openstack
/
openstack-ansible-tests
Code Issues Proposed changes

Install RDO release RPM without GPG checks 

The RDO release RPM isn't signed, but all of the repositories it
configures have GPG signing enabled. Although CentOS normally doesn't
check GPG signatures for packages that are installed locally, the
security role enables those checks for all local packages.

Change-Id: I7823f386a510e2e35d79f9a1046ad48f7e58db7c
(cherry picked from commit 08c4f96e0a)
This commit is contained in:
Major Hayden 2017-03-27 07:58:58 -05:00
parent 82afd12ccb
commit 1facd991c5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common-tasks/test-set-nodepool-vars.yml
View File

@ -34,10 +34,15 @@
when:
- ansible_os_family == 'Debian'
# NOTE(mhayden): GPG checking for local package installs is normally disabled
# by default in CentOS, but the openstack-ansible-security role enables GPG
# checking for local packages. The RDO repository package isn't signed, but the
# repos it installs have GPG checking enabled.
- name: Install the RDO release package
yum:
name: "https://repos.fedorapeople.org/repos/openstack/openstack-ocata/rdo-release-ocata.rpm"
state: "present"
disable_gpg_check: yes
when:
- ansible_pkg_mgr == 'yum'