nuclearsandwich
commented
3 years ago CI failure is exposing a failed GPG import so I must have missed something here.
Open nuclearsandwich opened 3 years ago
nuclearsandwich
commented
3 years ago CI failure is exposing a failed GPG import so I must have missed something here.
nuclearsandwich
commented
3 years ago CI failure is exposing a failed GPG import so I must have missed something here.
Okay I've figured out what's happening. There are two identically named execute resources, one for the Jenkins agent and one for the pulp user, and the notifies added to the file[/var/repos/repos.key] resources is triggering both of them but the latter is failing because the pulp user and group does not exist yet.
Naively I think there are two ways out of this, moving the pulp user creation resoures above all gpg related file resources, or changing the pulp import and trust resources to target their own copy of the file on disk which is changed later in the recipe when the prerequisite resources have already converged.
nuclearsandwich
commented
2 months ago I think this will be revisit-able once pulp is removed.
This patch improves configuration behavior when key contents change. When deploying changes to the public key, the keys on disk were updated but the gpg keyring did not import the new keys since existing keys were present.
Now, changes to the file resources will trigger runs of the import execute resources which will provide the same behavior as before for a freshly provisioned host but will correctly re-import keys when those files change.