Debian: use extrepo for setting-up the repositories
The old method used in manifests/repo/debian/debian.pp that was using apt-key is currently deprecated. apt-key itself is going to be removed in 2021. Also, downloading a random repository key from the internet is questionable at least. So I'm switching to use extrepo by default for setting-up the Debian repositories. It's nice, it's official, and it's in Bullseye already. It also is authenticated by default, and supports additional repositories (so it's prepared for the future). Change-Id: I7686a1cf541c81a9a14ef05542e31053c47e3f51
This commit is contained in:
parent
7e74f6914e
commit
c8fabb628c
manifests/repo/debian
releasenotes/notes
spec/classes
@ -15,6 +15,17 @@
|
|||||||
# Debian APT source
|
# Debian APT source
|
||||||
# Defaults to true
|
# Defaults to true
|
||||||
#
|
#
|
||||||
|
# [*package_require*]
|
||||||
|
# (optional) Whether or not to run 'apt-get update' before
|
||||||
|
# installing any packages.
|
||||||
|
# Defaults to false
|
||||||
|
#
|
||||||
|
# [*use_extrepo*]
|
||||||
|
# (optional) Should this module use extrepo to
|
||||||
|
# setup the Debian apt sources.list. If true, the
|
||||||
|
# below parameters aren't in use.
|
||||||
|
# Defaults to true.
|
||||||
|
#
|
||||||
# [*source_hash*]
|
# [*source_hash*]
|
||||||
# (optional) A hash of apt::source resources to
|
# (optional) A hash of apt::source resources to
|
||||||
# create and manage
|
# create and manage
|
||||||
@ -25,11 +36,6 @@
|
|||||||
# resources created by this class
|
# resources created by this class
|
||||||
# Defaults to {}
|
# Defaults to {}
|
||||||
#
|
#
|
||||||
# [*package_require*]
|
|
||||||
# (optional) Whether or not to run 'apt-get update' before
|
|
||||||
# installing any packages.
|
|
||||||
# Defaults to false
|
|
||||||
#
|
|
||||||
# [*deb_location*]
|
# [*deb_location*]
|
||||||
# (optional) Debian package repository location.
|
# (optional) Debian package repository location.
|
||||||
# Defaults to "http://${::lsbdistcodename}-${release}.debian.net/debian"
|
# Defaults to "http://${::lsbdistcodename}-${release}.debian.net/debian"
|
||||||
@ -43,16 +49,43 @@
|
|||||||
class openstack_extras::repo::debian::debian(
|
class openstack_extras::repo::debian::debian(
|
||||||
$release = $::openstack_extras::repo::debian::params::release,
|
$release = $::openstack_extras::repo::debian::params::release,
|
||||||
$manage_deb = true,
|
$manage_deb = true,
|
||||||
|
$package_require = false,
|
||||||
|
$use_extrepo = true,
|
||||||
|
# Below params only used if $use_extrepo is set to false
|
||||||
$source_hash = {},
|
$source_hash = {},
|
||||||
$source_defaults = {},
|
$source_defaults = {},
|
||||||
$package_require = false,
|
|
||||||
$deb_location = "http://${::lsbdistcodename}-${release}.debian.net/debian",
|
$deb_location = "http://${::lsbdistcodename}-${release}.debian.net/debian",
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
$manage_whz = undef,
|
$manage_whz = undef,
|
||||||
) inherits openstack_extras::repo::debian::params {
|
) inherits openstack_extras::repo::debian::params {
|
||||||
# handle deprecation
|
# handle deprecation
|
||||||
$deb_manage = pick($manage_whz, $manage_deb)
|
$deb_manage = pick($manage_whz, $manage_deb)
|
||||||
|
|
||||||
|
$lowercase_release = downcase($release)
|
||||||
|
|
||||||
|
|
||||||
if $deb_manage {
|
if $deb_manage {
|
||||||
|
|
||||||
|
if $use_extrepo {
|
||||||
|
# Extrepo is much nicer than what's below, because
|
||||||
|
# the repositories are authenticated by extrepo itself.
|
||||||
|
# Also, using apt-key is now deprecated (to be removed in 2021).
|
||||||
|
# We use ensure_packages to avoid conflict with any other class
|
||||||
|
# external to this module that may also install extrepo.
|
||||||
|
ensure_packages(['extrepo',], {'ensure' => 'present'})
|
||||||
|
|
||||||
|
exec { "extrepo enable openstack_${lowercase_release}":
|
||||||
|
command => "extrepo enable openstack_${lowercase_release}",
|
||||||
|
logoutput => 'on_failure',
|
||||||
|
tries => 3,
|
||||||
|
try_sleep => 1,
|
||||||
|
refreshonly => true,
|
||||||
|
require => Package['extrepo'],
|
||||||
|
}
|
||||||
|
if $package_require {
|
||||||
|
Exec["extrepo enable openstack_${lowercase_release}"] -> Exec['apt_update']
|
||||||
|
}
|
||||||
|
}else{
|
||||||
exec { 'installing openstack-backports-archive-keyring':
|
exec { 'installing openstack-backports-archive-keyring':
|
||||||
command => "/usr/bin/apt-get update ; \
|
command => "/usr/bin/apt-get update ; \
|
||||||
wget ${deb_location}/dists/pubkey.gpg ; \
|
wget ${deb_location}/dists/pubkey.gpg ; \
|
||||||
@ -67,17 +100,17 @@ class openstack_extras::repo::debian::debian(
|
|||||||
}
|
}
|
||||||
apt::source { $::openstack_extras::repo::debian::params::deb_name:
|
apt::source { $::openstack_extras::repo::debian::params::deb_name:
|
||||||
location => $deb_location,
|
location => $deb_location,
|
||||||
release => "${::lsbdistcodename}-${release}-backports",
|
release => "${::lsbdistcodename}-${lowercase_release}-backports",
|
||||||
repos => $::openstack_extras::repo::debian::params::deb_repos,
|
repos => $::openstack_extras::repo::debian::params::deb_repos,
|
||||||
}
|
}
|
||||||
-> apt::source { "${::openstack_extras::repo::debian::params::deb_name}-nochange":
|
-> apt::source { "${::openstack_extras::repo::debian::params::deb_name}-nochange":
|
||||||
location => $deb_location,
|
location => $deb_location,
|
||||||
release => "${::lsbdistcodename}-${release}-backports-nochange",
|
release => "${::lsbdistcodename}-${lowercase_release}-backports-nochange",
|
||||||
repos => $::openstack_extras::repo::debian::params::deb_repos,
|
repos => $::openstack_extras::repo::debian::params::deb_repos,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
create_resources('apt::source', $source_hash, $source_defaults)
|
create_resources('apt::source', $source_hash, $source_defaults)
|
||||||
|
}
|
||||||
|
|
||||||
if $package_require {
|
if $package_require {
|
||||||
Exec['apt_update'] -> Package<||>
|
Exec['apt_update'] -> Package<||>
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The class openstack_extras::repo::debian::debian has now a new parameter
|
||||||
|
use_extrepo, which is true by default. If true, extrepo will be used for
|
||||||
|
setting-up the OpenStack apt sources.list, and the parameters source_hash,
|
||||||
|
source_defaults and deb_location are ignored. Beware that this is now
|
||||||
|
the new default!
|
@ -7,7 +7,8 @@ describe 'openstack_extras::repo::debian::debian' do
|
|||||||
:manage_deb => true,
|
:manage_deb => true,
|
||||||
:source_hash => {},
|
:source_hash => {},
|
||||||
:source_defaults => {},
|
:source_defaults => {},
|
||||||
:package_require => false
|
:package_require => false,
|
||||||
|
:use_extrepo => false,
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -21,9 +22,37 @@ describe 'openstack_extras::repo::debian::debian' do
|
|||||||
class_params.merge!(paramclass_defaults)
|
class_params.merge!(paramclass_defaults)
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with default parameters' do
|
context 'with default params' do
|
||||||
|
it { should contain_exec('extrepo enable openstack_victoria').with(
|
||||||
|
:command => 'extrepo enable openstack_victoria',
|
||||||
|
)}
|
||||||
|
it { should contain_package('extrepo').with(
|
||||||
|
:ensure => 'present',
|
||||||
|
:name => 'extrepo',
|
||||||
|
)}
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'wallaby with extrepo' do
|
||||||
let :params do
|
let :params do
|
||||||
{}
|
{
|
||||||
|
:release => 'wallaby',
|
||||||
|
:use_extrepo => true,
|
||||||
|
}
|
||||||
|
end
|
||||||
|
it { should contain_exec('extrepo enable openstack_wallaby').with(
|
||||||
|
:command => 'extrepo enable openstack_wallaby',
|
||||||
|
)}
|
||||||
|
it { should contain_package('extrepo').with(
|
||||||
|
:ensure => 'present',
|
||||||
|
:name => 'extrepo',
|
||||||
|
)}
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with extrepo set to false' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:use_extrepo => false,
|
||||||
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
it { should contain_apt__source('debian-openstack-backports').with(
|
it { should contain_apt__source('debian-openstack-backports').with(
|
||||||
@ -87,19 +116,20 @@ describe 'openstack_extras::repo::debian::debian' do
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
default_params.merge!({ :use_extrepo => false })
|
||||||
end
|
end
|
||||||
|
|
||||||
it { should contain_apt__source('debian_unstable').with(
|
it { should contain_apt__source('debian_unstable').with(
|
||||||
:location => 'http://mymirror/debian/',
|
:location => 'http://mymirror/debian/',
|
||||||
:release => 'unstable',
|
:release => 'unstable',
|
||||||
:repos => 'main'
|
:repos => 'main',
|
||||||
)}
|
)}
|
||||||
|
|
||||||
it { should contain_apt__source('puppetlabs').with(
|
it { should contain_apt__source('puppetlabs').with(
|
||||||
:location => 'http://apt.puppetlabs.com',
|
:location => 'http://apt.puppetlabs.com',
|
||||||
:repos => 'main',
|
:repos => 'main',
|
||||||
:release => 'stretch',
|
:release => 'stretch',
|
||||||
:key => { 'id' => '4BD6EC30', 'server' => 'pgp.mit.edu' }
|
:key => { 'id' => '4BD6EC30', 'server' => 'pgp.mit.edu' },
|
||||||
)}
|
)}
|
||||||
|
|
||||||
it { should contain_exec('installing openstack-backports-archive-keyring') }
|
it { should contain_exec('installing openstack-backports-archive-keyring') }
|
||||||
@ -119,6 +149,7 @@ describe 'openstack_extras::repo::debian::debian' do
|
|||||||
'include' => { 'src' => true }
|
'include' => { 'src' => true }
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
default_params.merge!({ :use_extrepo => false })
|
||||||
end
|
end
|
||||||
|
|
||||||
it { should contain_apt__source('debian_unstable').with(
|
it { should contain_apt__source('debian_unstable').with(
|
||||||
|
Loading…
x
Reference in New Issue
Block a user