3eabc630c4
Unfortunately we can't mix the distributions here, because upstream keeps the same filename, built differently, in each distributions separate pool. So we can't combine it back into one pool. Mirror each into a separate subdirectory. Change-Id: I728d38daf9a953a64364689da0648c9339a27693
490 lines
20 KiB
Puppet
490 lines
20 KiB
Puppet
# == Class: openstack_project::mirror_update
|
|
#
|
|
class openstack_project::mirror_update (
|
|
$reprepro_keytab = '',
|
|
$admin_keytab = '',
|
|
$gem_keytab = '',
|
|
$centos_keytab = '',
|
|
$epel_keytab = '',
|
|
$yum_puppetlabs_keytab = '',
|
|
$fedora_keytab = '',
|
|
$opensuse_keytab = '',
|
|
) {
|
|
include ::gnupg
|
|
include ::openstack_project::reprepro_mirror
|
|
|
|
class { 'openstack_project::server': }
|
|
|
|
class { 'openstack_project::gem_mirror': }
|
|
|
|
file { '/etc/gem.keytab':
|
|
owner => 'rubygems',
|
|
group => 'root',
|
|
mode => '0400',
|
|
content => $gem_keytab,
|
|
require => Class['openstack_project::gem_mirror'],
|
|
}
|
|
|
|
file { '/etc/afsadmin.keytab':
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0400',
|
|
content => $admin_keytab,
|
|
}
|
|
|
|
file { '/usr/local/bin/gem-mirror-update':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
source => 'puppet:///modules/openstack_project/gem-mirror-update.sh',
|
|
}
|
|
|
|
file { '/etc/reprepro.keytab':
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0400',
|
|
content => $reprepro_keytab,
|
|
}
|
|
|
|
file { '/usr/local/bin/reprepro-mirror-update':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
source => 'puppet:///modules/openstack_project/reprepro/reprepro-mirror-update.sh',
|
|
}
|
|
|
|
### Debian mirror ###
|
|
::openstack_project::reprepro { 'debian-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian',
|
|
basedir => '/afs/.openstack.org/mirror/debian',
|
|
distributions => 'openstack_project/reprepro/distributions.debian.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-updates',
|
|
releases => ['stretch', 'buster'],
|
|
skip_backports_for => [''],
|
|
}
|
|
|
|
cron { 'reprepro debian':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'reprepro-debian'),
|
|
command => 'flock -n /var/run/reprepro/debian.lock reprepro-mirror-update /etc/reprepro/debian mirror.debian >>/var/log/reprepro/debian-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['debian-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
# This key is included as a workaround, as GnuPG (at least the version on
|
|
# Xenial) and so by extension reprepro is unable to parse multi-signature
|
|
# Release files so only sees the first one it encounters, which in the case
|
|
# of the Stretch archive is the Jessie archive signing key.
|
|
gnupg_key { 'Debian 8/jessie Archive':
|
|
ensure => present,
|
|
key_id => '7638D0442B90D010',
|
|
user => 'root',
|
|
key_source => 'puppet:///modules/openstack_project/reprepro/debian-jessie-mirror-gpg-key.asc',
|
|
key_type => 'public',
|
|
}
|
|
|
|
gnupg_key { 'Debian 9/stretch Archive':
|
|
ensure => present,
|
|
key_id => 'E0B11894F66AEC98',
|
|
user => 'root',
|
|
key_source => 'puppet:///modules/openstack_project/reprepro/debian-stretch-mirror-gpg-key.asc',
|
|
key_type => 'public',
|
|
}
|
|
|
|
gnupg_key { 'Debian 10/buster Archive':
|
|
ensure => present,
|
|
key_id => 'DC30D7C23CBBABEE',
|
|
user => 'root',
|
|
key_source => 'puppet:///modules/openstack_project/reprepro/debian-buster-mirror-gpg-key.asc',
