My workflow before using Ansible was typically to download the vendor RPM or release RPM that contains the .repo file and GPG key. I then place every key I might ever want on my systems in /var/www/html/pub on my spacewalk server. I then have a kickstart snippet script defined. The script looks something like this:
wget -qO /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 http://$http_server/pub/RPM-GPG-KEY-EPEL-6 && \ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 if [ "$?" != 0 ]; then echo "Failed to import EPEL-7 key" fi wget -qO /etc/pki/rpm-gpg/RPM-GPG-KEY-spacewalk-2015 http://$http_server/pub/RPM-GPG-KEY-spacewalk-2015 && \ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-spacewalk-2015 if [ "$?" != 0 ]; then echo "Failed to import Spacewalk-2015 key" fi wget -qO /etc/pki/rpm-gpg/RPM-GPG-KEY-splunk http://$http_server/pub/RPM-GPG-KEY-splunk && \ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-splunk if [ "$?" != 0 ]; then echo "Failed to import Splunk key" fi wget -qO /etc/pki/rpm-gpg/RPM-GPG-KEY-vmware-tools http://$http_server/pub/RPM-GPG-KEY-vmware-tools && \ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-vmware-tools if [ "$?" != 0 ]; then echo "Failed to import VMware Tools key" fi I reference this snippet as a Pre and Post script in my kickstart profile. This allows me to install some of the vendor RPMs (e.g. splunkforwarder) during the initial kickstart and it also lets me install others only when needed. If you only need to install post-kickstart, you do not need to import the keys during %pre. /Brian/ On Fri, Jul 24, 2020 at 2:17 PM Jackson K. Bonvissuto < jbonviss...@aplura.com> wrote: > Hello all, > > I am trying to find a solution for populating GPG keys on client systems > through Spacewalk, so that every time a system subscribes to a new channel > and I do not have to wget the key manually. Are there any systems in > spacewalk to auto distribute the channel's key when a client subscribes to > it, or an alternate recommended solution. > > Example of the issue when installing a package from a new channel: > > yum install osquery-4.4.0-1.x86_64 > > Is this ok [y/d/N]: y > > #error > > Downloading packages: > > warning: > /var/cache/yum/x86_64/7/osquery-x86_64/packages/osquery-4.4.0-1.x86_64.rpm: > Header V4 RSA/SHA256 Signature, key ID c9d8b80b: NOKEY > > Retrieving key from file:///etc/pki/rpm-gpg/OSQUERY-S3-RPM-REPO-GPGKEY > > GPG key retrieval failed: [Errno 14] curl#37 - "Couldn't open file > /etc/pki/rpm-gpg/OSQUERY-S3-RPM-REPO-GPGKEY" > > Currently solved by manually placing the key in “/etc/pki/rpm-gpg on the > client system. > > Thanks, > Jackson > > > > > _______________________________________________ > Spacewalk-list mailing list > Spacewalk-list@redhat.com > https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
