Hi there,
We are trialling Datadog monitoring with the Puppet agent to install the package and monitors. We recently updated from the 1.8.1 release to tracking against master to get the disk check integrations working.
However in the latest version, the yum repository management is not importing the package signing key, causing Puppet runs to fail.
The error relates to this commit: 4170230 which rotated GPG keys installed by the Puppet module. However the package signing key has not changed to match what the Puppet module is doing.
A simple resolution would be to either revert the earlier commit which changed the specified key file, or to sign the current rpm packages with the new GPG key so they install correctly with valid GPG checks.
It's a quick workaround to manually install the DATADOG_RPM_KEY.public until the integration is updated:
wget https://yum.datadoghq.com/DATADOG_RPM_KEY.public
sudo rpm --import DATADOG_RPM_KEY.public
rpm -qp --queryformat "%{SUMMARY}\n" datadog-agent-5.10.1-1.x86_64.rpm
warning: datadog-agent-5.10.1-1.x86_64.rpm: Header V3 DSA/SHA1 Signature, **key ID 4172a230:** NOKEY
$ rpm -qi gpg-pubkey-4172a230-55dd14f6
Name : gpg-pubkey Relocations: (not relocatable)
Version : **4172a230** Vendor: (none)
Release : 55dd14f6 Build Date: Tue 13 Dec 2016 11:12:44 NZDT
Install Date: Tue 13 Dec 2016 11:12:44 NZDT Build Host: localhost
Group : Public Keys Source RPM: (none)
Size : 0 License: pubkey
Signature : (none)
Summary : **gpg(Datadog Packages** <package@datadoghq.com>)
Description :
Working host:
$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
gpg(Datadog Packages <package@datadoghq.com>)
gpg(Datadog, Inc <package@datadoghq.com>)
Broken host:
$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
gpg(Datadog, Inc <package@datadoghq.com>)
When I run a puppet agent test on a host missing the Datadog Packages GPG key it gives the following error:
Notice: /Stage[main]/Datadog_agent::Redhat/Remote_file[DATADOG_RPM_KEY.public]/ensure: created
Notice: /Stage[main]/Datadog_agent::Redhat/Exec[cleanup-gpg-key]/returns: executed successfully
Error: Could not update: Execution of '/usr/bin/yum -d 0 -e 0 -y install datadog-agent' returned 1: warning: rpmts_HdrFromFdno: Header V3 DSA/SHA1 Signature, key ID 4172a230: NOKEY
The GPG keys listed for the "Datadog, Inc." repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.
Error: /Stage[main]/Datadog_agent::Redhat/Package[datadog-agent]/ensure: change from purged to latest failed: Could not update: Execution of '/usr/bin/yum -d 0 -e 0 -y install datadog-agent' returned 1: warning: rpmts_HdrFromFdno: Header V3 DSA/SHA1 Signature, key ID 4172a230: NOKEY
The GPG keys listed for the "Datadog, Inc." repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.
Hi there,
We are trialling Datadog monitoring with the Puppet agent to install the package and monitors. We recently updated from the 1.8.1 release to tracking against
masterto get the disk check integrations working.However in the latest version, the yum repository management is not importing the package signing key, causing Puppet runs to fail.
The error relates to this commit: 4170230 which rotated GPG keys installed by the Puppet module. However the package signing key has not changed to match what the Puppet module is doing.
A simple resolution would be to either revert the earlier commit which changed the specified key file, or to sign the current rpm packages with the new GPG key so they install correctly with valid GPG checks.
It's a quick workaround to manually install the
DATADOG_RPM_KEY.publicuntil the integration is updated:Working host:
Broken host:
When I run a puppet agent test on a host missing the
Datadog PackagesGPG key it gives the following error: