Skip to content

Re-enable gpgchecks for dnf packages (where public keys are available) #873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
bertiethorpe wants to merge 21 commits into
base: main
Choose a base branch
from
+330 −31
Draft

Re-enable gpgchecks for dnf packages (where public keys are available) #873

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
d60aadd
add eessi cvmfs config and re-enable gpg checks everywhere
bertiethorpe Dec 8, 2025
7906cfb
disable fail2ban gpg check provisionally
bertiethorpe Dec 8, 2025
8c10edf
Install epel-release gpg for rocky 8
bertiethorpe Dec 8, 2025
934b605
gpg check option correction
bertiethorpe Dec 8, 2025
32ec33e
manual dl and install of epel-release key
bertiethorpe Dec 9, 2025
d6e0f26
correct epel-release signing key
bertiethorpe Dec 9, 2025
0c1c9ce
dnf install rocky-gpg-keys
bertiethorpe Dec 9, 2025
072fd9f
stop using rpm_key module for rockyofficial key
bertiethorpe Dec 9, 2025
6d29a43
test timestamps setting gpgkey
bertiethorpe Dec 9, 2025
3eef4a4
hardcode ceph key in dnf_repos defaults
bertiethorpe Dec 10, 2025
3707dcb
preserve ceph key newlines
bertiethorpe Dec 10, 2025
bf1b654
disable gpg checks for ceph repo packages
bertiethorpe Dec 11, 2025
7fb0d02
rocky 8/9 compatibility chnages
bertiethorpe Dec 11, 2025
b997ad2
correct epel gpg key in timestamps
bertiethorpe Dec 11, 2025
0789ea5
import EPEL key
bertiethorpe Dec 11, 2025
00bc2db
hardcode cernvm gpg key
bertiethorpe Dec 11, 2025
66af4cc
disable gpgcheck for cvmfs eessi config (not provided upstream)
bertiethorpe Dec 11, 2025
0202da7
disable gpgchecks for some repos provisionally
bertiethorpe Dec 11, 2025
535242f
Merge branch 'main' into feat/ark-eessi-cvmfs-config
bertiethorpe Dec 16, 2025
89fdeac
Bump CI images
bertiethorpe Dec 16, 2025
5ab236f
move dnf_repos gpg key imports to top, consistent gpgchecks, comments
bertiethorpe Dec 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions ansible/roles/dnf_repos/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,68 @@
dnf_repos_pulp_content_url: "{{ appliances_pulp_url }}/pulp/content"
dnf_repos_username: "{{ omit }}"
dnf_repos_password: "{{ omit }}"

openhpc_gpg_keys: # https://raw.githubusercontent.com/openhpc/ohpc/v2.6.1.GA/components/admin/ohpc-release/SOURCES/RPM-GPG-KEY-OpenHPC-2
'8': |
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF331lgBCAC4xqcV9msdntSbMNRSM9EgcoT52+JBix3b9woRZSPtoFzIxKYy
05etPUl421AqXP6gUGuEC+X1WYNh34oE+MIZh1Gk5oecaC93e0bYZiZIR5vLzc6b
aZHQYTCedln5/2jmgWgpk6j0MB4Y7+XjHIkkLHdYQqBOFnF4mhvBXJcDZud3JWL/
fg6XkvI4i5iW0VNNdD55ekDaJwIUFPDgs4PJMPn0QDFtu99VVJfhdZr+plCqcfUh
aS6Pdu6EP6Uf6YK2xPGXSswLjMQ3Avj8QsMb5zL9/G2oBc/QMSvZuWQuhQxUbzex
4R9STQOSKoaQxbk6l28uK/Vwd4gvvqkBTX3vABEBAAG0OnByaXZhdGUgT0JTIChr
ZXkgd2l0aG91dCBwYXNzcGhyYXNlKSA8ZGVmYXVsdGtleUBsb2NhbG9icz6JAU4E
EwEIADgWIQRTknRNPFQ+1XhHZeaKMGAZ2lZcbAUCXffWWAIbLwULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgAAKCRCKMGAZ2lZcbLViB/0Rzs0tFj62UqTkmK+nwN0a/lCb
OayEmtaHcBBeSHf+tMa9H4dtgjlgCCt8z+bHWCi+jmilQkMSLE6eZ8S9c3TtX0/0
h0kxEKQXyFz32JFJzGNPSCFSWCqO0G5Vj6zBUrJOfWPH8AzuQPquaM49Nnj/6ueP
1XXZzsus0aIMtSS9qNgO+xNy3TrToMy+i7Z6X210WDDJwO5Wxd0CRexKobquKogx
91TaPEjv9YECP0eWFwpKhts0MPgfmjTNlzKAFsb+3eLcP918eheVtEX3VhPbkEdw
yfbEwKedIuzlhtr/wBIdbiheoDwxKG7mh58kjlH+8bLLdj++IcrxtRF+TvrouQIN
BF331lgQCACVZMPSbZGzSDo9BEYH23MIMa3apBn9jw2/6FHoOQvkxRO2RSRGtukw
PVB1NCTuOsyjM3KNX4gaVh52aadsruKrZyltp0GcbQmkQbJBAVhFv+Tkp6XWdu3V
TE/mLssidmkUQ3PFu4OLVT5Q6XRVOhBDDwJvCdQuz4SXd/k7I+yDpoNDA8Sjoxks
FzyZfcCU2OvU2HahbKja7EhEcernNYNxzJgbSbyHqnZanjrsOJYKzfbStM5bzZzl
wXnym3TV79fs2ETdB6oeKkQIKgJ0dmQLn2zloPsb3hxQITWQA+d/uQzZhLO/HbJ7
WBDwUtS8Uit4MMVjKhcp/AauzhmuMNlnAAMFB/4qFBD8zFQ+eDrcv0iV4KxUMRru
GREbpxY3+Ac49U4Bv7M23faYynxDO7qRg1BIGO2bCxb922B/AHeLRSVny3ya+0nq
K5Dw9hmdQjbJhTJbR/6k04VAEDcecwz9q6q3HN1+UiFUbNIvb1CWsxP3hx3rhU8I
JcEC5wVbVirmE6QREa5kubmDSUDU5nnglx+7U5+z/hjQi+2wR7NRXkUIf1vE/0vh
vlHD859FWT+KHcwKsvm3aICwgGYjQLSHKTNTPq7OJjOkanx2/wDRDHks6sMFTbj7
D1/h5NYwGA+CVAhaK3lNoH9yOzKEmLVujKRE9NBcrGE8PkW7IGHHzYhCIRggiQE2
BBgBCAAgFiEEU5J0TTxUPtV4R2XmijBgGdpWXGwFAl331lgCGwwACgkQijBgGdpW
XGyAMAf8CV6albHtn3y5TzmNKZ+Cp46TJRvfJbIqy+Q4VFUOJRWXsE+F2oVIfRic
X35j8I/kvvhO6EAu6Ic7Cv5B1y9X4oMpno6ZkUkDlUczNoLpP4ijWTm9cUD01Xyp
VATpA6FfxmNe0+oh3ySXzmS6DOAqSBMks2E55YbG9spYvBSGVWQ4HQ0RRxc+kwEN
td/O9MlrVfmBSVp1ccP2vOlovTBLqJS7H8pDiY9nDqCKqH1YZ7WYDvDbKl8U8v8y
0qQDgPBv+3E9WsmOsqbu1jAB7HUdZuMNnMTrlpQmiqilJ2KATOWspxY7UMKGWNWO
12Gh2vqXQrofz8qYb+vYEKLVlPP0/w==
=2mn6
-----END PGP PUBLIC KEY BLOCK-----
'9': | # https://raw.githubusercontent.com/openhpc/ohpc/v3.0.GA/components/admin/ohpc-release/SOURCES/RPM-GPG-KEY-OpenHPC-3
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBGRAIkcBCAC8ye7kDRUXziTcPmmaUmoe0Xu3RnCHUyQgUAuRgrZBgs70XXff
p1de9MABafAQQ2941Qx69NCecxAX7wYUbsoPth1G7TED9RJqa1LbajQP4134+vxi
zMwyLHaSdxlAZGiA2fsoA9X/S0P1x1/bDU3yqKMQFMnLvrSF06GdFVa/WDqTLdUp
m7O452iL7kM80dfxnTB/aZfC91pW0rb83NJYY7zfb33FbADsnOgYut5o79gqdR3n
sOF5jIZORB2QqyDVsPjkxEmjAFuyX5QLxw+H2dMz47GA4SedPgS2mrufKuFTHfCj
qcWmVkMf/r4T+3Ox3ZfIgTLaivzzJSGGIP15ABEBAAG0J09wZW5IUEMzIE9CUyBQ
cm9qZWN0IDxPcGVuSFBDM0Bwcml2YXRlPokBVAQTAQgAPhYhBG4ZvhHZoILACn20
GnrAXwlAqQzIBQJkQCJHAhsDBQkpMuAABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
AAoJEHrAXwlAqQzIQzUH/jUpZ40cRSp4RkSajjnJuYf/ZqJrSgWTe8Y36UuzEBz7
tHngVd27xmI4BAFYZI9OGWk8fyonwwlYlZ6x8lW120iqN60tVHQW4a7AGLMlr8oH
x8zrYjVclYIaPDB19zl2jdJCO9KIRGBzr71UQzZltt57wjyZkEWmbnrusV7hSq3i
GAXi/dxrVwCiFGLMegQjyM3crrUCaOHFuU0G1HQcj3orCL5sANfi+A89yD/liYNH
0GYFq6ipuCh4ybdV9mL8HoET4iDReVKsTvR1chbCsr/226yDE6YFYnekr3pOoibU
BfWT6MJYBetGE3mazBOma4DoUzY3Mt9UiVKEvLeHIa6JATMEEwEIAB0WIQRTknRN
PFQ+1XhHZeaKMGAZ2lZcbAUCZEAiSAAKCRCKMGAZ2lZcbHQOB/9iLNaV+kK+x34h
FwK6u4JVemz/YmJZ5OhHeT+3juX4VVktWDirfYwqpxr0Xbqtnvh/W866sv8aKtVc
NNaguOY00oN8fhEaXyGghc67o0kHTj/e9Dh4zoWdcIS+lgSSDfW+NVN4shFr6vv6
xrjiTDM771jgtvstu4VdRNgZZM/NYc2NgwoUGBvxcALaJ0bWQ9JQu/0fk6PTM6+h
7s90gKpjUpf7ANGNwTWq0o1FFh3+F30z6RDD7WekvTfMNod1D3Md+rszMk+h6o0B
wYosLc92Rbma4KydoWuvSlPt2AjyIh7ShAe5MdlQf6O7yYHUIJVcGFuC0VvTTsVo
+6Bhdlwn
=OA41
-----END PGP PUBLIC KEY BLOCK-----

