Recently added this to a project, appears the default config may no longer be valid? I get the following error:
fatal: [127.0.0.1]: FAILED! => changed=false
attempts: 5
msg: 'failed to fetch key at https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-2 , error was: HTTP Error 404: Not Found'
Looking at https://dl.fedoraproject.org/pub/epel/ it appears there is a GPG key for 4-7, but nothing for 1-3.
Looking more at this, think this might be an issue specific to Amazon Linux. It is RHEL based with yum but I am running AL2 and I imagine this thinks 2 is the RHEL release, when its just the Amazon Linux version. I assumed EPEL could be used here but maybe this is ill advised? Will need to dig a bit deeper.
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2:-:internal"
HOME_URL="https://amazonlinux.com/"
VARIANT="internal"
Looks like epel is recommended to be installed differently for AL2
sudo amazon-linux-extras install epel -y
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-enable-epel/
Any interest in a PR adding support for AL2? Just need some rough guidance on how you'd like to achieve that if so. Probably just guards on the main tasks, or maybe separate task files, one for AL2 and one for everyone else?
changed the title
failed to fetch key at https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-2 , error was: HTTP Error 404: Not Found'
Fails to install EPEL when using Amazon Linux 2
Dec 22, 2022
also see recommendations to use rhel 7
https://sysadminxpert.com/install-epel-repository-on-linux/#EPEL_Repository_for_Amazon_Linux
On my AL2 machine, epel is missing from amazon-linux-extras
, might be better to take this approach
$ sudo amazon-linux-extras install epel -y
Topic epel is not found.
Have done some more tinkering, I now have:
- name: gather os specific variables
include_vars: "{{ item }}"
with_first_found:
- "os_vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version}}.yml"
- "os_vars/{{ ansible_distribution }}.yml"
tags: ["always"]
as a pretask, and I made a file in os_vars/Amazon-2.yml
that contains:
epel_repo_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm"
epel_repo_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7"
and then I import the role as:
- name: enable epel on RHEL systems
import_role:
name: geerlingguy.repo-epel
become: yes
when: configure_epel and ansible_os_family == "RedHat"
tags: ["epel"]
However, this gives me the following error:
TASK [geerlingguy.repo-epel : Check if EPEL repo is already configured.] *************************************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => changed=false
module_stderr: ''
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1
If i run the role with become: no
I get the following error:
TASK [geerlingguy.repo-epel : Import EPEL GPG key.] *************************************************************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => changed=false
attempts: 5
msg: |-
error: cannot open Packages index using db5 - Permission denied (13)
error: cannot open Packages database in /var/lib/rpm
error: /tmp/tmpDJkiX8: key 1 import failed.
Interesting note is that the stat
succeeds with become: no
, but not with become: yes
The module failure stuff when using become
is due to locked down sudo permissions, ended up having to set ANSIBLE_EXECUTABLE
, and it appears that after doing that, the role ran successfully.
With that fixed, that just leaves configuring the role to use the right EPEL URL for AL2.
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read this blog post to see the reasons why I mark issues as stale.