New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
apt_repository module does not work behind proxy on ubuntu #42534
Comments
Files identified in the description: If these files are inaccurate, please update the |
Similar reason behind ansible#42443 apt_repository module calls apt-key to add new repo source on ubuntu. apt-key does not respect http_proxy environment variable. As a result, one would thought adding http_porxy env var using environment will be sufficient, which is never the case and apt_repository will always fail to add new repo behind proxy on ubuntu. keyserver-options are used to pass in proxy settings for apt-key, example: sudo apt-key adv --keyserver-options http-proxy=http://username:password@proxy.example.com:8080 --keyserver keyserver.ubuntu.com --recv-keys GPG_KEY This fix read http_proxy environment variable and pass it on to apt-key using --keyserver-options.
apt_repository module calls apt-key while adding new repository. apt-key will use default ubuntu key server(keyserver.ubuntu.com) and apt-key does not support any parameter to pass in no_proxy settings. In a very unlikely situation, where default ubuntu key server is bypassing proxy and can't be accessed through proxy, and the playbook has key server in no_proxy. By only taking in account of http_proxy, apt_key would been invoked with proxy even the key server is in no_proxy settings. This fix addresses this, it will check if default ubuntu key server is in no_proxy list before passing proxy settings to apt-key. NOTE: default ubuntu key server used in this module is keyserver.ubuntu.com, no DNS look up is carried out here, all IP/subnet in no_proxy will be ignored. This means even key server's IP is in no_proxy list, proxy will still be set for apt-key. NOTE: Due to the lack of definition for no_proxy, this fix supports: 1. no_proxy is a comma separated list of one or more items below 2. full domain name or hostname 3. domain name or hostname containing * wildcard 4. domain name or hostname with leading dot (.)
Has this been resolved yet, or a clean workaround defined? I'm having the same issue |
@OurFriendIrony |
Having Same issue on Ubuntu 18.04.2, apt_repository implementation is using apt-key without the proxy env. |
Any plan to solve this annoying issue ? |
Is the PR still in progress ?
|
Similar reason behind ansible#42443 apt_repository module calls apt-key to add new repo source on ubuntu. apt-key does not respect Acquire::http::Proxy specified in apt conf files, nor http_proxy environment variable. More discussion about these behaviours can be found here: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1433761 keyserver-options are used to pass in proxy settings for apt-key, example: sudo apt-key adv --keyserver-options http-proxy=http://username:password@proxy.example.com:8080 --keyserver keyserver.ubuntu.com --recv-keys GPG_KEY This fix parse http_proxy and no_proxy environment variables and pass on proxy to apt-key using --keyserver-options if ubuntu key server is not in no_proxy list.
Similar reason behind ansible#42443 apt_repository module calls apt-key to add new repo source on ubuntu. apt-key does not respect Acquire::http::Proxy specified in apt conf files, nor http_proxy environment variable. More discussion about these behaviours can be found here: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1433761 keyserver-options are used to pass in proxy settings for apt-key, example: sudo apt-key adv --keyserver-options http-proxy=http://username:password@proxy.example.com:8080 --keyserver keyserver.ubuntu.com --recv-keys GPG_KEY This fix parse http_proxy and no_proxy environment variables and pass on proxy to apt-key using --keyserver-options if ubuntu key server is not in no_proxy list.
Similar reason behind ansible#42443 apt_repository module calls apt-key to add new repo source on ubuntu. apt-key does not respect Acquire::http::Proxy specified in apt conf files, nor http_proxy environment variable. More discussion about these behaviours can be found here: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1433761 keyserver-options are used to pass in proxy settings for apt-key, example: sudo apt-key adv --keyserver-options http-proxy=http://username:password@proxy.example.com:8080 --keyserver keyserver.ubuntu.com --recv-keys GPG_KEY This fix parse http_proxy and no_proxy environment variables and pass on proxy to apt-key using --keyserver-options if ubuntu key server is not in no_proxy list.
