Puppet users - Apr 2012 - Installing Jenkins with Puppet fails to import GPG key

I''ve asked this question over on
serverfault<http://serverfault.com/questions/382158/installing-jenkins-with-puppet-fails-to-import-gpg-key>,
but had no response.

I''m trying to install Jenkins with Puppet using the manifests below.

        # init.pp
        class jenkins {
          include jenkins::install, jenkins::service
        }

        # service.pp
        class jenkins::service {
          service { "jenkins":
            ensure     => running,
            hasstatus  => true,
            hasrestart => true,
            enable     => true,
            require    => Class["jenkins::install"],
          }
        }

        # install.pp
        class jenkins::install {
          include jenkins::install::repo
          include jenkins::install::java

          package { "jenkins":
            ensure  => present,
            require => 
Class[''jenkins::install::repo'',''jenkins::install::java''],
          }
        }

        # install/repo.pp
        class jenkins::install::repo {
          file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
            owner  => root,
            group  => root,
            mode   => 0600,
            source => "puppet:///jenkins/jenkins-ci.org.key"
          }

          yumrepo { "jenkins":
            baseurl  => "http://pkg.jenkins-ci.org/redhat",
            descr    => "Jenkins",
            enabled  => 1,
            gpgcheck => 1,
            gpgkey   =>
"file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
            require  => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
          }
        }

        # install/java.pp
        class jenkins::install::java {
          package { "java-1.6.0-openjdk":
            ensure => present,
          }
        }

The repo is added and the key written to the file system. However, I get 
the following error.

        err: /Stage[main]/Jenkins::Install/Package[jenkins]/ensure: change 
from absent to present failed: Execution of ''/usr/bin/yum -d 0 -e 0 -y 
install jenkins'' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA 
signature: NOKEY, key ID d50582e6
        Traceback (most recent call last):
          File "/usr/bin/yum", line 29, in ?
            yummain.user_main(sys.argv[1:], exit_code=True)
          File "/usr/share/yum-cli/yummain.py", line 309, in user_main
            errcode = main(args)
          File "/usr/share/yum-cli/yummain.py", line 261, in main
            return_code = base.doTransaction()
          File "/usr/share/yum-cli/cli.py", line 410, in doTransaction
            if self.gpgsigcheck(downloadpkgs) != 0:
          File "/usr/share/yum-cli/cli.py", line 510, in gpgsigcheck
            self.getKeyForPackage(po, lambda x, y, z: self.userconfirm())
          File "/usr/lib/python2.4/site-packages/yum/__init__.py",
line
3519, in getKeyForPackage
            keys = self._retrievePublicKey(keyurl, repo)
          File "/usr/lib/python2.4/site-packages/yum/__init__.py",
line
3484, in _retrievePublicKey
            keys_info = misc.getgpgkeyinfo(rawkey, multiple=True)
          File "/usr/lib/python2.4/site-packages/yum/misc.py", line
375, in
getgpgkeyinfo
            raise ValueError(str(e))
        ValueError: unknown pgp packet type 17 at 706

This suggests to me that the key isn''t being imported successfully, and
`rpm -qa gpg-pubkey` doesn''t show the key. If I manually `yum install 
jenkins` without the key imported I get the same error. With the key 
imported, the manual installation succeeds.

I''m successfully installing other yum repos and keys standalone
(basically
the `install/repo.pp` manifest as its own module), such as EPEL, but as 
this repo is only for Jenkins I wanted to include it in my Jenkins module.

Is there something wrong with my manifests? Or some other problem?

**UPDATE**:

If I run this manifest on the node with `puppet apply jenkins.pp` I get the 
following error. I don''t know if this is part of the problem or a red 
herring.

        # jenkins.pp
        file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
                owner  => root,
                group  => root,
                mode   => 0600,
                source => "/root/jenkins-ci.org.key"
        }

        yumrepo { "jenkins":
                baseurl  => "http://pkg.jenkins-ci.org/redhat",
                descr    => "Jenkins",
                enabled  => 1,
                gpgcheck => 1,
                gpgkey   =>
"file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
                require  =>
File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
        }

