-
Notifications
You must be signed in to change notification settings - Fork 223
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When upgrading datadog v6 to v7 using new 2022 apt keys, role breaks #441
Comments
Hi 👋,
As a temporary fix, I think it's perfectly fine to ensure that In theory, this could happen again when we do the next rotation (in ~2 years), so we'll have to figure out a systematic way to solve this. One way that comes to my mind is temporarily disabling the datadog sources while installing the other packages and only re-enabling them once all other packages (and the new keys) are installed. This could be a bit tedious to implement/maintain, so I'll try to see if there's a better solution, but at least we will have a solution. |
So I tried temporarily disabling the datadog sources while installing the other packages and re-enabling them afterwards. There is a problem with this approach: APT doesn't know the concept of "temporarily disabling a source for a single operation", so the only way to do this is delete/rename the source list file. This however has unintended consequences:
While we certainly could always do the last point, it's certainly not optimal to have to redownload the repodata on every single ansible run. I'll try to think a little bit more to see if we could get a better solution for this. |
Hello everyone,
So I use the ansible role and I recently updated the role from 4.2.1 to 4.15.0 so I could update datadog from v6 to v7 in my machines.
I am setting in the ansible role:
datadog_agent_version: "1:7.36.1-1"
So when I ran the role:
TASK [datadog.datadog : Install apt-transport-https] ***************************************************************************************************************************************************************************************************************************
ok: [machine]
fatal: [machine]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: "}
This happens because in the pkg-debian.yaml it has:
But when you try to run
apt get update
as part of this task there's errors regarding keys.Hit:1 http://azure.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://azure.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://azure.archive.ubuntu.com/ubuntu bionic-backports InRelease
Hit:4 http://repo.percona.com/percona/apt bionic InRelease
Hit:5 http://repo.percona.com/prel/apt bionic InRelease
Hit:6 https://artifacts.elastic.co/packages/7.x/apt stable InRelease
Hit:7 https://archive.mariadb.org/mariadb-10.2.31/repo/ubuntu bionic InRelease
Ign:8 https://apt.datadoghq.com stable InRelease
Hit:10 http://security.ubuntu.com/ubuntu bionic-security InRelease
Get:9 https://apt.datadoghq.com stable Release [9927 B]
Get:11 https://apt.datadoghq.com stable Release.gpg [801 B]
Err:11 https://apt.datadoghq.com stable Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 33EE313BAD9589B7
Fetched 10.7 kB in 1s (9893 B/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.datadoghq.com stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 33EE313BAD9589B7
W: Failed to fetch https://apt.datadoghq.com/dists/stable/Release.gpg The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 33EE313BAD9589B7
W: Some index files failed to download. They have been ignored, or old ones used instead.
The only way I found to resolve this was to add a task to remove
/etc/apt/sources.list.d/ansible_datadog_6.list
and/etc/apt/sources.list.d/ansible_datadog_7.list
which containsdeb https://apt.datadoghq.com/ stable X
and re-run the roleThe text was updated successfully, but these errors were encountered: