Vendor in the RDO GPG keys to install
This way we avoid all networking failures. Copy RPM keys into correct place This patch copies the RPM keys into /etc/pki/rpm-gpg/ and maintains their original names. This should allow the LXC cache process to copy over the keys. Combined backport of: - https://review.openstack.org/515103 - https://review.openstack.org/515208 Change-Id: I07b04301629e3b2a176c210ed7989f8d699b7e8c
This commit is contained in:
parent
e9c025fd58
commit
816b38f605
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.0.22 (GNU/Linux)
|
||||
|
||||
mQENBFVWcCcBCACfm3eQ0526/I0/p7HpR0NjK7K307XHhnbcbZv1sDUjQABDaqh0
|
||||
N4gnZcovf+3fj6pcdOmeOpGI0cKE7Fh68RbEIqyjB7l7+j1grjewR0oCFFZ38KGm
|
||||
j+DWQrj1IJW7JU5fH/G0Cu66ix+dJPcuTB3PJTqXN3ce+4TuG09D+epgwfbHlqaT
|
||||
pH2qHCu2uiGj/AaRSM/ZZzcInMaeleHSB+NChvaQ0W/m+kK5d/20d7sfkaTfI/pY
|
||||
SrodCfVTYxfKAd0TLW03kimHs5/Rdz+iZWecVKv6aFxzaywbrOjmOsy2q0kEWIwX
|
||||
MTZrq6cBRRuWyiXsI2zT2YHQ4UK44IxINiaJABEBAAG0WkNlbnRPUyBDbG91ZCBT
|
||||
SUcgKGh0dHA6Ly93aWtpLmNlbnRvcy5vcmcvU3BlY2lhbEludGVyZXN0R3JvdXAv
|
||||
Q2xvdWQpIDxzZWN1cml0eUBjZW50b3Mub3JnPokBOQQTAQIAIwUCVVZwJwIbAwcL
|
||||
CQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEPm5/ud2RCnmATUH/3HDtWxpFkmy
|
||||
FiA3VGkMt5dp3bgCRSd84X6Orfx1LARowpI4LomCGglGBGXVJePBacwcclorbLaz
|
||||
uWrW/wU0efz0aDB5c4NPg/yXfNvujvlda8ADJwZXVBQphzvaIKwl4PqBsEnxC10I
|
||||
93T/0iyphAhfMRJ5R8AbEHMj7uF+TWTX/JoyQagllMqWTwoP4DFRutPdOmmjwvSV
|
||||
kWItH7hq6z9+M4dhlqeoOvPbL5oCxX7TVmLck02Q5gI4syULOa7sqntzUQKFkhWp
|
||||
9U0+5KrBQBKezrurrrkq/WZR3WNE1KQfNQ77f7S2JcXJdOaKgJ7xe7Y2flPq98Aq
|
||||
wKXK7l1c3dc=
|
||||
=W6yF
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2
|
||||
|
||||
mQENBFWB31YBCAC4dFmTzBDOcq4R1RbvQXLkyYfF+yXcsMA5kwZy7kjxnFqBoNPv
|
||||
aAjFm3e5huTw2BMZW0viLGJrHZGnsXsE5iNmzom2UgCtrvcG2f65OFGlC1HZ3ajA
|
||||
8ZIfdgNQkPpor61xqBCLzIsp55A7YuPNDvatk/+MqGdNv8Ug7iVmhQvI0p1bbaZR
|
||||
0GuavmC5EZ/+mDlZ2kHIQOUoInHqLJaX7iw46iLRUnvJ1vATOzTnKidoFapjhzIt
|
||||
i4ZSIRaalyJ4sT+oX4CoRzerNnUtIe2k9Hw6cEu4YKGCO7nnuXjMKz7Nz5GgP2Ou
|
||||
zIA/fcOmQkSGcn7FoXybWJ8DqBExvkJuDljPABEBAAG0bENlbnRPUyBWaXJ0dWFs
|
||||
aXphdGlvbiBTSUcgKGh0dHA6Ly93aWtpLmNlbnRvcy5vcmcvU3BlY2lhbEludGVy
|
||||
ZXN0R3JvdXAvVmlydHVhbGl6YXRpb24pIDxzZWN1cml0eUBjZW50b3Mub3JnPokB
|
||||
OQQTAQIAIwUCVYHfVgIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEHrr
|
||||
voJh6IBsRd0H/A62i5CqfftuySOCE95xMxZRw8+voWO84QS9zYvDEnzcEQpNnHyo
|
||||
FNZTpKOghIDtETWxzpY2ThLixcZOTubT+6hUL1n+cuLDVMu4OVXBPoUkRy56defc
|
||||
qkWR+UVwQitmlq1ngzwmqVZaB8Hf/mFZiB3B3Jr4dvVgWXRv58jcXFOPb8DdUoAc
|
||||
S3u/FLvri92lCaXu08p8YSpFOfT5T55kFICeneqETNYS2E3iKLipHFOLh7EWGM5b
|
||||
Wsr7o0r+KltI4Ehy/TjvNX16fa/t9p5pUs8rKyG8SZndxJCsk0MW55G9HFvQ0FmP
|
||||
A6vX9WQmbP+ml7jsUxtEJ6MOGJ39jmaUvPc=
|
||||
=ZzP+
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -28,42 +28,34 @@
|
|||
tags:
|
||||
- add-repo-keys
|
||||
|
||||
- name: Get a list of RPM GPG keys
|
||||
shell: "rpm -vv -q centos-release 2>&1 | grep 'to keyring'"
|
||||
args:
|
||||
warn: no
|
||||
changed_when: False
|
||||
register: current_rpm_keys
|
||||
when:
|
||||
- user_external_repo_key is not defined
|
||||
tags:
|
||||
- add-repo-keys
|
||||
# Copy all factored-in GPG keys.
|
||||
# KeyID 764429E6 from https://raw.githubusercontent.com/rdo-infra/centos-release-openstack/ocata-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud
|
||||
# KeyID 61E8806C from keyserver for rdo-qemu-ev
|
||||
- name: Copy validated GPG keys
|
||||
copy:
|
||||
src: "gpg/{{ item | basename }}"
|
||||
dest: /etc/pki/rpm-gpg/
|
||||
mode: '0644'
|
||||
with_fileglob:
|
||||
- "gpg/*"
|
||||
|
||||
- block:
|
||||
- name: Import GPG keys for repositories if needed
|
||||
shell: "rpm --define '%_hkp_keyserver http://pool.sks-keyservers.net' --import 0x{{ item.keyid }}"
|
||||
args:
|
||||
warn: no
|
||||
with_items:
|
||||
- "{{ pip_install_rdo_repos_keys }}"
|
||||
when:
|
||||
- item.keyid | lower not in current_rpm_keys.stdout
|
||||
- user_external_repo_key is not defined
|
||||
tags:
|
||||
- add-repo-keys
|
||||
- name: Ensure GPG keys have the correct SELinux contexts applied
|
||||
command: restorecon -Rv /etc/pki/rpm-gpg/
|
||||
changed_when: false
|
||||
|
||||
rescue:
|
||||
- name: Import GPG keys for repositories if needed
|
||||
shell: "rpm --import 0x{{ item.keyid }}"
|
||||
args:
|
||||
warn: no
|
||||
with_items:
|
||||
- "{{ pip_install_rdo_repos_keys }}"
|
||||
when:
|
||||
- item.keyid | lower not in current_rpm_keys.stdout
|
||||
- user_external_repo_key is not defined
|
||||
tags:
|
||||
- add-repo-keys
|
||||
# Handle gpg keys manually
|
||||
- name: Install gpg keys
|
||||
rpm_key:
|
||||
key: "{{ key.keyfile | default(key.key) }}"
|
||||
validate_certs: "{{ key.validate_certs | default(omit) }}"
|
||||
state: "{{ key.state | default('present') }}"
|
||||
with_items: "{{ pip_install_rdo_repos_keys }}"
|
||||
loop_control:
|
||||
loop_var: key
|
||||
register: _add_yum_keys
|
||||
until: _add_yum_keys | success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Check for existing yum repositories
|
||||
shell: "yum-config-manager | grep 'repo:'"
|
||||
|
|
|
@ -35,9 +35,9 @@ pip_install_remove_distro_packages:
|
|||
|
||||
pip_install_rdo_repos_keys:
|
||||
- repo: openstack-pike
|
||||
keyid: 764429E6
|
||||
keyfile: /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
|
||||
- repo: rdo-qemu-ev
|
||||
keyid: 61E8806C
|
||||
keyfile: /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization-RDO
|
||||
|
||||
pip_install_rdo_repos:
|
||||
- file: rdo-qemu-ev
|
||||
|
|
Loading…
Reference in New Issue