我试图用下面的清单来安装Jenkins和Puppet。
# init.pp class jenkins { include jenkins::install, jenkins::service } # service.pp class jenkins::service { service { "jenkins": ensure => running, hasstatus => true, hasrestart => true, enable => true, require => Class["jenkins::install"], } } # install.pp class jenkins::install { include jenkins::install::repo include jenkins::install::java package { "jenkins": ensure => present, require => Class['jenkins::install::repo','jenkins::install::java'], } } # install/repo.pp class jenkins::install::repo { file { "/etc/pki/rpm-gpg/jenkins-ci.org.key": owner => root, group => root, mode => 0600, source => "puppet:///jenkins/jenkins-ci.org.key" } yumrepo { "jenkins": baseurl => "http://pkg.jenkins-ci.org/redhat", descr => "Jenkins", enabled => 1, gpgcheck => 1, gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key", require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"] } } # install/java.pp class jenkins::install::java { package { "java-1.6.0-openjdk": ensure => present, } } 添加回购和写入文件系统的密钥。 但是,我得到以下错误。
err: /Stage[main]/Jenkins::Install/Package[jenkins]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install jenkins' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA signature: NOKEY, key ID d50582e6 Traceback (most recent call last): File "/usr/bin/yum", line 29, in ? yummain.user_main(sys.argv[1:], exit_code=True) File "/usr/share/yum-cli/yummain.py", line 309, in user_main errcode = main(args) File "/usr/share/yum-cli/yummain.py", line 261, in main return_code = base.doTransaction() File "/usr/share/yum-cli/cli.py", line 410, in doTransaction if self.gpgsigcheck(downloadpkgs) != 0: File "/usr/share/yum-cli/cli.py", line 510, in gpgsigcheck self.getKeyForPackage(po, lambda x, y, z: self.userconfirm()) File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3519, in getKeyForPackage keys = self._retrievePublicKey(keyurl, repo) File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3484, in _retrievePublicKey keys_info = misc.getgpgkeyinfo(rawkey, multiple=True) File "/usr/lib/python2.4/site-packages/yum/misc.py", line 375, in getgpgkeyinfo raise ValueError(str(e)) ValueError: unknown pgp packet type 17 at 706
这向我build议,关键是没有成功导入, rpm -qa gpg-pubkey不显示密钥。 如果我手动yum install jenkins没有导入的密钥我得到相同的错误。 用导入的密钥,手动安装成功。
我成功地安装了其他的yum repos和keys standalone(基本上是install/repo.pp清单作为它自己的模块),比如EPEL,但是因为这个repo只针对Jenkins,我想把它包含在我的Jenkins模块中。
我的舱单有什么问题吗? 还是其他一些问题?
更新 :
在安装jenkins和epel回购站的以下清单结果中, rpm -qa gpg-pub*显示了epel键而不是jenkins键,并且安装了git,但没有安装jenkins。
class jenkins { yumrepo {"jenkins": baseurl => "http://pkg.jenkins-ci.org/redhat", descr => "Jenkins", enabled => 1, gpgcheck => 1, gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key", } package {"jenkins": ensure => latest, require => Yumrepo["jenkins"] } } class git { yumrepo {"epel": baseurl => "http://mirror.aarnet.edu.au/pub/epel/5/i386", descr => "Extra Packages for Enterprise Linux (EPEL)", enabled => 1, gpgcheck => 1, gpgkey => "http://keys.gnupg.net:11371/pks/lookup?search=0x217521F6&op=get", } package {"git": ensure => latest, require => Yumrepo["epel"] } } include jenkins include git
更新 :
应该包括软件版本:
看起来rpm在导入Jenkins密钥方面存在问题,因为它包含一个JPEG图像。
http://tools.ietf.org/html/rfc4880
数据包types17是一个图像:
http://tools.ietf.org/html/rfc4880#section-5.12
> gpg --list-keys D50582E6 pub 1024D / D50582E6 2009-02-01 uid Kohsuke川口 uid Kohsuke川口 uid [尺寸3704的jpeg图像] sub 2048g / 10AF40FE 2009-02-01
看来,RPM不知道该怎么办。
> sudo rpm --import jenkins-ci.org.key [sudo]密码对我来说: 错误:jenkins-ci.org.key:导入读取失败(-1)。
谷歌search任何已知的RPM问题并没有什么明显的,但也许这给你一个方向。
我testing了你的简化清单:
两个回购都成功添加。
从错误信息,它看起来像错误信息来自百胜,而不是木偶或其他任何东西。
你能提供一个类似的描述你的环境? 可能最重要的是yum的版本。
尝试升级到至less3.2.29(最新稳定3.2.x)。 更新日志在这里 ,引用一些有关GPG密钥的重大修复 。
您可能需要在清单中添加和rpm --import <PUBKEY>命令。
Exectypes参考: http : //docs.puppetlabs.com/references/stable/type.html#exec
也许你可以尝试在repo文件中添加assumeyes=1 ,加上gpgkey选项,这应该会自动添encryption钥。
这是超级事实,但这是我最终与:
if ($::operatingsystemmajrelease == '5'){ exec { 'EL5 Jenkins Key Workaround': command => 'rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key', unless => "rpm -qa --nodigest --nosignature --qf '%{VERSION}-%{RELEASE} %{SUMMARY}\n' | grep d50582e6", path => ['/bin', '/usr/bin'], } }
我添加了一个PR来将这个解决方法添加到官方模块中:
https://github.com/jenkinsci/puppet-jenkins/pull/344/files
更长的故障在这里:
http://dan.carley.co/blog/2012/05/22/yum-gpg-keys-for-jenkins/