Check failure on line 70 in ansible/roles/dnf_repos/defaults/main.yml

View workflow job for this annotation

GitHub Actions / Lint / Lint

yaml[new-line-at-end-of-file] 

No new line character at the end of file
3 changes: 2 additions & 1 deletion ansible/roles/dnf_repos/tasks/disable_repos.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
baseurl: "{{ repo_content_url }}/{{ repo_values.pulp_path }}/{{ repo_values.pulp_timestamp }}"
description: "{{ repo_name }}"
enabled: false
gpgcheck: false
gpgcheck: "{{ repo_values.gpgcheck | default(true) }}"
gpgkey: "{{ repo_values.gpgkey | default('') }}"
loop: "{{ dnf_repos_repos | dict2items }}"
loop_control:
label: "{{ repo_name }}[{{ repo_os }}]: {{ repo_values }}"
Expand Down
23 changes: 21 additions & 2 deletions ansible/roles/dnf_repos/tasks/set_repos.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,22 @@
---

- name: Import Rocky GPG key # noqa: no-changed-when
ansible.builtin.command: rpm --import "/etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-{{ ansible_distribution_major_version }}" # noqa: command-instead-of-module

- name: Import EPEL GPG key # noqa: no-changed-when
ansible.builtin.command: rpm --import "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}" # noqa: command-instead-of-module

- name: Install OpenHPC GPG key
ansible.builtin.copy:
content: "{{ openhpc_gpg_keys[ansible_distribution_major_version] }}"
dest: "/etc/pki/rpm-gpg/RPM-GPG-KEY-OpenHPC-EL{{ ansible_distribution_major_version }}"
owner: root
group: root
mode: '0644'

- name: Import OpenHPC GPG key # noqa: no-changed-when
ansible.builtin.command: rpm --import "/etc/pki/rpm-gpg/RPM-GPG-KEY-OpenHPC-EL{{ ansible_distribution_major_version }}" # noqa: command-instead-of-module

- name: Replace non-epel repos with Pulp repos
ansible.builtin.yum_repository:
file: "{{ repo_values.repo_file }}"
Expand All @@ -8,7 +25,8 @@
description: "{{ repo_name }}"
username: "{{ dnf_repos_username }}"
password: "{{ dnf_repos_password }}"
gpgcheck: false
gpgcheck: "{{ repo_values.gpgcheck | default(true) }}"
gpgkey: "{{ repo_values.gpgkey | default('') }}"
Copy link
Collaborator

@sjpb sjpb Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If gpgkey isn't provided and gpgcheck is true, that should be an error I think to avoid hard-to-diagnose errors later?

loop: "{{ dnf_repos_repos | dict2items }}"
loop_control:
label: "{{ repo_name }}[{{ repo_os }}]: {{ repo_values }}"
Expand All @@ -34,7 +52,8 @@
description: "{{ repo_name }}"
username: "{{ dnf_repos_username }}"
password: "{{ dnf_repos_password }}"
gpgcheck: false
gpgcheck: "{{ repo_values.gpgcheck | default(true) }}"
gpgkey: "{{ repo_values.gpgkey | default('') }}"
loop: "{{ dnf_repos_repos | dict2items }}"
loop_control:
label: "{{ repo_name }}[{{ repo_os }}]: {{ repo_values }}"
Expand Down
32 changes: 31 additions & 1 deletion ansible/roles/eessi/defaults/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,34 @@ cvmfs_config_default:
cvmfs_config_overrides: {}
cvmfs_config: "{{ cvmfs_config_default | combine(cvmfs_config_overrides) }}"

