I've asked this question over on
serverfault<http://serverfault.com/questions/382158/installing-jenkins-with-puppet-fails-to-import-gpg-key>,
but had no response.
I'm trying to install Jenkins with Puppet using the manifests below.
# init.pp
class jenkins {
include jenkins::install, jenkins::service
}
# service.pp
class jenkins::service {
service { "jenkins":
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
require => Class["jenkins::install"],
}
}
# install.pp
class jenkins::install {
include jenkins::install::repo
include jenkins::install::java
package { "jenkins":
ensure => present,
require =>
Class['jenkins::install::repo','jenkins::install::java'],
}
}
# install/repo.pp
class jenkins::install::repo {
file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
owner => root,
group => root,
mode => 0600,
source => "puppet:///jenkins/jenkins-ci.org.key"
}
yumrepo { "jenkins":
baseurl => "http://pkg.jenkins-ci.org/redhat";,
descr => "Jenkins",
enabled => 1,
gpgcheck => 1,
gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
}
}
# install/java.pp
class jenkins::install::java {
package { "java-1.6.0-openjdk":
ensure => present,
}
}
The repo is added and the key written to the file system. However, I get
the following error.
err: /Stage[main]/Jenkins::Install/Package[jenkins]/ensure: change
from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y
install jenkins' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA
signature: NOKEY, key ID d50582e6
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 309, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 261, in main
return_code = base.doTransaction()
File "/usr/share/yum-cli/cli.py", line 410, in doTransaction
if self.gpgsigcheck(downloadpkgs) != 0:
File "/usr/share/yum-cli/cli.py", line 510, in gpgsigcheck
self.getKeyForPackage(po, lambda x, y, z: self.userconfirm())
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line
3519, in getKeyForPackage
keys = self._retrievePublicKey(keyurl, repo)
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line
3484, in _retrievePublicKey
keys_info = misc.getgpgkeyinfo(rawkey, multiple=True)
File "/usr/lib/python2.4/site-packages/yum/misc.py", line 375, in
getgpgkeyinfo
raise ValueError(str(e))
ValueError: unknown pgp packet type 17 at 706
This suggests to me that the key isn't being imported successfully, and
`rpm -qa gpg-pubkey` doesn't show the key. If I manually `yum install
jenkins` without the key imported I get the same error. With the key
imported, the manual installation succeeds.
I'm successfully installing other yum repos and keys standalone (basically
the `install/repo.pp` manifest as its own module), such as EPEL, but as
this repo is only for Jenkins I wanted to include it in my Jenkins module.
Is there something wrong with my manifests? Or some other problem?
**UPDATE**:
If I run this manifest on the node with `puppet apply jenkins.pp` I get the
following error. I don't know if this is part of the problem or a red
herring.
# jenkins.pp
file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
owner => root,
group => root,
mode => 0600,
source => "/root/jenkins-ci.org.key"
}
yumrepo { "jenkins":
baseurl => "http://pkg.jenkins-ci.org/redhat";,
descr => "Jenkins",
enabled => 1,
gpgcheck => 1,
gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
}
# output
warning: Could not retrieve fact fqdn
notice:
/Stage[main]//File[/etc/pki/rpm-gpg/jenkins-ci.org.key]/ensure: defined
content as '{md5}9fa06089848262c5a6383ec27fdd2575'
notice: /Stage[main]//Yumrepo[jenkins]/descr: descr changed '' to
'Jenkins'
notice: /Stage[main]//Yumrepo[jenkins]/baseurl: baseurl changed ''
to 'http://pkg.jenkins-ci.org/redhat'
notice: /Stage[main]//Yumrepo[jenkins]/enabled: enabled changed ''
to '1'
notice: /Stage[main]//Yumrepo[jenkins]/gpgcheck: gpgcheck changed
'' to '1'
notice: /Stage[main]//Yumrepo[jenkins]/gpgkey: gpgkey changed '' to
'file:///etc/pki/rpm-gpg/jenkins-ci.org.key'
notice: Finished catalog run in 0.11 seconds
err: /File[/var/lib/puppet/rrd]/ensure: change from absent to
directory failed: Could not set 'directory on ensure: Could not find group
puppet
err: Could not send report: Got 1 failure(s) while initializing:
change from absent to directory failed: Could not set 'directory on ensure:
Could not find group puppet
Again, the repo is added but the key is not imported.
Any advice would be greatly appreciated.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/vXiEqP6KCt4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
