Search code examples
kubernetesansible

Ansible throwing a "Failed to update apt cache: W:Updating from such a repository can't be done securely" Error

I'm very new to Ansible and I'm trying to install kubectl on an EC2 instance (Ubuntu 18.04) for a class.

I have ran the playbook and it went well until it hit task 4 then threw the following error:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: W:Updating from such a repository can't be done securely, and is therefore disabled by default., W:See apt-secure(8) manpage for repository creation and user configuration details., W:GPG error: https://packages.cloud.google.com/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FEEA9169307EA071 NO_PUBKEY 8B57C5C2836F4BEB, E:The repository 'https://apt.kubernetes.io kubernetes-xenial InRelease' is not signed."}

It now throws the same error on task 1 whenever I try to run it again. Can someone advise me on how to fix this?

This is the playbook I have written, it's based on an exercise I completed for installing Docker using Ansible and the commands given to me for installing kubectl:

- name: A playbook to install kubectl on a VM
  hosts: localhost
  user: ubuntu
  become: yes

  tasks:
  - name: 1. Update APT Package Manager
    apt:
      update_cache: yes

  - name: 2. Install dependency packages
    apt:
      name={{ item }}
    with_items:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg-agent
      - software-properties-common

  - name: 3. Get APT Key
    shell:
      cmd: curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
      cmd: echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list

  - name: 4. Update Packages
    apt:
      update_cache: yes

  - name: 5. Install Kubectl
    apt:
      update_cache: yes
      name: kubectl
Solution

  • Regarding the part

    - name: 3. Get APT Key
    shell:
      cmd: curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
      cmd: echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list

    The shell_module will only execute the second cmd. Ansible can only pass one of the parameters to the module, the last one.

    To download files from HTTPS to node you may use the get_url_module, followed by an apt_key_module task to add an apt key.

    - name: Download apt key
  get_url:
    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
    dest: /tmp # or /etc/pki/rpm-gpg depending on the infrastructure

- name: Add a key from a file
  ansible.builtin.apt_key:
    file: /tmp/apt-key.gpg
    state: present

    You could also add it by

    - name: Add an Apt signing key, uses whichever key is at the URL
  ansible.builtin.apt_key:
    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
    state: present

    or if you know the key ID already

    - name: Add missing Apt signing key by ID from a keyserver
  ansible.builtin.apt_key:
   keyserver: keyserver.ubuntu.com
   id: "{{ KEY_ID }}"