cvmfs_gpg_checksum: "sha256:5c60679d307a96524204c127250e8ebdda66a459659faa1718bdf32dde1d7069"
cvmfs_gpg_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQGiBEuGP6YRBADV89cbF4uoEX89Q8uxOklIDVJhOJAFKZ33LSdzHv3iObnjo5w4
wbb8FiSir4oWgarAco4u0kR1yKjHJ33oVB2xmPOzW3NWoHI7aPF7tCgo7FY9hNoC
4NEkNycvbfSoCScsv2yY5qz2q2sY1LWGZGbUXjBvKbmASe9sJFKJV7NsmwCg76W/
aMazleHyDtooD8tk3ZWvpKcD/Rg51Oad+ZLc7h45wDMHpaDvOBeGoyp+k7JgQd87
HfXiJtg/Q6zyTwrV3vCQvMpw3GRjRkZBcPgRWb6rUk68dL8fa2cTxhISX5/DIQzc
mmuDa0EgCGGAKUZ4bHqaexFFnp/B+VKBPvJuxLa0cBDd6eewxNwtHJ90EaMeBzGd
6zU2BADO9YbXiEMqRkfVLnuvD5G31/WJZvffXCxspnSfg923DbILWa4vNW9MLMsK
IVHvyVr0mZF8xdyQNVPUX3/4uahKM4hwuFqdbyjuLGEIF3U73aIJ0+YDep/+I6yU
JGHnxy8Ex+a1XIhJ1hSI7+oalSdt+w/pE3+2MQyUfSDPSXVA3LQ+Q2VyblZNIEFk
bWluaXN0cmF0b3IgKGN2bWFkbWluKSA8Y2VybnZtLmFkbWluaXN0cmF0b3JAY2Vy
bi5jaD6IXgQTEQIAHgIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAUCVwOYkgAKCRAj
DTidiuRc50E1AJ9AYvH/cydD7029jxGcs8K87lo3jACdEhbCj3cjPsp2U/WfpgK1
BQOMiwe5Ag0ES4Y/qBAIAL3sWKXQKpbIOpwX+mNX2IV2XxNBM3KYjYOEii66i9ap
Po3BA39a9Wm9vh1kYIHTkh9Qqb8w53hc4ANkVT+cYzxXythGBjWoLtwCzKCPrIb7
RQJRc956Ot0q4qmlcUEGi5zefSIoJZR5jyR7rZS+1PNJYI05xY2+Eah1u9UxrlzB
H5DCsvUqTNK12WrPIibmLo8u+yIDJjwgh9O5YITC+et/g47NLfZdiAGPLEjvJFRi
7Ju+8ywO32dSVBPJQDktr5BC950DKZHA9n+sJ63iF3lP/aCTECpxxUqXVVqioobw
g5ytl60hw9I9sfwBP6z9PR90RcyT1l4giiBz9LV+KpcAAwUIAKeAxArGaJxzWziK
s7D8TTuE50Nw+S3RGhVzwSKy7183Z11iOEMqbm2/zwp65wFkntCKmLKDnGsTgFNp
stIyFwJmj34Axp7N3KGqXnTI+SIQd6VmzQ1phxfCOw8IGueOR6YI7S1GYWt7Dose
ZKz4EWdvXCOkQAhbxq/HT2c3ihxsuxrErxz7QtNaYOFXiuLj3mYH9XaMeEe8Pkl+
yyRTvyUNlMIu/i79qf+QUlsi10nCUm88cSXQiKWOJ4GiUoT+jD7pN4ohdALRVl0t
l/EyPTw+asG3lQhPZ+solvJXp+i7KF7nwnyXDB63WNH15S1pQLMnqCuGCFyegf6j
nOJU0AqISQQYEQIACQIbDAUCVwOYgwAKCRAjDTidiuRc534jAKDu/9BZU3rirEMr
DuGbmN3ulUM+UgCfe7lg5qrGXUzZlJFTnTaTgS3Z0Rg=
=fspm
-----END PGP PUBLIC KEY BLOCK-----
34 changes: 11 additions & 23 deletions ansible/roles/eessi/tasks/install.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,34 +1,22 @@
---

- name: Download Cern GPG key
# checkov:skip=CKV2_ANSIBLE_2: "Ensure that HTTPS url is used with get_url"
ansible.builtin.get_url:
url: https://cvmrepo.web.cern.ch/cvmrepo/yum/RPM-GPG-KEY-CernVM-2048
dest: ./cvmfs-key.gpg
checksum: "{{ cvmfs_gpg_checksum }}"
mode: "0644"
- name: Install CVMFS GPG key
Copy link
Collaborator

@sjpb sjpb Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So what's different here vs e.g. openhpc where we install/import the key as part as of the dnf_repos role?

ansible.builtin.copy:
content: "{{ cvmfs_gpg_key }}"
dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-CernVM
owner: root
group: root
mode: '0644'

- name: Import downloaded GPG key # noqa: no-changed-when
ansible.builtin.command: rpm --import cvmfs-key.gpg # noqa: command-instead-of-module
- name: Import CVMFS GPG key # noqa: no-changed-when
ansible.builtin.command: rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CernVM # noqa: command-instead-of-module

# cvmfs repo provided by dnf_repos role
# cvmfs repo and eessi config provided by dnf_repos role

- name: Install CVMFS
ansible.builtin.dnf:
name: cvmfs

- name: Install EESSI CVMFS config
# checkov:skip=CKV2_ANSIBLE_4: "Ensure that packages with untrusted or missing GPG signatures are not used by dnf"
ansible.builtin.dnf:
name: https://github.com/EESSI/filesystem-layer/releases/download/latest/cvmfs-config-eessi-latest.noarch.rpm
# NOTE: Can't find any docs on obtaining gpg key - maybe downloading directly from github is ok?
disable_gpg_check: true

# Alternative version using official repo - still no GPG key :(
# - name: Add EESSI repo
# ansible.builtin.dnf:
# name: http://repo.eessi-infra.org/eessi/rhel/8/noarch/eessi-release-0-1.noarch.rpm

