Hi,
The way that i import my keys is to set the gpg key for the yum repo like so:
yumrepo { "jenkins":
baseurl => "http://pkg.jenkins-ci.org/redhat";,
descr => "Jenkins",
enabled => 1,
gpgcheck => 1,
gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key";,
}
Should take care of the import for you.
The 'updated' issue is probably irrelevant.
Cheers
Den
On 26/04/2012, at 9:22, Michael Harris <mich...@twofishcreative.com> wrote:
> I've asked this question over on serverfault, but had no response.
>
> I'm trying to install Jenkins with Puppet using the manifests below.
>
> # init.pp
> class jenkins {
> include jenkins::install, jenkins::service
> }
>
> # service.pp
> class jenkins::service {
> service { "jenkins":
> ensure => running,
> hasstatus => true,
> hasrestart => true,
> enable => true,
> require => Class["jenkins::install"],
> }
> }
>
> # install.pp
> class jenkins::install {
> include jenkins::install::repo
> include jenkins::install::java
>
> package { "jenkins":
> ensure => present,
> require =>
> Class['jenkins::install::repo','jenkins::install::java'],
> }
> }
>
> # install/repo.pp
> class jenkins::install::repo {
> file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
> owner => root,
> group => root,
> mode => 0600,
> source => "puppet:///jenkins/jenkins-ci.org.key"
> }
>
> yumrepo { "jenkins":
> baseurl => "http://pkg.jenkins-ci.org/redhat";,
> descr => "Jenkins",
> enabled => 1,
> gpgcheck => 1,
> gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
> require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
> }
> }
>
> # install/java.pp
> class jenkins::install::java {
> package { "java-1.6.0-openjdk":
> ensure => present,
> }
> }
>
> The repo is added and the key written to the file system. However, I get the
> following error.
>
> err: /Stage[main]/Jenkins::Install/Package[jenkins]/ensure: change
> from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y
> install jenkins' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA
> signature: NOKEY, key ID d50582e6
> Traceback (most recent call last):
> File "/usr/bin/yum", line 29, in ?
> yummain.user_main(sys.argv[1:], exit_code=True)
> File "/usr/share/yum-cli/yummain.py", line 309, in user_main
> errcode = main(args)
> File "/usr/share/yum-cli/yummain.py", line 261, in main
> return_code = base.doTransaction()
> File "/usr/share/yum-cli/cli.py", line 410, in doTransaction
> if self.gpgsigcheck(downloadpkgs) != 0:
> File "/usr/share/yum-cli/cli.py", line 510, in gpgsigcheck
> self.getKeyForPackage(po, lambda x, y, z: self.userconfirm())
> File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3519,
> in getKeyForPackage
> keys = self._retrievePublicKey(keyurl, repo)
> File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3484,
> in _retrievePublicKey
> keys_info = misc.getgpgkeyinfo(rawkey, multiple=True)
> File "/usr/lib/python2.4/site-packages/yum/misc.py", line 375, in
> getgpgkeyinfo
> raise ValueError(str(e))
> ValueError: unknown pgp packet type 17 at 706
>
> This suggests to me that the key isn't being imported successfully, and `rpm
> -qa gpg-pubkey` doesn't show the key. If I manually `yum install jenkins`
> without the key imported I get the same error. With the key imported, the
> manual installation succeeds.
>
> I'm successfully installing other yum repos and keys standalone (basically
> the `install/repo.pp` manifest as its own module), such as EPEL, but as this
> repo is only for Jenkins I wanted to include it in my Jenkins module.
>
> Is there something wrong with my manifests? Or some other problem?
>
> **UPDATE**:
>
> If I run this manifest on the node with `puppet apply jenkins.pp` I get the
> following error. I don't know if this is part of the problem or a red herring.
>
> # jenkins.pp
> file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
> owner => root,
> group => root,
> mode => 0600,
> source => "/root/jenkins-ci.org.key"
> }
>
> yumrepo { "jenkins":
> baseurl => "http://pkg.jenkins-ci.org/redhat";,
> descr => "Jenkins",
> enabled => 1,
> gpgcheck => 1,
> gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
> require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
> }
>
> # output
> warning: Could not retrieve fact fqdn
> notice:
> /Stage[main]//File[/etc/pki/rpm-gpg/jenkins-ci.org.key]/ensure: defined
> content as '{md5}9fa06089848262c5a6383ec27fdd2575'
> notice: /Stage[main]//Yumrepo[jenkins]/descr: descr changed '' to
> 'Jenkins'
> notice: /Stage[main]//Yumrepo[jenkins]/baseurl: baseurl changed '' to
> 'http://pkg.jenkins-ci.org/redhat'
> notice: /Stage[main]//Yumrepo[jenkins]/enabled: enabled changed '' to
> '1'
> notice: /Stage[main]//Yumrepo[jenkins]/gpgcheck: gpgcheck changed ''
> to '1'
> notice: /Stage[main]//Yumrepo[jenkins]/gpgkey: gpgkey changed '' to
> 'file:///etc/pki/rpm-gpg/jenkins-ci.org.key'
> notice: Finished catalog run in 0.11 seconds
> err: /File[/var/lib/puppet/rrd]/ensure: change from absent to
> directory failed: Could not set 'directory on ensure: Could not find group
> puppet
> err: Could not send report: Got 1 failure(s) while initializing:
> change from absent to directory failed: Could not set 'directory on ensure:
> Could not find group puppet
>
> Again, the repo is added but the key is not imported.
>
> Any advice would be greatly appreciated.
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/vXiEqP6KCt4J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
