openstack-origin needs documentation for providing key option

Bug #1503440 reported by Ryan Beisner on 2015-10-06
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack keystone charm
Low
Unassigned
keystone (Juju Charms Collection)
Low
Unassigned

Bug Description

The OpenStack charms (using Keystone here as an example) provide a config option to specify an arbitrary apt repo, but do not provide a mechanism for adding a corresponding public key.

If a user creates and hosts their own repo outside of launchpad, add-apt-repository does not add the public key to the node. This causes install hook failures, with underlying package authentication errors such as:

WARNING: The following packages cannot be authenticated!`

W: GPG error: http://local-mirror.company.com trusty-updates/juno Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ABCDEF0123456789

Linking for reference:
http://askubuntu.com/questions/674882/how-do-i-add-a-public-key-for-a-private-debian-repo-when-using-juju-to-deploy-a

Billy Olsen (billy-olsen) wrote :

This actually isn't a problem. You can indeed import a public key from keyserver.ubuntu.com by appending the key to the deb url entry separated via a |.

e..g this will work:

 juju set openstack-origin nova-compute openstack-origin="deb http://ppa.launchpad.net/billy-olsen/testfix-kilo/ubuntu vivid main|FA0FD8E1"

The code is common across all the charms and can be found in charm-helpers here:

http://bazaar.launchpad.net/~charm-helpers/charm-helpers/devel/view/455.1.1/charmhelpers/contrib/openstack/utils.py#L314

However, the documentation in the config.yaml doesn't cover this detail and it should.

Changed in keystone (Juju Charms Collection):
status: New → Triaged
importance: Undecided → Low
summary: - openstack-origin option needs corresponding pub key option
+ openstack-origin option needs documentation for providing key option
summary: - openstack-origin option needs documentation for providing key option
+ openstack-origin needs documentation for providing key option
Edward Hope-Morley (hopem) wrote :

ftr this applies to all openstack charms (that carry the openstack-origin config option)

James Page (james-page) on 2017-02-23
Changed in charm-keystone:
importance: Undecided → Low
status: New → Triaged
Changed in keystone (Juju Charms Collection):
status: Triaged → Invalid

Reviewed: https://review.openstack.org/566608
Committed: https://git.openstack.org/cgit/openstack/charm-keystone/commit/?id=329c2c880ed54d61700b98f91772edb51eac1f3b
Submitter: Zuul
Branch: master

commit 329c2c880ed54d61700b98f91772edb51eac1f3b
Author: Neiloy Mukerjee <email address hidden>
Date: Mon May 7 15:13:13 2018 +0000

    Document archive key usage for openstack-origin

    An arbitarary repository can currently be specified, but it was not yet
    made clear in the documentation that a corresponding public key for
    accessing this repository could be added. This change specifies that
    under the description for the openstack-origin option. Public key can
    be added by appending to the deb url, so the below example would work:
    juju set openstack-origin nova-compute openstack-origin="deb http://ppa
    .launchpad.net/billy-olsen/testfix-kilo/ubuntu vivid main|FA0FD8E1"

    Change-Id: I262a2164d4f7b37b4185bdee650371de7be50a55
    Closes-Bug: 1503440

Changed in charm-keystone:
status: Triaged → Fix Committed
James Page (james-page) on 2018-06-06
Changed in charm-keystone:
milestone: none → 18.05
David Ames (thedac) on 2018-06-11
Changed in charm-keystone:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers