Project

General

Profile

action #58331

salt does not apply "gpgautoimport" or "keeppackages" in salt

Added by okurz 8 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Start date:
2019-10-17
Due date:
% Done:

0%

Estimated time:
Duration:

Description

https://gitlab.suse.de/openqa/salt-states-openqa/blob/master/openqa/repos.sls#L15 is not applied, also not keeppackages in https://gitlab.suse.de/openqa/salt-states-openqa/blob/master/openqa/repos.sls#L27

This could be
https://github.com/saltstack/salt/issues/42039

https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html says "Additional configuration values seen in YUM/DNF/Zypper repo files, such as gpgkey or gpgcheck, will be used directly as key-value pairs." which apparently does not work here.

This happens on Tumbleweed 20191007 (container) as well as Leap 15.1 as used on production OSD.


Related issues

Has duplicate openQA Infrastructure - action #58568: salt-states-openqa chokes still on ca repo, seen in osd-deployment failsRejected2018-03-01

History

#1 Updated by okurz 8 months ago

  • Status changed from New to Feedback
  • Assignee set to okurz
  • Target version set to Current Sprint

#2 Updated by okurz 7 months ago

  • Has duplicate action #58568: salt-states-openqa chokes still on ca repo, seen in osd-deployment fails added

#3 Updated by okurz 7 months ago

https://gitlab.suse.de/openqa/osd-deployment/-/jobs/130961 shows that the refresh of the repository "SUSE_CA" failed on selected workers, e.g. openqaworker3 and openqaworker13 as the signing key needs to be newly accepted. Apparently https://gitlab.suse.de/openqa/salt-states-openqa/commit/01adc79e22863090b920731238efcd4af3b36ca0#496be79bb7684e91840cc7fbe7621c2dbdb7c59e_30_38 does not fix it in a stable manner.

#5 Updated by okurz 7 months ago

  • Status changed from Feedback to Resolved

Discussed with nicksinger in person. He explained it properly to me what I did not get in before: https://gitlab.suse.de/openqa/salt-states-openqa/merge_requests/212 fixes the missing part, now merged. It is correct that currently due to a bug in salt any arbitrary key-value parts are not passed though so my approach with "file.managed" should be good. However "gpgautoimport" should never be in the repo files because it is a command line option for the zypper ref call.

Also available in: Atom PDF