Yum Repo Metadata Keyring Failure

Question

Yum Repo Metadata Keyring Failure

peasead opened this issue 5 years ago · comments

Yum fails when doing the installation as it can't verify the Yum repo GPG keyring.

I have worked around this by
Steps:

Removed [rocknsm_2_5] and [rocknsm_2_5-source] from /etc/yum.repos.d/rocknsm.repo
Readded from https://packagecloud.io/rocknsm/2_5/install#manual-rpm

[rocknsm_2_5]
name=rocknsm_2_5
baseurl=https://packagecloud.io/rocknsm/2_5/el/7/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/rocknsm/2_5/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[rocknsm_2_5-source]
name=rocknsm_2_5-source
baseurl=https://packagecloud.io/rocknsm/2_5/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/rocknsm/2_5/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

Ran sudo yum install pygpgme yum-utils -y
Ran sudo yum -q makecache -y --disablerepo='*' --enablerepo='rocknsm_2_5'
Ran rock setup and used the Online install, worked (normally the Yum repo metadata keyring complains immediately)

I request that we have the ISO creation script checked. @dcode

Andrew Pease · Answer 1 · Sat Dec 07 2019 03:18:13 GMT+0800 (China Standard Time)

rocknsm.repo needs to be changed to this as the one in the 2.5 iso is wrong

[rocknsm_2_5]
name=rocknsm_2_5
baseurl=https://packagecloud.io/rocknsm/2_5/el/7/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/rocknsm/2_5/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[rocknsm_2_5-source]
name=rocknsm_2_5-source
baseurl=https://packagecloud.io/rocknsm/2_5/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/rocknsm/2_5/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

In the ISO:

[rocknsm_2_5]
name=rocknsm_2_5
baseurl=https://packagecloud.io/rocknsm/2_5/el/7/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-RockNSM-pkgcloud-2_5
       file:///etc/pki/rpm-gpg/RPM-GPG-KEY-RockNSM-2
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[rocknsm_2_5-source]
name=rocknsm_2_5-source
baseurl=https://packagecloud.io/rocknsm/2_5/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-RockNSM-pkgcloud-2_5
       file:///etc/pki/rpm-gpg/RPM-GPG-KEY-RockNSM-2
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

I'm not sure who runs the make ISO scripts (@dcode @bndabbs @spartan782)

Andrew Pease · Answer 2 · Tue Dec 10 2019 12:56:57 GMT+0800 (China Standard Time)

New error

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option
failed: [rock-2-5] (item=RPM-GPG-KEY-RockNSM-pkgcloud-2_5) => {"ansible_loop_var": "item", "changed": false, "item": "RPM-GPG-KEY-RockNSM-pkgcloud-2_5", "msg": "Could not find or access 'RPM-GPG-KEY-RockNSM-pkgcloud-2_5'\nSearched in:\n\t/usr/share/rock/roles/common/files/RPM-GPG-KEY-RockNSM-pkgcloud-2_5\n\t/usr/share/rock/roles/common/RPM-GPG-KEY-RockNSM-pkgcloud-2_5\n\t/usr/share/rock/roles/common/tasks/files/RPM-GPG-KEY-RockNSM-pkgcloud-2_5\n\t/usr/share/rock/roles/common/tasks/RPM-GPG-KEY-RockNSM-pkgcloud-2_5\n\t/usr/share/rock/playbooks/files/RPM-GPG-KEY-RockNSM-pkgcloud-2_5\n\t/usr/share/rock/playbooks/RPM-GPG-KEY-RockNSM-pkgcloud-2_5 on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}

Online and off.

RPM-GPG-KEY-RockNSM-pkgcloud-2_5 is in /etc/pki/rpm-gpg/ and it looks right in /usr/share/rock/roles/common/tasks/configure.yml.

Andrew Pease · Answer 3 · Wed May 06 2020 08:49:37 GMT+0800 (China Standard Time)

This has been fixed.