[kitchen] Workaround dnf bug preventing installation on RHEL/CentOS 8…

….1 (#11516) When DNF runs in non-interactive mode on RHEL 8.1, it will run into https://bugzilla.redhat.com/show_bug.cgi?id=1792506 - essentially, if there are multiple gpgkey entries configured, only the first one will be respected. If the repodata is signed with key that's not the first entry, it will lead to yum makecache -y failing. This PR makes us turn off repodata signature verification on RHEL 8.1 thus avoiding this issue. (I did test on RHEL 8.5 and it works fine there with repodata signature verification turned off). Note that install_script.sh and all other config mgmt tools already do this, so this is the last place affected. Co-authored-by: Kylian Serrania <[email protected]>
DataDog · Mar 31, 2022 · 3c081fa · 3c081fa
1 parent a27c16c
commit 3c081fa
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/test/kitchen/site-cookbooks/dd-agent-step-by-step/recipes/default.rb b/test/kitchen/site-cookbooks/dd-agent-step-by-step/recipes/default.rb
@@ -40,6 +40,9 @@
 
 when 'rhel'
   protocol = node['platform_version'].to_i < 6 ? 'http' : 'https'
+  # Because of https://bugzilla.redhat.com/show_bug.cgi?id=1792506, we disable
+  # repo_gpgcheck on RHEL/CentOS < 8.2
+  repo_gpgcheck = node['platform_version'].to_f < 8.2 ? '0' : '1'
 
   file '/etc/yum.repos.d/datadog.repo' do
     content <<-EOF.gsub(/^ {6}/, '')
@@ -48,7 +51,7 @@
       baseurl = #{node['dd-agent-step-by-step']['yumrepo']}
       enabled=1
       gpgcheck=1
-      repo_gpgcheck=1
+      repo_gpgcheck=#{repo_gpgcheck}
       gpgkey=#{protocol}://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
              #{protocol}://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
              #{protocol}://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public