpg_key_url variable which shows:
"https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7"
Tested it's valid too:
curl https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 | wc -l
29
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)
ansible-role-repo-epel/tasks/main.yml
Line 7 in c03007d
I have a weird use case where I need to use this role to install and enable the epel repo, install stuff and then disable the repo during a molecule prepare step.
In the actual playbook I also want to use this role to enable the epel repo even if it's been disabled (enabled=0). But there's no way to do that with this role. The only thing I can do is delete the epel file out of the repos config directory in /etc/yum
Perhaps this line https://github.com/geerlingguy/ansible-role-repo-epel/blob/master/tasks/main.yml#L33 should be something along the lines of:
value: "{{ 0 if epel_repo_disable | bool else 1 }}"
and remove https://github.com/geerlingguy/ansible-role-repo-epel/blob/master/tasks/main.yml#L35 ?
I often enough get the following error on the first try, but then it succeeds on the second try. However, this behavior is inconsistent as many times it will succeed on the first try. I've reproduced the issue on the same base machine (a vagrant box), but again, inconsistently. Its not only happening intermittently on vagrant boxes, because its happened on VM's as well.
=> {"changed": false, "failed": true, "rc": 1}
msg: Package at http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm could not be installed
FATAL: all hosts have already failed -- aborting
My guess is that it happens when there is a network issue - which leads me to wonder if we could add a delay/retries (assuming others have seen this issue).
When installing epel-repo using this role.
I've traced the issue to the "Install EPEL repo." task. It appears that with CentOS 8 it hangs when asking to trust the GPG key.
Disabiling the gpg check is a workaround for this issue.
Tested using fresh rebuilt CentOS 8 host on DigitalOcean
In Travis, it looks like whatever Docker is used for CentOS 8, 7, and 6 already has EPEL:
TASK [geerlingguy.repo-epel : Check if EPEL repo is already configured.] *******
ok: [instance]
TASK [geerlingguy.repo-epel : Import EPEL GPG key with fingerprint safety check (ansible >= 2.9).] ***
skipping: [instance]
TASK [geerlingguy.repo-epel : Import EPEL GPG key (ansible < 2.9).] ************
skipping: [instance]
TASK [geerlingguy.repo-epel : Install EPEL repo.] ******************************
skipping: [instance]
TASK [geerlingguy.repo-epel : Disable Main EPEL repo.] *************************
skipping: [instance]
So, we might need a different docker image or remove EPEL in a molecule prepare playbook.
Actually, epel main repo is enabled by installation.
Ability to disable it globally would be useful.
PR will come.
the docker centos7 image has already installed epel. Therefore, travis-ci does not check the playbook and idempotence correctly.
https://travis-ci.org/geerlingguy/ansible-role-repo-epel/jobs/244234385
Checking Ansible playbook syntax.
playbook: /etc/ansible/roles/role_under_test/tests/test.yml
Running command: docker exec 1497798189 env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [role_under_test : Check if EPEL repo is already configured.] *************
ok: [localhost]
TASK [role_under_test : Install EPEL repo.] ************************************
skipping: [localhost]
TASK [role_under_test : Import EPEL GPG key.] **********************************
skipping: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0
Tried to run one of my ansible scripts today that uses this role and it failed because it couldn't find the epel-release rpm. I noticed the official fedora epel wiki directs people to https://dl.fedoraproject.org now instead of http://download.fedoraproject.org. I changed it and everything is working as it should again.
if /etc/yum.repos.d/epel.repo or /etc/yum.repos.d/epel-testing.repo removed.
This playbook is unable to re-generate the files.
Code checks only if file exists:
- name: Check if EPEL repo is already configured. stat: path={{ epel_repofile_path }} register: epel_repofile_result
But sometimes (for example, on Amazon Linux distro) it exists but not enabled.
Can be solved maybe this way.
Hey there!
Just wondering if there was a plan to include support for EL9? Thanks!
Hi
Also note that CentOS already ships with EPEL repo rpm. yum install epel-release should work
Hi everyone. As I know, now ini_file
is an external module that contains in community.general
collection. So if I correctly understand, we need to use community.general.ini_file
and add community.general
collection requirements.
Seems that the default key is not valid anymore, maybe is related with the latest changes.
Happens on Centos7 using ansible 2.9.6.
`
28-Sep-2020 00:16:30 | amazon-ebs: TASK [geerlingguy.repo-epel : Import EPEL GPG key.] **************************** |
---|---|
28-Sep-2020 00:16:31 | amazon-ebs: fatal: [default]: FAILED! => {"changed": false, "msg": "Not a valid key /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7"} |
`
Per the advice here: https://fedoraproject.org/wiki/EPEL
on CentOS 8 it is recommended to also enable the PowerTools repository since EPEL packages may depend on packages from it: dnf config-manager --set-enabled PowerTools
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.