Logstash install fails due to dependency on PGP server

[peterskim12]

When trying to install Logstash via Puppet module, I got this error:

==> default: Error: Execution of '/usr/bin/apt-key adv --keyserver pgp.mit.edu --recv-keys D88E42B4' returned 2: Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.gZdi1xiGZ2 --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver pgp.mit.edu --recv-keys D88E42B4
==> default: gpg: requesting key D88E42B4 from hkp server pgp.mit.edu
==> default: gpgkeys: key D88E42B4 can't be retrieved
==> default: gpg: no valid OpenPGP data found.
==> default: gpg: Total number processed: 0
==> default: Notice: /Stage[main]/Logstash::Repo/Apt::Source[logstash]/Apt::Key[Add key: D88E42B4 from Apt::Source logstash]/Anchor[apt_key D88E42B4 present]: Dependency Apt_key[Add key: D88E42B4 from Apt::Source logstash] has failures: true

Presumably the PGP service was down. @electrical mentioned that this should be changed to use a key file instead to cut off the dependency on the server being up.

[igalic]

shouldn't that be filed under @elasticsearch logstash then?

[electrical]

@igalic nah. in the puppet module i use the GPG server. sometimes it works. sometimes it doesn't. need to move it to the key file it self instead of getting it from the gpg server.

[cyrilzloi]

Works for me under Debian 7.6:

"key_server => 'hkp://pgp.mit.edu:80'," in repo.pp manifest.

[mikey-]

Hey guys ^_^ other than editing key_server, is there any kind of work around for this?

btw i only started getting this when i upgraded puppet from 3.2.0 to 3.7.4. weird

UPDATE: went back down to 3.5.0 and I don't get this issue. :s unfortunately I don't have the luxury of downgrading puppet on our servers

[mikey-]

I fixed this here. (Works under Ubuntu 14.04). I'd PR but I couldn't get the rspec tests to even run. Anyway, Ima just use this fork for a while i guess <3 <3

[cyrilzloi]

Nice fix, thanks. Ill test it)

From:"Mikey Battiston" [email protected]
Date:Sun, Mar 15, 2015 at 23:03
Subject:Re: [puppet-logstash] Logstash install fails due to dependency on PGP server (#191)

I fixed this here. I'd PR but I couldn't get the rspec tests to run (before I made any change). Anyway, Ima just use this fork for a while i guess <3 <3

—
Reply to this email directly or view it on GitHub.

[agonen]

I've tried to give it a test . got this error :

==> default: Error: validate_re(): "46095ACC8548582C1A2699A9D27D666CD88E42B4" does not match ["\A(0x)?[0-9a-fA-F]{8}\Z", "\A(0x)?[0-9a-fA-F]{16}\Z"] at /etc/puppet/modules/apt/manifests/key.pp:60 on node vagrant-ubuntu-trusty-64
==> default: Error: validate_re(): "46095ACC8548582C1A2699A9D27D666CD88E42B4" does not match ["\A(0x)?[0-9a-fA-F]{8}\Z", "\A(0x)?[0-9a-fA-F]{16}\Z"] at /etc/puppet/modules/apt/manifests/key.pp:60 on node vagrant-ubuntu-trusty-64

I've Ubuntu 14.10

[mikey-]

Sorry for the late reply, should be more clear about this, the fix isn't just changing the key.

it's changing the key
and using key_source instead of key_server

hope that helps :s

You should be able to use the 40 hex character long key fingerprint. do you know which version of the apt module you're using? see key.pp in puppetlabs/puppetlabs-apt

[electrical]

I did fix this issue in the Elasticsearch module but is planned to be ported over to this module as well in the very near future.

[mikey-]

nice, thanks! can't wait ;) <3

[AtzeDeVries]

very nice, but i still can't wait ;)

[jmkgreen]

As a result of other modules requiring the newer apt source module, we now find this module causing Puppet runs to fail:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter keyserver_options on Apt_key[Add key: D88E42B4 from Apt::Source logstash] at /etc/puppet/modules/apt/manifests/key.pp:95 on node virt-04.int.company.net
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

This would now seem rather urgent, to us at least.

[bflad]

Hi, interestingly you may be experiencing what we saw in our environment until all nodes were running puppetlabs/apt >=2. See this for more details: voxpupuli/puppet-nginx#650 (issue is not nginx specific). Basically, if you're running puppetserver, you'll need to restart the server or run the agent multiple times for a successful convergence until all nodes are upgraded.

[jmkgreen]

@bflad which makes things all the more absurd: trying puppetlabs/apt >= 2 in the "test" environment ahead of production roll-out - essentially production breaks test. At this point I'm unsure who to point the finger of blame at most but I'm sure having a bad experience one way or another.

[jmkgreen]

Manually patching this into our production logstash module with apt 1.8 gets us green again. I have dropped the 2.1 apt from our test rig just to get consistency again.

[ghost]

@abednarik fixed this one in 65e175d. 💯