"Failed to update apt cache" problem while installing edx-notes in ubuntu 16.04

Site Operators Site Operations Help
1

Normally, I would simply run the following commands in order to clean the apt-cache:

sudo rm -rf /var/lib/apt/lists/*
sudo apt-get update

But this time, nothing will do and I always end up at one point or another with these kinds of error messages:

TASK [server_utils : Install ubuntu system packages] *************************************************************************************************

failed: [localhost] (item=[u’ack-grep’, u’mosh’, u’tree’, u’screen’, u’tmux’, u’curl’, u’vim’, u’dnsutils’, u’inetutils-telnet’, u’netcat’]) => {“failed”: true, “item”: [“ack-grep”, “mosh”, “tree”, “screen”, “tmux”, “curl”, “vim”, “dnsutils”, “inetutils-telnet”, “netcat”], “msg”: “Failed to update apt cache.”}

Anything else I can try?

P.S. To be fair and honest, I was able to install edx-notes but I had to comment out all the installation / apt commands from the different Ansible roles in configuration that the notes.yml role calls. Not the best solution…

2

Hi @sambapete What errors are you getting? I occasionally see things like this:

ubuntu@localhost:~$ sudo apt-get update
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will
be used. GPG error: http://ppa.edx.org xenial InRelease: The following signatures were invalid: KEYEXPIRED 1513191113
KEYEXPIRED 1513191113  KEYEXPIRED 1513191113
W: Failed to fetch http://ppa.edx.org/dists/xenial/InRelease  The following signatures were invalid: KEYEXPIRED
1513191113  KEYEXPIRED 1513191113  KEYEXPIRED 1513191113
W: Some index files failed to download. They have been ignored, or old ones used instead.

And so have to repair it manually like this:

ubuntu@localhost:~$ apt-key list | grep expired
pub   4096R/69464050 2015-12-16 [expired: 2017-12-13]
uid                  edX Inc. (edX PPA) <admin+ppa@edx.org>

ubuntu@localhost:~$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 69464050
Executing: /tmp/tmp.CutTsp1gAX/gpg.1.sh --keyserver
keyserver.ubuntu.com
--recv-keys
69464050
gpg: requesting key 69464050 from hkp server keyserver.ubuntu.com
gpg: key 69464050: "edX Inc. (edX PPA) <admin+ppa@edx.org>" 2 new signatures
gpg: Total number processed: 1
gpg:         new signatures: 2

cf https://linux-audit.com/how-to-solve-an-expired-key-keyexpired-with-apt/

3

Hi Jill,

The errors are clearly when ansible calls apt not when I call sudo apt-get update on the command line for example.

4

That’s weird… especially since the error message is “Failed to update apt cache.” Maybe your apt mirror is timing out, or there’s an issue with one of the apt sources that the playbooks add. Can you turn up the verbosity to get more information? ansible-playbook takes up to -vvvv, and so can produce more info than you’d ever want :slight_smile:

If it’s an issue with the packages themselves, you can always override server_utils_debian_pkgs with the list of packages that actually work for you. There’s some interesting comments in there, like “not sure why this is installed” for a couple of the packages… so maybe some those aren’t actually required?

5

Yes, I’ll try to turn up the verbosity. Good idea. I wonder what will turn up in the produced info :slight_smile:

I wasn’t a KEYEXPIRED issue. I ran into those a few times over the years. It could also be a bad key related to ElasticSearch or MongoDB.

I was in a hurry (read: the person who wanted that package wanted it now) and I knew that if I simply “comment out” the apt comment in the different roles then it would not try to install packages that are already installed because this is an ironwood instance from earlier this year and the common packages and server_utils_debian_pkgs are already installed, right? :slight_smile:

Turns out I was right on that count… but this is definitely not something I would recommend to someone who has less experience with the platform like you and I.

I will let you know if something interesting turns up.

6

I did some cleanup in /etc/apt/sources.list.d just to make sure I have no errors or warnings when running “sudo apt-get update”. Like I assumed, there were old entries for ES 0.90, ES 1.5 and MongoDB.

I’ll try it again tomorrow (Wednesday for me).

2 Likes
7

I couldn’t go to bed without testing it, could I?

That was it. Expired or bad entries in /etc/apt/sources.list.d

Thanks for the brainstorm @jill

1 Like
8

Love you obsessive types :heart:

Glad you sorted it out @sambapete!

9

Hi @jill! I’m facing the same issue on openedX Juniper release, it seems the same key expired but running the command doesn’t fetch any updated signatures.

root@lms:/edx/app/edxapp/edx-platform# apt-key list | grep expired
pub   4096R/69464050 2015-12-16 [expired: 2021-12-05]

Running sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 69464050 results in

Executing: /tmp/tmp.nexBXUcx8a/gpg.1.sh --keyserver
keyserver.ubuntu.com
--recv-keys
69464050
gpg: requesting key 69464050 from hkp server keyserver.ubuntu.com
gpg: key 69464050: "edX Inc. (edX PPA) <admin+ppa@edx.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Did I miss something from your solution?