# - name: Install EESSI CVMFS config
# ansible.builtin.dnf:
# name: cvmfs-config-eessi
name: cvmfs-config-eessi
132 changes: 132 additions & 0 deletions ansible/roles/openondemand/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,3 +111,135 @@ openondemand_rstudio_version: 2025.05.1-513
openondemand_matlab_version: ''
# Below is automatically calculated during role run:
openondemand_gres_options: "{{ _openondemand_sinfo_gres.stdout | to_gres_options }}"

openondemand_turbovnc_gpg_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF+0POoBEADvh8UbRhwEb4QdPwD0XqxncnLumwEViosBwZBQBMG7Toymk5oH
YlQIvDlr2Idj8ClBOEkhGMbH7EFoy55cFqG7RO5cMg442LK44j2LKzMqCuLQwEuf
LutUH2Ptuzgcd7ATc3od3RSpb8VL1HDtOu584MdKlKtdQU0K+xRtM+kqBzLRhb31
U4PkQSDitXLG2juRFEN7VsKmr0IjWfjDZEHOLryfQXfEQmZJAO9ZjwKCwHIMxqYy
lWeit9C1PfBEVP30L5Vdd4vFW9XB9RLUFgMjo57dZGkk4yPDhsNhWe527A4pUOMK
Up5xLcUXrORjXEFlgh2BEC2Zy6QfRYoKTlpPGVr0g3UeYMFEkMTSsVJiwsITnpWI
wo0FzCZYBJZQQdQvI57vhRL3Xv7QPPGFnGrXye+WsTB4FQn42JE2h65yG47Dlgbw
IoMzfDd1pi7HtDl3JLvZzx3qRUk+FOzAKpZcRmpgSIih3pdZLVgQi2gZszXRLXoy
myiBkcczQk78E/RMh7bTcPxPaGukQojijlYuuLKn3Ff8WkZNrZ6RuRzzAB9qjXrY
vuALocuVcxaTPHAhoHiFaxwjPamxqlxkoR0tfad35egTqlnUraYYPTiv3XSDbHpv
he143H/Xh55eNXTZFpkBkqZWJUpt8C1ZR4xXFDy7FSDovfaMRn3rTZ/neQARAQAB
tFVUaGUgVmlydHVhbEdMIFByb2plY3QgKFNpZ25pbmcga2V5IGZvciBvZmZpY2lh
bCBiaW5hcmllcykgPGluZm9ybWF0aW9uQFZpcnR1YWxHTC5vcmc+iQJRBBMBCAA7
AhsDAheAAh4HFiEErhp7pO//mpmH4UdMS6zKs25/6aEFAmjUQt8FCwkIBwICIgIG
FQoJCAsCBBYCAwEACgkQS6zKs25/6aH79hAAsC1N938+kG6ytplU1E5RHz5MlimN
WVa9dCqUvXd8ccetoxLqycmM4hGzZgqWmcv6v0aYiuvKMCiHi6sD8mK7NqmZugIq
CS4XKqBF2E5dDZVEYDIrR7OR+PY2OM7bi+0xGXrtXIANwHp6Vg+4N7S8ROKlykHP
SBO9xUN6JRwSCzOfla081rrYdHmgp+lJ25GMsvReZcR4JVaqXThT3vYQRbP9Q7wU
1dq4tGupBRBzFNTXCDZgO3MDnHnyqGmwxqpupZMDL990CxvGTcJLIAZH06KA5AtO
vUn/Em3QVBcxbCPXYShNJdSU6Fgbnr3YbQrOpuMsiULWAwo2yUreHlQAwsPQEb5r
du++9WvSaH2b3GMVo/QS+xG/Oy06E6BqRTiov298Y4eHGHdQsVef/v/F+yxlmgi/
JKqaZCfAifP5XKJDHUoLbngnoUOgAFRPjNU7e9uJRY1J4aZ97kyIknGqssDDnGcZ
AY3UhXf1rJYHzVt/r4yvSOIxHreVl1vLn2ZpJp/Nk9Gt/OfGnxC137CsMn5j2g4W
Nt24R5fabW2KCM6nunb99MmeRZCdDgqFJ48kxBckY8uvhqcE98z84qRaMUeUATpf
zpVAwLGDR+32uKbDij5gMfOiIFQKOMFG3SplCpaQlHUMjtIKvJZvFH75CJduGOTz
ctew8kqRjxPSNLw=
=ysOU
-----END PGP PUBLIC KEY BLOCK-----

