when verify_yaml:true and insights_core_gpg_check:false worker fails and doesn't execute signed script

Question

when verify_yaml:true and insights_core_gpg_check:false worker fails and doesn't execute signed script

Closed this issue 10 months ago · 0 comments

when isights-client gpg check is False but overall verification still True worker fails with IO error, expected would be that the playbook is still send for verification and the --no-gpg param only affects behavior of insights-client.

When both config values true, or verify false everything works as expected.

[rhcd] 2023/11/01 17:00:47 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] 2023/11/01 17:00:47 server.go:44: Processing received yaml data
[rhcd] 2023/11/01 17:00:47 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] 2023/11/01 17:00:47 runner.go:45: Calling insights-client with --no-gpg to skip signature validation...
[rhcd] 2023/11/01 17:00:47 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/grpc.go:172: dispatched message 1b75f3e0-98fd-4f65-9c20-8995dabc6562 to worker rhc-worker-script
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] 2023/11/01 17:00:51 runner.go:75: Unable to verify yaml file: Error sending data
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] Traceback (most recent call last):
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker]   File "/etc/insights-client/rpm.egg/insights/client/apps/ansible/playbook_verifier/contrib/gnupg.py", line 156, in _copy_data
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker]     outstream.write(data)
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] IOError: [Errno 32] Broken pipe
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker]  exit status 1
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] 2023/11/01 17:00:51 server.go:48: Creating payload for message 1b75f3e0-98fd-4f65-9c20-8995dabc6562
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] 2023/11/01 17:00:51 util.go:58: Writing form-data for executed script:
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] 2023/11/01 17:00:51 util.go:79: form-data created, returning body:  --8873589eb80926f8e12ab250565f592e7340520054306a47878d065d840e
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] Content-Disposition: form-data; name="file"; filename="rhc-worker-script-output.tar.gz"
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] Content-Type: application/vnd.redhat.tasks.filename+tgz
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker]
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] {"correlation_id":"00000000-0000-0000-0000-000000000000","stdout":"Signature of yaml file is invalid"}
[rhcd] 2023/11/01 17:00:51 /builddir/build/BUILD/rhc-0.2.0/cmd/yggd/exec.go:59: [/usr/libexec/rhc/rhc-script-worker] --8873589eb80926f8e12ab250565f592e7340520054306a47878d065d840e--