Friday, December 17, 2021

[SOLVED] ansible/ubuntu: updating cache fails after adding repos on AWS instance

December 17, 2021 amazon-ec2, amazon-web-services, ansible, apt, ubuntu

Issue

I have created a few ansible plays and one of them adds repos/keys needed for installing Docker and certbot.

- name: Add Docker's GPG key
  apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg
    state: present
  become: true


- name: Add Docker & Certbot repo
  apt_repository:
    repo: "{{ item }}"
    state: present
  become: true
  with_items:
    - "deb [arch=amd64] {{ docker_repo }} {{ ubuntu_release }} stable"
    - "ppa:certbot/certbot"

Here comes the weird part ...

The first time the play will run, everyhing ends ok;

The second time, play fails with error on updating cache;

When I login to the instance and run sudo apt update:

ubuntu@ip-10-0-1-246:~$ sudo apt update
Hit:1 http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial InRelease
0% [1 InRelease gpgv 247 kB] [Waiting for headers] [Connecting to security.ubuntu.com (91.189.91.26)] [Connecting to ppa.launchpad.net]Couldn't create tempfiles for splitting up /var/lib/apt/lists/eu-west-2.eErr:1 http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial InRelease                                                                  
  Could not execute 'apt-key' to verify signature (is gnupg installed?)
Get:2 http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]                                                 
0% [2 InRelease gpgv 102 kB] [Waiting for headers] [Waiting for headers] [Connecting to ppa.launchpad.net]Couldn't create tempfiles for splitting up /var/lib/apt/lists/partial/eu-west-2.ec2.archive.ubuntu.comErr:2 http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease                             
  Could not execute 'apt-key' to verify signature (is gnupg installed?)
Get:3 http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]                  
0% [3 InRelease gpgv 102 kB] [Waiting for headers] [Connecting to ppa.launchpad.net]Couldn't create tempfiles for splitting up /var/lib/apt/lists/partial/eu-west-2.ec2.archive.ubuntu.com_ubuntu_dists_xenial-bErr:3 http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease     
  Could not execute 'apt-key' to verify signature (is gnupg installed?)
Hit:4 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease              
Err:4 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InReleasepfiles for splitting up /var/lib/apt/lists/ppa.launchpad.net_certbot_certbot_ubuntu_dists_xenial_InRelease
  Could not execute 'apt-key' to verify signature (is gnupg installed?)
Get:5 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Hit:6 https://download.docker.com/linux/ubuntu xenial InRelease
Err:6 https://download.docker.com/linux/ubuntu xenial InReleaseouldn't create tempfiles for splitting up /var/lib/apt/lists/download.docker.com_linux_ubuntu_dists_xenial_InRelease
  Could not execute 'apt-key' to verify signature (is gnupg installed?)
Err:5 http://security.ubuntu.com/ubuntu xenial-security InReleaseng up /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_xenial-security_InRelease
  Could not execute 'apt-key' to verify signature (is gnupg installed?)
Fetched 306 kB in 0s (791 kB/s)
Reading package lists... Done
Building dependency tree       
Reading state information... Done
10 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://eu-west-2.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://download.docker.com/linux/ubuntu xenial InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.ubuntu.com/ubuntu xenial-security InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: Failed to fetch http://eu-west-2.ec2.archive.ubuntu.com/ubuntu/dists/xenial/InRelease  Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: Failed to fetch http://eu-west-2.ec2.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease  Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: Failed to fetch http://eu-west-2.ec2.archive.ubuntu.com/ubuntu/dists/xenial-backports/InRelease  Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease  Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: Failed to fetch https://download.docker.com/linux/ubuntu/dists/xenial/InRelease  Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: Failed to fetch http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/xenial/InRelease  Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: Some index files failed to download. They have been ignored, or old ones used instead

After a reboot the problem is resolved (!!!), and then again after a play run the same issue appears ...

I have also installed gnugpg2 without any success whatsoever...

Solution

It is a /tmp folder permissions issue.

For some reason (haven't figured out yet), after a fresh reboot:

drwxrwxrwt 8 root root 4096 Mar  9 10:59 /tmp

Once an apt command runs:

drwxr-xr-x 11 root root 4096 Mar  9 10:44 /tmp

Adding as a tmp (no pun intended) workaround the following task, solves the problem:

- name: Enforce appropriate /tmp folder permissions
  file:
    path: /tmp
    owner: root
    group: root
    mode: 0777
  become: true
  changed_when: false

Answered By - pkaramol

This Answer collected from stackoverflow and tested by PythonFixing community admins, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Friday, December 17, 2021

[SOLVED] ansible/ubuntu: updating cache fails after adding repos on AWS instance

Issue

Solution

Popular Posts

Labels