このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Starting with v6.14.0, the Agent RPM packages are signed with a different GPG key. As a common best practice, Datadog periodically updates the GPG key.
Hosts using RPM packages located in the Datadog Yum repository are affected by this change and need to trust the key by importing the associated public key in their hosts’ keyrings.
Trying to install or upgrade the Agent package without trusting the key results in NOKEY
errors when installing the package.
The fingerprint of the associated public key is: A4C0B90D7443CF6E4E8AA341F1068E14E09422B3
.
If you’re using the latest version for one of the following officially supported install methods, your hosts trust the key automatically and no further action is needed.
Check if a host trusts the GPG key
To check if a particular host trusts the key, run this command on the host:
rpm -q gpg-pubkey-e09422b3
If the key is trusted, the command has a 0 exit code and outputs:
gpg-pubkey-e09422b3-57744e9e
Otherwise, the command returns a non-0 exit code and the following output:
package gpg-pubkey-e09422b3 is not installed
Trust the GPG keys
This step is not required if hosts already trust the keys or if a recent version of an official installation method is used.
Import command
Run the following commands on the host:
$ curl -o /tmp/DATADOG_RPM_KEY_CURRENT.public https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
$ curl -o /tmp/DATADOG_RPM_KEY_B01082D3.public https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public
$ curl -o /tmp/DATADOG_RPM_KEY_FD4BF915.public https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
$ curl -o /tmp/DATADOG_RPM_KEY_E09422B3.public https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
$ rpm --import /tmp/DATADOG_RPM_KEY_CURRENT.public
$ rpm --import /tmp/DATADOG_RPM_KEY_B01082D3.public
$ rpm --import /tmp/DATADOG_RPM_KEY_FD4BF915.public
$ rpm --import /tmp/DATADOG_RPM_KEY_E09422B3.public
Then check if the keys are trusted by following the steps in Check if a host trusts the GPG key.
Yum repository file update
On CentOS, RHEL, and Amazon Linux, if your Yum repository file is used to define the Datadog repository (datadog.repo
), update it to add the key as a trusted key:
[datadog]
name = Datadog, Inc.
baseurl = https://yum.datadoghq.com/stable/7/x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public
https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
[datadog]
name = Datadog, Inc.
baseurl = https://yum.datadoghq.com/stable/6/x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public
https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
Note: due to a bug in dnf, use repo_gpgcheck=0
instead of repo_gpgcheck=1
on RHEL/CentOS 8.1.
Note: This method doesn’t work on SUSE-based systems. Use the import command instead.