Vendor in the RDO GPG keys to install
This way we avoid all networking failures. Change-Id: If95de543d2a2a7ad22435900e7923fc942cdd297
This commit is contained in:
parent
31305eda68
commit
926290de04
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2
|
||||
|
||||
mQENBFWB31YBCAC4dFmTzBDOcq4R1RbvQXLkyYfF+yXcsMA5kwZy7kjxnFqBoNPv
|
||||
aAjFm3e5huTw2BMZW0viLGJrHZGnsXsE5iNmzom2UgCtrvcG2f65OFGlC1HZ3ajA
|
||||
8ZIfdgNQkPpor61xqBCLzIsp55A7YuPNDvatk/+MqGdNv8Ug7iVmhQvI0p1bbaZR
|
||||
0GuavmC5EZ/+mDlZ2kHIQOUoInHqLJaX7iw46iLRUnvJ1vATOzTnKidoFapjhzIt
|
||||
i4ZSIRaalyJ4sT+oX4CoRzerNnUtIe2k9Hw6cEu4YKGCO7nnuXjMKz7Nz5GgP2Ou
|
||||
zIA/fcOmQkSGcn7FoXybWJ8DqBExvkJuDljPABEBAAG0bENlbnRPUyBWaXJ0dWFs
|
||||
aXphdGlvbiBTSUcgKGh0dHA6Ly93aWtpLmNlbnRvcy5vcmcvU3BlY2lhbEludGVy
|
||||
ZXN0R3JvdXAvVmlydHVhbGl6YXRpb24pIDxzZWN1cml0eUBjZW50b3Mub3JnPokB
|
||||
OQQTAQIAIwUCVYHfVgIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEHrr
|
||||
voJh6IBsRd0H/A62i5CqfftuySOCE95xMxZRw8+voWO84QS9zYvDEnzcEQpNnHyo
|
||||
FNZTpKOghIDtETWxzpY2ThLixcZOTubT+6hUL1n+cuLDVMu4OVXBPoUkRy56defc
|
||||
qkWR+UVwQitmlq1ngzwmqVZaB8Hf/mFZiB3B3Jr4dvVgWXRv58jcXFOPb8DdUoAc
|
||||
S3u/FLvri92lCaXu08p8YSpFOfT5T55kFICeneqETNYS2E3iKLipHFOLh7EWGM5b
|
||||
Wsr7o0r+KltI4Ehy/TjvNX16fa/t9p5pUs8rKyG8SZndxJCsk0MW55G9HFvQ0FmP
|
||||
A6vX9WQmbP+ml7jsUxtEJ6MOGJ39jmaUvPc=
|
||||
=ZzP+
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.0.22 (GNU/Linux)
|
||||
|
||||
mQENBFVWcCcBCACfm3eQ0526/I0/p7HpR0NjK7K307XHhnbcbZv1sDUjQABDaqh0
|
||||
N4gnZcovf+3fj6pcdOmeOpGI0cKE7Fh68RbEIqyjB7l7+j1grjewR0oCFFZ38KGm
|
||||
j+DWQrj1IJW7JU5fH/G0Cu66ix+dJPcuTB3PJTqXN3ce+4TuG09D+epgwfbHlqaT
|
||||
pH2qHCu2uiGj/AaRSM/ZZzcInMaeleHSB+NChvaQ0W/m+kK5d/20d7sfkaTfI/pY
|
||||
SrodCfVTYxfKAd0TLW03kimHs5/Rdz+iZWecVKv6aFxzaywbrOjmOsy2q0kEWIwX
|
||||
MTZrq6cBRRuWyiXsI2zT2YHQ4UK44IxINiaJABEBAAG0WkNlbnRPUyBDbG91ZCBT
|
||||
SUcgKGh0dHA6Ly93aWtpLmNlbnRvcy5vcmcvU3BlY2lhbEludGVyZXN0R3JvdXAv
|
||||
Q2xvdWQpIDxzZWN1cml0eUBjZW50b3Mub3JnPokBOQQTAQIAIwUCVVZwJwIbAwcL
|
||||
CQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEPm5/ud2RCnmATUH/3HDtWxpFkmy
|
||||
FiA3VGkMt5dp3bgCRSd84X6Orfx1LARowpI4LomCGglGBGXVJePBacwcclorbLaz
|
||||
uWrW/wU0efz0aDB5c4NPg/yXfNvujvlda8ADJwZXVBQphzvaIKwl4PqBsEnxC10I
|
||||
93T/0iyphAhfMRJ5R8AbEHMj7uF+TWTX/JoyQagllMqWTwoP4DFRutPdOmmjwvSV
|
||||
kWItH7hq6z9+M4dhlqeoOvPbL5oCxX7TVmLck02Q5gI4syULOa7sqntzUQKFkhWp
|
||||
9U0+5KrBQBKezrurrrkq/WZR3WNE1KQfNQ77f7S2JcXJdOaKgJ7xe7Y2flPq98Aq
|
||||
wKXK7l1c3dc=
|
||||
=W6yF
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -21,43 +21,29 @@
|
|||
