Puppet

通過 puppet 更新 apt gpg 密鑰

  • August 1, 2018

puppet apt 儲存庫 PGP 密鑰已在幾天前過期

/etc/apt/trusted.gpg.d//puppetlabs-keyring.gpg
----------------------------------------------
pub   4096R/4BD6EC30 2010-07-10 [expired: 2016-07-08]
uid                  Puppet Labs Release Key (Puppet Labs Release Key)

當然也可以手動更新

apt-key adv --recv-keys --keyserver keys.gnupg.net 4BD6EC30

但是,它可以通過自動執行的 Puppet 更新(例如通過 Puppet apt 模組)嗎?

不是美容解決方案,但以下對我有用:

exec { 'update_apt_key':
       command => '/usr/bin/apt-key adv --recv-keys --keyserver keys.gnupg.net 47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
       onlyif  => "/usr/bin/apt-key adv --list-public-keys --with-fingerprint --with-colons | grep -B 1 47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30 | head -n 1 | grep -e '^pub:e:'",
}

這是我們開始使用的(感謝garthk):

 $key = '4BD6EC30'
 exec { 'apt-key puppetlabs':
   path    => '/bin:/usr/bin',
   unless  => "apt-key list | grep '${key}' | grep -v expired",
   command => "apt-key adv --keyserver keyserver.ubuntu.com \
     --recv-keys ${key}",
 }

在 apt 模組打開的工單中進行更多討論

引用自:https://serverfault.com/questions/789327