openondemand_rstudio_gpg_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGRr4rMBEADUlzsA78RMj7WiPfJf+n1HSajArYYfbpckEZXbHBV/ohtoL1gg
i2P8i8qVmKyMZHYzXYBCEd5QFhy/txU7G1ICSSKauuLL+S0sc6GltIGwzJWt8xpG
hx/ibaIDfIGKkEfcKmcvKd+M59xRJO5qNS2dIldHJLNUr0BN6xF16lf2CMAS0T+3
u6hakaGTh2PDuFCEX8eBq47h26iG8NyTruh/faNO/QoN7JZ3f8gV3gtut35DuWhh
se5MnvPv8EP1CycXJeMyWKVdU5i/ez88qQQNDKDPbBtG+38kcAs9H37Pm0fKGGoP
uUHgR8sQ1hMZ7ZdW6CbxTHitP6qFbo9pCJ1NieXf2KSiDmk/VOrtF9mlfPu+kIYB
T6WxEMva0Rb4NXESZpOgnPleOQOmo6v77n8lMUjIFpzbJCVvm391zuOAk52I3HmJ
HnBftepdqrjjzW/EG9+zhaKwMgvEk7VAKNq4vkkw4V/q1lbzRBQXJ3Ile0+AZJCf
0TnbvqnIL1wcC1932rdJRm7RCHoDdkhzmBloin9uwsPmmrbNPByz0D9HjtH2iRQV
ES+F52oLaAxzsHbFaRhyRi0UXGMnYEtdml0cL1wcGH9/XsHo+OASDOzS1a7xDbNx
e+gQP/YVze80/54rNi5RLdzR6eSFoOfpCEGC93kwKkUqEPGEdC15PO+S5QARAQAB
tCxQb3NpdCBTb2Z0d2FyZSwgUEJDIDxzZWN1cml0eS10ZWFtQHBvc2l0LmNvPokC
VAQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBItl5aEHu+/jupnF
l1HAtbsZ+S1gBQJmRiMeBQkHhh8/AAoJEFHAtbsZ+S1gcHsP/0hxGNeIqJtSajj0
Kq41AxssNEEv2xhox7PkYpbAOcQFUJvlIKIJxDWytD9zZkz+u7nGgY8FUhMoMEN9
qGZqYV8yuu4Tg4RV73GxU/6wrOijnWxCY6g/xEPdaTC+fNCuvUAzZQL4ZI/GO+25
9Gc0w3TazpGMUPK9RPr2ud5lJcOGV3C1AqG5QC9GOxsUNsU2cvUH0gmbbEh2L4Ix
H8qkERZWXYP8pZdnmecjthJ4ySgtgqh10JBQswvRMO6rgTDgkJ49gX6V9c54Cap7
diSAjMDzI/FgRFJCME41pxjQ3OWnYGtKgvX3BtKHpLWsaITtGtsVciraNn5prF/L
uKJV3vzadpebtTqZgKpBiCpSTSW8kPrEyqLeeDTbmvjcWSxU6BJYVgabXVi6DwZ/
pabG3eOKbIhk3MGYvVXB2pCPv44qz2bQIif0nQ2xqJ2nMCgUVVa2TJx8klmDwOJo
rqEmLOyAxPAWXbl2tqyFq7WnPovULUUNUCFf4o+t8nmQAV4xUvFhSpNZ8YKFVJ36
pvj8vQ3zUAwACnOAdJGC/A+/aUWx0/SIw7kFEZHs91ppMzfEezFQ5VWqFmZGYNlQ
SRjzMs8fVwNldc/VPrBC2OG9VetWUZ0jBFSPV0zunewigBho9lyyQ2w+H3MPylkB
Dmnt+12tI0YUCfJE5Q2wsOvkxQz6uQINBGRr4rMBEADFnLw/+gZQqZlu6A2FIEf3
8H2RpNfdxXV2uDHNCZSMfgRtq+kAwfkqfiVMsTOA8TcLFS26gCoeREOfmmcCxu0C
nLTUZGPh+LSIzrvjfjaq9DF625lWp/dI9MKy1JmAO4E1BQgsYMKKE+CW4edAU/uy
wxxWC23Lh9s0ZLXotGl0lBtOxrh1UmukC3oIJeAVkrMvZlnAPYFOOm1uflA9JwGJ
+ZPGYtgUFLAVkByM9cHh8Co5BW2aigF+tfrgllFSn/FvQEwXi4aO6Kik3hRTsWLm
8cA7K0EihMkgj1CH/wZCVEVN8Gs0TXV9n4PD3C3oP+abBr4e3G3VnzABcrYarl+e
Hy1icbybgNwGOXowKkVHxR7Y+8El8L8nCWnoU1fLnJngsbw1TC8vmVnhUoGADJS/
C2TWUOXhR9OuOSsKj6tEvEv9XLs0PAiiPK4Bh0dQxqSYsN4uCYJZka+mqg+5Hf2p
glnta8aC4/VdQkIVHVyDTvIMOm7mfqZsM+roVPyKdbXfXmyjfffgFt7/FBxk57kS
qS7PbbalK2C9AfU+hqmZ3dJJT+g87c5+PMQbGEbSbNktWG8btQYFw5/7B2EZSYZr
e7Ry7ySLQkFD3wFjAbSy9LeJdzdEz58odQkD6e1Q+MIPnh6eRBKPe4izrjBxLWZt
yRV/i4QIjjfix6qq26yy5wARAQABiQI8BBgBCAAmAhsMFiEEi2XloQe77+O6mcWX
UcC1uxn5LWAFAmZGI4YFCQeHFc8ACgkQUcC1uxn5LWB+XxAAtGJ+L8qq3Df3MLte
G+Zg2Rwf7NtPOBgEpw5b/jTclrDwvynC4/o1KQ44sMwPSn0xoyDdWrX30FTBywcV
HrYCh0hBa++HgQiXY2rNM2d0UX+LiZ0B5T6WVTd8wvIdkNlfi9MDHX97CwliFp/7
7o9Plb2afRuB/XgX08NIoskTprzFnEYrKFjfTbfiLGKtU2/F2S28iHVCeJ3NPJfp
TNH45TtWmTKEengL4PDMi3ZAcnrb9cwiQC6JMZRAPcNBEY/8fNFqogL24NrlSbdD
nlmk8Zbk3yqnKOT1fQx7VwaCoje9kLzTtgTnh6o7tu3X/ONvIkpIER6m8rVf4/IS
c6F66iSVbPLFSewZrPXKbtWCgxuOt4qFxOjsoNpGac1XUKvEHfL0W0s7IQQjvH95
1hyUQ17q1655FmKcOxPC+7IquU0KDTx/Q27Iziv2CY+sTlC/ARwG42/Lm9smHemJ
dFM0lx3lrKREM01BTRV7lkFNp3kRgYLq0X/gpdqW5tRn6wxyollKtLxi9LUYIRg6
4HMnD6OkgMVmeQ57ISgCB+PY0vrjZpp6PKZe2pSDZroALjab/3BT/+BcR+BlsUIc
mIg6BzpPfiFCbDYhefNcufi4WW1qmSGBLjahst4qGn4H8zC/moywEPgN2QiZm1+0
HorlOEi7/Z1VvkaLX3zrDqoGTLm5Ag0EZGvi5gEQAM1rC8ivV42u9F0/V/AhbDwa
