How To Automatically Confirm Importing Repo Key?

Home » CentOS » How To Automatically Confirm Importing Repo Key?
CentOS 1 Comment


I’m trying to set up provisioning LXC container running CentOS. And among other things, I need to install nginx + passenger from a non-official repo (the docs: With this playbook:

– hosts: all
– name: Add repository
# from
name: passenger
description: Passenger repository
repo_gpgcheck: 1
gpgcheck: 0
enabled: 1
sslverify: 1
sslcacert: /etc/pki/tls/certs/ca-bundle.crt

– name: (1) Add repository key (shell command)
command: rpm –import

# #
# – name: (2) Add repository key (python code)
# rpm_key:
# key:

– name: Install nginx
yum: name={{ item }}
with_items: nginx

ansible fails performing the last task with:

Failure talking to yum: failure: repodata/repomd.xml from passenger:
[Errno 256] No more mirrors to try.
[Errno -1] repomd.xml signature could not be verified for passenger

no matter which way of importing key I choose (1 or 2).

If I then SSH to container and run `yum install nginx` manually, it says:

Retrieving key from Importing GPG key 0xD59097AB:
Userid : “packagecloud ops (production key)
Fingerprint: 418a 7f2f b0e1 e6e7 eabf 6fe8 c2e7 3424 d590 97ab From : Is this ok [y/N]:

And I suppose this extra confirmation request is what makes ansible fail. Can it be confirmed automatically?

I tried to make it clear for those who don’t use ansible, but feel free to ask questions. Thanks in advance.

Related Stack Overflow question (just in case):

Regards, Yuri

One thought on - How To Automatically Confirm Importing Repo Key?

  • Now that I think about it, I should’ve reproduced it with just shell script and didn’t involve ansible, when asking the question. Things are more or less clear now. The only thing I’d like to confirm if this makes for a good way of automatically confirming importing repo key?

    yum makecache -y –disablerepo=* –enablerepo=passenger

    Regards, Yuri