OpenStack-Ansible

openstsack-ansible behind a proxy fails when calling apt-key

Bug #1810533 reported by Andreas Florath
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Medium
Jesse Pretorius

Bug Description

At one point during the 'setup-infrastructure.yml' apt-key is called.

It looks that apt-key does not respect the typical proxy settings and therefore the playbook fails (times out) behind a proxy.

(As a workaround, I added

   --keyserver-options http-proxy=${http_proxy}

inside the apt-key (script) when gpg is called.)

Jesse Pretorius (jesse-pretorius)
Changed in openstack-ansible:
assignee: nobody → Jesse Pretorius (jesse-pretorius)
Mohammed Naser (mnaser)
Changed in openstack-ansible:
status: New → Won't Fix
status: Won't Fix → Confirmed
importance: Undecided → Medium
Revision history for this message
Jesse Pretorius (jesse-pretorius) wrote :

We've implemented changes in stable/rocky to no longer get apt keys from an external source: https://review.openstack.org/#/q/(topic:vendor-gpg-keys+OR+topic:vendor-gpg-keys-stable/rocky)+(status:open+OR+status:merged)

There is still one back port outstanding, which I'm working on now.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-rabbitmq_server (stable/rocky)

Reviewed: https://review.openstack.org/629441
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-rabbitmq_server/commit/?id=582fd291d8f3e029d7f522a7c14d75029c4e0f21
Submitter: Zuul
Branch: stable/rocky

commit 582fd291d8f3e029d7f522a7c14d75029c4e0f21
Author: Jesse Pretorius <email address hidden>
Date: Fri Dec 14 16:53:17 2018 +0000

    Use in-repo GPG keys

    We make remote network hits to get the GPG keys which are quite
    unreliable, and apt_key does not support using a proxy properly [1]
    so let's store them inside the role and use them.

    The implementation here matches that which was done in the
    galera_client role in I520ccbadf3320b0d07fc83e3dbec9ea2bd16ec83

    This is a re-implementation rather than a backport - the Stein
    (aka master) branch only uses the 'distro' install method, so
    this code path is not exercised.

    Also note that the Erlang yum gpg key and the rabbitmq yum gpg key
    are the same, and the Erlang key was never imported - so we've
    removed it.

    [1] https://github.com/ansible/ansible/issues/31691

    Closes-Bug: 1810533
    Change-Id: I2715c904975b7940af72bd422904e748d3bae953
    (cherry picked from commit 83affc627fd2132bb5a65c4b1f5a07a9f95a7998)

tags: added: in-stable-rocky
Jesse Pretorius (jesse-pretorius)
Changed in openstack-ansible:
status: Confirmed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-rabbitmq_server rocky-eol

This issue was fixed in the openstack/openstack-ansible-rabbitmq_server rocky-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.