CJNP9rCP6XeRZj6sAjyuTAQ2GkVbyRCFhDqB8w+opEoY1JTT26jN5BRHrfFvWbWX
GNPD4DUY2HrTy7ct3JYRYrVLrUlm8CrVn34CtwOH1trcm498NASZH3nrF3YFpaP1
yQAqkBEKSOU3LLk2Q7Uv4qGQIO4YRF0WNYxmzRhx/aSJi2UL7n4lTaQ8p1U25xb4
OIS966ly82wO4KsK8xUVjKDERoEj+t0cjRY5q/OgYVyHU0pvtN/9ifT3e4KWUSaV
bqNFzoUHmoy6KEZWPVEzCn87fXkMZs7Z2LBIotvfkHfIVGeBqyleY1TFZgYh6Bqo
Xb+m+PzF1LlgN/2ghrn04d1HcTwmpH06AVdueyt7nTLCTHGhZFVAm6XQ4hKZT14D
rV52bC+2ID/9z3/pRxIJcSW9rP5PREGG3XjbSMl+GUKIB5ouXpf+FZayEBZJ3Tiz
JZtNbHWsi9smTJ2ZTkUl+xLq/7iCP+XgrM7x0z/Fh89w+hQpgWzYfKP9ODNJnLkD
HrtFbn81jook/6XinNNb5TIkAiXS7TZMgPPtyMvP2zu/d/rkmV2TfjCJ+i4LmQmy
PETKas7bSUZvRIRazx1ogqgXy0f52gRXgFQud0yBvhjlGkDcW/JgtE1zlYx5AbwG
RDz6zZ9b8DCczrVL6WhdABEBAAGJAjwEGAEIACYCGwwWIQSLZeWhB7vv47qZxZdR
wLW7GfktYAUCZkYjmQUJB4cVrwAKCRBRwLW7GfktYLh9EACVprLbDAqyiftySBhE
mGRkcMAjGJK+unJQnpuU6kFYsrJAqNIoKmEcsiBCyPnqK7eZomNc4F/EZtYimCrO
FRohJjtcbhC7p8OCzqEq8zE2uJ2lWNT/pOnMpspuneEJayA6+Y2w8Pklc9MjlEfT
ZlQ5pGCzK4ZsssBhGustLrXws2lQKkIfJP+/45yJZwba+FGvhmB8SnXEUce7WKrw
tN9ZkEew4khdnYr5GvZjo6jDl6ES8rpwY5/ITE5+LMzVPTUDSG9Tht1waXJy++3T
2PYEarjjp2QX6Q/3iSjlt1uE/3amxpzgHhKH+EtldsqfZuD9lGXy/eaHBcclchsa
TDz7j9IGXkZX3psAWwSk7oeBPTvgP1ZchicWtXI2Xl6ENT+1MmOS56IkiHHcrPBw
aLL9UfUPVYd61kpqHefham4WCAWEM22mVLrjoHkpZ8WjYa4DC/85fpf6nAxsmFKR
D2xbMG3yOYosOfPjf8UUjFzOywTcSPQRupRv3Nu6nHGblKlyBccIgrasd1F9rozo
ziSS2L/BfezkDbzjgaiNjy7396gD2+lYxgfxSx7RcUAn09nRnANfyuMw7AuBOhBo
C/rutFDx4WeQ+WWxEluT+KOxWS+gllE5RfzVkBH5b+gbH3SibG0Wn0CqI5rZ5axa
HBV++eW9rb0bbC/wKzIIRxXkKrkCDQRka+puARAAtcTNQgcMyLW9EVrwsaNSLb4f
I91HjTeLETRN9xxIS/XXNsIddQk2fC8c9LTryQ5+euPG5SE/q6H/5DhpmVX54C9t
p0uKJ2QrQF25/hB1lQz+7jQ6Sq68NT79iKgp0354OpoCIfVz0bS+LIXNV6SkiF36
8RdwZ7VXbG27ECizqb2dM4X25xfvbeTcAjBiR7YKWwurZSpTKXbDaBs5UepIZuOR
ia5TGQy8ZnVxNvA7Wa89pFXbmXLJOR8b5yfcmNqv5AfNpwrlNMeYf2yT/zroEFn2
0Tt4hPz8c7KZabr586PCUyeW4L7SHD+3A6xvlXJ0ygzr+r0j27Yv4DZMyN5S8mcq
puauh6cAtE1tMsWijwZF7R48NLEex6/9LrRwAosJpSPStVJMBwIXOk7VJxOcQRtp
AwbPq8SQPqf08jdgpvZF/ZuJUS323dHLvulF4mNPQ55hNtb/d+Oqh414/mzto0O1
+1nuG07Wf2BeI5Q5onPis0EM0ru+ye8T8+eapqQ2ySeX8fEBMSiJvC2qadWWlDdN
wJkTbjr6pQgbnTwI+QBdllHxGLHjg9lmR/1X0DchhZtdziCUWTdpEy68h27ab7dN
BSm90y7AvF9QtxiNcJ1+pJE3d6w2D7Oe7ySEnCnWFfM4ON5e+hdrhsG8w1+0orye
euzwiRK1wvFlBrHTDXEAEQEAAYkCPAQYAQgAJgIbDBYhBItl5aEHu+/jupnFl1HA
tbsZ+S1gBQJmRiOoBQkHhw42AAoJEFHAtbsZ+S1guQoP/2wnafMzQ4roJssb4o6r
183Jd42A1sXr5533eBU9TRB6Zuj+zqPww2IxQEUqnUaL3uaUA7SjpyL9B0v5Da1b
DjQmuNhBSXvgwlRo9XP4mWkmLPw9hYtMRTnTVgctAHm/Zx1Y+k5XN8e3qAnZHwmD
HhVHDb7P9tiuQJAysmkzuF8RskhrYDd4feTlU65tSF6xN5GWEtY2wavtVnU9Pq3T
jm+L+upjyf8pc4eznWgDNyWbHy2WZTM21GwRwO4VJojvVAE08qmkLqqabU2MaNs0
6O3+8GJKmXnJNL1aQwV4D0BaB87uejyYqCxbASi4UapcSNrpf83cZc6FBSMaDDLr
5IWdRdMMBrSwU8Y5oZToI7Hr2dwpxvQb2g9Lek732HOmpRfkBokqajGdm571eWGs
I/nsuYhkBnv3f1JyQi9glPE0DZ9559MnJYf0tLubEtKWG25YorAOysWiq35I4Qjy
P5FsWr8F4NVxk1If6Xfd8aWMaWXWqhBpKtsW/quPN9YxuuMCbVKkEPkb1ZwZYNEf
MigrNo/my2zzY8SAHH5yCUgHOnMEWHPJjn4Ov/mL3W9VmFrFCeLya0oaVjMKMwyR
ES1evDHgpJQqbtfix3Ju0/3Xt9Vtp8qmAHwwvkMgkyiBi+iJJ2iWc0ibs5/SnWXB
U2EuISkCgcTxT1ekiArexBXc
=fY3G
-----END PGP PUBLIC KEY BLOCK-----
12 changes: 11 additions & 1 deletion ansible/roles/openondemand/tasks/rstudio_compute.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,17 @@
name: R
state: present