        # output
        warning: Could not retrieve fact fqdn
        notice: 
/Stage[main]//File[/etc/pki/rpm-gpg/jenkins-ci.org.key]/ensure: defined 
content as ''{md5}9fa06089848262c5a6383ec27fdd2575''
        notice: /Stage[main]//Yumrepo[jenkins]/descr: descr changed
'''' to
''Jenkins''
        notice: /Stage[main]//Yumrepo[jenkins]/baseurl: baseurl changed
''''
to ''http://pkg.jenkins-ci.org/redhat''
        notice: /Stage[main]//Yumrepo[jenkins]/enabled: enabled changed
''''
to ''1''
        notice: /Stage[main]//Yumrepo[jenkins]/gpgcheck: gpgcheck changed 
'''' to ''1''
        notice: /Stage[main]//Yumrepo[jenkins]/gpgkey: gpgkey changed
'''' to
''file:///etc/pki/rpm-gpg/jenkins-ci.org.key''
        notice: Finished catalog run in 0.11 seconds
        err: /File[/var/lib/puppet/rrd]/ensure: change from absent to 
directory failed: Could not set ''directory on ensure: Could not find
group
puppet
        err: Could not send report: Got 1 failure(s) while initializing: 
change from absent to directory failed: Could not set ''directory on
ensure:
Could not find group puppet

Again, the repo is added but the key is not imported.

Any advice would be greatly appreciated.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/vXiEqP6KCt4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

The way that i import my keys is to set the gpg key for the yum repo like so:

          yumrepo { "jenkins":
            baseurl  => "http://pkg.jenkins-ci.org/redhat",
            descr    => "Jenkins",
            enabled  => 1,
            gpgcheck => 1,
            gpgkey   =>
"http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
          }

Should take care of the import for you.

The ''updated'' issue is probably irrelevant.

