search

theforeman / puppet-pulp

Puppet module for setting up Pulp 2 as part of Katello installation
GNU General Public License v3.0
16 stars 66 forks source link

Generate/regenerate Yum repository metadata GPG signatures #322

Closed PaulSD closed 3 years ago

PaulSD commented 6 years ago

This is related to https://github.com/theforeman/puppet-certs/pull/188

If a yum repomd GPG key is configured on an existing Pulp server that already has published repositories, then repomd signatures will need to be generated for those existing repositories.

PaulSD commented 6 years ago

I don't think these new test failures are caused by my changes...

ekohl commented 6 years ago

Could you rebase on master? That should fix the tests.

PaulSD commented 6 years ago

This will not be idempotent but I'm not sure I see an easy way to make it so. Perhaps if you extract the existing sig test to a separate script and add that as an unless to exec.

I'm not quite sure what you mean by this. This script does nothing if the gpg signature files already exist, so by definition the script is idempotent. However, this exec will always run even if the script isn't going to do anything, so puppet itself can't determine when changes are actually made by the script. Is that what you mean by "will not be idempotent"? If so, then yes, I can add an unless to exec to fix that problem.

ehelms commented 4 years ago

Apologies for it having been a long time since addressing this. I will admittedly be a bit slow cycling on it but I will try to track this better to reduce that cycle time.

Can you explain a bit more about why the installer puppet module needs to handle signing the metadata? I would expect Pulp to handle this rather than having to make a change after Pulp has synced content to a location.

PaulSD commented 4 years ago

Pulp normally signs the metadata when publishing a repository: https://github.com/pulp/pulp_rpm/blob/2.21-release/plugins/pulp_rpm/plugins/distributors/yum/metadata/repomd.py#L49

However, if metadata signing is enabled on an existing server (that already has published repositories), then the installer puppet module needs to generate signatures for those existing repositories.

ekohl commented 3 years ago

At this point Katello has removed Pulp 2 and this module is only here to support Katello 3.18. No new features are added to that. That's why I'm closing this. This feature does IMHO belong in Pulp 3, but that's maintained in https://github.com/theforeman/puppet-pulpcore. Apologies for not properly prioritizing this in the Pulp 2 lifecycle.