repo/redhat: manage EPEL with metalink instead of baseurl
Yum can process the mirror list in metalink format, which provides additional security checking capability. Yum compares the SHA1 checksums of each repository's repomd.xml file against that of the master mirrors. This ensures that significantly out-of-date mirrors are not used and should reduce our CI timeouts issues. Change-Id: I5beb0de2bca28b12001aaae01b5503d69bfb7727
This commit is contained in:
parent
f394947b64
commit
697f8a09ab
@ -106,11 +106,22 @@ class openstack_extras::repo::redhat::redhat(
|
||||
if ($::osfamily == 'RedHat' and
|
||||
$::operatingsystem != 'Fedora')
|
||||
{
|
||||
$epel_hash = { 'epel' => {
|
||||
'baseurl' => "https://download.fedoraproject.org/pub/epel/${::operatingsystemmajrelease}/\$basearch",
|
||||
'descr' => "Extra Packages for Enterprise Linux ${::operatingsystemmajrelease} - \$basearch",
|
||||
'gpgkey' => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${::operatingsystemmajrelease}",
|
||||
'failovermethod' => 'priority'
|
||||
# 'metalink' property is supported from Puppet 3.5
|
||||
if (versioncmp($::puppetversion, '3.5') >= 0) {
|
||||
$epel_hash = { 'epel' => {
|
||||
'metalink' => "https://mirrors.fedoraproject.org/metalink?repo=epel-${::operatingsystemmajrelease}&arch=\$basearch",
|
||||
'descr' => "Extra Packages for Enterprise Linux ${::operatingsystemmajrelease} - \$basearch",
|
||||
'gpgkey' => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${::operatingsystemmajrelease}",
|
||||
'failovermethod' => 'priority'
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$epel_hash = { 'epel' => {
|
||||
'baseurl' => "https://download.fedoraproject.org/pub/epel/${::operatingsystemmajrelease}/\$basearch",
|
||||
'descr' => "Extra Packages for Enterprise Linux ${::operatingsystemmajrelease} - \$basearch",
|
||||
'gpgkey' => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${::operatingsystemmajrelease}",
|
||||
'failovermethod' => 'priority'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -39,7 +39,8 @@ describe 'openstack_extras::repo::redhat::redhat' do
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'RedHat',
|
||||
:operatingsystemrelease => '7.1',
|
||||
:operatingsystemmajrelease => '7'
|
||||
:operatingsystemmajrelease => '7',
|
||||
:puppetversion => Puppet.version,
|
||||
}
|
||||
end
|
||||
|
||||
@ -60,17 +61,32 @@ describe 'openstack_extras::repo::redhat::redhat' do
|
||||
:notify => "Exec[yum_refresh]"
|
||||
)}
|
||||
|
||||
it { should contain_yumrepo('epel').with(
|
||||
:baseurl => 'https://download.fedoraproject.org/pub/epel/7/$basearch',
|
||||
:descr => 'Extra Packages for Enterprise Linux 7 - $basearch',
|
||||
:gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7",
|
||||
:failovermethod => 'priority',
|
||||
:enabled => '1',
|
||||
:gpgcheck => '1',
|
||||
:mirrorlist => 'absent',
|
||||
:require => "Anchor[openstack_extras_redhat]",
|
||||
:notify => "Exec[yum_refresh]"
|
||||
)}
|
||||
# 'metalink' property is supported from Puppet 3.5
|
||||
if Puppet.version.to_f >= 3.5
|
||||
it { should contain_yumrepo('epel').with(
|
||||
:metalink => "https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=\$basearch",
|
||||
:descr => 'Extra Packages for Enterprise Linux 7 - $basearch',
|
||||
:gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7",
|
||||
:failovermethod => 'priority',
|
||||
:enabled => '1',
|
||||
:gpgcheck => '1',
|
||||
:mirrorlist => 'absent',
|
||||
:require => "Anchor[openstack_extras_redhat]",
|
||||
:notify => "Exec[yum_refresh]"
|
||||
)}
|
||||
else
|
||||
it { should contain_yumrepo('epel').with(
|
||||
:baseurl => "https://download.fedoraproject.org/pub/epel/7/\$basearch",
|
||||
:descr => 'Extra Packages for Enterprise Linux 7 - $basearch',
|
||||
:gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7",
|
||||
:failovermethod => 'priority',
|
||||
:enabled => '1',
|
||||
:gpgcheck => '1',
|
||||
:mirrorlist => 'absent',
|
||||
:require => "Anchor[openstack_extras_redhat]",
|
||||
:notify => "Exec[yum_refresh]"
|
||||
)}
|
||||
end
|
||||
|
||||
it { should contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-Kilo').with(
|
||||
:source => "puppet:///modules/openstack_extras/RPM-GPG-KEY-RDO-Kilo",
|
||||
|
Loading…
x
Reference in New Issue
Block a user