Cheers
Den


On 26/04/2012, at 9:22, Michael Harris <michael@twofishcreative.com>
wrote:
> I''ve asked this question over on serverfault, but had no response.
> 
> I''m trying to install Jenkins with Puppet using the manifests
below.
> 
>         # init.pp
>         class jenkins {
>           include jenkins::install, jenkins::service
>         }
> 
>         # service.pp
>         class jenkins::service {
>           service { "jenkins":
>             ensure     => running,
>             hasstatus  => true,
>             hasrestart => true,
>             enable     => true,
>             require    => Class["jenkins::install"],
>           }
>         }
> 
>         # install.pp
>         class jenkins::install {
>           include jenkins::install::repo
>           include jenkins::install::java
> 
>           package { "jenkins":
>             ensure  => present,
>             require =>
Class[''jenkins::install::repo'',''jenkins::install::java''],
>           }
>         }
> 
>         # install/repo.pp
>         class jenkins::install::repo {
>           file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
>             owner  => root,
>             group  => root,
>             mode   => 0600,
>             source => "puppet:///jenkins/jenkins-ci.org.key"
>           }
> 
>           yumrepo { "jenkins":
>             baseurl  => "http://pkg.jenkins-ci.org/redhat",
>             descr    => "Jenkins",
>             enabled  => 1,
>             gpgcheck => 1,
>             gpgkey   =>
"file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
>             require  =>
File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
>           }
>         }
> 
>         # install/java.pp
>         class jenkins::install::java {
>           package { "java-1.6.0-openjdk":
>             ensure => present,
>           }
>         }
> 
> The repo is added and the key written to the file system. However, I get
the following error.
> 
>         err: /Stage[main]/Jenkins::Install/Package[jenkins]/ensure: change
from absent to present failed: Execution of ''/usr/bin/yum -d 0 -e 0 -y
install jenkins'' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA
signature: NOKEY, key ID d50582e6
>         Traceback (most recent call last):
>           File "/usr/bin/yum", line 29, in ?
>             yummain.user_main(sys.argv[1:], exit_code=True)
>           File "/usr/share/yum-cli/yummain.py", line 309, in
user_main
>             errcode = main(args)
>           File "/usr/share/yum-cli/yummain.py", line 261, in main
>             return_code = base.doTransaction()
>           File "/usr/share/yum-cli/cli.py", line 410, in
doTransaction
>             if self.gpgsigcheck(downloadpkgs) != 0:
>           File "/usr/share/yum-cli/cli.py", line 510, in
gpgsigcheck
>             self.getKeyForPackage(po, lambda x, y, z: self.userconfirm())
>           File
"/usr/lib/python2.4/site-packages/yum/__init__.py", line 3519, in
getKeyForPackage
>             keys = self._retrievePublicKey(keyurl, repo)
>           File
"/usr/lib/python2.4/site-packages/yum/__init__.py", line 3484, in
_retrievePublicKey
>             keys_info = misc.getgpgkeyinfo(rawkey, multiple=True)
>           File "/usr/lib/python2.4/site-packages/yum/misc.py",
line 375, in getgpgkeyinfo
>             raise ValueError(str(e))
>         ValueError: unknown pgp packet type 17 at 706
> 
> This suggests to me that the key isn''t being imported
successfully, and `rpm -qa gpg-pubkey` doesn''t show the key. If I
manually `yum install jenkins` without the key imported I get the same error.
With the key imported, the manual installation succeeds.
> 
> I''m successfully installing other yum repos and keys standalone
(basically the `install/repo.pp` manifest as its own module), such as EPEL, but
as this repo is only for Jenkins I wanted to include it in my Jenkins module.
> 
> Is there something wrong with my manifests? Or some other problem?
> 
> **UPDATE**:
> 
> If I run this manifest on the node with `puppet apply jenkins.pp` I get the
following error. I don''t know if this is part of the problem or a red
herring.
> 
>         # jenkins.pp
>         file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
>                 owner  => root,
>                 group  => root,
>                 mode   => 0600,
>                 source => "/root/jenkins-ci.org.key"
>         }
> 
>         yumrepo { "jenkins":
>                 baseurl  =>
"http://pkg.jenkins-ci.org/redhat",
>                 descr    => "Jenkins",
>                 enabled  => 1,
>                 gpgcheck => 1,
>                 gpgkey   =>
"file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
>                 require  =>
File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
>         }
> 
>         # output
>         warning: Could not retrieve fact fqdn
>         notice:
/Stage[main]//File[/etc/pki/rpm-gpg/jenkins-ci.org.key]/ensure: defined content
as ''{md5}9fa06089848262c5a6383ec27fdd2575''
>         notice: /Stage[main]//Yumrepo[jenkins]/descr: descr changed
'''' to ''Jenkins''
>         notice: /Stage[main]//Yumrepo[jenkins]/baseurl: baseurl changed
'''' to ''http://pkg.jenkins-ci.org/redhat''
>         notice: /Stage[main]//Yumrepo[jenkins]/enabled: enabled changed
'''' to ''1''
>         notice: /Stage[main]//Yumrepo[jenkins]/gpgcheck: gpgcheck changed
'''' to ''1''
>         notice: /Stage[main]//Yumrepo[jenkins]/gpgkey: gpgkey changed
'''' to
''file:///etc/pki/rpm-gpg/jenkins-ci.org.key''
>         notice: Finished catalog run in 0.11 seconds
>         err: /File[/var/lib/puppet/rrd]/ensure: change from absent to
directory failed: Could not set ''directory on ensure: Could not find
group puppet
>         err: Could not send report: Got 1 failure(s) while initializing:
change from absent to directory failed: Could not set ''directory on
ensure: Could not find group puppet
> 
> Again, the repo is added but the key is not imported.
> 
> Any advice would be greatly appreciated.
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/vXiEqP6KCt4J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thursday, 26 April 2012 11:17:05 UTC+10, denmat
wrote:
>
>
> The way that i import my keys is to set the gpg key for the yum repo like 
> so:
>
>           yumrepo { "jenkins":
>             baseurl  => "http://pkg.jenkins-ci.org/redhat",
>             descr    => "Jenkins",
>             enabled  => 1,
>             gpgcheck => 1,
>             gpgkey   => "http://pkg.jenkins-ci.org/redhat/
> jenkins-ci.org.key",
>           }
>
> Should take care of the import for you.
>
Cool, I didn''t know I could specify a URL for the key, thanks.

However, I get the same error and the key still fails to import.

cheers, Michael 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/cI79Jc80xg0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi, I just spun up a fresh AWS instance and did this:

$ cat puppet.repo.pp
class jenkins {

      yumrepo { "jenkins":
            baseurl  => "http://pkg.jenkins-ci.org/redhat",
            descr    => "Jenkins",
            enabled  => 1,
            gpgcheck => 1,
            gpgkey   =>
"http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
          }
  package {"jenkins": ensure => latest }
}

include jenkins

$ sudo puppet apply puppet.repo.pp
notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/descr: descr changed
''''
to ''Jenkins''
notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/baseurl: baseurl changed
'''' to ''http://pkg.jenkins-ci.org/redhat''
notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/enabled: enabled changed
'''' to ''1''
notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/gpgcheck: gpgcheck
changed '''' to ''1''
notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/gpgkey: gpgkey changed
'''' to
''http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key''
notice: /Stage[main]/Jenkins/Package[jenkins]/ensure: created
notice: Finished catalog run in 10.20 seconds

$ rpm -qa |grep jenkins
jenkins-1.461-1.1.noarch

That''s what I meant. You shouldn''t need to import the key as
it should
check against the public key in the url (if you where installing via
rpm that might be different and will probably require the local import
- haven''t tested myself).

