Ansible Framework Container issueshttps://gitlab.lakedrops.com/ansible/playbooks/general/-/issues2024-02-09T14:36:05Zhttps://gitlab.lakedrops.com/ansible/playbooks/general/-/issues/117Handle apt_key deprecation2024-02-09T14:36:05ZJürgen Haasjuergen.haas@lakedrops.comHandle apt_key deprecationUbuntu has deprecated `apt_key` and since Ubuntu 22 this outputs deprecation warnings. They can be removed by cleaning up the keys with these steps:
```
# Get the list of available keys in deprecated storage
apt-key list
# Take the las...Ubuntu has deprecated `apt_key` and since Ubuntu 22 this outputs deprecation warnings. They can be removed by cleaning up the keys with these steps:
```
# Get the list of available keys in deprecated storage
apt-key list
# Take the last 8 bytes from the key hash and move that key
apt-key export HASH | sudo gpg --dearmour -o /usr/share/keyrings/NAME.gpg
# Add the signed-by info to the list file
[signed-by=/usr/share/keyrings/NAME.gpg]
# Verify that it works and then delete the key from deprecated storage
apt-key del HASH
```
However, when the next Ansible run uses `apt_repository`, then this brings back the old line and that will then cause a failure about conflicting keys.
Ideally, we should update all Ansible roles to use a more explicit method, which first downloads the key and then uses that in the apt repo list. Something like this:
```
- name: Download key
get_url:
url: https://download.example.com/linux/ubuntu/gpg
dest: /usr/share/keyrings/NAME.gpg
- name: Add repo
apt_repository:
repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/NAME.gpg] https://download.example.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
```Jürgen Haasjuergen.haas@lakedrops.comJürgen Haasjuergen.haas@lakedrops.com