I'm using the shell module:
- name: trust gpg key
become: true
shell: echo -e '5\ny\n' | gpg --homedir /root/.gnupg --command-fd 0 --edit-key 1401d4d21e93 trust
But this complains with
gpg: cannot open '/dev/tty': No such device or address
The gpg command works when I run it manually. So the problem seems to be the echo into a pipe.
How do I fix this?
The error you're encountering is caused by pipelining.
Pipelining, if supported by the connection plugin, reduces the number of network operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfer.
You can try setting:
export ANSIBLE_PIPELING=True
export ANSIBLE_SSH_PIPELING=True
But I think you may encounter this caveat:
However this (pipelining) conflicts with privilege escalation (become). For example, when using ‘sudo:’ operations you must first disable ‘requiretty’ in /etc/sudoers on all managed hosts, which is why it is disabled by default. This options is disabled if ANSIBLE_KEEP_REMOTE_FILES is enabled.
To get around all this you may want to create a file for the trust and use the gpg --import-ownertrust command.
Reference
Ansible Config
GPG import-ownertrust
GPG import and export instructions
