Bug 672326

Summary: Remote package installation when the GPG key isn't already imported might hang
Product: [Retired] Pulp Reporter: Jay Dobies <jason.dobies>
Component: z_otherAssignee: Pradeep Kilambi <pkilambi>
Status: CLOSED CURRENTRELEASE QA Contact: Preethi Thomas <pthomas>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: skarmark, tsanders
Target Milestone: ---Keywords: Triaged
Target Release: Sprint 22   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-16 12:06:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 647488    

Description Jay Dobies 2011-01-24 20:29:02 UTC 
Sorry for the "might" part. This may not be an issue, but I don't have time to test it right now and don't want to miss it. And based on a chat conversation, I'm leaning towards this being a bug.

<jdob> jortel: if a repo has a GPG pub key associated with it, when we bind it will it download the pub key and correctly configure the .repo file?
<jortel> it configures the .repo file but relies on yum to download and install if it's not already installed.
<jortel> yum takes care of that
<jdob> what about when a package is remotely installed, will yum auto-download it without waiting for a prompt?
<jortel> oh, crap.  that might be a problem


In other words, if you were to configure the pulp repo with a GPG key and try to use yum to install a package, you'd get prompted to import the key, similar to:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 37017186
rhel-x86_64-server-5-mrg-messaging-base-1/gpgkey                                 | 1.1 kB     00:00     
Importing GPG key 0x37017186 "Red Hat, Inc. (release key) <security>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]: y


We need to see what happens if there is the condition that would cause that prompt on a remote package installation (i.e. triggered through pulp-admin). And once we know what it does, we need to decide if that's how it *should* behave.
Comment 1 Preethi Thomas 2011-01-25 16:21:58 UTC 
I this when trying errata install on remote client.
Comment 2 Preethi Thomas 2011-01-25 16:22:18 UTC 
I saw this :)
Comment 3 Todd Sanders 2011-01-26 17:19:06 UTC 
Is this as simple as adding "-y" to the "yum install" command?

-Todd
Comment 4 Jay Dobies 2011-01-26 18:53:42 UTC 
I'm not sure if that "-y" will apply to both the confirmation and GPG import or just the confirmation. I also suspect that code is using yum libraries directly, so we may need to find how to pass that magical flag into yum's API (if its even supported by API).
Comment 5 Pradeep Kilambi 2011-04-07 17:33:09 UTC 
commit e09adea983cbf7af7c287b169742528333d9c4db
Comment 6 Jeff Ortel 2011-04-11 14:08:07 UTC 
build: 0.162
Comment 7 Jay Dobies 2011-04-13 19:22:59 UTC 
Fixed in build 0.163.
Comment 8 Preethi Thomas 2011-07-26 18:12:21 UTC 
fails_qa

[root@preethi ~]# rpm -q pulp
pulp-0.0.213-1.fc14.noarch


[root@preethi ~]# pulp-admin package install -n pulp --consumerid=pulp-client
Created task id: 34574280-b7b3-11e0-9df3-002564a85a58
Task is scheduled for: None
Waiting: [\] 
Package install failed: error
Exception: YumBaseError()
Traceback: ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.7/site-packages/pulp/server/tasking/task.py", line 330, in run\n    result = self.callable(*self.args, **self.kwargs)\n', '  File "/usr/lib/python2.7/site-packages/pulp/server/api/consumer.py", line 464, in __installpackages\n    return packages.install(names, reboot, yes)\n', '  File "/usr/lib/python2.7/site-packages/gofer/messaging/stub.py", line 71, in __call__\n    return self.stub._send(request, opts)\n', '  File "/usr/lib/python2.7/site-packages/gofer/messaging/stub.py", line 142, in _send\n    any=opts.any)\n', '  File "/usr/lib/python2.7/site-packages/gofer/messaging/policy.py", line 121, in send\n    return self.__getreply(sn, reader)\n', '  File "/usr/lib/python2.7/site-packages/gofer/messaging/policy.py", line 173, in __getreply\n    return self.__onreply(envelope)\n', '  File "/usr/lib/python2.7/site-packages/gofer/messaging/policy.py", line 189, in __onreply\n    raise RemoteException.instance(reply)\n', 'YumBaseError: Not installing key\n']
Comment 9 Pradeep Kilambi 2011-07-26 18:26:38 UTC 
I dont see you updating the config. The default is to deny auto import. What does your config say:

$ cat /etc/pulp/client.conf|grep import_gpg_keys
# import_gpg_keys : automatically import gpg keys if available during remote package installs
import_gpg_keys = True

That value should be true for yum to auto import your key.
Comment 10 Preethi Thomas 2011-07-27 20:49:52 UTC 
verified. 
My mistake in not updating the config.
Once updated
[root@preethi gpg-repo]# pulp-admin package install -n pulp --consumerid=pulp-client
Created task id: 2cd64168-b893-11e0-ae69-002564a85a58
Task is scheduled for: None
Waiting: [\] 
[[['pulp-0.0.215-1.fc14.noarch'], None]] installed on pulp-client



And on the client


[root@10 ~]# ls -l /etc/pki/pulp-gpg-keys/
total 4
drwxr-xr-x. 2 root root 4096 Jul 27 16:46 gpg-repo
[root@10 ~]# 
[root@10 ~]# 
[root@10 ~]# ls -l /etc/pki/pulp-gpg-keys/gpg-repo/
total 4
-rw-r--r--. 1 root root 1024 Jul 27 16:46 RPM-GPG-KEY-pthomas
Comment 11 Preethi Thomas 2011-08-16 12:06:57 UTC 
Closing with Community Release 15

pulp-0.0.223-4.
Comment 12 Preethi Thomas 2011-08-16 12:20:49 UTC 
Closing with Community Release 15

pulp-0.0.223-4.