3

I have a working playbook to create a Ubuntu 20.04 VPS and then install a load of software including Docker.

I am trying to use it for a Ubuntu 22.04 VPS.

It does work, but when using APT, I get warnings that "Key is stored in legacy trusted.gpg keyring" because I am using the deprecated apt-key.

My old playbook contains :

- name: Add docker signing key
  apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg
    state: present
- name: Add docker repository
  apt_repository:
    repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable
    state: present

After some research, I thought I could replace the above with the following :

- name: Add docker signing key (new GPG method)
  get_url:
    url: https://download.docker.com/linux/ubuntu/gpg
    dest: /etc/apt/keyrings/docker.gpg
    mode: '0644'
    force: true 
- name: Add docker repository
  apt_repository:
    repo: deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable
    state: present

A key is being stored in /etc/apt/keyrings/docker.gpg, however, I get the following error :

    TASK [Add docker repository] *********
    fatal: [node1]: FAILED! => changed=false
 msg: 'Failed to update apt cache: W:GPG error: https://download.docker.com/linux/ubuntu jammy InRelease: The following signatures couldn''t be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8, E:The repository ''https://download.docker.com/linux/ubuntu jammy InRelease'' is not signed.

I do not know what I am doing wrong.

devra
  • 63
  • 7

1 Answers1

1

Solved it. I just had to change the extension of the key file from .gpg to .asc and then it worked fine.

devra
  • 63
  • 7
  • To elaborate: download and store the `.gpg` key as an `.asc` file, refer in the `apt_repository` task to the `.asc`. – Vis Oct 21 '22 at 06:34
  • For binary keys use .gpg, for key in ascii format use .asc extension. – Alex Apr 24 '23 at 09:52