apt_key on ubuntu

Hi,

I'm trying to install collectd on ubuntu but I have issues with
downloading apt key 3D3B6BD098080A60:

I tried this (similar in my mind to "apt-key adv --keyserver
keyserver.ubuntu.com --recv 3D3B6BD098080A60")
- - name: Download collectd public key for apt
  apt_key: url=http://keyserver.ubuntu.com id=3D3B6BD098080A60
state=present

but I got this error :
failed: [myserver.com] => {"cmd": "apt-key add -", "failed": true,
"item": "", "rc": 2}
stderr: gpg: no valid OpenPGP data found.
msg: gpg: no valid OpenPGP data found.

I googled a little bit, and I found a previous thread on this matter :
https://groups.google.com/forum/#!topic/ansible-project/8SEZWEQGTsg

I followed the (non working) hint :

- - name: Download collectd public key for apt
  apt_key:
url=http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=3D3B6BD098080A60
state=present

and got this error message :

failed: [myserver.com] => {"failed": true, "item": "", "traceback":
"Traceback (most recent call last):\n File
\"ansible-1383562981.21-114035032395447/apt_key\", line 136, in
download_key\n connection = urlopen(url)\n File
\"/usr/lib/python2.7/urllib2.py\", line 126, in urlopen\n return
_opener.open(url, data, timeout)\n File
\"/usr/lib/python2.7/urllib2.py\", line 406, in open\n response =
meth(req, response)\n File \"/usr/lib/python2.7/urllib2.py\", line
519, in http_response\n 'http', request, response, code, msg,
hdrs)\n File \"/usr/lib/python2.7/urllib2.py\", line 444, in error\n
   return self._call_chain(*args)\n File
\"/usr/lib/python2.7/urllib2.py\", line 378, in _call_chain\n
result = func(*args)\n File \"/usr/lib/python2.7/urllib2.py\", line
527, in http_error_default\n raise HTTPError(req.get_full_url(),
code, msg, hdrs, fp)\nHTTPError: HTTP Error 404: Not Found\n"}

Of course, if I ignore apt key installation, apt refuses to install
collectd :
msg: Invalid repository string:
http://ppa.launchpad.net/nikicat/collectd/ubuntu precise main

I tried to download the key on my box, it worked like a charm (sorry,
output is in french):
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv
3D3B6BD098080A60
Executing: gpg --ignore-time-conflict --no-options
- --no-default-keyring --secret-keyring /tmp/tmp.fbmVdddBE5
- --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg
- --primary-keyring /etc/apt/trusted.g
pg --keyserver keyserver.ubuntu.com --recv 3D3B6BD098080A60
gpg: demande de la clef 98080A60 sur le serveur hkp keyserver.ubuntu.com
gpg: clef 98080A60 : clef publique � Launchpad PPA for nikicat � import�e
gpg: Quantit� totale trait�e : 1
gpg: import�es : 1 (RSA: 1)

(means everything is ok)

What can I do ?

Would it be possible for apt_key mondule to behave like apt-key : add
a parameter keyserver instead of a url, because sometimes there is no
url to download from:
- - name: Download collectd public key for apt
  apt_key: keyserver=http://keyserver.ubuntu.com id=3D3B6BD098080A60
state=present

Thankns
- --
Jean-Philippe Caruana

I followed the (non working) hint :

- - name: Download collectd public key for apt
  apt_key:
url=http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=3D3B6BD098080A60
state=present

and got this error message :

failed: [myserver.com] => {"failed": true, "item": "", "traceback":
"Traceback (most recent call last):\n File
\"ansible-1383562981.21-114035032395447/apt_key\", line 136, in
download_key\n connection = urlopen(url)\n File
\"/usr/lib/python2.7/urllib2.py\", line 126, in urlopen\n return
_opener.open(url, data, timeout)\n File
\"/usr/lib/python2.7/urllib2.py\", line 406, in open\n response =
meth(req, response)\n File \"/usr/lib/python2.7/urllib2.py\", line
519, in http_response\n 'http', request, response, code, msg,
hdrs)\n File \"/usr/lib/python2.7/urllib2.py\", line 444, in error\n
   return self._call_chain(*args)\n File
\"/usr/lib/python2.7/urllib2.py\", line 378, in _call_chain\n
result = func(*args)\n File \"/usr/lib/python2.7/urllib2.py\", line
527, in http_error_default\n raise HTTPError(req.get_full_url(),
code, msg, hdrs, fp)\nHTTPError: HTTP Error 404: Not Found\n"}

This URL indeed returns a 404, but try this one instead (note the
prepended 0x to the search param), which does find the key and should
work with Ansible:

http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x3D3B6BD098080A60

This seems related to https://github.com/ansible/ansible/pull/4544 .

Regards,
maykel

Le 04/11/2013 12:38, Nick Groenen a �crit :

This URL indeed returns a 404, but try this one instead (note the
prepended 0x to the search param), which does find the key and
should work with Ansible:

http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x3D3B6BD098080A60

This

worked great : thanks !

TASK: [Download collectd public key for apt]

Hi Jean-Philippe,

The transport is unsecured HTTP. As you are verifying the key in the play after downloading? Otherwise, why not download and verify once and include the key with your playbook?

Regards,
Joost

Tickets should be posted to github, not the mailing list.

http://github.com/ansible/ansible

Also sharing the Ansible version, i.e. the output of “ansible --version” when discussing potential tickets is mandatory.

Thanks!