|
|
key_type => 'public',
|
|
}
|
|
|
|
|
|
# Note debian-security needs it's own mirroring process, as we found
|
|
# that including it in the main "debian-updates" config lead to
|
|
# weird conflicts of package names breaking the mirror.
|
|
::openstack_project::reprepro { 'debian-security-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian-security',
|
|
basedir => '/afs/.openstack.org/mirror/debian-security',
|
|
distributions => 'openstack_project/reprepro/distributions.debian-security.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-security-updates',
|
|
releases => ['stretch', 'buster'],
|
|
}
|
|
|
|
cron { 'reprepro debian security':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'reprepro-debian-security'),
|
|
command => 'flock -n /var/run/reprepro/debian-security.lock reprepro-mirror-update /etc/reprepro/debian-security mirror.debian-security >>/var/log/reprepro/debian-security-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['debian-security-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
gnupg_key { 'Debian 9/stretch Security':
|
|
ensure => present,
|
|
key_id => 'EDA0D2388AE22BA9',
|
|
user => 'root',
|
|
key_source => 'puppet:///modules/openstack_project/reprepro/debian-stretch-security-mirror-gpg-key.asc',
|
|
key_type => 'public',
|
|
}
|
|
|
|
gnupg_key { 'Debian 10/buster Security':
|
|
ensure => present,
|
|
key_id => '4DFAB270CAA96DFA',
|
|
user => 'root',
|
|
key_source => 'puppet:///modules/openstack_project/reprepro/debian-buster-security-mirror-gpg-key.asc',
|
|
key_type => 'public',
|
|
}
|
|
|
|
::openstack_project::reprepro { 'ubuntu-reprepro-mirror':
|
|
confdir => '/etc/reprepro/ubuntu',
|
|
basedir => '/afs/.openstack.org/mirror/ubuntu',
|
|
distributions => 'openstack_project/reprepro/distributions.ubuntu.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates',
|
|
releases => ['bionic', 'focal', 'xenial'],
|
|
}
|
|
|
|
cron { 'reprepro ubuntu':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'reprepro-ubuntu'),
|
|
command => 'flock -n /var/run/reprepro/ubuntu.lock reprepro-mirror-update /etc/reprepro/ubuntu mirror.ubuntu >>/var/log/reprepro/ubuntu-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['ubuntu-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
::openstack_project::reprepro { 'ubuntu-ports-reprepro-mirror':
|
|
confdir => '/etc/reprepro/ubuntu-ports',
|
|
basedir => '/afs/.openstack.org/mirror/ubuntu-ports',
|
|
distributions => 'openstack_project/reprepro/distributions.ubuntu-ports.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates',
|
|
releases => ['bionic', 'focal', 'xenial'],
|
|
}
|
|
|
|
cron { 'reprepro ubuntu-ports':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'reprepro-ubuntu-ports'),
|
|
command => 'flock -n /var/run/reprepro/ubuntu-ports.lock reprepro-mirror-update /etc/reprepro/ubuntu-ports mirror.ubuntu-ports >>/var/log/reprepro/ubuntu-ports-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['ubuntu-ports-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
gnupg_key { 'Ubuntu Archive':
|
|
ensure => present,
|
|
key_id => '40976EAF437D05B5',
|
|
user => 'root',
|
|
key_server => 'hkp://keyserver.ubuntu.com',
|
|
key_type => 'public',
|
|
}
|
|
|
|
gnupg_key { 'Ubuntu Archive (2012)':
|
|
ensure => present,
|
|
key_id => '3B4FE6ACC0B21F32',
|
|
user => 'root',
|
|
key_server => 'hkp://keyserver.ubuntu.com',
|
|
key_type => 'public',
|
|
}
|
|
|
|
::openstack_project::reprepro { 'debian-ceph-hammer-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian-ceph-hammer',
|
|
basedir => '/afs/.openstack.org/mirror/ceph-deb-hammer',
|
|
distributions => 'openstack_project/reprepro/distributions.debian-ceph-hammer.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-hammer-updates',
|
|
releases => ['xenial'],
|
|
}
|
|
|
|
cron { 'reprepro debian ceph hammer':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'debian-ceph-hammer'),
|
|
command => 'flock -n /var/run/reprepro/debian-ceph-hammer.lock reprepro-mirror-update /etc/reprepro/debian-ceph-hammer mirror.deb-hammer >>/var/log/reprepro/debian-ceph-hammer-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['debian-ceph-hammer-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
::openstack_project::reprepro { 'debian-ceph-jewel-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian-ceph-jewel',
|
|
basedir => '/afs/.openstack.org/mirror/ceph-deb-jewel',
|
|
distributions => 'openstack_project/reprepro/distributions.debian-ceph-jewel.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-jewel-updates',
|
|
releases => ['xenial'],
|
|
}
|
|
|
|
