From bdb0dbddbc30215169baaaa263c583e7d3183607 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 29 Jan 2020 10:59:50 +0000
Subject: [PATCH] CentOS 8: base image fixes for RabbitMQ, fluentd & InfluxDB

- Fix td-agent repo URL for fluentd. $releasever and $basearch variables
  were escaped in the repo URL.

- Disable repo_gpgcheck for RabbitMQ. The rabbitmq-server 3.7 packages
  on packagecloud are not signed, which is why we have gpgcheck=0 for
  that repo. Previously repo_gpgcheck was set to 1, but this breaks DNF
  which does not seem to accept keys imported by rpm --import for
  signing a repo (as opposed to packages). This causes it to prompt
  during package install, which does not work without a terminal in the
  build container. This should be temporary as we will upgrade RabbitMQ
  to 3.8 soon.

- Add InfluxDB repo back to list of repos to disable.

Change-Id: Ibbb720390ff17e11249a5aa77163c15c0971209a
Partially-Implements: blueprint centos-rhel-8
---
 docker/base/Dockerfile.j2                 | 9 +++------
 docker/base/rabbitmq_rabbitmq-server.repo | 5 ++++-
 docker/base/td.repo                       | 2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2
index cc6818c010..5a62b1ef23 100644
--- a/docker/base/Dockerfile.j2
+++ b/docker/base/Dockerfile.j2
@@ -91,6 +91,7 @@ RUN {{ macros.install_packages(base_centos_language_packages | customizable("cen
         'grafana.repo',
         'influxdb.repo',
         'rabbitmq_rabbitmq-server.repo',
+        'td.repo',
     ] %}
     # FIXME(mgoddard): Not available for CentOS 8 yet.
     {% if distro_package_manager == 'yum' %}
@@ -98,20 +99,18 @@ RUN {{ macros.install_packages(base_centos_language_packages | customizable("cen
             'crmsh.repo',
             'elasticsearch.repo',
             'opendaylight.repo',
-            'td.repo',
         ] %}
     {% endif %}
 
     {% set base_yum_repo_keys = [
         'https://packages.grafana.com/gpg.key',
         'https://repos.influxdata.com/influxdb.key',
-        'https://packagecloud.io/gpg.key',
+        'https://packages.treasuredata.com/GPG-KEY-td-agent',
     ] %}
     # FIXME(mgoddard): Not available for CentOS 8 yet.
     {% if distro_package_manager == 'yum' %}
         {% set base_yum_repo_keys = base_yum_repo_keys + [
             'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
-            'https://packages.treasuredata.com/GPG-KEY-td-agent',
         ] %}
     {% endif %}
 {% elif base_arch == 'aarch64' %}
@@ -128,7 +127,6 @@ RUN {{ macros.install_packages(base_centos_language_packages | customizable("cen
 
     {% set base_yum_repo_keys = [
         'https://packages.grafana.com/gpg.key',
-        'https://packagecloud.io/gpg.key',
     ] %}
     # FIXME(mgoddard): Not available for CentOS 8 yet.
     {% if distro_package_manager == 'yum' %}
@@ -148,7 +146,6 @@ RUN {{ macros.install_packages(base_centos_language_packages | customizable("cen
     {% endif %}
 
     {% set base_yum_repo_keys = [
-        'https://packagecloud.io/gpg.key',
     ] %}
     # FIXME(mgoddard): Not available for CentOS 8 yet.
     {% if distro_package_manager == 'yum' %}
@@ -251,6 +248,7 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 {% endif %}
 
 {% set base_centos_yum_repos_to_disable = [
+    'influxdb',
 ] %}
 # FIXME(mgoddard): Not available for CentOS 8 yet.
 {% if distro_package_manager == 'yum' %}
@@ -258,7 +256,6 @@ RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
         'centos-ceph-nautilus',
         'centos-nfs-ganesha28',
         'centos-qemu-ev',
-        'influxdb',
     ] %}
 {% endif %}
 
diff --git a/docker/base/rabbitmq_rabbitmq-server.repo b/docker/base/rabbitmq_rabbitmq-server.repo
index 645dcfd382..7bc839615c 100644
--- a/docker/base/rabbitmq_rabbitmq-server.repo
+++ b/docker/base/rabbitmq_rabbitmq-server.repo
@@ -1,7 +1,10 @@
 [rabbitmq_rabbitmq-server]
 name=rabbitmq_rabbitmq-server
 baseurl=https://packagecloud.io/rabbitmq/rabbitmq-server/el/$releasever/$basearch
-repo_gpgcheck=1
+# NOTE(mgoddard): rabbitmq-server 3.7 packages are not signed. Previously
+# repo_gpgcheck was set to 1, but this breaks DNF which does not seem to accept
+# keys imported by rpm --import for signing a repo (as opposed to packages).
+# TODO(mgoddard): Set gpgcheck=1 for rabbitmq-server 3.8+
 gpgcheck=0
 enabled=0
 gpgkey=https://packagecloud.io/rabbitmq/rabbitmq-server/gpgkey
diff --git a/docker/base/td.repo b/docker/base/td.repo
index b031678e1f..38dcc6d442 100644
--- a/docker/base/td.repo
+++ b/docker/base/td.repo
@@ -1,6 +1,6 @@
 [treasuredata]
 name=TreasureData
-baseurl=http://packages.treasuredata.com/3/redhat/\$releasever/\$basearch
+baseurl=http://packages.treasuredata.com/3/redhat/$releasever/$basearch
 gpgcheck=1
 gpgkey=https://packages.treasuredata.com/GPG-KEY-td-agent
 enabled=0