search

voxpupuli / puppet-yum

Puppet module for Yum
https://forge.puppet.com/puppet/yum
MIT License
16 stars 99 forks source link

dnf install yum-utils fails on RHEL8 when modifying baseurl and metalink => absent #262

Closed bschonec closed 2 years ago

bschonec commented 2 years ago

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce (e.g Puppet code you use)

yum::managed_repos:
  - 'epel'

yum::repos:
  epel:
    baseurl: "http://internalEPELrepo.example.com/repos/epel/%{::os.release.major}/Everything/$basearch"
    metalink: absent

What are you seeing

When overriding (in this case) EPEL repository baseurl and metalink parameters, the module attempts to install 'yum-utils' package before the /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 file and RPM GPG import of Fedora GPG key. This causes yum/dnf to fail because the Fedora/EPEL GPG key is not yet installed.

Running the puppet agent a second time results in success because the GPG keys were installed.

What behaviour did you expect instead

yum-utils package should be installed only after the yum repo files along with the supporting GPG keys have been installed for all managed repositories.

Output log

[root@rhel8gold-template root]# puppet agent -t --environment=125_fix_epel_repository_gpg_keys_for_first_run_puppet
Info: Caching catalog for rhel8gold-template.example.com
Info: Applying configuration version 'my-puppet-01p-125_fix_epel_repository_gpg_keys_for_first_run_puppet-49fbe586e0c'
Notice: /Stage[main]/Yum/Yumrepo[epel]/ensure: created
Info: Yumrepo[epel](provider=inifile): changing mode of /etc/yum.repos.d/epel.repo from 600 to 644
Error: Execution of '/bin/dnf -d 0 -e 1 -y install yum-utils' returned 1: warning: /var/cache/dnf/epel-4e013a157d455c5b/packages/libzstd-1.4.4-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Curl error (37): Couldn't read a file:// file for file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 [Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8]
Error: /Stage[main]/Yum/Package[yum-utils]/ensure: change from 'purged' to 'present' failed: Execution of '/bin/dnf -d 0 -e 1 -y install yum-utils' returned 1: warning: /var/cache/dnf/epel-4e013a157d455c5b/packages/libzstd-1.4.4-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Curl error (37): Couldn't read a file:// file for file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 [Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8]
Notice: /Stage[main]/Yum/Yum::Gpgkey[/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8]/File[/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8]/ensure: defined content as '{sha256}cd1db21a863185127f2e3b264c97fb1c6c44c316385707999041ea475c110d1c'
Notice: /Stage[main]/Yum/Yum::Gpgkey[/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8]/Exec[rpm-import-/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8]/returns: executed successfully (corrective)
Notice: /Stage[main]/Yum/Exec[package-cleanup_oldkernels]: Dependency Package[yum-utils] has failures: true
Warning: /Stage[main]/Yum/Exec[package-cleanup_oldkernels]: Skipping because of failed dependencies
Info: Class[Yum]: Unscheduling all events on Class[Yum]
Notice: Applied catalog in 7.84 seconds
[root@rhel8gold-template root]# puppet agent -t --environment=125_fix_epel_repository_gpg_keys_for_first_run_puppet
Info: Using environment '125_fix_epel_repository_gpg_keys_for_first_run_puppet'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for rhel8gold-template.example.com
Info: Applying configuration version 'my-puppet-01p-125_fix_epel_repository_gpg_keys_for_first_run_puppet-49fbe586e0c'
Notice: /Stage[main]/Yum/Package[yum-utils]/ensure: created
Notice: Applied catalog in 8.24 seconds
[root@rhel8gold-template root]#

Any additional information you'd like to impart

cat /etc/yum.repos.d/epel

[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
baseurl=http://internalEPELrepo.example.com/repos/epel/8/Everything/$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8

Use case: I have an internal mirror of EPEL and my clients cannot get out to the internet so I need to override the baseurl: path in /etc/yum.repos.d/epel.repo to point to my internal mirror. In addition, the metalink parameter needs to be removed because I don't want the clients trying to go out to the Internet to reach EPEL. The issue only happens with both baseurl: and metalink: absent are assigned values. If either parameter is omitted, the module succeeds.

bschonec commented 2 years ago

263 fixes my problem. Hopefully it doesn't break anything.

bschonec commented 2 years ago

Fixed by #263