Debian: use extrepo for setting-up the repositories
The old method used in manifests/repo/debian/debian.pp that was using apt-key is currently deprecated. apt-key itself is going to be removed in 2021. Also, downloading a random repository key from the internet is questionable at least. So I'm switching to use extrepo by default for setting-up the Debian repositories. It's nice, it's official, and it's in Bullseye already. It also is authenticated by default, and supports additional repositories (so it's prepared for the future). Change-Id: I7686a1cf541c81a9a14ef05542e31053c47e3f51
This commit is contained in:
parent
7e74f6914e
commit
c8fabb628c
@ -15,6 +15,17 @@
|
||||
# Debian APT source
|
||||
# Defaults to true
|
||||
#
|
||||
# [*package_require*]
|
||||
# (optional) Whether or not to run 'apt-get update' before
|
||||
# installing any packages.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*use_extrepo*]
|
||||
# (optional) Should this module use extrepo to
|
||||
# setup the Debian apt sources.list. If true, the
|
||||
# below parameters aren't in use.
|
||||
# Defaults to true.
|
||||
#
|
||||
# [*source_hash*]
|
||||
# (optional) A hash of apt::source resources to
|
||||
# create and manage
|
||||
@ -25,11 +36,6 @@
|
||||
# resources created by this class
|
||||
# Defaults to {}
|
||||
#
|
||||
# [*package_require*]
|
||||
# (optional) Whether or not to run 'apt-get update' before
|
||||
# installing any packages.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*deb_location*]
|
||||
# (optional) Debian package repository location.
|
||||
# Defaults to "http://${::lsbdistcodename}-${release}.debian.net/debian"
|
||||
@ -43,41 +49,68 @@
|
||||
class openstack_extras::repo::debian::debian(
|
||||
$release = $::openstack_extras::repo::debian::params::release,
|
||||
$manage_deb = true,
|
||||
$package_require = false,
|
||||
$use_extrepo = true,
|
||||
# Below params only used if $use_extrepo is set to false
|
||||
$source_hash = {},
|
||||
$source_defaults = {},
|
||||
$package_require = false,
|
||||
$deb_location = "http://${::lsbdistcodename}-${release}.debian.net/debian",
|
||||
# DEPRECATED
|
||||
$manage_whz = undef,
|
||||
) inherits openstack_extras::repo::debian::params {
|
||||
# handle deprecation
|
||||
$deb_manage = pick($manage_whz, $manage_deb)
|
||||
if $deb_manage {
|
||||
exec { 'installing openstack-backports-archive-keyring':
|
||||
command => "/usr/bin/apt-get update ; \
|
||||
wget ${deb_location}/dists/pubkey.gpg ; \
|
||||
apt-key add pubkey.gpg ; \
|
||||
rm pubkey.gpg",
|
||||
logoutput => 'on_failure',
|
||||
tries => 3,
|
||||
try_sleep => 1,
|
||||
refreshonly => true,
|
||||
subscribe => File["/etc/apt/sources.list.d/${::openstack_extras::repo::debian::params::deb_name}.list"],
|
||||
notify => Exec['apt_update'],
|
||||
}
|
||||
apt::source { $::openstack_extras::repo::debian::params::deb_name:
|
||||
location => $deb_location,
|
||||
release => "${::lsbdistcodename}-${release}-backports",
|
||||
repos => $::openstack_extras::repo::debian::params::deb_repos,
|
||||
}
|
||||
-> apt::source { "${::openstack_extras::repo::debian::params::deb_name}-nochange":
|
||||
location => $deb_location,
|
||||
release => "${::lsbdistcodename}-${release}-backports-nochange",
|
||||
repos => $::openstack_extras::repo::debian::params::deb_repos,
|
||||
}
|
||||
}
|
||||
|
||||
create_resources('apt::source', $source_hash, $source_defaults)
|
||||
$lowercase_release = downcase($release)
