After going through some dependency hell trying to get the rpmforge-release package installed before the RPMforge repo, which contains the GPG key for RPMforge packages, now I find that when puppet tries to install this package, this happens: Jul 20 10:20:04 slog01 puppetd[2753]: (//yum::client/Package[rpmforge-release]/ensure) change from absent to present failed: Execution of ''/usr/bin/yum -d 0 -e 0 -y install rpmforge-release'' returned 1: warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 6b8d79e6 The package actually installs, but since it''s flagging a warning, and it''s exit code is 1, AND just about everything else relies on this repository being there, puppet fails everything else after it. It would be really nice if puppet could ignore the warnings. Now I need to find a way to install this rpm outside of puppet, probably in the %post section of the kickstart. Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Douglas Garstang wrote:> After going through some dependency hell trying to get the > rpmforge-release package installed before the RPMforge repo, which > contains the GPG key for RPMforge packages, now I find that when > puppet tries to install this package, this happens: > > Jul 20 10:20:04 slog01 puppetd[2753]: > (//yum::client/Package[rpmforge-release]/ensure) change from absent to > present failed: Execution of ''/usr/bin/yum -d 0 -e 0 -y install > rpmforge-release'' returned 1: warning: rpmts_HdrFromFdno: Header V3 > DSA signature: NOKEY, key ID 6b8d79e6 > > The package actually installs, but since it''s flagging a warning, and > it''s exit code is 1, AND just about everything else relies on this > repository being there, puppet fails everything else after it. It > would be really nice if puppet could ignore the warnings. Now I need > to find a way to install this rpm outside of puppet, probably in the > %post section of the kickstart.You may need to install the gpg key for the the rpmfoge-release package first. That might be something like: exec { ''install-rpmforge-gpg-key'': # http URL''s work too, but would''t be as secure as veryfying the key first. command => ''rpm --import /path/to/rpmforge-key'', unless => ''rpm -q --quiet gpg-pubkey-6b8d79e6'', } package { ''rpmforge-release'': ensure => installed, require => Exec[''install-rpmforge-gpg-key''], } -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Those who have been intoxicated with power... can never willingly abandon it. -- Edmund Burke
On Tue, Jul 20, 2010 at 11:13 AM, Todd Zullinger <tmz@pobox.com> wrote:> Douglas Garstang wrote: >> After going through some dependency hell trying to get the >> rpmforge-release package installed before the RPMforge repo, which >> contains the GPG key for RPMforge packages, now I find that when >> puppet tries to install this package, this happens: >> >> Jul 20 10:20:04 slog01 puppetd[2753]: >> (//yum::client/Package[rpmforge-release]/ensure) change from absent to >> present failed: Execution of ''/usr/bin/yum -d 0 -e 0 -y install >> rpmforge-release'' returned 1: warning: rpmts_HdrFromFdno: Header V3 >> DSA signature: NOKEY, key ID 6b8d79e6 >> >> The package actually installs, but since it''s flagging a warning, and >> it''s exit code is 1, AND just about everything else relies on this >> repository being there, puppet fails everything else after it. It >> would be really nice if puppet could ignore the warnings. Now I need >> to find a way to install this rpm outside of puppet, probably in the >> %post section of the kickstart. > > You may need to install the gpg key for the the rpmfoge-release > package first. That might be something like: > > exec { ''install-rpmforge-gpg-key'': > # http URL''s work too, but would''t be as secure as veryfying the key first. > command => ''rpm --import /path/to/rpmforge-key'', > unless => ''rpm -q --quiet gpg-pubkey-6b8d79e6'', > } > > package { ''rpmforge-release'': > ensure => installed, > require => Exec[''install-rpmforge-gpg-key''], > }Yeah, but you gotta get the RPM onto the system first. This turned out to be user error. It was failing because the gpgcheck was set to 1 on the repo, and the key hadn''t been installed yet. I ended up giving up on it with puppet. The %post section of the kickstart install installs the rpmforg-release and epel-release packages, which contain the keys. When the system comes up, gpgcheck=1, and everyone is happy. Doug -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.