Sorry for the "might" part. This may not be an issue, but I don't have time to test it right now and don't want to miss it. And based on a chat conversation, I'm leaning towards this being a bug. <jdob> jortel: if a repo has a GPG pub key associated with it, when we bind it will it download the pub key and correctly configure the .repo file? <jortel> it configures the .repo file but relies on yum to download and install if it's not already installed. <jortel> yum takes care of that <jdob> what about when a package is remotely installed, will yum auto-download it without waiting for a prompt? <jortel> oh, crap. that might be a problem In other words, if you were to configure the pulp repo with a GPG key and try to use yum to install a package, you'd get prompted to import the key, similar to: warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 37017186 rhel-x86_64-server-5-mrg-messaging-base-1/gpgkey | 1.1 kB 00:00 Importing GPG key 0x37017186 "Red Hat, Inc. (release key) <security>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Is this ok [y/N]: y We need to see what happens if there is the condition that would cause that prompt on a remote package installation (i.e. triggered through pulp-admin). And once we know what it does, we need to decide if that's how it *should* behave.
I this when trying errata install on remote client.
I saw this :)
Is this as simple as adding "-y" to the "yum install" command? -Todd
I'm not sure if that "-y" will apply to both the confirmation and GPG import or just the confirmation. I also suspect that code is using yum libraries directly, so we may need to find how to pass that magical flag into yum's API (if its even supported by API).
commit e09adea983cbf7af7c287b169742528333d9c4db
build: 0.162
Fixed in build 0.163.
fails_qa [root@preethi ~]# rpm -q pulp pulp-0.0.213-1.fc14.noarch [root@preethi ~]# pulp-admin package install -n pulp --consumerid=pulp-client Created task id: 34574280-b7b3-11e0-9df3-002564a85a58 Task is scheduled for: None Waiting: [\] Package install failed: error Exception: YumBaseError() Traceback: ['Traceback (most recent call last):\n', ' File "/usr/lib/python2.7/site-packages/pulp/server/tasking/task.py", line 330, in run\n result = self.callable(*self.args, **self.kwargs)\n', ' File "/usr/lib/python2.7/site-packages/pulp/server/api/consumer.py", line 464, in __installpackages\n return packages.install(names, reboot, yes)\n', ' File "/usr/lib/python2.7/site-packages/gofer/messaging/stub.py", line 71, in __call__\n return self.stub._send(request, opts)\n', ' File "/usr/lib/python2.7/site-packages/gofer/messaging/stub.py", line 142, in _send\n any=opts.any)\n', ' File "/usr/lib/python2.7/site-packages/gofer/messaging/policy.py", line 121, in send\n return self.__getreply(sn, reader)\n', ' File "/usr/lib/python2.7/site-packages/gofer/messaging/policy.py", line 173, in __getreply\n return self.__onreply(envelope)\n', ' File "/usr/lib/python2.7/site-packages/gofer/messaging/policy.py", line 189, in __onreply\n raise RemoteException.instance(reply)\n', 'YumBaseError: Not installing key\n']
I dont see you updating the config. The default is to deny auto import. What does your config say: $ cat /etc/pulp/client.conf|grep import_gpg_keys # import_gpg_keys : automatically import gpg keys if available during remote package installs import_gpg_keys = True That value should be true for yum to auto import your key.
verified. My mistake in not updating the config. Once updated [root@preethi gpg-repo]# pulp-admin package install -n pulp --consumerid=pulp-client Created task id: 2cd64168-b893-11e0-ae69-002564a85a58 Task is scheduled for: None Waiting: [\] [[['pulp-0.0.215-1.fc14.noarch'], None]] installed on pulp-client And on the client [root@10 ~]# ls -l /etc/pki/pulp-gpg-keys/ total 4 drwxr-xr-x. 2 root root 4096 Jul 27 16:46 gpg-repo [root@10 ~]# [root@10 ~]# [root@10 ~]# ls -l /etc/pki/pulp-gpg-keys/gpg-repo/ total 4 -rw-r--r--. 1 root root 1024 Jul 27 16:46 RPM-GPG-KEY-pthomas
Closing with Community Release 15 pulp-0.0.223-4.