- openstack-yum-packages
|
||||
- openstack-packages
|
||||
|
||||
- name: Get a list of RPM GPG keys
|
||||
shell: "rpm -vv -q centos-release 2>&1 | grep 'to keyring'"
|
||||
args:
|
||||
warn: no
|
||||
changed_when: False
|
||||
register: current_rpm_keys
|
||||
tags:
|
||||
- openstack-yum-packages
|
||||
- openstack-packages
|
||||
# Copy all factored-in GPG keys.
|
||||
# KeyID 764429E6 from https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/ocata-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud
|
||||
# KeyID 61E8806C from keyserver for rdo-qemu-ev
|
||||
- name: Copy validated GPG keys
|
||||
copy:
|
||||
src: "gpg/{{ item | basename }}"
|
||||
dest: /tmp/
|
||||
with_fileglob:
|
||||
- "gpg/*"
|
||||
|
||||
- block:
|
||||
- name: Import GPG keys for repositories if needed
|
||||
shell: "rpm --define '%_hkp_keyserver http://pool.sks-keyservers.net' --import 0x{{ item.keyid }}"
|
||||
args:
|
||||
warn: no
|
||||
with_items:
|
||||
- "{{ openstack_host_rdo_repos_keys }}"
|
||||
when:
|
||||
- item.keyid | lower not in current_rpm_keys.stdout
|
||||
- user_external_repo_key is not defined
|
||||
tags:
|
||||
- openstack-yum-packages
|
||||
- openstack-packages
|
||||
|
||||
rescue:
|
||||
- name: Import GPG keys for repositories if needed
|
||||
shell: "rpm --import 0x{{ item.keyid }}"
|
||||
args:
|
||||
warn: no
|
||||
with_items:
|
||||
- "{{ openstack_host_rdo_repos_keys }}"
|
||||
when:
|
||||
- item.keyid | lower not in current_rpm_keys.stdout
|
||||
- user_external_repo_key is not defined
|
||||
tags:
|
||||
- openstack-yum-packages
|
||||
- openstack-packages
|
||||
# Handle gpg keys manually
|
||||
- name: Install gpg keys
|
||||
rpm_key:
|
||||
key: "{{ key.keyfile | default(key.key) }}"
|
||||
validate_certs: "{{ key.validate_certs | default(omit) }}"
|
||||
state: "{{ key.state | default('present') }}"
|
||||
with_items: "{{ openstack_host_rdo_repos_keys }}"
|
||||
loop_control:
|
||||
loop_var: key
|
||||
register: _add_yum_keys
|
||||
until: _add_yum_keys | success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Check for existing yum repositories
|
||||
shell: "yum-config-manager | grep 'repo:'"
|
||||
|
|
|
@ -81,9 +81,9 @@ openstack_host_required_distro_packages:
|
|||
|
||||
openstack_host_rdo_repos_keys:
|
||||
- repo: openstack-pike
|
||||
keyid: 764429E6
|
||||
keyfile: /tmp/764429E6
|
||||
- repo: rdo-qemu-ev
|
||||
keyid: 61E8806C
|
||||
keyfile: /tmp/61E8806C
|
||||
|
||||
openstack_host_rdo_repos:
|
||||
- file: rdo-qemu-ev
|
||||
|
|
Loading…
Reference in New Issue