action #58331
closedsalt does not apply "gpgautoimport" or "keeppackages" in salt
0%
Description
https://gitlab.suse.de/openqa/salt-states-openqa/blob/master/openqa/repos.sls#L15 is not applied, also not keeppackages in https://gitlab.suse.de/openqa/salt-states-openqa/blob/master/openqa/repos.sls#L27
This could be
https://github.com/saltstack/salt/issues/42039
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html says "Additional configuration values seen in YUM/DNF/Zypper repo files, such as gpgkey or gpgcheck, will be used directly as key-value pairs." which apparently does not work here.
This happens on Tumbleweed 20191007 (container) as well as Leap 15.1 as used on production OSD.
Updated by okurz about 5 years ago
- Status changed from New to Feedback
- Assignee set to okurz
- Target version set to Current Sprint
Updated by okurz about 5 years ago
- Has duplicate action #58568: salt-states-openqa chokes still on ca repo, seen in osd-deployment fails added
Updated by okurz about 5 years ago
https://gitlab.suse.de/openqa/osd-deployment/-/jobs/130961 shows that the refresh of the repository "SUSE_CA" failed on selected workers, e.g. openqaworker3 and openqaworker13 as the signing key needs to be newly accepted. Apparently https://gitlab.suse.de/openqa/salt-states-openqa/commit/01adc79e22863090b920731238efcd4af3b36ca0#496be79bb7684e91840cc7fbe7621c2dbdb7c59e_30_38 does not fix it in a stable manner.
Updated by nicksinger about 5 years ago
See https://gitlab.suse.de/openqa/salt-states-openqa/merge_requests/212 for the gpgautoimport issue
Updated by okurz about 5 years ago
- Status changed from Feedback to Resolved
Discussed with @nicksinger in person. He explained it properly to me what I did not get in before: https://gitlab.suse.de/openqa/salt-states-openqa/merge_requests/212 fixes the missing part, now merged. It is correct that currently due to a bug in salt any arbitrary key-value parts are not passed though so my approach with "file.managed" should be good. However "gpgautoimport" should never be in the repo files because it is a command line option for the zypper ref call.