|
||||
|
||||
|
||||
if $deb_manage {
|
||||
|
||||
if $use_extrepo {
|
||||
# Extrepo is much nicer than what's below, because
|
||||
# the repositories are authenticated by extrepo itself.
|
||||
# Also, using apt-key is now deprecated (to be removed in 2021).
|
||||
# We use ensure_packages to avoid conflict with any other class
|
||||
# external to this module that may also install extrepo.
|
||||
ensure_packages(['extrepo',], {'ensure' => 'present'})
|
||||
|
||||
exec { "extrepo enable openstack_${lowercase_release}":
|
||||
command => "extrepo enable openstack_${lowercase_release}",
|
||||
logoutput => 'on_failure',
|
||||
tries => 3,
|
||||
try_sleep => 1,
|
||||
refreshonly => true,
|
||||
require => Package['extrepo'],
|
||||
}
|
||||
if $package_require {
|
||||
Exec["extrepo enable openstack_${lowercase_release}"] -> Exec['apt_update']
|
||||
}
|
||||
}else{
|
||||
exec { 'installing openstack-backports-archive-keyring':
|
||||
command => "/usr/bin/apt-get update ; \
|
||||
wget ${deb_location}/dists/pubkey.gpg ; \
|
||||
apt-key add pubkey.gpg ; \
|
||||
rm pubkey.gpg",
|
||||
logoutput => 'on_failure',
|
||||
tries => 3,
|
||||
try_sleep => 1,
|
||||
refreshonly => true,
|
||||
subscribe => File["/etc/apt/sources.list.d/${::openstack_extras::repo::debian::params::deb_name}.list"],
|
||||
notify => Exec['apt_update'],
|
||||
}
|
||||
apt::source { $::openstack_extras::repo::debian::params::deb_name:
|
||||
location => $deb_location,
|
||||
release => "${::lsbdistcodename}-${lowercase_release}-backports",
|
||||
repos => $::openstack_extras::repo::debian::params::deb_repos,
|
||||
}
|
||||
-> apt::source { "${::openstack_extras::repo::debian::params::deb_name}-nochange":
|
||||
location => $deb_location,
|
||||
release => "${::lsbdistcodename}-${lowercase_release}-backports-nochange",
|
||||
repos => $::openstack_extras::repo::debian::params::deb_repos,
|
||||
}
|
||||
}
|
||||
create_resources('apt::source', $source_hash, $source_defaults)
|
||||
}
|
||||
|
||||
if $package_require {
|
||||
Exec['apt_update'] -> Package<||>
|
||||
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The class openstack_extras::repo::debian::debian has now a new parameter
|
||||
use_extrepo, which is true by default. If true, extrepo will be used for
|
||||
setting-up the OpenStack apt sources.list, and the parameters source_hash,
|
||||
source_defaults and deb_location are ignored. Beware that this is now
|
||||
the new default!
|
@ -7,7 +7,8 @@ describe 'openstack_extras::repo::debian::debian' do
|
||||
:manage_deb => true,
|
||||
:source_hash => {},
|
||||
:source_defaults => {},
|
||||
:package_require => false
|
||||
:package_require => false,
|
||||
:use_extrepo => false,
|
||||
}
|
||||
end
|
||||
|
||||
@ -21,9 +22,37 @@ describe 'openstack_extras::repo::debian::debian' do
|
||||
class_params.merge!(paramclass_defaults)
|
||||
end
|
||||
|
||||
context 'with default parameters' do
|
||||
context 'with default params' do
|
||||
it { should contain_exec('extrepo enable openstack_victoria').with(
|
||||
:command => 'extrepo enable openstack_victoria',
|
||||
)}
|
||||
it { should contain_package('extrepo').with(
|
||||
:ensure => 'present',
|
||||
:name => 'extrepo',
|
||||
)}
|
||||
end
|
||||
|
||||
context 'wallaby with extrepo' do
|
||||
let :params do
|
||||
{}
|
||||
{
|
||||
:release => 'wallaby',
|
||||
:use_extrepo => true,
|
||||
}
|
||||
end
|
||||
it { should contain_exec('extrepo enable openstack_wallaby').with(
|
||||
:command => 'extrepo enable openstack_wallaby',
|
||||
)}
|
||||
it { should contain_package('extrepo').with(
|
||||
:ensure => 'present',
|
||||
:name => 'extrepo',
|
||||
)}
|
||||
end
|
||||
|
||||
context 'with extrepo set to false' do
|
||||
let :params do
|
||||
{
|
||||
:use_extrepo => false,
|
||||
}
|
||||
end
|
||||
|
||||
it { should contain_apt__source('debian-openstack-backports').with(
|
||||
@ -87,19 +116,20 @@ describe 'openstack_extras::repo::debian::debian' do
|
||||
}
|
||||
}
|
||||
})
|
||||
default_params.merge!({ :use_extrepo => false })
|
||||
end
|
||||
|
||||
it { should contain_apt__source('debian_unstable').with(
|
||||
:location => 'http://mymirror/debian/',
|
||||
:release => 'unstable',
|
||||
:repos => 'main'
|
||||
:location => 'http://mymirror/debian/',
|
||||
:release => 'unstable',
|
||||
:repos => 'main',
|
||||
)}
|
||||
|
||||
it { should contain_apt__source('puppetlabs').with(
|
||||
:location => 'http://apt.puppetlabs.com',
|
||||
:repos => 'main',
|
||||
:release => 'stretch',
|
||||
:key => { 'id' => '4BD6EC30', 'server' => 'pgp.mit.edu' }
|
||||
:location => 'http://apt.puppetlabs.com',
|
||||
:repos => 'main',
|
||||
:release => 'stretch',
|
||||
:key => { 'id' => '4BD6EC30', 'server' => 'pgp.mit.edu' },
|
||||
)}
|
||||
|
||||
it { should contain_exec('installing openstack-backports-archive-keyring') }
|
||||
@ -119,13 +149,14 @@ describe 'openstack_extras::repo::debian::debian' do
|
||||
'include' => { 'src' => true }
|
||||
}
|
||||
})
|
||||
default_params.merge!({ :use_extrepo => false })
|
||||
end
|
||||
|
||||
it { should contain_apt__source('debian_unstable').with(
|
||||
:include => { 'src' => true },
|
||||
:location => 'http://mymirror/debian/',
|
||||
:release => 'unstable',
|
||||
:repos => 'main',
|
||||
:include => { 'src' => true },
|
||||
:location => 'http://mymirror/debian/',
|
||||
:release => 'unstable',
|
||||
:repos => 'main',
|
||||
)}
|
||||
|
||||
it { should contain_exec('installing openstack-backports-archive-keyring') }
|
||||
|
Loading…
Reference in New Issue
Block a user