[Spacewalk-list] automatically adding GPG keys to a host
Snyder, Chris
Chris_Snyder at sra.com
Mon Dec 10 21:30:12 UTC 2012
I want to be able to take a host that is alredy registered to Spacewalk and add a new software channel to it and then have the related GPG key automatically installed on the host. I'd really like this to NOT involve any human interaction at all, but it always seems to involve a human having to add the GPG key to the host manually somehow.
Here's what I'm currently trying:
I've got an (unsigned) RPM which drops various GPG keys into /etc/pki/rpm-gpg on my hosts. (This seemed the simplest way to be able to add/update keys in the future on my hosts, but I'm not glued to this idea.) Next, I configured my Spacewalk software channels to use the GPG keys from that RPM, setting location as 'file:///etc/pki/rpm-gpg/blah....'. Once I enable this software channel for a host, I would expect that when I push packages to my host from Spacewalk, the needed channel GPG key would automatically be added to the RPM keyring on the host. That doesn't seem to be happening. After scheduling some package to be installed on the host, I run 'rhn_check -vv' (on the host) and I see the following error:
D: keyurl = file:///etc/pki/rpm-gpg/<RPM<file:///\\etc\pki\rpm-gpg\%3cRPM> KEY FILE>, isn't a known Red Hat key, so this will not be imported. Manually import this key or set gpgcheck=0 in the RHN yum plugin configuration file
(This tells me that it is finding the correct GPG file as configured in the software channel, but it just doesn't like my key because I'm not Red Hat.)
I don't want to re configure my hosts to disable gpgcheck, and I can't find any way through Spacewalk to do the equivalent of 'yum -y' (to auto-accept the key when prompted), so unless I'm really doing something wrong here, it doesn't look like I can simply add a host to a software channel and start pushing packages until a human goes to the host and either runs 'rpm -import <gpg file>' or some variation on 'yum -y install <some package from target channel'>.
Help?
--
Chris Snyder
SRA Senior Linux Geek
Energystar Network O+M Team
ESTAR Issues: https://estar18.energystar.gov/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20121210/4b3b9681/attachment.htm>
More information about the Spacewalk-list
mailing list