Error while Installing EPEL yum repository

Question

While building a packer image, during installing the epel using ansible:

- name: install EPEL yum repository
  yum:
    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    state: present

I am getting this error:

fatal: [default]: FAILED! => {"changed": false, "msg": "warning: /home/centos/~user/.ansible/tmp/ansible-tmp-1602677619.35-135127023136118/epel-release-latest-7.noarch4i6J_H.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY\n\n\nPublic key for epel-release-latest-7.noarch4i6J_H.rpm is not installed\n", "rc": 1, "results": ["Loaded plugins: fastestmirror\nExamining /home/centos/~user/.ansible/tmp/ansible-tmp-1602677619.35-135127023136118/epel-release-latest-7.noarch4i6J_H.rpm: epel-release-7-12.noarch\nMarking /home/centos/~user/.ansible/tmp/ansible-tmp-1602677619.35-135127023136118/epel-release-latest-7.noarch4i6J_H.rpm to be installed\nResolving Dependencies\n--> Running transaction check\n---> Package epel-release.noarch 0:7-12 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package         Arch      Version Repository                              Size\n================================================================================\nInstalling:\n epel-release    noarch    7-12    /epel-release-latest-7.noarch4i6J_H     24 k\n\nTransaction Summary\n================================================================================\nInstall  1 Package\n\nTotal size: 24 k\nInstalled size: 24 k\nDownloading packages:\n"]}
         to retry, use: --limit @/home/ansible/install.retry

 PLAY RECAP *********************************************************************
 default                    : ok=3    changed=2    unreachable=0    failed=1

Anyone faced a similar issue?

Answer 1

You are missing epel GPG key on your system, you should either add

disable_gpg_check: yes to your task to skip gpg checking completely (not secure, bad practice), or add actual gpg key with rpm_key module, i.e. before running task

- name: Import a key from a url
  rpm_key:
    state: present
    key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

You can find appropriate key in epel root.

However, if you have a centos 7 system, the easiest way to add epel would be to install epel-release package, without actually pulling an rpm from fedora project, i.e.

- name: install EPEL yum repository
  yum:
    name: epel-release
    state: present