Debian 8 failure. #830
Comments
|
The error here is "gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused" which sounds like a connectivity error, not a problem with the key or the module. The module's not trying to load an Ubuntu key, it's just getting the nginx.org package key from a keyserver which happens to be an Ubuntu keyserver. The nginx signing key can be seen hosted on the keyserver.ubuntu.com server here: http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62&fingerprint=on Please make sure you have connectivity to that server. |
|
Interesting. On both the two servers (Debian 7 and 8) retrieves a file which looks like the webpage I get going to that URL from a browser . So - connectivity to the site isn't the issue here. (that file also gets retrieved happily from the Puppet master server as well) |
|
Saving the full command that is listed as a file, let's call it /var/tmp/cf/gpgcmd. gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.g3DCb5ug2B --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyring /etc/apt/trusted.gpg.d/puppetlabs-keyring.gpg --keyring /etc/apt/trusted.gpg.d/puppetlabs-nightly-keyring.gpg --keyserver keyserver.ubuntu.com --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 Execute that command: bash /var/tmp/cf/gpgcmd Errors received are the same on both the Debian7 and Debian8 machines. root@host:/var/tmp/cf# bash ./gpgcmd |
|
backing up.... /usr/bin/apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 This is what fails on both Debian 7 and Debian 8 (I copied this from the failing Debian 8 machine test puppet run using "puppet agent --test" ) The failure is the gpg command above - so clearly using a temp file that gets binned - ok. But - the key here I guess, is why is Debian 8 doing this - when 7 isn't. |
|
Ok: Agreed. Connectivity failure. Resorting to TCPdump, I find this is using hkp protocol, which uses port 11370 to connect - which our external firewall was blocking. Taking a moment to say thank you to Matthew. However, let's take a step back for a second.... |
|
Not sure of the reason... perhaps apt-key was updated to change its behaviour when connecting to hkp servers. Closing this as the module's working as intended. |
Whist the compatability notes doesn't state compatible with Debian 8 - the problem I am getting is...
Put "include nginx" into a simple host definition in nodes.pp.
On a Debian 7 machine I get:
Jul 13 14:40:23 d7thost puppet-agent[29229]: (/Stage[main]/Apt/Apt::Setting[conf-update-stamp]/File[/etc/apt/apt.conf.d/15update-stamp]/content) content changed '{md5}4355b3e7824866a503fc221621fc65ba' to '{md5}0962d70c4ec78bbfa6f3544ae0c41974'
Jul 13 14:40:23 d7thost puppet-agent[29229]: (/Stage[main]/Nginx::Package::Debian/Apt::Source[nginx]/Apt::Setting[list-nginx]/File[/etc/apt/sources.list.d/nginx.list]/content) content changed '{md5}b6f04a1e873dada7187431aa184f32e5' to '{md5}1c8d17fb4c73709d1edc208dba2a3c90'
Jul 13 14:40:26 d7thost puppet-agent[29229]: (/Stage[main]/Apt::Update/Exec[apt_update]) Triggered 'refresh' from 1 events
Jul 13 14:40:27 d7thost puppet-agent[29229]: (/Stage[main]/Nginx::Package::Debian/Package[nginx]/ensure) ensure changed 'purged' to 'present'
Jul 13 14:40:27 d7thost puppet-agent[29229]: (/Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]/content) content changed '{md5}f7984934bd6cab883e1f33d5129834bb' to '{md5}073e6e856ce9ecaa369b58cdb47e9ff5'
Jul 13 14:40:27 d7thost puppet-agent[29229]: (/Stage[main]/Nginx::Config/File[/etc/nginx/conf.stream.d]/ensure) created
Jul 13 14:40:27 d7thost puppet-agent[29229]: (/Stage[main]/Nginx::Config/File[/etc/nginx/conf.mail.d]/ensure) created
Jul 13 14:40:27 d7thost puppet-agent[29229]: (/Stage[main]/Nginx::Config/File[/etc/nginx/sites-enabled]/ensure) created
Jul 13 14:40:27 d7thost puppet-agent[29229]: (/Stage[main]/Nginx::Config/File[/etc/nginx/sites-available]/ensure) created
Jul 13 14:40:27 d7thost puppet-agent[29229]: (/Stage[main]/Nginx::Config/File[/etc/nginx/conf.d/default.conf]/ensure) removed
Jul 13 14:40:27 d7thost puppet-agent[29229]: (/Stage[main]/Nginx::Service/Service[nginx]) Triggered 'refresh' from 1 events
And a default Nginx is installed and running.
However - Debian 8 - the first and most important failure...
Error: Execution of '/usr/bin/apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62' returned 2: Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.g3DCb5ug2B --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyring /etc/apt/trusted.gpg.d/puppetlabs-keyring.gpg --keyring /etc/apt/trusted.gpg.d/puppetlabs-nightly-keyring.gpg --keyserver keyserver.ubuntu.com --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
gpg: requesting key 7BD9BF62 from hkp server keyserver.ubuntu.com
?: keyserver.ubuntu.com: Connection refused
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
Error: /Stage[main]/Nginx::Package::Debian/Apt::Source[nginx]/Apt::Key[Add key: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from Apt::Source nginx]/Apt_key[Add key: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from Apt::Source nginx]/ensure: change from absent to present failed: Execution of '/usr/bin/apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62' returned 2: Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.g3DCb5ug2B --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyring /etc/apt/trusted.gpg.d/puppetlabs-keyring.gpg --keyring /etc/apt/trusted.gpg.d/puppetlabs-nightly-keyring.gpg --keyserver keyserver.ubuntu.com --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
gpg: requesting key 7BD9BF62 from hkp server keyserver.ubuntu.com
?: keyserver.ubuntu.com: Connection refused
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
So - for Debian 8 machines (jessie) something is trying to install a Ubuntu gpg key - which his clearly a no-go.
Using a very basic puppet config of:
package { "nginx":
ensure => "latest"
}
That works - but installs Nginx from Debian's repositories - and not Nginx.org's
Help to get this going would be massively appreciated.
KR
The text was updated successfully, but these errors were encountered: