I just tried to rebuild some AMIs for our very outdated 1.7 cluster and discovered that our ansible scripts now fail with a signature error on the elastic repo which used to work as documented here:
https://www.elastic.co/guide/en/elasticsearch/reference/1.7/setup-repositories.html
The error I'm getting is:
==> null: W: GPG error: http://packages.elastic.co/elasticsearch/1.7/debian stable Release: The following signatures were invalid: 46095ACC8548582C1A2699A9D27D666CD88E42B4
==> null: E: The repository 'http://packages.elastic.co/elasticsearch/1.7/debian stable Release' is not signed.
To work around this, I simply curled the package and used dpkg -i to install it.
curl -L -O https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.6.deb
dpkg -i elasticsearch-1.7.6.deb
If anyone has a better solution for this, I'd be interested to know. Any Elastic people reading this, please update the documentation for this or fix the signature; probably there are some more people getting stuck on this. Also, I think this may affect other packages as well.
For reference, here's my ansible code with the old way of installing commented out.
# - name: Install es add-apt-repostory
# become: yes
# apt: name=software-properties-common state=latest
# - name: Add es apt key
# become: yes
# apt_key: url=https://packages.elastic.co/GPG-KEY-elasticsearch state=present
# - name: Add es Repository
# become: yes
# apt_repository: repo='deb http://packages.elastic.co/elasticsearch/1.7/debian stable main' state=present
# - name: Install ES 1.7.x
# become: yes
# apt: name=elasticsearch state=present allow-unauthenticated=true
# NOTE official repo signature no longer works so working around it by installing using dpkg; should be the same package as before
- name: download es deb package
get_url:
url: https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.6.deb
dest: /tmp/elasticsearch-1.7.6.deb
- name: install the es deb
shell: dpkg -i /tmp/elasticsearch-1.7.6.deb