Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 791257

Summary: Katello Agent needs to expose ability to override importkeys
Product: Red Hat Satellite Reporter: Og Maciel <omaciel>
Component: Content ManagementAssignee: Jeff Ortel <jortel>
Status: CLOSED WONTFIX QA Contact: Og Maciel <omaciel>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.1CC: bkearney, hhovsepy, jason.dobies, jturner, mmccune, snansi
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Suggested release_note posted to comment#1
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-18 17:39:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 791265    

Description Og Maciel 2012-02-16 15:46:47 UTC 
Description of problem:

To install packages to a subscribed system via the web ui, it is necessary to install and configure the katello-agent as per the following instructions:

* https://fedorahosted.org/katello/wiki/GuideSystemKatelloAgent
* https://fedorahosted.org/katello/wiki/KatelloAgent

After performing the steps above, I attempted to install several different packages via the web ui, but they all failed to install with errors related to gpg key import:

2012-02-16 09:27:39,442 11655:140629566809856: pulp.server.tasking.task:ERROR: task:474 Task failed: Task 5db85914-58aa-11e1-9f1b-5254001dfa20: ConsumerApi.__installpackages(aacb86b2-1b47-47c7-bd1f-1efe1d0b9fae, ['httpd'], )
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/pulp/server/tasking/task.py", line 420, in run
    result = self.callable(*self.args, **self.kwargs)
  File "/usr/lib/python2.6/site-packages/pulp/server/api/consumer.py", line 448, in __installpackages
    return packages.install(names, reboot)
  File "/usr/lib/python2.6/site-packages/gofer/rmi/stub.py", line 72, in __call__
    return self.stub._send(request, opts)
  File "/usr/lib/python2.6/site-packages/gofer/rmi/stub.py", line 133, in _send
    return self.__send(request, options)
  File "/usr/lib/python2.6/site-packages/gofer/rmi/stub.py", line 164, in __send
    any=opts.any)
  File "/usr/lib/python2.6/site-packages/gofer/rmi/policy.py", line 144, in send
    return self.__getreply(sn, reader)
  File "/usr/lib/python2.6/site-packages/gofer/rmi/policy.py", line 181, in __getreply
    return self.__onreply(envelope)
  File "/usr/lib/python2.6/site-packages/gofer/rmi/policy.py", line 197, in __onreply
    raise RemoteException.instance(reply)
YumBaseError: Didn't install any keys

I checked that the gpg keys were in the client/consumer:

ls -l /etc/pki/rpm-gpg
total 20
-rw-r--r--. 1 root root 3375 Nov  8 10:38 RPM-GPG-KEY-redhat-beta
-rw-r--r--. 1 root root 1990 Nov  8 10:38 RPM-GPG-KEY-redhat-legacy-former
-rw-r--r--. 1 root root 1164 Nov  8 10:38 RPM-GPG-KEY-redhat-legacy-release
-rw-r--r--. 1 root root  885 Nov  8 10:38 RPM-GPG-KEY-redhat-legacy-rhx
-rw-r--r--. 1 root root 3211 Nov  8 10:38 RPM-GPG-KEY-redhat-release

I find this to be strange since one of the packages I tried to install was httpd, which is provided by a repository that is part of my subscription. Trying to install httpd with yum in the client/consumer gave me:

Downloading Packages:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Importing GPG key 0xFD431D51:
 Userid : Red Hat, Inc. (release key 2) <security>
 Package: redhat-release-server-6Server-6.2.0.3.el6.x86_64 (@anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]:

<jortel> OgMaciel:  hm.. so the key is there but not installed in the rpm sense

jortel proposes that we add a *permit_import* parameter to /etc/gofer/plugins/katelloplugin.conf as a fix for this.

