lib/beaker-pe/install/pe_utils.rb in beaker-pe-2.11.13 vs lib/beaker-pe/install/pe_utils.rb in beaker-pe-2.11.14
- old
+ new
@@ -366,13 +366,15 @@
raise "attempting installation on #{host}, #{path}/#{filename}#{extension} does not exist"
end
scp_to host, "#{path}/#{filename}#{extension}", "#{host['working_dir']}/#{filename}#{extension}"
if extension =~ /gz/
on host, "cd #{host['working_dir']}; gunzip #{filename}#{extension}"
+ gpg_key_overwrite(host, 'tarball')
end
if extension =~ /tar/
on host, "cd #{host['working_dir']}; tar -xvf #{filename}.tar"
+ gpg_key_overwrite(host, 'tarball')
end
else
if host['platform'] =~ /eos/
extension = '.swix'
else
@@ -393,11 +395,41 @@
else
curlopts = opts[:use_proxy] ? "--proxy #{opts[:proxy_hostname]}:3128 " : ""
command_file_push = "curl -L #{curlopts}#{path}/"
end
on host, "cd #{host['working_dir']}; #{command_file_push}#{filename}#{extension} | #{unpack}"
+ gpg_key_overwrite(host, 'tarball')
+ end
+ end
+ end
+ #PE-32680, GPG expired on older PE versions, need to update with a new GPG key on the primary server
+ #only affects PE versions 2019.8.4 and earlier, and only needed for debian, ubuntu, and sles agent platforms
+ # @param [Host] host to see if we need to update the gpg key
+ # @param [String] location of the GPG key we intend to overwrite
+ # If someone is using this gem and is not on the PE private network, they need to download the new private GPG key and host
+ # it somewhere, then set the URL as an enviromental variable GPG_URL.
+ def gpg_key_overwrite(host, location)
+ gpg_url = ENV['GPG_URL'] || 'https://artifactory.delivery.puppetlabs.net/artifactory/generic__local/extended_gpg_key.asc'
+ case location
+ when 'tarball'
+ path_to_gpg_key = "#{host['working_dir']}/#{host['dist']}/packages/GPG-KEY-puppet"
+ when 'pe_repo'
+ path_to_gpg_key = '/opt/puppetlabs/puppet/modules/pe_repo/files/GPG-KEY-puppet'
+ when 'pe_repo_env'
+ path_to_gpg_key = '/opt/puppetlabs/server/data/environments/enterprise/modules/pe_repo/files/GPG-KEY-puppet'
+ else
+ raise(StandardError, "gpg_key_overwrite requires a valid location: tarball, or pe_repo. #{location} was supplied")
+ end
+
+ if (host['roles'].include?('master') || host['roles'].include?('pe_postgres')) && version_is_less(host[:pe_ver], '2019.8.5') && hosts.any? {|agent| agent['platform'] =~ /(debian)|(ubuntu)|(sles)/}
+ on(master, "rm -f #{path_to_gpg_key}")
+ on(master, "curl #{gpg_url} --output #{path_to_gpg_key}")
+ if location == 'pe_repo'
+ gpg_key_overwrite(host, 'pe_repo_env')
+ elsif location == 'pe_repo_env'
+ on master, puppet('agent -t'), :acceptable_exit_codes => [0,2]
end
end
end
#Determine the PE package to download/upload per-host, download/upload that package onto the host
@@ -437,11 +469,10 @@
return if use_meep_for_classification?(master[:pe_ver], options)
# For some platforms (e.g, redhatfips), packaging_platfrom is set and should
# be used as the primary source of truth for the platform string.
platform = host['packaging_platform'] || host['platform']
-
# We don't have a separate AIX 7.2 build, so it is
# classified as 7.1 for pe_repo purposes
if platform == "aix-7.2-power"
platform = "aix-7.1-power"
end
@@ -1995,9 +2026,11 @@
if agent['packaging_platform'] != master['packaging_platform'] # only need to do this if platform differs
deploy_frictionless_to_master(agent)
end
end
end
+
+ gpg_key_overwrite(master, 'pe_repo')
step "Install agents" do
block_on(agent_nodes, {:run_in_parallel => true}) do |host|
install_ca_cert_on(host, opts)
on(host, installer_cmd(host, opts))