cron { 'reprepro debian ceph jewel':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'debian-ceph-jewel'),
|
|
command => 'flock -n /var/run/reprepro/debian-ceph-jewel.lock reprepro-mirror-update /etc/reprepro/debian-ceph-jewel mirror.deb-jewel >>/var/log/reprepro/debian-ceph-jewel-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['debian-ceph-jewel-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
::openstack_project::reprepro { 'debian-ceph-luminous-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian-ceph-luminous',
|
|
basedir => '/afs/.openstack.org/mirror/ceph-deb-luminous',
|
|
distributions => 'openstack_project/reprepro/distributions.debian-ceph-luminous.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-luminous-updates',
|
|
releases => ['stretch', 'xenial'],
|
|
}
|
|
|
|
cron { 'reprepro debian ceph luminous':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'debian-ceph-luminous'),
|
|
command => 'flock -n /var/run/reprepro/debian-ceph-luminous.lock reprepro-mirror-update /etc/reprepro/debian-ceph-luminous mirror.deb-luminous >>/var/log/reprepro/debian-ceph-luminous-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['debian-ceph-luminous-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
::openstack_project::reprepro { 'debian-ceph-mimic-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian-ceph-mimic',
|
|
basedir => '/afs/.openstack.org/mirror/ceph-deb-mimic',
|
|
distributions => 'openstack_project/reprepro/distributions.debian-ceph-mimic.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-mimic-updates',
|
|
releases => ['stretch', 'xenial', 'bionic'],
|
|
}
|
|
|
|
cron { 'reprepro debian ceph mimic':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'debian-ceph-mimic'),
|
|
command => 'flock -n /var/run/reprepro/debian-ceph-mimic.lock reprepro-mirror-update /etc/reprepro/debian-ceph-mimic mirror.deb-mimic >>/var/log/reprepro/debian-ceph-mimic-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['debian-ceph-mimic-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
::openstack_project::reprepro { 'debian-ceph-nautilus-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian-ceph-nautilus',
|
|
basedir => '/afs/.openstack.org/mirror/ceph-deb-nautilus',
|
|
distributions => 'openstack_project/reprepro/distributions.debian-ceph-nautilus.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-nautilus-updates',
|
|
releases => ['stretch', 'bionic'],
|
|
}
|
|
|
|
cron { 'reprepro debian ceph nautilus':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'debian-ceph-nautilus'),
|
|
command => 'flock -n /var/run/reprepro/debian-ceph-nautilus.lock reprepro-mirror-update /etc/reprepro/debian-ceph-nautilus mirror.deb-nautilus >>/var/log/reprepro/debian-ceph-nautilus-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['debian-ceph-nautilus-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
gnupg_key { 'Ceph Archive':
|
|
ensure => present,
|
|
# 08B7 3419 AC32 B4E9 66C1 A330 E84A C2C0 460F 3994
|
|
key_id => 'E84AC2C0460F3994',
|
|
user => 'root',
|
|
key_type => 'public',
|
|
key_source => 'puppet:///modules/openstack_project/reprepro/ceph-mirror-gpg-key.asc',
|
|
}
|
|
|
|
## Docker APT mirror
|
|
|
|
# Unfortunately docker upstream doesn't do the pool model correctly,
|
|
# and we have to mirror each distro separately to avoid file
|
|
# conflicts (they have the same .deb files)
|
|
::openstack_project::reprepro { 'debian-docker-bionic-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian-docker-bionic',
|
|
basedir => '/afs/.openstack.org/mirror/deb-docker/bionic',
|
|
distributions => 'openstack_project/reprepro/distributions.debian-docker.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-docker-updates',
|
|
releases => ['bionic'],
|
|
}
|
|
|
|
::openstack_project::reprepro { 'debian-docker-xenial-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian-docker-xenial',
|
|
basedir => '/afs/.openstack.org/mirror/deb-docker/xenial',
|
|
distributions => 'openstack_project/reprepro/distributions.debian-docker.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-docker-updates',
|
|
releases => ['xenial'],
|
|
}
|
|
|
|
::openstack_project::reprepro { 'debian-docker-focal-reprepro-mirror':
|
|
confdir => '/etc/reprepro/debian-docker-focal',
|
|
basedir => '/afs/.openstack.org/mirror/deb-docker/focal',
|
|
distributions => 'openstack_project/reprepro/distributions.debian-docker.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-docker-updates',
|
|
releases => ['focal'],
|
|
}
|
|
|
|
cron { 'reprepro debian docker':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'debian-docker'),
|
|
