Provide a way to override the default gpgkey in simp::yum::repo::local_os_updates and simp::yum::repo::local_simp

Description

It should be possible to override the default yumrepo gpgkey= URL(s) in simp::yum::repo::local_os_updates and simp::yum::repo::local_simp. Both classes are currently hard-coded to look for the gpgkey at specific URLs and—even if other URLs are provided—{{yum install}} will fail if that first gpgkey URL responds with a 404.

This results in an impossible situation on network-isolated SIMP infrastructures, when kickstarting CentOS 8 agents from ISOs unpacked with unpack_dvd: CentOS 8 has stopped delivering GPG keys with its ISOs (), so no GPG is available in the "default" location. The signing key is available in simp-gpg-keys, but even if that URL is provided with extra_gpg_keys, it isn't possible to remove the default URL—so the 404 and the resulting yum install failures are unavoidable.

Acceptance Criteria

None

Activity

Show:
Chris Tessmer
October 21, 2020, 9:07 PM

Example Hiera for EL8 GPG keys from an EL7 PXE+SIMP puppetserver after pupmod-simp-simp#242:

Done

Epic Link

Story Points

4

Components

Assignee

Chris Tessmer

Sprint

None

Affects versions

Priority

High
Configure