summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-07-26 11:49:02 +0000
committerGerrit Code Review <review@openstack.org>2018-07-26 11:49:02 +0000
commit56050fce957072cedf1b0ad2f0d04ad8e2ac75a0 (patch)
tree41268706996730e02cee7acc73fbb7c8937ff4c4
parent4645f5518dd2df24bb5701decf8e7a75a28ed2bd (diff)
parent8057b2d926650d430c735ef61f4c145a5843c33f (diff)
downloadtrove-56050fce957072cedf1b0ad2f0d04ad8e2ac75a0.tar.gz
Merge "More reliable gpg keys importing in DIB elements"
-rw-r--r--integration/scripts/files/elements/ubuntu-guest/environment.d/99-reliable-apt-key-importing.bash34
-rwxr-xr-xintegration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key21
-rwxr-xr-xintegration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key4
-rwxr-xr-xintegration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key21
-rwxr-xr-xintegration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key21
-rwxr-xr-xintegration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key21
-rwxr-xr-xintegration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb6
-rwxr-xr-xintegration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb6
8 files changed, 44 insertions, 90 deletions
diff --git a/integration/scripts/files/elements/ubuntu-guest/environment.d/99-reliable-apt-key-importing.bash b/integration/scripts/files/elements/ubuntu-guest/environment.d/99-reliable-apt-key-importing.bash
new file mode 100644
index 00000000..2661fc05
--- /dev/null
+++ b/integration/scripts/files/elements/ubuntu-guest/environment.d/99-reliable-apt-key-importing.bash
@@ -0,0 +1,34 @@
+# sometimes the primary key server is unavailable and we should try an
+# alternate. see
+# https://bugs.launchpad.net/percona-server/+bug/907789. Disable
+# shell errexit so we can interrogate the exit code and take action
+# based on the exit code. We will reenable it later.
+#
+# NOTE(zhaochao): we still have this problem from time to time, so it's
+# better use more reliable keyservers and just retry on that(for now, 3
+# tries should be fine).
+# According to:
+# [1] https://www.gnupg.org/faq/gnupg-faq.html#new_user_default_keyserver
+# [2] https://sks-keyservers.net/overview-of-pools.php
+# we'll just the primary suggested pool: pool.sks-keyservers.net.
+function get_key_robust() {
+ KEY=$1
+ set +e
+
+ tries=1
+ while [ $tries -le 3 ]; do
+ if [ $tries -eq 3 ]; then
+ set -e
+ fi
+
+ echo "Importing the key, try: $tries"
+ apt-key adv --keyserver hkp://pool.sks-keyservers.net \
+ --recv-keys ${KEY} && break
+
+ tries=$((tries+1))
+ done
+
+ set -e
+}
+
+export -f get_key_robust
diff --git a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
index 55b5ef81..83bf9435 100755
--- a/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-mariadb/pre-install.d/10-percona-apt-key
@@ -12,27 +12,6 @@ set -o xtrace
# Add Percona GPG key
mkdir -p /home/${GUEST_USERNAME}/.gnupg
-# sometimes the primary key server is unavailable and we should try an
-# alternate. see
-# https://bugs.launchpad.net/percona-server/+bug/907789. Disable
-# shell errexit so we can interrogate the exit code and take action
-# based on the exit code. We will reenable it later.
-function get_key_robust() {
- KEY=$1
- set +e
-
- apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
-
- if [ "$?" -ne "0" ];
- then
- echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
- set -e
- apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
- fi
-
- set -e
-}
-
get_key_robust 1C4CBDCDCD2EFD2A
get_key_robust 9334A25F8507EFA5
diff --git a/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key b/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key
index 07edd125..43ed1b06 100755
--- a/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key
+++ b/integration/scripts/files/elements/ubuntu-mongodb/pre-install.d/10-mongodb-apt-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
set -e
set -o xtrace
@@ -7,7 +7,7 @@ set -o xtrace
apt-get --allow-unauthenticated -y install software-properties-common
-apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
+get_key_robust EA312927
echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
diff --git a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
index d62c6058..3c68cae9 100755
--- a/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-mysql/pre-install.d/10-percona-apt-key
@@ -12,27 +12,6 @@ set -o xtrace
# Add Percona GPG key
mkdir -p /home/${GUEST_USERNAME}/.gnupg
-# sometimes the primary key server is unavailable and we should try an
-# alternate. see
-# https://bugs.launchpad.net/percona-server/+bug/907789. Disable
-# shell errexit so we can interrogate the exit code and take action
-# based on the exit code. We will reenable it later.
