search

juju / charm-helpers

Apache License 2.0
18 stars 127 forks source link

Import a key is failing #289

Closed n-pochet closed 5 years ago

n-pochet commented 5 years ago

Hi With the following bundle (and with a locally built version of filebeat):

series: bionic
applications:
  ubuntu:
    charm: cs:ubuntu
    num_units: 1
  filebeat:
    charm: /tmp/charm-builds/filebeat
    options:
      install_keys: |
        - |
          -----BEGIN PGP PUBLIC KEY BLOCK-----
          Version: SKS 1.1.6
          Comment: Hostname: keyserver.ubuntu.com

          mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy
          hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q
          RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+
          Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj
          1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB
          AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz
          QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC
          AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
          nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO
          lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB
          cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n
          TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3
          vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM
          KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp
          lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA
          07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
          KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu
          ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ
          WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy
          TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ
          EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg
          R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt
          fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E=
          =92oX
          -----END PGP PUBLIC KEY BLOCK-----
relations:
  - - ubuntu
    - filebeat

The filebeat charm is failing with:

2019-02-28 17:12:15 ERROR juju-log Hook error:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 72, in main
    hookenv._run_atstart()
  File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/core/hookenv.py", line
1211, in _run_atstart
    callback(*args, **kwargs)
  File "/var/lib/juju/agents/unit-filebeat-0/charm/reactive/apt.py", line 117, in configure_sources
    keys_var='install_keys')
  File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/fetch/__init__.py", line 146, in configure_sources
    add_source(source, key)
  File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/fetch/ubuntu.py", line
540, in add_source
    import_key(key)
  File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/fetch/ubuntu.py", line
333, in import_key
    key_name = _get_keyid_by_gpg_key(key_bytes)
  File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/fetch/ubuntu.py", line
386, in _get_keyid_by_gpg_key
    return re.search(r"^fpr:{9}([0-9A-F]{40}):$", out, re.MULTILINE).group(1)
AttributeError: 'NoneType' object has no attribute 'group'

2019-02-28 17:12:15 DEBUG install Traceback (most recent call last):
2019-02-28 17:12:15 DEBUG install   File "/var/lib/juju/agents/unit-filebeat-0/charm/hooks/install", line 22, in <module>
2019-02-28 17:12:15 DEBUG install     main()
2019-02-28 17:12:15 DEBUG install   File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 72, in main
2019-02-28 17:12:15 DEBUG install     hookenv._run_atstart()
2019-02-28 17:12:15 DEBUG install   File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/core/hookenv.py", line 1211, in _run_atstart
2019-02-28 17:12:15 DEBUG install     callback(*args, **kwargs)
2019-02-28 17:12:15 DEBUG install   File "/var/lib/juju/agents/unit-filebeat-0/charm/reactive/apt.py", line 117, in configure_sources
2019-02-28 17:12:15 DEBUG install     keys_var='install_keys')
2019-02-28 17:12:15 DEBUG install   File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/fetch/__init__.py", line 146, in configure_sources
2019-02-28 17:12:15 DEBUG install     add_source(source, key)
2019-02-28 17:12:15 DEBUG install   File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/fetch/ubuntu.py", line 540, in add_source
2019-02-28 17:12:15 DEBUG install     import_key(key)
2019-02-28 17:12:15 DEBUG install   File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/fetch/ubuntu.py", line 333, in import_key
2019-02-28 17:12:15 DEBUG install     key_name = _get_keyid_by_gpg_key(key_bytes)
2019-02-28 17:12:15 DEBUG install   File "/var/lib/juju/agents/unit-filebeat-0/.venv/lib/python3.6/site-packages/charmhelpers/fetch/ubuntu.py", line 386, in _get_keyid_by_gpg_key
2019-02-28 17:12:15 DEBUG install     return re.search(r"^fpr:{9}([0-9A-F]{40}):$", out, re.MULTILINE).group(1)
2019-02-28 17:12:15 DEBUG install AttributeError: 'NoneType' object has no attribute 'group'
2019-02-28 17:12:15 ERROR juju.worker.uniter.operation runhook.go:132 hook "install" failed: exit status 1

After adding a little bit of logging, we can find that the gpg command is failing:

2019-02-28 17:12:15 INFO juju-log Out: , err: gpg: keyblock resource '/root/.gnupg/pubring.kbx': No such file or directory

It is happening after this commit: https://github.com/juju/charm-helpers/commit/0f198e4b6b8ef196e0fa951e7801c1027685780b

n-pochet commented 5 years ago

When running the command by hand in the LXD container:

gpg --with-colons --import-options show-only --import --dry-run < key
gpg: keyblock resource '/root/.gnupg/pubring.kbx': No such file or directory
gpg: Fatal: /root/.gnupg: directory does not exist!

If I use the other command (the one that is used for Xenial):

gpg --with-colons --with-fingerprint < key
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: /root/.gnupg/trustdb.gpg: trustdb created
pub:-:2048:1:D27D666CD88E42B4:1379344074:::-:
fpr:::::::::46095ACC8548582C1A2699A9D27D666CD88E42B4:
uid:::::::::Elasticsearch (Elasticsearch Signing Key) <dev_ops@elasticsearch.org>:
sub:-:2048:1:AB6B7FCB60D31954:1379344074::::