Hi folks, One thing I noticed about puppet and its interaction with Debian I''m sure others have run into and figured away around is if a package is being loaded that may not be trusted puppet''s attempt to install it aborts. A for instance: In order to load Sogo on my boxes I have to first modify /etc/deb/sources.list to point to the repository that holds Sogo and then run an "apt-get update." No problem. I have a recipe that does that just fine. When puppet tries to install Sogo and friends the following shows up as an error: WARNING: The following packages cannot be authenticated! libmemcached2 libsbjson2.3 libsope-xml4.9 libsope-core4.9 libsope-mime4.9 libsope-appserver4.9 libsope-gdl1-4.9 libsope-ldap4.9 sope4.9-libxmlsaxdriver sope4.9-gdl1-mysql sogo E: There are problems and -y was used without --force-yes at /etc/puppet/manifests/templates.pp:100 Is there a work-around for this? -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Sat, Feb 12, 2011 at 04:32:21PM -0500, Peter Berghold wrote:> Hi folks, > > One thing I noticed about puppet and its interaction with Debian I''m sure > others have run into and figured away around is if a package is being loaded > that may not be trusted puppet''s attempt to install it aborts. > > A for instance: > > In order to load Sogo on my boxes I have to first modify > /etc/deb/sources.list to point to the repository that holds Sogo and then > run an "apt-get update." No problem. I have a recipe that does that just > fine. > > When puppet tries to install Sogo and friends the following shows up as an > error: > > WARNING: The following packages cannot be authenticated! > libmemcached2 libsbjson2.3 libsope-xml4.9 libsope-core4.9 libsope-mime4.9 > libsope-appserver4.9 libsope-gdl1-4.9 libsope-ldap4.9 > sope4.9-libxmlsaxdriver sope4.9-gdl1-mysql sogo > E: There are problems and -y was used without --force-yes > at /etc/puppet/manifests/templates.pp:100 > > > Is there a work-around for this?You need to install the gpg key used to sign the archive. The way I usually solve this is to manage my repositories in puppet, keep the public key in my manifests and get puppet to use apt-key to add it to the apt keyring. Alternatively the key might be available in a debian package in the repository. Stu -- From the prompt of Stu Teasdale But like the Good Book says... There''s BIGGER DEALS to come! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Sat, Feb 12, 2011 at 5:00 PM, Stu Teasdale <stu@drogna.org.uk> wrote:> > You need to install the gpg key used to sign the archive. The way I > usually solve this is to manage my repositories in puppet, keep the > public key in my manifests and get puppet to use apt-key to add it to > the apt keyring. > > >That''s what I had a thought to... but it looks like there is no keyring for the repository in question (inverse.ca). That''s annoying... -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Sat, Feb 12, 2011 at 14:32, Peter Berghold <salty.cowdawg@gmail.com> wrote:> On Sat, Feb 12, 2011 at 5:00 PM, Stu Teasdale <stu@drogna.org.uk> wrote: >> >> You need to install the gpg key used to sign the archive. The way I >> usually solve this is to manage my repositories in puppet, keep the >> public key in my manifests and get puppet to use apt-key to add it to >> the apt keyring. > > That''s what I had a thought to... but it looks like there is no keyring for > the repository in question (inverse.ca). That''s annoying...I ended up using reprepro to mirror a couple of repositories of code like that which I needed; it would happily pull in the binary packages and sign them appropriately, which made it all work. I was very happy I had done that when one of the sites went down for two weeks, by the way, and would definitely take the same approach for non-core repositories in future. Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <daniel@puppetlabs.com> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.