Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace gpgkey handling for suse #397

Closed
lbetz opened this Issue Nov 13, 2017 · 4 comments

Comments

Projects
None yet
3 participants
@lbetz
Copy link
Member

lbetz commented Nov 13, 2017

The gpgkey is managed by a file resource to download the key. After that we use an exec to import the key. So it's impossible to download the key thru a proxy because the proxy config of zypper is bypassed.

The puppet/zypper (version 2.0.0 and higher) module has a property gpgkey... use it.

@lbetz lbetz added the bug label Nov 13, 2017

@lbetz lbetz added this to the v1.3.4 milestone Nov 13, 2017

This was referenced Nov 13, 2017

@lbetz

This comment has been minimized.

Copy link
Member Author

lbetz commented Nov 20, 2017

Doesn't work, maybe voxpupuli/puppet-zypprepo#10. So we haven't a chance to offer an alternative method as the module uses now.

For SuSE use manage_repo => false and manage the repository on your own, i.e. with gpgcheck => false....

@lbetz lbetz closed this Nov 20, 2017

@baurmatt

This comment has been minimized.

Copy link
Contributor

baurmatt commented Nov 21, 2017

How about something like this:

# Workaround until zypprepo allows the adding of the keys
# https://github.com/deadpoint/puppet-zypprepo/issues/4
exec { 'logstash_suse_import_gpg':
  command => "wget -q -O /tmp/RPM-GPG-KEY-elasticsearch ${gpg_key_url}; \
  rpm --import /tmp/RPM-GPG-KEY-elasticsearch; \
  rm /tmp/RPM-GPG-KEY-elasticsearch",
  unless  => "test $(rpm -qa gpg-pubkey | grep -i \"${gpg_key_id}\" | wc -l) -eq 1 ",
}

This works perfectly fine for the logstash module and removes the need of /etc/pki/

@hboetes

This comment has been minimized.

Copy link

hboetes commented Nov 21, 2017

Looks ok, but please don't use /tmp since anyone can create a symlink to anywhere.

@lbetz lbetz reopened this Nov 22, 2017

@lbetz lbetz modified the milestones: v1.3.4, v1.4.0 Dec 1, 2017

@lbetz lbetz modified the milestones: v1.4.0, v2.0.0 Sep 13, 2018

lbetz pushed a commit that referenced this issue Feb 3, 2019

@lbetz

This comment has been minimized.

Copy link
Member Author

lbetz commented Feb 3, 2019

May someone wanna test branch 'bug/Replace-gpgkey-handling-for-suse-397' (note requires puppet 4.10 and higher).

Adding the following to hiera

icinga2::repo:
proxy: https://host.example.org:3128

will use the proxy to download the gpg key and add it to a new line to the repo file.

@lbetz lbetz self-assigned this Feb 3, 2019

@lbetz lbetz closed this in db287dd Feb 4, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.