command => 'flock -n /var/run/reprepro/debian-docker.lock bash -c "for DISTRO in xenial bionic focal; do reprepro-mirror-update /etc/reprepro/debian-docker-\$DISTRO mirror.deb-docker >>/var/log/reprepro/debian-docker-\$DISTRO-mirror.log; done" 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['debian-docker-xenial-reprepro-mirror'],
|
|
::Openstack_project::Reprepro['debian-docker-bionic-reprepro-mirror'],
|
|
::Openstack_project::Reprepro['debian-docker-focal-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
gnupg_key { 'Docker Archive':
|
|
ensure => present,
|
|
# pub 4096R/0EBFCD88 2017-02-22 Docker Release (CE deb) <docker@docker.com>
|
|
# fingerprint: 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
|
|
# Note the key that signs the release file is actually the subkey F273FCD8
|
|
key_id => '0EBFCD88',
|
|
user => 'root',
|
|
key_type => 'public',
|
|
key_source => 'puppet:///modules/openstack_project/reprepro/docker-mirror-gpg-key.asc',
|
|
}
|
|
|
|
## Puppetlabs APT mirror
|
|
::openstack_project::reprepro { 'apt-puppetlabs-reprepro-mirror':
|
|
confdir => '/etc/reprepro/apt-puppetlabs',
|
|
basedir => '/afs/.openstack.org/mirror/apt-puppetlabs',
|
|
distributions => 'openstack_project/reprepro/distributions.apt-puppetlabs.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/puppetlabs-debs',
|
|
releases => { 'xenial' => 'puppet5', 'stretch' => 'puppet5 puppet6', 'bionic' => 'puppet5 puppet6' },
|
|
}
|
|
|
|
cron { 'reprepro ubuntu puppetlabs':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'ubuntu-puppetlabs'),
|
|
command => 'flock -n /var/run/reprepro/apt-puppetlabs.lock reprepro-mirror-update /etc/reprepro/apt-puppetlabs mirror.apt-puppetlabs >>/var/log/reprepro/apt-puppetlabs-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['apt-puppetlabs-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
gnupg_key { 'Puppetlabs Archive':
|
|
ensure => present,
|
|
key_id => 'EF8D349F',
|
|
user => 'root',
|
|
key_type => 'public',
|
|
key_source => 'puppet:///modules/openstack_project/reprepro/puppetlabs-mirror-gpg-key.asc',
|
|
}
|
|
|
|
### CentOS mirror ###
|
|
file { '/etc/centos.keytab':
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0400',
|
|
content => $centos_keytab,
|
|
}
|
|
|
|
file { '/usr/local/bin/centos-mirror-update':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
source => 'puppet:///modules/openstack_project/mirror/centos-mirror-update.sh',
|
|
}
|
|
|
|
cron { 'centos mirror':
|
|
ensure => 'absent',
|
|
user => 'root',
|
|
minute => fqdn_rand(45, 'centos-mirror'),
|
|
hour => '*/2',
|
|
command => 'flock -n /var/run/centos-mirror.lock centos-mirror-update mirror.centos >>/var/log/centos-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/centos-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/centos.keytab'],
|
|
]
|
|
}
|
|
|
|
### Ubuntu Cloud Archive Mirror ###
|
|
::openstack_project::reprepro { 'ubuntu-cloud-archive-reprepro-mirror':
|
|
confdir => '/etc/reprepro/ubuntu-cloud-archive',
|
|
basedir => '/afs/.openstack.org/mirror/ubuntu-cloud-archive',
|
|
distributions => 'openstack_project/reprepro/distributions.ubuntu-cloud-archive.erb',
|
|
updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-cloud-archive-updates',
|
|
releases => { 'xenial'=>['newton', 'ocata', 'pike', 'queens'], 'bionic'=>['rocky', 'stein', 'train', 'ussuri'], 'focal'=>['victoria'] },
|
|
}
|
|
|
|
cron { 'reprepro ubuntu-cloud-archive':
|
|
user => 'root',
|
|
hour => '*/2',
|
|
minute => fqdn_rand(45, 'ubuntu-cloud-archive-mirror'),
|
|
command => 'flock -n /var/run/reprepro/ubuntu-cloud-archive.lock reprepro-mirror-update /etc/reprepro/ubuntu-cloud-archive mirror.ubuntu-cloud >>/var/log/reprepro/ubuntu-cloud-archive-mirror.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => [
|
|
File['/usr/local/bin/reprepro-mirror-update'],
|
|
File['/etc/afsadmin.keytab'],
|
|
File['/etc/reprepro.keytab'],
|
|
::Openstack_project::Reprepro['ubuntu-cloud-archive-reprepro-mirror'],
|
|
]
|
|
}
|
|
|
|
gnupg_key { 'Canonical Cloud Archive Signing Key':
|
|
ensure => present,
|
|
# 391A 9AA2 1471 9283 9E9D B031 5EDB 1B62 EC49 26EA
|
|
key_id => '5EDB1B62EC4926EA',
|
|
user => 'root',
|
|
key_type => 'public',
|
|
key_source => 'puppet:///modules/openstack_project/reprepro/ubuntu-cloud-archive-gpg-key.asc',
|
|
}
|
|
|
|
# AFS Monitoring
|
|
# NOTE(ianw) 2020-02 : moved to mirror-update.opendev.org and ansible
|
|
cron { 'afsmon':
|
|
minute => [0, 30],
|
|
command => '/usr/afsmon-env/bin/afsmon statsd >> /var/log/afsmon.log 2>&1',
|
|
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
ensure => absent,
|
|
}
|
|
|
|
}
|