Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace gpgkey handling for suse #397

Closed
lbetz opened this issue Nov 13, 2017 · 4 comments
Closed

Replace gpgkey handling for suse #397

lbetz opened this issue Nov 13, 2017 · 4 comments
Assignees
@lbetz
Labels
bug
Milestone
v2.0.0

Comments

@lbetz
Copy link
Contributor

lbetz commented Nov 13, 2017

The gpgkey is managed by a file resource to download the key. After that we use an exec to import the key. So it's impossible to download the key thru a proxy because the proxy config of zypper is bypassed.

The puppet/zypper (version 2.0.0 and higher) module has a property gpgkey... use it.
@lbetz lbetz added the bug label Nov 13, 2017
@lbetz lbetz added this to the v1.3.4 milestone Nov 13, 2017
This was referenced Nov 13, 2017
Closed
Closed
@lbetz
Copy link
Contributor Author

lbetz commented Nov 20, 2017

Doesn't work, maybe voxpupuli/puppet-zypprepo#10. So we haven't a chance to offer an alternative method as the module uses now.

For SuSE use manage_repo => false and manage the repository on your own, i.e. with gpgcheck => false....

@lbetz lbetz closed this as completed Nov 20, 2017
@baurmatt
Copy link
Contributor

How about something like this:

# Workaround until zypprepo allows the adding of the keys
# https://github.com/deadpoint/puppet-zypprepo/issues/4
exec { 'logstash_suse_import_gpg':
  command => "wget -q -O /tmp/RPM-GPG-KEY-elasticsearch ${gpg_key_url}; \
  rpm --import /tmp/RPM-GPG-KEY-elasticsearch; \
  rm /tmp/RPM-GPG-KEY-elasticsearch",
  unless  => "test $(rpm -qa gpg-pubkey | grep -i \"${gpg_key_id}\" | wc -l) -eq 1 ",
}

This works perfectly fine for the logstash module and removes the need of /etc/pki/

@hboetes
Copy link

hboetes commented Nov 21, 2017

Looks ok, but please don't use /tmp since anyone can create a symlink to anywhere.

@lbetz lbetz reopened this Nov 22, 2017
@lbetz lbetz modified the milestones: v1.3.4, v1.4.0 Dec 1, 2017
@lbetz lbetz modified the milestones: v1.4.0, v2.0.0 Sep 13, 2018
lbetz added a commit that referenced this issue Feb 3, 2019
@lbetz
fix #397 Replace gpgkey handling for suse
46a4b36
@lbetz
Copy link
Contributor Author

lbetz commented Feb 3, 2019

May someone wanna test branch 'bug/Replace-gpgkey-handling-for-suse-397' (note requires puppet 4.10 and higher).

Adding the following to hiera

icinga2::repo:
proxy: https://host.example.org:3128

will use the proxy to download the gpg key and add it to a new line to the repo file.

@lbetz lbetz self-assigned this Feb 3, 2019
@lbetz lbetz closed this as completed in db287dd Feb 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lbetz lbetz

Labels
bug
Projects
None yet
Milestone
v2.0.0
Development

No branches or pull requests
3 participants
@baurmatt @hboetes @lbetz