-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deb822_repository fails to fetch signed_by key: HTTP Error 403: Forbidden #80809
Comments
Files identified in the description: If these files are incorrect, please update the |
The issue would seem to be that pkg.cloudflare.com is blocking HTTP requests with specific user agents, such as the default python user agent.
diff --git a/lib/ansible/modules/deb822_repository.py b/lib/ansible/modules/deb822_repository.py
index 0c706ce06e..9f90b88e06 100644
--- a/lib/ansible/modules/deb822_repository.py
+++ b/lib/ansible/modules/deb822_repository.py
@@ -325,7 +325,7 @@ def write_signed_by_key(module, v, slug):
parts = generic_urlparse(urlparse(v))
if parts.scheme:
try:
- r = open_url(v)
+ r = open_url(v, http_agent='ansible-httpget')
except Exception as exc:
raise_from(RuntimeError(to_native(exc)), exc)
else: |
I've added easyfix to this, since I've basically provided a fix. If anyone is interested in working on this feel free to put together a full PR with hopefully tests if feasible to test this, and a changelog entry. |
* Use http-agent in open_url API while getting cloudflare content Fixes: ansible#80809 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Use http-agent in open_url API while getting cloudflare content Fixes: ansible#80809 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
resolved_by_pr #80876 |
* Use http-agent in open_url API while getting cloudflare content Fixes: #80809 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Use http-agent in open_url API while getting cloudflare content Fixes: ansible#80809 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Use http-agent in open_url API while getting cloudflare content Fixes: ansible#80809 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Use http-agent in open_url API while getting cloudflare content Fixes: #80809 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Summary
When I try to add the cloudflared repo with the new deb822_repository module I get the following response:
fatal: [xxxxxx]: FAILED! => {"changed": false, "msg": "Could not fetch signed_by key: HTTP Error 403: Forbidden"}
I've tested the module with the Tailscale repo and that worked. Then I tested if there was something up with the cloudflare repo but fetching the gpg key with
wget
andcurl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
work as expected. Must be some kind of mismatch between this module and the cloudflared repository but I'm not really skilled enough to troubleshoot this further.Issue Type
Bug Report
Component Name
deb822_repository
Ansible Version
Configuration
OS / Environment
macOS Ventura 13.3.1 (a)
Steps to Reproduce
This code doesn't work
This code is working
Expected Results
I expected the repository to be added with the specified key.
Actual Results
Code of Conduct
The text was updated successfully, but these errors were encountered: