Merge "More reliable gpg keys importing in DIB elements"

2018-07-26 11:49:02 +00:00 · 2018-07-26 11:49:02 +00:00 · 56050fce95
parent 4645f5518d 8057b2d926
commit 56050fce95
8 changed files with 44 additions and 90 deletions
--- a/integration/scripts/files/elements/ubuntu-guest/environment.d/99-reliable-apt-key-importing.bash
+++ b/integration/scripts/files/elements/ubuntu-guest/environment.d/99-reliable-apt-key-importing.bash
@ -0,0 +1,34 @@
+# sometimes the primary key server is unavailable and we should try an
+# alternate.  see
+# https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
+# shell errexit so we can interrogate the exit code and take action
+# based on the exit code. We will reenable it later.
+#
+# NOTE(zhaochao): we still have this problem from time to time, so it's
+# better use more reliable keyservers and just retry on that(for now, 3
+# tries should be fine).
+# According to:
+# [1] https://www.gnupg.org/faq/gnupg-faq.html#new_user_default_keyserver
+# [2] https://sks-keyservers.net/overview-of-pools.php
+# we'll just the primary suggested pool: pool.sks-keyservers.net.
+function get_key_robust() {
+    KEY=$1
+    set +e
+
+    tries=1
+    while [ $tries -le 3 ]; do
+        if [ $tries -eq 3 ]; then
+            set -e
+        fi
+
+        echo "Importing the key, try: $tries"
+        apt-key adv --keyserver hkp://pool.sks-keyservers.net \
+            --recv-keys ${KEY} && break
+
+        tries=$((tries+1))
+    done
+
+    set -e
+}
+
+export -f get_key_robust
--- a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
@ -12,27 +12,6 @@ set -o xtrace
 # Add Percona GPG key
 mkdir -p /home/${GUEST_USERNAME}/.gnupg

-# sometimes the primary key server is unavailable and we should try an
-# alternate.  see
-# https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
-# shell errexit so we can interrogate the exit code and take action
-# based on the exit code. We will reenable it later.
-function get_key_robust() {
-    KEY=$1
-    set +e
-
-    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
-
-    if [ "$?" -ne "0" ];
-    then
-        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
-        set -e
-        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
-    fi
-
-    set -e
-}
-
 get_key_robust 1C4CBDCDCD2EFD2A
 get_key_robust 9334A25F8507EFA5

--- a/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key
+++ b/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash

 set -e
 set -o xtrace
@ -7,7 +7,7 @@ set -o xtrace

 apt-get --allow-unauthenticated -y install software-properties-common

-apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
+get_key_robust EA312927

 echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list

--- a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
@ -12,27 +12,6 @@ set -o xtrace
 # Add Percona GPG key
 mkdir -p /home/${GUEST_USERNAME}/.gnupg

-# sometimes the primary key server is unavailable and we should try an
-# alternate.  see
-# https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
-# shell errexit so we can interrogate the exit code and take action
-# based on the exit code. We will reenable it later.
-function get_key_robust() {
-    KEY=$1
-    set +e
-
-    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
-
-    if [ "$?" -ne "0" ];
-    then
-        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
-        set -e
-        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
-    fi
-
-    set -e
-}
-
 get_key_robust 1C4CBDCDCD2EFD2A
 get_key_robust 9334A25F8507EFA5

--- a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
@ -14,27 +14,6 @@ if [ ! -e /home/${GUEST_USERNAME}/.gnupg ]; then
    mkdir -p /home/${GUEST_USERNAME}/.gnupg
 fi

-# sometimes the primary key server is unavailable and we should try an
-# alternate.  see
-# https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
-# shell errexit so we can interrogate the exit code and take action
-# based on the exit code. We will reenable it later.
-function get_key_robust() {
-    KEY=$1
-    set +e
-
-    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
-
-    if [ "$?" -ne "0" ];
-    then
-        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
-        set -e
-        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
-    fi
-
-    set -e
-}
-
 get_key_robust 1C4CBDCDCD2EFD2A
 get_key_robust 9334A25F8507EFA5

--- a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
@ -14,27 +14,6 @@ if [ ! -e /home/${GUEST_USERNAME}/.gnupg ]; then
    mkdir -p /home/${GUEST_USERNAME}/.gnupg
 fi

-# sometimes the primary key server is unavailable and we should try an
-# alternate.  see
-# https://bugs.launchpad.net/percona-server/+bug/907789.  Disable
-# shell errexit so we can interrogate the exit code and take action
-# based on the exit code. We will reenable it later.
-function get_key_robust() {
-    KEY=$1
-    set +e
-
-    apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
-
-    if [ "$?" -ne "0" ];
-    then
-        echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
-        set -e
-        apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
-    fi
-
-    set -e
-}
-
 get_key_robust 1C4CBDCDCD2EFD2A
 get_key_robust 9334A25F8507EFA5

--- a/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb
+++ b/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash

 # CONTEXT: GUEST during CONSTRUCTION as ROOT
 # PURPOSE: Install controller base required packages
@ -11,7 +11,9 @@ export DEBIAN_FRONTEND=noninteractive
 # NOTE(vkmc): Using MariaDB repositories is required
 # https://mariadb.com/kb/en/mariadb/installing-mariadb-deb-files/
 apt-get --allow-unauthenticated -y install software-properties-common
-apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
+
+get_key_robust 0xcbcb082a1bb943db
+
 add-apt-repository 'deb http://ftp.osuosl.org/pub/mariadb/repo/10.1/ubuntu trusty main'

 # Pin MariaDB repository
--- a/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb
+++ b/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash

 # CONTEXT: GUEST during CONSTRUCTION as ROOT
 # PURPOSE: Install controller base required packages
@ -11,7 +11,9 @@ export DEBIAN_FRONTEND=noninteractive
 # NOTE(vkmc): Using MariaDB repositories is required
 # https://mariadb.com/kb/en/mariadb/installing-mariadb-deb-files/
 apt-get -y install software-properties-common
-apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
+
+get_key_robust 0xF1656F24C74CD1D8
+
 add-apt-repository 'deb http://ftp.osuosl.org/pub/mariadb/repo/10.1/ubuntu xenial main'

 # Pin MariaDB repository