Wrong APT-key

[pschichtel]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.7.2
• Ruby: 2.3.3p222
• Distribution: Debian Jessie
• Module version: 3.0.0

How to reproduce (e.g Puppet code you use)

1. set mongodb::repo::version: '3.7'
2. set mongodb::globals::manage_package_repo: true
3. run puppet
4. run apt-get update

What are you seeing

This key is installed:

pub   rsa2048 2010-02-05 [SC]
      492E AFE8 CD01 6A07 919F  1D2B 9ECB EC46 7F0C EB10
uid           [ unknown] Richard Kreuter <richard@10gen.com>

resulting in:

W: GPG error: https://repo.mongodb.org/apt/debian stretch/mongodb-org/3.7 Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3DAB71713396F72B
W: The repository 'https://repo.mongodb.org/apt/debian stretch/mongodb-org/3.7 Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

What behaviour did you expect instead

This key:

pub   rsa4096 2017-11-15 [SC] [expires: 2019-11-15]
      BD8C 80D9 C729 D005 24E0  68E0 3DAB 7171 3396 F72B
uid           [ unknown] MongoDB 3.8 Release Signing Key <packaging@mongodb.com>

resulting in:

Hit:10 https://repo.mongodb.org/apt/debian stretch/mongodb-org/3.7 Release
Get:12 https://repo.mongodb.org/apt/debian stretch/mongodb-org/3.7 Release.gpg [801 B]

Output log

none

Any additional information you'd like to impart

nope

[ekohl]

Could you submit a PR? The relevant code is here:

puppet-mongodb/manifests/repo.pp

Lines 59 to 64 in 7857999

	$key = "${mongover[0]}.${mongover[1]}" ? {
	'3.6' => '2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5',
	'3.4' => '0C49F3730359A14518585931BC711F9BA15703C6',
	'3.2' => '42F3E95A2C4F08279C4960ADD68FA50FEA312927',
	default => '492EAFE8CD016A07919F1D2B9ECBEC467F0CEB10'
	}

[pschichtel]

I noticed afterwards, that 3.7 is unstable anyway. in repo.pp only stable releases are listed, so do you even want this change?

[ekohl]

I don't know how final the key is. If the repo is unstable, but the release key is final then inclusion is fine IMHO.

[rmalenko]

I use MongoDB 4.0 and add the new key to mongodb/manifests/repo.pp

        $key = "${mongover[0]}.${mongover[1]}" ? {
          '3.6'   => '2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5',
          '3.4'   => '0C49F3730359A14518585931BC711F9BA15703C6',
          '3.2'   => '42F3E95A2C4F08279C4960ADD68FA50FEA312927',
          '4.0'   => '9DA31620334BD75D9DCB49F368818C72E52529D4',
          default => '9DA31620334BD75D9DCB49F368818C72E52529D4'
        }

[TheoPoc]

@rmalenko Is this module compatible with MongoDB 4.0 ?
Module seems not working cause basically it will install only mongodb-org-server and mongodb-org-shell.

My example:

class {'mongodb::globals':
    manage_package_repo => false,
    manage_package      => true,
    use_enterprise_repo => false,
    bind_ip => ['127.0.0.1'],
  }
  -> class {'mongodb::client': }
  -> class {'mongodb::server':
    auth => false,
    dbpath => '/mnt/space1/srv/mongodb',
    dbpath_fix => true,
    restart => true,
    verbose => true,
  }

Can you explain me how you do this please ?

[rmalenko]

@TheoPoc my manifest

 class {'mongodb::globals':
    manage_package_repo => true,
    version             => '4.0.11',
    bind_ip             => [$::ipaddress_eth1],
    mongod_service_manage => true,
    user => mongodb,
    group  => mongodb,
  }
  -> class {'mongodb::client': }
  -> class {'mongodb::server':
    auth => false,
    ensure => present,
    nojournal => true,
    storage_engine => 'wiredTiger',
    # change on production to false
    restart => true,
  }

[rmalenko]

#552