Yum install fails when importing GPG key from new yum repo
29 views
Skip to first unread message
Brice Bentler
Dec 24, 2017, 12:27:35 PM12/24/17
to Puppet Users
Hello all,
yumrepo { 'newrelic-infra':
ensure => present,
descr => 'New Relic Infra',
baseurl => 'http://download.newrelic.com/infrastructure_agent/linux/yum/el/6/x86_64',
gpgkey => 'http://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg',
gpgcheck => 1,
repo_gpgcheck => 1,
}
package { 'newrelic-infra':
ensure => installed,
require => Yumrepo['newrelic-infra'],
}
I am using:
* puppetserver 5.1.4
* puppet agent 5.3.3
* puppetdb 5.1.3
* Amazon Linux 2017.09
I have the following puppet code:
ensure => present,
descr => 'New Relic Infra',
baseurl => 'http://download.newrelic.com/infrastructure_agent/linux/yum/el/6/x86_64',
gpgkey => 'http://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg',
gpgcheck => 1,
repo_gpgcheck => 1,
}
package { 'newrelic-infra':
ensure => installed,
require => Yumrepo['newrelic-infra'],
}
Sometimes the catalog run fails with the following:
Dec 23 21:21:54 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Yumrepo[newrelic-infra]/ensure) created
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: Execution of '/usr/bin/yum -d 0 -e 0 -y install newrelic-infra' returned 1: Importing GPG key 0xXXXXXXXX:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: Userid : "infrastructure-eng <XXXX...@XXXXXX.com>"
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: Fingerprint: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: From : http://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: One of the configured repositories failed (New Relic Infra),
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: and yum doesn't have enough cached data to continue. At this point the only
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: safe thing yum can do is fail. There are a few ways to work "fix" this:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: 1. Contact the upstream for the repository and get them to fix the problem.
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: 2. Reconfigure the baseurl/etc. for the repository, to point to a working
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: upstream. This is most often useful ifyou are using a newer
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: distribution release than is supportedby the repository (and the
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: packages for the previous distributionrelease still work).
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: 3. Disable the repository, so yum won't use it by default. Yum will then
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: just ignore the repository until you permanently enable it again or use
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: --enablerepo for temporary usage:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: yum-config-manager --disable newrelic-infra
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: 4. Configure the failing repository to beskipped, if it is unavailable.
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: Note that yum will try to contact the repo. when it runs most commands,
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: so will have to try and fail each time(and thus. yum will be be much
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: slower). If it is a very temporary problem though, this is often a nice
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: compromise:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: yum-config-manager --save --setopt=newrelic-infra.skip_if_unavailable=true
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: failure: repodata/repomd.xml from newrelic-infra: [Errno 256] No more mirrors to try.
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: http://download.newrelic.com/infrastructure_agent/linux/yum/el/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for newrelic-infra
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) change from 'purged' to 'present' failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install newrelic-infra' returned 1: Importing GPG key 0x8ECCE87C:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) Userid : "infrastructure-eng <XXXX...@XXXXXXX.com>"
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) Fingerprint: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) From : http://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure)
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure)
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) One of the configured repositories failed (New Relic Infra),
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) and yum doesn't have enough cached data to continue. At this point the only
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) safe thing yum can do is fail. There are a few ways to work"fix" this:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure)
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) 1. Contact the upstream for the repository and get themto fix the problem.
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure)
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) 2. Reconfigure the baseurl/etc. for the repository, to point to a working
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) upstream. This is most often useful if you are usinga newer
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) distribution release than is supported by the repository (and the
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) packages for the previous distribution release stillwork).
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure)
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) 3. Disable the repository, so yum won't use it by default. Yum will then
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) just ignore the repository until you permanently enable it again or use
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) --enablerepo for temporary usage:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure)
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) yum-config-manager --disable newrelic-infra
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure)
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) 4. Configure the failing repository to be skipped, if it is unavailable.
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) Note that yum will try to contact the repo. when it runs most commands,
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) so will have to try and fail each time (and thus. yum will be be much
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) slower). If it is a very temporary problem though, this is often a nice
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) compromise:
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure)
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) yum-config-manager --save --setopt=newrelic-infra.skip_if_unavailable=true
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure)
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) failure: repodata/repomd.xml from newrelic-infra: [Errno 256] No more mirrors to try.
Dec 23 21:21:55 ip-XXX-XX-XXX-XX puppet-agent[2789]: (/Stage[main]/Foo::Monitoring::New_relic/Package[newrelic-infra]/ensure) http://download.newrelic.com/infrastructure_agent/linux/yum/el/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for newrelic-infra
This doesn't happen every time. Let me know if you need more information.
Thank you.
Reply all
Reply to author
Forward
0 new messages