I receive these warnings and errors on my install using trellis-cli to create a local dev server from wsl. Does anyone know how to fix the issue?
TASK [mariadb : Add MariaDB APT key] *******************************************
fatal: [default]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv F1656F24C74CD1D8", "forced_environment": {"LANG": "C.utf8", "LC_ALL": "C.utf8", "LC_MESSAGES": "C.utf8"}, "msg": "Error fetching key F1656F24C74CD1D8 from keyserver: hkp://keyserver.ubuntu.com:80", "rc": 2, "stderr": "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).\ngpg: CRC error; 808723 - D02496\ngpg: read_block: read error: Invalid keyring\ngpg: Total number processed: 0\n", "stderr_lines": ["Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).", "gpg: CRC error; 808723 - D02496", "gpg: read_block: read error: Invalid keyring", "gpg: Total number processed: 0"], "stdout": "Executing: /tmp/apt-key-gpghome.Eq8A6VTMci/gpg.1.sh --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv F1656F24C74CD1D8\n", "stdout_lines": ["Executing: /tmp/apt-key-gpghome.Eq8A6VTMci/gpg.1.sh --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv F1656F24C74CD1D8"]}
PLAY RECAP *********************************************************************
default : ok=42 changed=19 unreachable=0 failed=1 skipped=15 rescued=0 ignored=0
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
1 Like
Following along. I also hit this issue in the past couple days trying to provision a remote environment.
Hopefully a fix is on the way.
joshb
February 13, 2024, 7:35pm
4
Also getting a similar error attempting to boot up an old project. I had several other errors I managed to bypass and now I am on this one:
TASK [common : Restrict journal log size] ************************************** fatal: [default]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'max_journal_size' is undefined\n\nThe error appears to be in '/trellis/roles/common/tasks/main.yml': line 191, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Restrict journal log size\n ^ here\n"}
Running trellis / vagrant / parallels on M2
joshb
February 13, 2024, 7:50pm
5
Not sure if this will help any other cases but I was missing:
max_journal_size: 512M
from my group_vars/all/main.yml
file for some reason but I got past that one.
Now onto the next error…
Did you have one about a deprecated key, that is where the system crashes on mine and does not complete.
I tried again with a fresh install today just to see if maybe I goofed a step up and the same “Deprecated key with for MariaDB.” error
Jup, I just bumped into the same error during a first deploy to a fresh droplet using Trellis 1.21.0 but instead for NGINX :
TASK [nginx : Add Nginx APT key] ***********************************************
fatal: [165.232.87.22]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --no-tty --keyserver https://nginx.org/keys/nginx_signing.key --recv ABF5BD827BD9BF62", "msg": "Error fetching key ABF5BD827BD9BF62 from keyserver: https://nginx.org/keys/nginx_signing.key", "rc": 2, "stderr": "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).\ngpg: key ABF5BD827BD9BF62: public key \"nginx signing key <signing-key@nginx.com>\" imported\ngpg: key 2FD21310B49F6B46: rejected by import screener\ngpg: key BCDCD8A38D88A2B3: rejected by import screener\ngpg: Total number processed: 3\ngpg: imported: 1\n", "stderr_lines": ["Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).", "gpg: key ABF5BD827BD9BF62: public key \"nginx signing key <signing-key@nginx.com>\" imported", "gpg: key 2FD21310B49F6B46: rejected by import screener", "gpg: key BCDCD8A38D88A2B3: rejected by import screener", "gpg: Total number processed: 3", "gpg: imported: 1"], "stdout": "Executing: /tmp/apt-key-gpghome.qi2Ktx2iZU/gpg.1.sh --no-tty --keyserver https://nginx.org/keys/nginx_signing.key --recv ABF5BD827BD9BF62\n", "stdout_lines": ["Executing: /tmp/apt-key-gpghome.qi2Ktx2iZU/gpg.1.sh --no-tty --keyserver https://nginx.org/keys/nginx_signing.key --recv ABF5BD827BD9BF62"]}
To fix the MariaDB task, you need to pull in this commit
In the Add Nginx APT key task, trellis uses apt_key , but in the MariaDB Apt signing key task, it uses ansible.builtin.apt_key
If I apply the same commit changes to the NGINX task:
---
- name: Add Nginx APT key
ansible.builtin.apt_key:
url: "https://nginx.org/keys/nginx_signing.key"
state: present
- name: Add Nginx PPA
apt_repository:
repo: "{{ nginx_ppa }}"
update_cache: yes
- name: Install Nginx
ansible.builtin.apt:
name: "{{ nginx_package }}"
state: "{{ nginx_package_state | default(apt_package_state) }}"
update_cache: true
Provisioning seems to work again!
You can also remove these lines from roles/nginx/defaults/main.yml
:
nginx_keyserver: "https://nginx.org/keys/nginx_signing.key"
nginx_keyserver_id: "ABF5BD827BD9BF62"
5 Likes
ben
May 30, 2024, 2:34pm
9
Can you submit a PR for this please?
Hey, just bumped into this as well, also in NGINX. Can confirm the lines above fix the issue for me.
2 Likes
Is this, by chance, somehow related to this apt
update warning?:
Updating apt results in the following warning:
W: http://ppa.launchpad.net/ondrej/php/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://mirror.rackspace.com/mariadb/repo/10.11/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://mirror.rackspace.com/mariadb/repo/10.6/ubuntu…
Thanks for the fix Just to share, I had this issue with an existing deployment and needed to do some extra steps: I updated Trellis to v1.22.1 but found that to run provision on my existing install I needed to remove the extra sources on the server so apt update
could run again:
cd /etc/apt/sources.list.d/
rm nginx_org_packages_mainline_ubuntu.list ppa_ondrej_php_jammy.list mirror_rackspace_com_mariadb_repo_10_6_ubuntu.list
Once the sources were removed I could provision, which recreated the sources. Not sure if there’s a better approach, maybe someone can advise?
@strarsis I think the underlying error this fixes is that the NGINX key expired . I am still seeing the deprecation notice after upgrading, but provisioning works again and I can run apt update
without it failing.