diff options
| author | Zuul <zuul@review.openstack.org> | 2018-07-26 11:49:02 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2018-07-26 11:49:02 +0000 |
| commit | 56050fce957072cedf1b0ad2f0d04ad8e2ac75a0 (patch) | |
| tree | 41268706996730e02cee7acc73fbb7c8937ff4c4 | |
| parent | 4645f5518dd2df24bb5701decf8e7a75a28ed2bd (diff) | |
| parent | 8057b2d926650d430c735ef61f4c145a5843c33f (diff) | |
| download | trove-56050fce957072cedf1b0ad2f0d04ad8e2ac75a0.tar.gz | |
Merge "More reliable gpg keys importing in DIB elements"
8 files changed, 44 insertions, 90 deletions
diff --git a/integration/scripts/files/elements/ubuntu-guest/environment.d/99-reliable-apt-key-importing.bash b/integration/scripts/files/elements/ubuntu-guest/environment.d/99-reliable-apt-key-importing.bash new file mode 100644 index 00000000..2661fc05 --- /dev/null +++ b/integration/scripts/files/elements/ubuntu-guest/environment.d/99-reliable-apt-key-importing.bash @@ -0,0 +1,34 @@ +# sometimes the primary key server is unavailable and we should try an +# alternate. see +# https://bugs.launchpad.net/percona-server/+bug/907789. Disable +# shell errexit so we can interrogate the exit code and take action +# based on the exit code. We will reenable it later. +# +# NOTE(zhaochao): we still have this problem from time to time, so it's +# better use more reliable keyservers and just retry on that(for now, 3 +# tries should be fine). +# According to: +# [1] https://www.gnupg.org/faq/gnupg-faq.html#new_user_default_keyserver +# [2] https://sks-keyservers.net/overview-of-pools.php +# we'll just the primary suggested pool: pool.sks-keyservers.net. +function get_key_robust() { + KEY=$1 + set +e + + tries=1 + while [ $tries -le 3 ]; do + if [ $tries -eq 3 ]; then + set -e + fi + + echo "Importing the key, try: $tries" + apt-key adv --keyserver hkp://pool.sks-keyservers.net \ + --recv-keys ${KEY} && break + + tries=$((tries+1)) + done + + set -e +} + +export -f get_key_robust diff --git a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key index 55b5ef81..83bf9435 100755 --- a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key @@ -12,27 +12,6 @@ set -o xtrace # Add Percona GPG key mkdir -p /home/${GUEST_USERNAME}/.gnupg -# sometimes the primary key server is unavailable and we should try an -# alternate. see -# https://bugs.launchpad.net/percona-server/+bug/907789. Disable -# shell errexit so we can interrogate the exit code and take action -# based on the exit code. We will reenable it later. -function get_key_robust() { - KEY=$1 - set +e - - apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} - - if [ "$?" -ne "0" ]; - then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" - set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} - fi - - set -e -} - get_key_robust 1C4CBDCDCD2EFD2A get_key_robust 9334A25F8507EFA5 diff --git a/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key b/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key index 07edd125..43ed1b06 100755 --- a/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key +++ b/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -e set -o xtrace @@ -7,7 +7,7 @@ set -o xtrace apt-get --allow-unauthenticated -y install software-properties-common -apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927 +get_key_robust EA312927 echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list diff --git a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key index d62c6058..3c68cae9 100755 --- a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key @@ -12,27 +12,6 @@ set -o xtrace # Add Percona GPG key mkdir -p /home/${GUEST_USERNAME}/.gnupg -# sometimes the primary key server is unavailable and we should try an -# alternate. see -# https://bugs.launchpad.net/percona-server/+bug/907789. Disable -# shell errexit so we can interrogate the exit code and take action -# based on the exit code. We will reenable it later. -function get_key_robust() { - KEY=$1 - set +e - - apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} - - if [ "$?" -ne "0" ]; - then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" - set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} - fi - - set -e -} - get_key_robust 1C4CBDCDCD2EFD2A get_key_robust 9334A25F8507EFA5 diff --git a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key index d3236455..4e6ec1a5 100755 --- a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key @@ -14,27 +14,6 @@ if [ ! -e /home/${GUEST_USERNAME}/.gnupg ]; then mkdir -p /home/${GUEST_USERNAME}/.gnupg fi -# sometimes the primary key server is unavailable and we should try an -# alternate. see -# https://bugs.launchpad.net/percona-server/+bug/907789. Disable -# shell errexit so we can interrogate the exit code and take action -# based on the exit code. We will reenable it later. -function get_key_robust() { - KEY=$1 - set +e - - apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} - - if [ "$?" -ne "0" ]; - then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" - set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} - fi - - set -e -} - get_key_robust 1C4CBDCDCD2EFD2A get_key_robust 9334A25F8507EFA5 diff --git a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key index d3236455..4e6ec1a5 100755 --- a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key +++ b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key @@ -14,27 +14,6 @@ if [ ! -e /home/${GUEST_USERNAME}/.gnupg ]; then mkdir -p /home/${GUEST_USERNAME}/.gnupg fi -# sometimes the primary key server is unavailable and we should try an -# alternate. see -# https://bugs.launchpad.net/percona-server/+bug/907789. Disable -# shell errexit so we can interrogate the exit code and take action -# based on the exit code. We will reenable it later. -function get_key_robust() { - KEY=$1 - set +e - - apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY} - - if [ "$?" -ne "0" ]; - then - echo "Trying alternate keyserver hkp://keyserver.ubuntu.com" - set -e - apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY} - fi - - set -e -} - get_key_robust 1C4CBDCDCD2EFD2A get_key_robust 9334A25F8507EFA5 diff --git a/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb b/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb index eba83c70..e8b7dd76 100755 --- a/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb +++ b/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during CONSTRUCTION as ROOT # PURPOSE: Install controller base required packages @@ -11,7 +11,9 @@ export DEBIAN_FRONTEND=noninteractive # NOTE(vkmc): Using MariaDB repositories is required # https://mariadb.com/kb/en/mariadb/installing-mariadb-deb-files/ apt-get --allow-unauthenticated -y install software-properties-common -apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db + +get_key_robust 0xcbcb082a1bb943db + add-apt-repository 'deb http://ftp.osuosl.org/pub/mariadb/repo/10.1/ubuntu trusty main' # Pin MariaDB repository diff --git a/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb b/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb index 521f3e68..85b86d5d 100755 --- a/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb +++ b/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # CONTEXT: GUEST during CONSTRUCTION as ROOT # PURPOSE: Install controller base required packages @@ -11,7 +11,9 @@ export DEBIAN_FRONTEND=noninteractive # NOTE(vkmc): Using MariaDB repositories is required # https://mariadb.com/kb/en/mariadb/installing-mariadb-deb-files/ apt-get -y install software-properties-common -apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 + +get_key_robust 0xF1656F24C74CD1D8 + add-apt-repository 'deb http://ftp.osuosl.org/pub/mariadb/repo/10.1/ubuntu xenial main' # Pin MariaDB repository |