-function get_key_robust() {
- KEY=$1
- set +e
-
- apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
-
- if [ "$?" -ne "0" ];
- then
- echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
- set -e
- apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
- fi
-
- set -e
-}
-
get_key_robust 1C4CBDCDCD2EFD2A
get_key_robust 9334A25F8507EFA5
diff --git a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
index d3236455..4e6ec1a5 100755
--- a/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-percona/pre-install.d/10-percona-apt-key
@@ -14,27 +14,6 @@ if [ ! -e /home/${GUEST_USERNAME}/.gnupg ]; then
mkdir -p /home/${GUEST_USERNAME}/.gnupg
fi
-# sometimes the primary key server is unavailable and we should try an
-# alternate. see
-# https://bugs.launchpad.net/percona-server/+bug/907789. Disable
-# shell errexit so we can interrogate the exit code and take action
-# based on the exit code. We will reenable it later.
-function get_key_robust() {
- KEY=$1
- set +e
-
- apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
-
- if [ "$?" -ne "0" ];
- then
- echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
- set -e
- apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
- fi
-
- set -e
-}
-
get_key_robust 1C4CBDCDCD2EFD2A
get_key_robust 9334A25F8507EFA5
diff --git a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
index d3236455..4e6ec1a5 100755
--- a/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
+++ b/integration/scripts/files/elements/ubuntu-pxc/pre-install.d/10-percona-apt-key
@@ -14,27 +14,6 @@ if [ ! -e /home/${GUEST_USERNAME}/.gnupg ]; then
mkdir -p /home/${GUEST_USERNAME}/.gnupg
fi
-# sometimes the primary key server is unavailable and we should try an
-# alternate. see
-# https://bugs.launchpad.net/percona-server/+bug/907789. Disable
-# shell errexit so we can interrogate the exit code and take action
-# based on the exit code. We will reenable it later.
-function get_key_robust() {
- KEY=$1
- set +e
-
- apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys ${KEY}
-
- if [ "$?" -ne "0" ];
- then
- echo "Trying alternate keyserver hkp://keyserver.ubuntu.com"
- set -e
- apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys ${KEY}
- fi
-
- set -e
-}
-
get_key_robust 1C4CBDCDCD2EFD2A
get_key_robust 9334A25F8507EFA5
diff --git a/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb b/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb
index eba83c70..e8b7dd76 100755
--- a/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb
+++ b/integration/scripts/files/elements/ubuntu-trusty-mariadb/install.d/30-mariadb
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# CONTEXT: GUEST during CONSTRUCTION as ROOT
# PURPOSE: Install controller base required packages
@@ -11,7 +11,9 @@ export DEBIAN_FRONTEND=noninteractive
# NOTE(vkmc): Using MariaDB repositories is required
# https://mariadb.com/kb/en/mariadb/installing-mariadb-deb-files/
apt-get --allow-unauthenticated -y install software-properties-common
-apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
+
+get_key_robust 0xcbcb082a1bb943db
+
add-apt-repository 'deb http://ftp.osuosl.org/pub/mariadb/repo/10.1/ubuntu trusty main'
# Pin MariaDB repository
diff --git a/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb b/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb
index 521f3e68..85b86d5d 100755
--- a/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb
+++ b/integration/scripts/files/elements/ubuntu-xenial-mariadb/install.d/30-mariadb
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# CONTEXT: GUEST during CONSTRUCTION as ROOT
# PURPOSE: Install controller base required packages
@@ -11,7 +11,9 @@ export DEBIAN_FRONTEND=noninteractive
# NOTE(vkmc): Using MariaDB repositories is required
# https://mariadb.com/kb/en/mariadb/installing-mariadb-deb-files/
apt-get -y install software-properties-common
-apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
+
+get_key_robust 0xF1656F24C74CD1D8
+
add-apt-repository 'deb http://ftp.osuosl.org/pub/mariadb/repo/10.1/ubuntu xenial main'
# Pin MariaDB repository