Similar reason behind ansible#42443 apt_repository module calls apt-key to add new repo source on ubuntu. apt-key does not respect Acquire::http::Proxy specified in apt conf files, nor http_proxy environment variable. More discussion about these behaviours can be found here: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1433761 keyserver-options are used to pass in proxy settings for apt-key, example: sudo apt-key adv --keyserver-options http-proxy=http://username:password@proxy.example.com:8080 --keyserver keyserver.ubuntu.com --recv-keys GPG_KEY This fix parse http_proxy and no_proxy environment variables and pass on proxy to apt-key using --keyserver-options if ubuntu key server is not in no_proxy list.
Files identified in the description: If these files are incorrect, please update the |
Similar reason behind ansible#42443 apt_repository module calls apt-key to add new repo source on ubuntu. apt-key does not respect Acquire::http::Proxy specified in apt conf files, nor http_proxy environment variable. More discussion about these behaviours can be found here: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1433761 keyserver-options are used to pass in proxy settings for apt-key, example: sudo apt-key adv --keyserver-options http-proxy=http://username:password@proxy.example.com:8080 --keyserver keyserver.ubuntu.com --recv-keys GPG_KEY This fix parse http_proxy and no_proxy environment variables and pass on proxy to apt-key using --keyserver-options if ubuntu key server is not in no_proxy list.
Similar reason behind ansible#42443 apt_repository module calls apt-key to add new repo source on ubuntu. apt-key does not respect Acquire::http::Proxy specified in apt conf files, nor http_proxy environment variable. More discussion about these behaviours can be found here: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1433761 keyserver-options are used to pass in proxy settings for apt-key, example: sudo apt-key adv --keyserver-options http-proxy=http://username:password@proxy.example.com:8080 --keyserver keyserver.ubuntu.com --recv-keys GPG_KEY This fix parse http_proxy and no_proxy environment variables and pass on proxy to apt-key using --keyserver-options if ubuntu key server is not in no_proxy list.
もとは単独のapt_repositoryモジュールで追加しようとしていた。 正しく動けばそれでも大丈夫なはずなんだけど、Windows10 1809、Ubuntu 18.04だとうまく動かなかった。 WSLで dirmngr が動かないとかansibleのapt_key、apt_repositoryモジュールが プロキシ環境変数を参照しないとかが原因っぽい。 apt_repositoryモジュール単独じゃなくて - name: Add a gpg key for emacs ppa repository apt_key: keyserver: keyserver.ubuntu.com id: EAAFC9CD state: present - name: Add emacs ppa repository apt_repository: repo: ppa:kelleyk/emacs state: present みたいな感じでapt_keyとapt_repositoryの組み合わせもうまくいかなかった。 "repo: ppa:kelleyk/emacs" という書き方だと、GPG鍵を改めて取得しにいって、 失敗している感じだった。 Windows10 1809でansibleのバグ修正がリリースされればapt_repositoryモジュール 単独でうまくいくかもしれない。 バグのissue - ttps://github.com/ansible/ansible/issues/42534 - ttps://github.com/microsoft/WSL/issues/3286#issuecomment-402594992 PPAリポジトリをapt-add-repositoryを使わずに追加する話。 - https://hnakamur.github.io/blog/2017/09/02/add-ppa-to-apt-line-without-add-apt-repository/
This module now uses |
SUMMARY
apt_repository is calling apt-key when adding new repo source. apt-key does not respect http_proxy env var nor Acquire::http::Proxy specified in apt conf files. However it does support proxy setting passed in from --keyserver-options parameter. Current apt_repository is missing logic to handle keyserver-options.
Therefore apt_repository will not be able to add new repo behind proxy on ubuntu
ISSUE TYPE
COMPONENT NAME
apt_repository
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
target env: ubuntu
STEPS TO REPRODUCE
EXPECTED RESULTS
repo been added
ACTUAL RESULTS
The text was updated successfully, but these errors were encountered: