Error during add-signing-service

Support
#1

Problem:

Hi All

If you could point me in some direction please.
These steps have been performed so many times without problems.

We have an external signer serving several POC pulp3 containers.

The signer script ran manually, do sign files successfully on this container.
It is executable and belongs to user pulp.

The GPG public key is imported in the running container as user pulp.

bash-4.4$ gpg --list-keys
/var/lib/pulp/.gnupg/pubring.kbx

pub rsa4096 2023-06-28 [SC]
9514737D86B3760B840B7E1CDF072A75289C0123
uid [ultimate] Linux RPM Software Repository TEST linux-solutions@abc.com
sub rsa4096 2023-06-28 [E]

Error output from:

/usr/local/bin/pulpcore-manager add-signing-service “my_collection_signer” /var/lib/pulp/scripts/remote_collection_sign.sh 9514737D86B3760B840B7E1CDF072A75289C0123

or ( gpg2 --with-colons --list-keys KEY_UID )

/usr/local/bin/pulpcore-manager add-signing-service “my_collection_signer” /var/lib/pulp/scripts/remote_collection_sign.sh 98F22CE97851A1F2AC4C4C957577510CB8511123

`> Traceback (most recent call last):

File “/usr/local/bin/pulpcore-manager”, line 8, in
sys.exit(manage())
File “/usr/local/lib/python3.8/site-packages/pulpcore/app/manage.py”, line 11, in manage
execute_from_command_line(sys.argv)
File “/usr/local/lib/python3.8/site-packages/django/core/management/init.py”, line 442, in execute_from_command_line
utility.execute()
File “/usr/local/lib/python3.8/site-packages/django/core/management/init.py”, line 436, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File “/usr/local/lib/python3.8/site-packages/django/core/management/base.py”, line 412, in run_from_argv
self.execute(*args, **cmd_options)
File “/usr/local/lib/python3.8/site-packages/django/core/management/base.py”, line 458, in execute
output = self.handle(*args, **options)
File “/usr/local/lib/python3.8/site-packages/pulpcore/app/management/commands/add-signing-service.py”, line 89, in handle
SigningService.objects.create(
File “/usr/local/lib/python3.8/site-packages/django/db/models/manager.py”, line 87, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
File “/usr/local/lib/python3.8/site-packages/django/db/models/query.py”, line 658, in create
obj.save(force_insert=True, using=self.db)
File “/usr/local/lib/python3.8/site-packages/pulpcore/app/models/content.py”, line 869, in save
self.validate()
File “/usr/local/lib/python3.8/site-packages/pulpcore/app/models/content.py”, line 905, in validate
return_value = self.sign(temp_file.name)
File “/usr/local/lib/python3.8/site-packages/pulpcore/app/models/content.py”, line 812, in sign
raise RuntimeError(str(completed_process.stderr))
RuntimeError: b’’
`

Expected outcome:

To accept command

Pulpcore version:

3.28.1 / 3.27

Pulp plugins installed and their versions:

Operating system - distribution and version:

pulp in one container 3.28.1
Running in nomad 1.5
SLES15 SP3 host

bash-4.4$ pwd
/var/lib/pulp

bash-4.4$ id
uid=700(pulp) gid=700(pulp) groups=700(pulp)

bash-4.4$ ls -la
drwxr-xr-x 1 pulp pulp 6 Jun 30 03:38 assets
-rw------- 1 pulp pulp 1103 Jun 30 14:25 .bash_history
drwx------ 3 pulp pulp 183 Jun 30 15:24 .gnupg
drwxr-xr-x 1 pulp pulp 22 Jun 30 14:45 media
drwxr-xr-x 1 pulp pulp 39 Jun 30 14:11 scripts
drwx------ 2 pulp pulp 6 Jun 30 14:16 .ssh
drwxr-xr-x 1 pulp pulp 54 Jun 30 14:47 tmp

Thanks so much.
Jan

#2

Could you share the signing script?

#3

Also, what content type is the signing service for? For example, the signing services used with pulp_deb need to be created with --class deb:AptReleaseSigningService as part of the pulpcore-manager command.

#4

Hi dkliban

Thanks so much for asking the question.
The problem was in there.

New day new try.

The error output changed over the weekend from:

to

File “/usr/local/lib/python3.8/site-packages/pulpcore/app/models/content.py”, line 812, in sign
raise RuntimeError(str(completed_process.stderr))
RuntimeError: b’ … host sign cannot be resolved’

b’’ got filled with the error. Nice

Image used this morning(at the time of use 6 hours old):
“Created”: “2023-07-03T01:43:11.014610538Z”
Image ID : 16988dc8c662

The script in podman exec worked but pulpcore-manager does not read the ENVIRONMENT variables declared
in the nomad ENV declaration.

Although the ENV VAR for the remote signer was visible in ‘podman exec -ti -u pulp container-id bash’
pulpcore-manager was unaware of it.

Now the remote signer HOST is declared in settings.py and the signer script grabs it from there.
All good now.

@quba42

The signer is used for the RPM remote collection signing.

Thanks so much for the support.

1 Like