Den

On Thu, Apr 26, 2012 at 5:51 PM, Michael Harris
<michael@twofishcreative.com> wrote:
> On Thursday, 26 April 2012 11:17:05 UTC+10, denmat wrote:
>>
>>
>> The way that i import my keys is to set the gpg key for the yum repo
like
>> so:
>>
>>           yumrepo { "jenkins":
>>             baseurl  =>
"http://pkg.jenkins-ci.org/redhat",
>>             descr    => "Jenkins",
>>             enabled  => 1,
>>             gpgcheck => 1,
>>             gpgkey   =>
>> "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
>>           }
>>
>> Should take care of the import for you.
>
>
> Cool, I didn''t know I could specify a URL for the key, thanks.
>
> However, I get the same error and the key still fails to import.
>
> cheers, Michael
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/cI79Jc80xg0J.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thursday, 26 April 2012 18:33:18 UTC+10, denmat
wrote:
>
> Hi, I just spun up a fresh AWS instance and did this: 
>
> $ cat puppet.repo.pp 
> class jenkins { 
>
>       yumrepo { "jenkins": 
>             baseurl  => "http://pkg.jenkins-ci.org/redhat", 
>             descr    => "Jenkins", 
>             enabled  => 1, 
>             gpgcheck => 1, 
>             gpgkey   => "
> http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key", 
>           } 
>   package {"jenkins": ensure => latest } 
> } 
>
> include jenkins 
>
>
I appreciate your help, but with that manifest I get the same error on both 
the node I''m trying to install on and on a fresh CentOS 5.7 with Puppet
2.7.9.

err: /Stage[main]/Jenkins/Package[jenkins]/ensure: change from absent to 
latest failed: Could not update: Execution of ''/usr/bin/yum -d 0 -e 0
-y
install jenkins'' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA 
signature: NOKEY, key ID d50582e6 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/sVsibb6ExBsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

The following manifest results in the jenkins and epel repos being 
installed, rpm -qa gpg-pub* shows the epel key but not the jenkins key, and 
git is installed but not jenkins.

    class jenkins { 

      yumrepo {"jenkins":
        baseurl  => "http://pkg.jenkins-ci.org/redhat",
        descr    => "Jenkins",
        enabled  => 1,
        gpgcheck => 1,
        gpgkey   =>
"http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
      }
      package {"jenkins":
        ensure  => latest,
        require => Yumrepo["jenkins"]
      }
    }

    class git { 
      yumrepo {"epel":
        baseurl  => "http://mirror.aarnet.edu.au/pub/epel/5/i386",
        descr    => "Extra Packages for Enterprise Linux (EPEL)",
        enabled  => 1,
        gpgcheck => 1,
        gpgkey   =>
"http://keys.gnupg.net:11371/pks/lookup?search=0x217521F6&op=get",
      }
      package {"git":
        ensure  => latest,
        require => Yumrepo["epel"]
      }
    }

    include jenkins
    include git

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/jdXMr8S6OWkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Well, the good news is you''re not crazy :)

I loaded up a 5.7 instance and puppet 2.7.9+ and got the same result as you!

I did a yum update and got the same issue - so it is not a common
issue that is already fixed.

I did a manual rpm --import of the key and the subsequent yum install
worked.  It is clearly an OS issue particular to Jenkins rather than a
''puppet'' issue (as Puppet installed via yum and installed the
key
automagically without an issue).

What I did notice is that a copy of the key jenkins pubkey doesn''t get
installed into /etc/pki. But you can query it via rpm -qa gpg-pubkey*:
rpm -qi gpg-pubkey-d50582e6-4a3feef6

So, you could use this to install from scratch:
class jenkins {

  exec { "key_import":
   command => "/bin/rpm --import
http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key"
   onlyif => ''a test for the existence of  rpm -qi
gpg-pubkey-d50582e6-4a3feef6 doesn''t exist''
  }
      yumrepo { "jenkins":
            baseurl  => "http://pkg.jenkins-ci.org/redhat",
            descr    => "Jenkins",
            enabled  => 1,
            gpgcheck => 1,
            gpgkey   =>
"http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
            require => Exec["key_import"],
          }
  package {"jenkins": ensure => latest, require =>
Yumrepo["jenkins"] }
}

include jenkins

Normally what happens is that if it is ''assumed yes'', yum will
automatically accept the public key via the url - I don''t know why
Jenkins is different - but it appears to install a new repo file and
try to import the pubkey again on install - maybe this confuses yum?
Just speculating - not going to investigate further :)