Version-Release number of selected component (if applicable):

Verified on:
* candlepin-0.5.18-1.el6.noarch
* candlepin-tomcat6-0.5.18-1.el6.noarch
* katello-0.1.235-2.el6.noarch
* katello-all-0.1.235-2.el6.noarch
* katello-certs-tools-1.0.2-2.el6.noarch
* katello-cli-0.1.54-3.el6.noarch
* katello-cli-common-0.1.54-3.el6.noarch
* katello-common-0.1.235-2.el6.noarch
* katello-configure-0.1.64-3.el6.noarch
* katello-glue-candlepin-0.1.235-2.el6.noarch
* katello-glue-foreman-0.1.235-2.el6.noarch
* katello-glue-pulp-0.1.235-2.el6.noarch
* katello-httpd-ssl-key-pair-1.0-1.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-repos-0.1.5-1.el6.noarch
* katello-selinux-0.1.3-1.el6.noarch
* katello-trusted-ssl-cert-1.0-1.noarch
* pulp-0.0.265-1.el6.noarch
* pulp-common-0.0.265-1.el6.noarch
* pulp-selinux-server-0.0.265-1.el6.noarch

How reproducible:


Steps to Reproduce:
1. Subscribe a vanilla RHEL 6.2 client to a product that exposes RHEL 6.2 and 6Server repositories
2. Install and configure the katello-agent against your SE
3. Select your system and try to install the httpd package to it.
  
Actual results:

2012-02-16 09:27:39,390 [ERROR][worker-0] __call__() @ dispatcher.py:488 - Didn't install any keys
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/gofer/rmi/dispatcher.py", line 485, in __call__
    retval = method(*args, **keywords)
  File "/usr/lib64/gofer/plugins/katelloplugin.py", line 139, in install
    installed = p.install(names)
  File "/usr/lib64/gofer/plugins/package.py", line 180, in install
    yb.processTransaction()
  File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 4877, in processTransaction
    self._checkSignatures(pkgs,callback)
  File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 4920, in _checkSignatures
    self.getKeyForPackage(po, self._askForGPGKeyImport)
  File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 4652, in getKeyForPackage
    raise Errors.YumBaseError, _("Didn't install any keys")
YumBaseError: Didn't install any keys

Expected results:


Additional info:
Comment 1 James Laska 2012-03-27 21:59:22 UTC 
Adding requires_release_note flag to document this known issue for CloudForms 1.0.0.  

Impact: Remotely installing GPG signed RHEL content using the System Engine Web-UI may fail if the GPG package signature has not been imported on the system.  

Details: Typically, when installing gpg signed packages, yum will prompt to install the associated gpgkey (typically /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release).  When attempting to install signed gpg packages remotely from System Engine (using katello-agent), the package install will fail since it cannot yet import gpg package key.s

Workaround: The suggested workaround is to manually import GPG-KEY's for signed packages prior to scheduling remote package installations/updates.  You can manually import a GPG package signature using the following command:

# To install the 'redhat-release' gpgkey ...
$ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

To automate this operation, you may consider importing the necessary RPM gpg-keys during application deployment from CloudForms Cloud Engine.
Comment 2 James Laska 2012-03-27 21:59:22 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Suggested release_note posted to comment#1
Comment 3 Shikha 2012-05-09 01:46:04 UTC 
Release Note added. Link:
http://documentation-stage.bne.redhat.com/docs/en-US/CloudForms/1.0/html-single/Release_Notes/index.html#sect-Release_Notes-System_Engine-System_Engine_Considerations-known_issues_07

Regards, 
Shikha
Comment 4 Jeff Ortel 2012-08-28 14:27:52 UTC 
Passing importkeys to the agent is fully supported in pulp v2.  Any chance we can just default importkeys=True in the agent for 1.1 instead of adding to the Pulp REST API / Manager layers and passing it through to the agent?
Comment 5 Mike McCune 2012-08-28 22:16:39 UTC 
I'm going to punt this to v.next when we start using Pulp V2.  No sense doing extra work when we get it for free with the upcoming version.
Comment 6 Mike McCune 2012-08-29 15:23:26 UTC 
*** Bug 852333 has been marked as a duplicate of this bug. ***
Comment 7 Mike McCune 2013-08-16 18:20:49 UTC 
getting rid of 6.0.0 version since that doesn't exist
Comment 8 Mike McCune 2014-03-18 17:39:12 UTC 
This bug was closed because of a lack of activity.  If you feel this bug should be reconsidered for attention please feel free to re-open the bug with a comment stating why it should be reconsidered.