Bug #23406
closed
Salt installer fails due to GPG error on phusion passenger package repo
Description
Here's an example of the failure: test-provision-salt: #23
The error is:
12:39:53 ---------- 12:39:53 ID: nginx_install 12:39:53 Function: pkg.installed 12:39:53 Name: nginx 12:39:53 Result: False 12:39:53 Comment: An error was encountered while installing package(s): W: GPG error: https://oss-binaries.phusionpassenger.com/apt/passenger bookworm Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D870AB033FB45BD1 12:39:53 E: The repository 'https://oss-binaries.phusionpassenger.com/apt/passenger bookworm Release' is not signed. 12:39:53 Started: 15:39:51.726289 12:39:53 Duration: 1997.58 ms 12:39:53 Changes: 12:39:53 12:39:53 Summary for local 12:39:53 ------------- 12:39:53 Succeeded: 10 (changed=5) 12:39:53 Failed: 1 12:39:53 -------------
Last successful run was on Jan 22nd.
Updated by Brett Smith about 2 months ago
We don't even need this repository now that arvados-api-server builds its own Passenger. All this code can just be removed. I realize that might have some knock-off effects on the nginx install/configuration; I'm curious how much work it would be to adapt.
Updated by Lucas Di Pentima about 2 months ago
Brett Smith wrote in #note-1:
We don't even need this repository now that arvados-api-server builds its own Passenger. All this code can just be removed. I realize that might have some knock-off effects on the nginx install/configuration; I'm curious how much work it would be to adapt.
Right! and even if when we don't compile anymore (re: #22762), it will be downloaded directly. Hopefully there's a salt formula config knob that we can use to avoid setting this up.
Updated by Brett Smith about 2 months ago
- Target version set to Development 2026-02-18
Updated by Brett Smith about 1 month ago
- Target version changed from Development 2026-02-18 to Development 2026-03-04
Updated by Lucas Di Pentima 28 days ago
ยท Edited
- Branch:
- 23406-salt-passenger-fix (arvados repo - 62879b89)
- Removes
nginx.passengercalls from multi-node and single-nodes cases. - Removes passenger-related nginx configurations
- Renames
nginx_passenger.slspillars to justnginx.slsto avoid future confusion
- Removes
- 23406-pg-repo-fix (postgresql-formula repo) (https://github.com/arvados/postgres-formula/commit/cb05500e1dbea2c24cc29ea6831417f638853587)
- Fixes an issue happening on the single-node case where PG is installed from the distro package repos. In debian12, there's an updated PG version 15.16 from bookworm-security and before the fix, PG 15.15 was being installed because the postgres-formula required the package being installed from the repo '
<distroname>' (bookworm in this case). This made the install process fail because PG got upgraded in the same apt transaction asarvados-api-servergets installed, and because executing the DB migrations is part of the postinst stage and PG was not in a ready state by the timearvados-api-serverneeded it, the whole process failed.
- Fixes an issue happening on the single-node case where PG is installed from the distro package repos. In debian12, there's an updated PG version 15.16 from bookworm-security and before the fix, PG 15.15 was being installed because the postgres-formula required the package being installed from the repo '
- 23406-nginx-requirement-fix (arvados-formula repo) (https://git.arvados.org/arvados-formula.git/commitdiff/b99b332f932fd75fe30e1a894c6f5ee674303593)
- Makes sure
arvados-controllerservice waits for nginx to get reloaded with the latest config
- Makes sure
- 23406-nginx-restart-fix (nginx-formula repo) (https://github.com/arvados/nginx-formula/commit/bca3cdbeda232c978a3e25c3ab8ca7bb6898845f)
- Don't defer config changes to the end of a state run. This made
arvados-controllerreadiness probe to fail because by the time it ran,nginxwas reconfigured with the proper vhosts but not yet restarted.
- Don't defer config changes to the end of a state run. This made
- 23406-salt-passenger-fix (arvados repo - 62879b89)
- Test run: test-provision-salt: #39
- Also tested in multi-node successfully.
Updated by Lucas Di Pentima 26 days ago
Brett Smith wrote in #note-7:
LGTM, please merge, thanks.
Thanks, will merge the formula branches first and update the commit pins on provision.sh before merging the main branch.
Updated by Lucas Di Pentima 26 days ago
- Commit pins updated at a9ac54e502
- Test run to confirm everything is correct: test-provision-salt: #42
Will merge once Jenkins finishes successfully.
Updated by Lucas Di Pentima 26 days ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|27b9bbcbc9aad49af501c45cc64ff149928b0c10.