- name: Install RStudio GPG key
ansible.builtin.copy:
content: "{{ openondemand_rstudio_gpg_key }}"
dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-RStudio
owner: root
group: root
mode: '0644'

- name: Import RStudio GPG key # noqa: no-changed-when
ansible.builtin.command: rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-RStudio # noqa: command-instead-of-module

- name: Download RStudio Server RPM
ansible.builtin.get_url:
url: "https://download2.rstudio.org/server/rhel{{ ansible_distribution_major_version }}/x86_64/rstudio-server-rhel-{{ openondemand_rstudio_version }}-x86_64.rpm" # noqa: yaml[line-length]
Expand All @@ -18,7 +29,6 @@
ansible.builtin.dnf:
name: /tmp/rstudio-server.rpm
state: present
disable_gpg_check: true

- name: Create module directory for RStudio Server
ansible.builtin.file:
Expand Down
11 changes: 11 additions & 0 deletions ansible/roles/openondemand/tasks/vnc_compute.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,17 @@
- init_d.stat.exists
- not init_d.stat.islnk

- name: Install TurboVNC GPG key
ansible.builtin.copy:
content: "{{ openondemand_turbovnc_gpg_key }}"
dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-TurboVNC
owner: root
group: root
mode: '0644'

- name: Import TurboVNC GPG key # noqa: no-changed-when
ansible.builtin.command: rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-TurboVNC # noqa: command-instead-of-module

- name: Install VNC-related packages
tags: install
ansible.builtin.dnf:
Expand Down
Loading
Loading