repo/redhat: manage EPEL with metalink instead of baseurl

Yum can process the mirror list in metalink format, which provides additional
security checking capability.
Yum compares the SHA1 checksums of each repository's repomd.xml file against
that of the master mirrors.
This ensures that significantly out-of-date mirrors are not used and
should reduce our CI timeouts issues.

Change-Id: I5beb0de2bca28b12001aaae01b5503d69bfb7727
This commit is contained in:
Emilien Macchi 2015-06-29 09:33:08 -04:00
parent f394947b64
commit 697f8a09ab
2 changed files with 44 additions and 17 deletions

@ -106,11 +106,22 @@ class openstack_extras::repo::redhat::redhat(
if ($::osfamily == 'RedHat' and
$::operatingsystem != 'Fedora')
{
$epel_hash = { 'epel' => {
'baseurl' => "https://download.fedoraproject.org/pub/epel/${::operatingsystemmajrelease}/\$basearch",
'descr' => "Extra Packages for Enterprise Linux ${::operatingsystemmajrelease} - \$basearch",
'gpgkey' => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${::operatingsystemmajrelease}",
'failovermethod' => 'priority'
# 'metalink' property is supported from Puppet 3.5
if (versioncmp($::puppetversion, '3.5') >= 0) {
$epel_hash = { 'epel' => {
'metalink' => "https://mirrors.fedoraproject.org/metalink?repo=epel-${::operatingsystemmajrelease}&arch=\$basearch",
'descr' => "Extra Packages for Enterprise Linux ${::operatingsystemmajrelease} - \$basearch",
'gpgkey' => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${::operatingsystemmajrelease}",
'failovermethod' => 'priority'
}
}
} else {
$epel_hash = { 'epel' => {
'baseurl' => "https://download.fedoraproject.org/pub/epel/${::operatingsystemmajrelease}/\$basearch",
'descr' => "Extra Packages for Enterprise Linux ${::operatingsystemmajrelease} - \$basearch",
'gpgkey' => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${::operatingsystemmajrelease}",
'failovermethod' => 'priority'
}
}
}

@ -39,7 +39,8 @@ describe 'openstack_extras::repo::redhat::redhat' do
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '7.1',
:operatingsystemmajrelease => '7'
:operatingsystemmajrelease => '7',
:puppetversion => Puppet.version,
}
end
@ -60,17 +61,32 @@ describe 'openstack_extras::repo::redhat::redhat' do
:notify => "Exec[yum_refresh]"
)}
it { should contain_yumrepo('epel').with(
:baseurl => 'https://download.fedoraproject.org/pub/epel/7/$basearch',
:descr => 'Extra Packages for Enterprise Linux 7 - $basearch',
:gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7",
:failovermethod => 'priority',
:enabled => '1',
:gpgcheck => '1',
:mirrorlist => 'absent',
:require => "Anchor[openstack_extras_redhat]",
:notify => "Exec[yum_refresh]"
)}
# 'metalink' property is supported from Puppet 3.5
if Puppet.version.to_f >= 3.5
it { should contain_yumrepo('epel').with(
:metalink => "https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=\$basearch",
:descr => 'Extra Packages for Enterprise Linux 7 - $basearch',
:gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7",
:failovermethod => 'priority',
:enabled => '1',
:gpgcheck => '1',
:mirrorlist => 'absent',
:require => "Anchor[openstack_extras_redhat]",
:notify => "Exec[yum_refresh]"
)}
else
it { should contain_yumrepo('epel').with(
:baseurl => "https://download.fedoraproject.org/pub/epel/7/\$basearch",
:descr => 'Extra Packages for Enterprise Linux 7 - $basearch',
:gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7",
:failovermethod => 'priority',
:enabled => '1',
:gpgcheck => '1',
:mirrorlist => 'absent',
:require => "Anchor[openstack_extras_redhat]",
:notify => "Exec[yum_refresh]"
)}
end
it { should contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-Kilo').with(
:source => "puppet:///modules/openstack_extras/RPM-GPG-KEY-RDO-Kilo",