Cheers,
Den

On Fri, Apr 27, 2012 at 7:51 AM, Michael Harris
<michael@twofishcreative.com> wrote:
> On Thursday, 26 April 2012 18:33:18 UTC+10, denmat wrote:
>>
>> Hi, I just spun up a fresh AWS instance and did this:
>>
>> $ cat puppet.repo.pp
>> class jenkins {
>>
>>       yumrepo { "jenkins":
>>             baseurl  =>
"http://pkg.jenkins-ci.org/redhat",
>>             descr    => "Jenkins",
>>             enabled  => 1,
>>             gpgcheck => 1,
>>             gpgkey   =>
>> "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
>>           }
>>   package {"jenkins": ensure => latest }
>> }
>>
>> include jenkins
>>
>
> I appreciate your help, but with that manifest I get the same error on both
> the node I''m trying to install on and on a fresh CentOS 5.7 with
Puppet
> 2.7.9.
>
> err: /Stage[main]/Jenkins/Package[jenkins]/ensure: change from absent to
> latest failed: Could not update: Execution of ''/usr/bin/yum -d 0
-e 0 -y
> install jenkins'' returned 1: warning: rpmts_HdrFromFdno: Header V4
DSA
> signature: NOKEY, key ID d50582e6
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/sVsibb6ExBsJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Friday, 27 April 2012 15:15:34 UTC+10, denmat wrote:
>
> Well, the good news is you''re not crazy :) 
>
At least, this isn''t evidence that I''m crazy, but I still
could be :)

Thanks for following up, and offering an alternative, I appreciate it. 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ztawf_kTbAsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Fri, 27 Apr 2012, denmat wrote:
> Well, the good news is you''re not crazy :)
> 
> I loaded up a 5.7 instance and puppet 2.7.9+ and got the same result as
you!
> 
> I did a yum update and got the same issue - so it is not a common
> issue that is already fixed.
> 
> I did a manual rpm --import of the key and the subsequent yum install
> worked.  It is clearly an OS issue particular to Jenkins rather than a
> ''puppet'' issue (as Puppet installed via yum and installed
the key
> automagically without an issue).
> 
> What I did notice is that a copy of the key jenkins pubkey doesn''t
get
> installed into /etc/pki. But you can query it via rpm -qa gpg-pubkey*:
> rpm -qi gpg-pubkey-d50582e6-4a3feef6

Sounds like I should find a way to incorporate this workaround into my
puppet-jenkins module (https://github.com/rtyler/puppet-jenkins).

Glad you guys got this working regardless!


Cheers
- R. Tyler Croy
--------------------------------------
    Code: http://github.com/rtyler
 Chatter: http://twitter.com/agentdero
          rtyler@jabber.org

On 27 April 2012 06:15, denmat <tu2bgone@gmail.com>
wrote:
>
> Normally what happens is that if it is ''assumed yes'', yum
will
> automatically accept the public key via the url - I don''t know why
> Jenkins is different - but it appears to install a new repo file and
> try to import the pubkey again on install - maybe this confuses yum?
> Just speculating - not going to investigate further :)
>
The problem stems from Yum on EL5 not being able to parse user attributes
within key. It can be worked around a bit more cleanly by removing the
attribute from the public key. I''ve written a blog post with more
details:

http://dan.carley.co/blog/2012/05/22/yum-gpg-keys-for-jenkins/

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Well dug Dan :)

On 24/05/2012, at 3:27, Dan Carley <dan.carley@gmail.com> wrote:
> On 27 April 2012 06:15, denmat <tu2bgone@gmail.com> wrote:
> Normally what happens is that if it is ''assumed yes'', yum
will
> automatically accept the public key via the url - I don''t know why
> Jenkins is different - but it appears to install a new repo file and
> try to import the pubkey again on install - maybe this confuses yum?
> Just speculating - not going to investigate further :)
> 
> The problem stems from Yum on EL5 not being able to parse user attributes
within key. It can be worked around a bit more cleanly by removing the attribute
from the public key. I''ve written a blog post with more details:
> 
> http://dan.carley.co/blog/2012/05/22/yum-gpg-keys-for-jenkins/
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.