After upgrading to 2.2, gpg key urls are not updated to go through an isolated capsule. A rake task was added 'rake katello:upgrades:2.2:update_gpg_key_urls' to perform this, but it was never added to the installer. Steps to reproduce: 1. Install katello 2.1 2. Create a repository attached to a gpg key 3. Upgrade to 2.2 4. Install an isolated capsule 5. Register a system to the isolated capsule and subscribe it to the repo's product results: Gpg key listed in redhat.repo goes to the satellite and not the capsule.
Created from redmine issue http://projects.theforeman.org/issues/10512
Upstream bug assigned to jsherril
Note, there is a workaround, simply run: foreman-rake katello:upgrades:2.2:update_gpg_key_urls
Moving to POST since upstream bug http://projects.theforeman.org/issues/10512 has been closed ------------- Justin Sherrill Applied in changeset commit:katello-installer|bc091d97eef4b1151c9bbc89e0b6f75414004d01.
Verified with snap5 compose2: I successfully upgrade sat6.0 to sat6.1 and can see new task for upgrading the updating the gpg-key urls to support capsule isolation. [root@sat6-qe-rhel66 yum.repos.d]# katello-installer --upgrade Upgrading... Upgrade Step: stop_services... Upgrade Step: start_mongo... Upgrade Step: migrate_pulp... Upgrade Step: migrate_candlepin... Upgrade Step: migrate_foreman... Upgrade Step: Running installer... Installing Done [100%] [..................................................................] The full log is at /var/log/katello-installer/katello-installer.log Upgrade Step: Restarting services... Upgrade Step: db:seed... Upgrade Step: Running errata import task (this may take a while)... Upgrade Step: Update gpg key urls to support capsule isolation (this may take a while)... Upgrade Step: Update repositories to specify metadata_expire (this may take a while)... Katello upgrade completed! [ I'll check the gpg-key URL on client and will update another comment.
Verified with snap5 compose2: Steps performed: 1. Installed sat6.0.8 from CDN 2. created custom repo with gpg-key 3. Added 6.1 capsule repo 4. upgraded sat6.0.8 to sta6.1 GA snap5 compose2 5. Installed 6.1 isolated capsule 6. register a client with 6.1 isolated capsule 7. Fetched the packages from repo created in step2 via isolated capsule. 8. I can see the gpgkey and repo-url points to capsule. here is the snippet from redhat.repo. I've created fake repos with gpg-keys in satellite and later syced with external capsule. Since I registered the host with external capsule so url points to external capsule here: -- [Default_Organization_fake_fake_zoo] metadata_expire = 1 sslclientcert = /etc/pki/entitlement/3842735161670405549.pem baseurl = https://sat61-capsule-rhel66.usersys.redhat.com/pulp/repos/Default_Organization/dev/cv_rhel66/custom/fake/fake_zoo sslverify = 1 name = fake_zoo sslclientkey = /etc/pki/entitlement/3842735161670405549-key.pem gpgkey = https://sat61-capsule-rhel66.usersys.redhat.com/katello/api/repositories/4/gpg_key_content enabled = 1 sslcacert = /etc/rhsm/ca/katello-server-ca.pem gpgcheck = 1 --
I can see the correct URL's for gpg-key and repos pointing to external capsule. But while installing packages I got following issue: PG key retrieval failed: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found" [root@sat6-client-rhel66 ~]# yum install cow Loaded plugins: product-id, security, subscription-manager Setting up Install Process Default_Organization_fake_fake_zoo | 2.1 kB 00:00 Default_Organization_rhel66_rhel6_x86_64 | 2.5 kB 00:00 Default_Organization_rhel66_sat61_capsule | 2.1 kB 00:00 Default_Organization_rhel66_sat61_tools | 2.1 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package cow.noarch 0:2.2-3 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: cow noarch 2.2-3 Default_Organization_fake_fake_zoo 2.4 k Transaction Summary ====================================================================================================================================================== Install 1 Package(s) Total download size: 2.4 k Installed size: 42 Is this ok [y/N]: y Downloading Packages: cow-2.2-3.noarch.rpm | 2.4 kB 00:00 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY Retrieving key from https://sat61-capsule-rhel66.usersys.redhat.com/katello/api/repositories/4/gpg_key_content GPG key retrieval failed: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found" [root@sat6-client-rhel66 ~]#
This error is caused by https://bugzilla.redhat.com/show_bug.cgi?id=1222513
Moving to POST, as the cause has been moved.
Verified with sat6.1 GA snap8 (RC1) GPG key URLs updated and pointing to isolated capsule not to satellite server. I can fetch/install the packages from capsule to client host. [Default_Organization_fake_fake_zoo1] metadata_expire = 1 sslclientcert = /etc/pki/entitlement/5528938802549671068.pem baseurl = https://sat61-capsule-rhel66.usersys.redhat.com/pulp/repos/Default_Organization/dev/cv_rhel66_sat61/custom/fake/fake_zoo1 sslverify = 1 name = fake_zoo1 sslclientkey = /etc/pki/entitlement/5528938802549671068-key.pem gpgkey = https://sat61-capsule-rhel66.usersys.redhat.com/katello/api/repositories/40/gpg_key_content enabled = 1 sslcacert = /etc/rhsm/ca/katello-server-ca.pem gpgcheck = 1 [root@sat6-client-rhel66 yum.repos.d]# yum install cow -y Loaded plugins: product-id, security, subscription-manager Setting up Install Process Default_Organization_fake_fake_zoo1 | 2.1 kB 00:00 Default_Organization_rhel6_custom_rhel66 | 2.5 kB 00:00 Default_Organization_sat61_capsule_sat61_capsule_rhel66 | 2.1 kB 00:00 Default_Organization_sat61_tools_sat61_tools_rhel66 | 2.1 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package cow.noarch 0:2.2-3 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: cow noarch 2.2-3 Default_Organization_fake_fake_zoo1 2.4 k Transaction Summary ====================================================================================================================================================== Install 1 Package(s) Total download size: 2.4 k Installed size: 42 Downloading Packages: cow-2.2-3.noarch.rpm | 2.4 kB 00:00 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY Retrieving key from https://sat61-capsule-rhel66.usersys.redhat.com/katello/api/repositories/40/gpg_key_content Importing GPG key 0xF78FB195: Userid: "Dummy Packages Generator <admin.com>" From : https://sat61-capsule-rhel66.usersys.redhat.com/katello/api/repositories/40/gpg_key_content Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : cow-2.2-3.noarch 1/1 Default_Organization_rhel6_custom_rhel66/productid | 1.6 kB 00:00 Verifying : cow-2.2-3.noarch 1/1 Installed: cow.noarch 0:2.2-3 Complete! [root@sat6-client-rhel66 yum.repos.d]# rpm -qa | grep cow cow-2.2-3.noarch [root@sat6-client-rhel66 yum.repos.d]#
This bug is slated to be released with Satellite 6.1.
This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.