Description of problem: To install packages to a subscribed system via the web ui, it is necessary to install and configure the katello-agent as per the following instructions: * https://fedorahosted.org/katello/wiki/GuideSystemKatelloAgent * https://fedorahosted.org/katello/wiki/KatelloAgent After performing the steps above, I attempted to install several different packages via the web ui, but they all failed to install with errors related to gpg key import: 2012-02-16 09:27:39,442 11655:140629566809856: pulp.server.tasking.task:ERROR: task:474 Task failed: Task 5db85914-58aa-11e1-9f1b-5254001dfa20: ConsumerApi.__installpackages(aacb86b2-1b47-47c7-bd1f-1efe1d0b9fae, ['httpd'], ) Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/pulp/server/tasking/task.py", line 420, in run result = self.callable(*self.args, **self.kwargs) File "/usr/lib/python2.6/site-packages/pulp/server/api/consumer.py", line 448, in __installpackages return packages.install(names, reboot) File "/usr/lib/python2.6/site-packages/gofer/rmi/stub.py", line 72, in __call__ return self.stub._send(request, opts) File "/usr/lib/python2.6/site-packages/gofer/rmi/stub.py", line 133, in _send return self.__send(request, options) File "/usr/lib/python2.6/site-packages/gofer/rmi/stub.py", line 164, in __send any=opts.any) File "/usr/lib/python2.6/site-packages/gofer/rmi/policy.py", line 144, in send return self.__getreply(sn, reader) File "/usr/lib/python2.6/site-packages/gofer/rmi/policy.py", line 181, in __getreply return self.__onreply(envelope) File "/usr/lib/python2.6/site-packages/gofer/rmi/policy.py", line 197, in __onreply raise RemoteException.instance(reply) YumBaseError: Didn't install any keys I checked that the gpg keys were in the client/consumer: ls -l /etc/pki/rpm-gpg total 20 -rw-r--r--. 1 root root 3375 Nov 8 10:38 RPM-GPG-KEY-redhat-beta -rw-r--r--. 1 root root 1990 Nov 8 10:38 RPM-GPG-KEY-redhat-legacy-former -rw-r--r--. 1 root root 1164 Nov 8 10:38 RPM-GPG-KEY-redhat-legacy-release -rw-r--r--. 1 root root 885 Nov 8 10:38 RPM-GPG-KEY-redhat-legacy-rhx -rw-r--r--. 1 root root 3211 Nov 8 10:38 RPM-GPG-KEY-redhat-release I find this to be strange since one of the packages I tried to install was httpd, which is provided by a repository that is part of my subscription. Trying to install httpd with yum in the client/consumer gave me: Downloading Packages: warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Importing GPG key 0xFD431D51: Userid : Red Hat, Inc. (release key 2) <security> Package: redhat-release-server-6Server-6.2.0.3.el6.x86_64 (@anaconda-RedHatEnterpriseLinux-201111171049.x86_64/6.2) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Is this ok [y/N]: <jortel> OgMaciel: hm.. so the key is there but not installed in the rpm sense jortel proposes that we add a *permit_import* parameter to /etc/gofer/plugins/katelloplugin.conf as a fix for this. Version-Release number of selected component (if applicable): Verified on: * candlepin-0.5.18-1.el6.noarch * candlepin-tomcat6-0.5.18-1.el6.noarch * katello-0.1.235-2.el6.noarch * katello-all-0.1.235-2.el6.noarch * katello-certs-tools-1.0.2-2.el6.noarch * katello-cli-0.1.54-3.el6.noarch * katello-cli-common-0.1.54-3.el6.noarch * katello-common-0.1.235-2.el6.noarch * katello-configure-0.1.64-3.el6.noarch * katello-glue-candlepin-0.1.235-2.el6.noarch * katello-glue-foreman-0.1.235-2.el6.noarch * katello-glue-pulp-0.1.235-2.el6.noarch * katello-httpd-ssl-key-pair-1.0-1.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-repos-0.1.5-1.el6.noarch * katello-selinux-0.1.3-1.el6.noarch * katello-trusted-ssl-cert-1.0-1.noarch * pulp-0.0.265-1.el6.noarch * pulp-common-0.0.265-1.el6.noarch * pulp-selinux-server-0.0.265-1.el6.noarch How reproducible: Steps to Reproduce: 1. Subscribe a vanilla RHEL 6.2 client to a product that exposes RHEL 6.2 and 6Server repositories 2. Install and configure the katello-agent against your SE 3. Select your system and try to install the httpd package to it. Actual results: 2012-02-16 09:27:39,390 [ERROR][worker-0] __call__() @ dispatcher.py:488 - Didn't install any keys Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/gofer/rmi/dispatcher.py", line 485, in __call__ retval = method(*args, **keywords) File "/usr/lib64/gofer/plugins/katelloplugin.py", line 139, in install installed = p.install(names) File "/usr/lib64/gofer/plugins/package.py", line 180, in install yb.processTransaction() File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 4877, in processTransaction self._checkSignatures(pkgs,callback) File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 4920, in _checkSignatures self.getKeyForPackage(po, self._askForGPGKeyImport) File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 4652, in getKeyForPackage raise Errors.YumBaseError, _("Didn't install any keys") YumBaseError: Didn't install any keys Expected results: Additional info:
Adding requires_release_note flag to document this known issue for CloudForms 1.0.0. Impact: Remotely installing GPG signed RHEL content using the System Engine Web-UI may fail if the GPG package signature has not been imported on the system. Details: Typically, when installing gpg signed packages, yum will prompt to install the associated gpgkey (typically /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release). When attempting to install signed gpg packages remotely from System Engine (using katello-agent), the package install will fail since it cannot yet import gpg package key.s Workaround: The suggested workaround is to manually import GPG-KEY's for signed packages prior to scheduling remote package installations/updates. You can manually import a GPG package signature using the following command: # To install the 'redhat-release' gpgkey ... $ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release To automate this operation, you may consider importing the necessary RPM gpg-keys during application deployment from CloudForms Cloud Engine.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Suggested release_note posted to comment#1
Release Note added. Link: http://documentation-stage.bne.redhat.com/docs/en-US/CloudForms/1.0/html-single/Release_Notes/index.html#sect-Release_Notes-System_Engine-System_Engine_Considerations-known_issues_07 Regards, Shikha
Passing importkeys to the agent is fully supported in pulp v2. Any chance we can just default importkeys=True in the agent for 1.1 instead of adding to the Pulp REST API / Manager layers and passing it through to the agent?
I'm going to punt this to v.next when we start using Pulp V2. No sense doing extra work when we get it for free with the upcoming version.
*** Bug 852333 has been marked as a duplicate of this bug. ***
getting rid of 6.0.0 version since that doesn't exist
This bug was closed because of a lack of activity. If you feel this bug should be reconsidered for attention please feel free to re-open the bug with a comment stating why it should be reconsidered.