curl 命令与 pipe 在 Ansible 中不工作
[英]curl command with pipe not working in Ansible
问题描述
I am trying to execute below command which is part of Docker installation, but it got stuck.
我正在尝试执行以下命令,这是 Docker 安装的一部分,但它卡住了。
The gpg part of the command got stuck, if I remove gpg after pipe, it works.命令的gpg部分卡住了,如果我在 pipe 之后删除gpg ,它就可以工作。
---
- hosts: all
become: yes
tasks:
- name: add docker GPG key
shell: "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg"
3 个解决方案
解决方案1
3 2022-06-24 07:54:19
Example for apt apt示例
To download files via HTTPS to your node you may use the get_url _module, followed by an apt_key _module task to add a key .要通过 HTTPS 将文件下载到您的节点,您可以使用get_url _module,然后使用apt_key _module 任务添加密钥。
- name: Download apt key
get_url:
url: https://download.docker.com/linux/ubuntu/gpg
dest: /tmp # or /etc/pki/rpm-gpg depending on the infrastructure
- name: Add a key from a file
ansible.builtin.apt_key:
file: /tmp/gpg
state: present
You could also add it by您也可以通过以下方式添加它
- name: Add an Apt signing key, uses whichever key is at the URL
ansible.builtin.apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
You may need to use other modules or task for gpg or keyring .您可能需要为gpg或keyring使用其他模块或任务。
Similar Q&A类似问答
解决方案2
3 已采纳 2022-06-24 07:56:26
General Ansible advise: if you just feed all your command lines in shell tasks in Ansible, then you are doing it wrong.一般 Ansible 建议:如果您只是在 Ansible 的shell任务中提供所有命令行,那么您做错了。
Ansible does have existing module, that are purposed to serve the idempotency idea that is at the root of Ansible goal and that will greatly simplify all tasks you will try to achieve. Ansible 确实有现有的模块,旨在服务于作为 Ansible 目标根源的幂等性思想,这将大大简化您将尝试实现的所有任务。
This being said, you now have to understand what that specific line of the Docker manual is trying to achieve.话虽如此,您现在必须了解 Docker 手册的特定行试图实现的目标。
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
| gpg --dearmor -o /etc/apt/keyrings/docker.gpg
It's actually a line that would add the GPG key of Docker to a trusted keyring on the node, so it can validate the authenticity of the package you will later use in a package task.它实际上是将 Docker 的 GPG 密钥添加到节点上的受信任密钥环中的一行,因此它可以验证您稍后将在package任务中使用的包的真实性。
So the purposed module, in this case is the apt_key one.所以有目的的模块,在这种情况下是apt_key一个。
Your task ends up being:你的任务最终是:
- name: add docker GPG key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
解决方案3
0 2023-01-11 01:38:19
Got the same problem today, as I don't want to use the apt_key module because apt-key command, that the module use under the hood, is deprecated.今天遇到了同样的问题,因为我不想使用apt_key模块,因为该模块在后台使用的apt-key命令已被弃用。 I was following the same approach than you.我采用的方法与您相同。
As @Zeitounator mention, the issue is caused because gpg is running in the nteractive mode and waiting a confirmation, and I'm sure that is because the destination file already exist (probably because you run the task before), so it's asking you to override that file.正如@Zeitounator 提到的那样,问题是因为 gpg 在交互模式下运行并等待确认,我确定这是因为目标文件已经存在(可能是因为您之前运行过任务),所以它要求您覆盖那个文件。 So the solution in this case is to use the creates option in the shell module pointing to the path where you are storing the gpg key.因此,这种情况下的解决方案是使用shell模块中的creates选项指向您存储 gpg 密钥的路径。 Whit this the task would not run again if the file exist.如果文件存在,任务将不会再次运行。 See https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html#parameter-creates参见https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html#parameter-creates
- name: add docker GPG key
shell: |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg |\
gpg --dearmor -o /etc/apt/keyrings/docker.gpg
creates: /etc/apt/keyrings/docker.gpg
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.