search

uyuni-project / uyuni

Source code for Uyuni
https://www.uyuni-project.org/
GNU General Public License v2.0
428 stars 177 forks source link

2023.03: Apply highstate fails as trying to get EPEL repo key from the Internet #6843

Open phibid opened 1 year ago

phibid commented 1 year ago

Problem description

Trying to apply the highstate on our servers, just noticed that it actually fails because of this:

ID: http_//download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
    Function: mgrcompat.run
        Name: pkg.add_repo_key
      Result: false
     Comment: Module function pkg.add_repo_key threw an exception. Exception: Error: [Errno 111] Connection refused reading /pub/epel/RPM-GPG-KEY-EPEL-7
     Started: 10:25:04.044744
    Duration: 35.17
         SLS: channels.gpg-keys
     Changed: {}

Our servers don't have access to the internet, which explains this failure.

Steps to reproduce

Apply highstate on a server register to EPEL.

Uyuni version

# zypper info Uyuni-server-release
Loading repository data...
Reading installed packages...

Information for package Uyuni-Server-release:
---------------------------------------------
Repository     : Uyuni Server Stable
Name           : Uyuni-Server-release
Version        : 2023.03-220400.199.1.uyuni2
Arch           : x86_64
Vendor         : obs://build.opensuse.org/systemsmanagement:Uyuni
Support Level  : Level 3
Installed Size : 1.4 KiB
Installed      : Yes
Status         : up-to-date
Source package : Uyuni-Server-release-2023.03-220400.199.1.uyuni2.src
Summary        : Uyuni Server
Description    : 
    Uyuni lets you efficiently manage physical, virtual,
    and cloud-based Linux systems. It provides automated and cost-effective
    configuration and software management, asset management, and system
    provisioning.

Uyuni proxy version (if used)

No response

Useful logs

No response

Additional information

No response

phibid commented 1 year ago

Will this issue be solved on 2023.06, or perhaps a workaround ?

It is kind of annoying as preventing us to apply the highstate on the registered servers:

root@centos7:/var/log # cat venv-salt-minion.log
2023-06-21 15:55:50,400 [salt.state       :319 ][ERROR   ][22285] Module function pkg.add_repo_key threw an exception. Exception: Error: HTTP 599: Timeout while connecting reading /pub/epel/RPM-GPG-KEY-EPEL-7

Content of susemanager:channels.repo;

[susemanager:epel7-centos7-x86_64] 
name=EPEL 7 for CentOS 7 (x86_64)  
enabled=1
gpgkey=http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
baseurl=https://uyuni:443/rhn/manager/download/epel7-centos7-x86_64
susemanager_token=.xxx
gpgcheck=1
repo_gpgcheck=0
type=rpm-md
mcalmer commented 1 year ago

@phibid this is up to you. "epel7-centos7-x86_64" is a custom channel. The gpgkey url is a setting in the channel you can change. Let it point to a place where the client can find and access the GPG key.

phibid commented 1 year ago

Not sure if we are speaking about the same thing. My understanding is that the channel configuration will be used by the Uyuni server to download what is needed from the public repository.

I don't expect to this setting to be used by the registered systems. They should get the GPG key from the Uyuni server or proxy, not from the public repository.

mcalmer commented 1 year ago

Well, the repository is the place for where to download from. The Channel is what the client get. So it also makes sense that the GPG key url is used on the client as you specify the repo of the client with a channel.

Anyway, this is designed this way already in spacewalk times. Red Hat used this field already in there yum-rhn-plugin in the same way. So it is not a bug, but more a feature request.