Clients use GPG keys to check the authenticity of software packages before they are installed. Only trusted software can be installed on clients.
In most cases, you do not need to adjust the GPG settings to be able to install software on your clients.
By default, operating systems trust only their own GPG keys when they are installed, and do not trust keys provided by third party packages. The clients can be successfully bootstrapped without the GPG key being trusted. However, you cannot install new client tool packages or update them until the keys are trusted.
Salt clients are set to trust SUSE tools channels GPG keys when they are bootstrapped. For all other clients and channels, you need to manually trust third party GPG keys.
On the Uyuni Server, at the command prompt, check the contents of the
/srv/www/htdocs/pub/directory. This directory contains all available public keys. Take a note of the key that applies to the channel assigned to the client you are registering.
Open the relevant bootstrap script, locate the
ORG_GPG_KEY=parameter and add the required key. For example:
You do not need to delete any previously stored keys.
If you are bootstrapping clients from the Uyuni Web UI, you need to use a Salt state to trust the key. Create the Salt state and assign it to the organization. You can then use an activation key and configuration channels to deploy the key to the clients.