openstack
/
openstack-ansible-tests
Code Issues Proposed changes

Install RDO release RPM without GPG checks 

The RDO release RPM isn't signed, but all of the repositories it
configures have GPG signing enabled. Although CentOS normally doesn't
check GPG signatures for packages that are installed locally, the
security role enables those checks for all local packages.

Change-Id: I7823f386a510e2e35d79f9a1046ad48f7e58db7c
This commit is contained in:
Major Hayden 2017-03-27 07:58:58 -05:00
parent aad497c8e5
commit 08c4f96e0a
No known key found for this signature in database
GPG Key ID: 737051E0C1011FB1
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common-tasks/test-set-nodepool-vars.yml
View File

@ -34,10 +34,15 @@
when:
- ansible_os_family == 'Debian'
# NOTE(mhayden): GPG checking for local package installs is normally disabled
# by default in CentOS, but the openstack-ansible-security role enables GPG
# checking for local packages. The RDO repository package isn't signed, but the
# repos it installs have GPG checking enabled.
- name: Install the RDO release package
yum:
name: "https://repos.fedorapeople.org/repos/openstack/openstack-ocata/rdo-release-ocata.rpm"
state: "present"
disable_gpg_check: yes
when:
- ansible_pkg_mgr == 'yum'