Debian: use extrepo for setting-up the repositories

The old method used in manifests/repo/debian/debian.pp that was
using apt-key is currently deprecated. apt-key itself is going
to be removed in 2021. Also, downloading a random repository key
from the internet is questionable at least.

So I'm switching to use extrepo by default for setting-up the
Debian repositories. It's nice, it's official, and it's in
Bullseye already. It also is authenticated by default, and supports
additional repositories (so it's prepared for the future).

Change-Id: I7686a1cf541c81a9a14ef05542e31053c47e3f51

manifests/repo/debian/debian.pp

@@ -15,6 +15,17 @@
 #   Debian APT source
 #   Defaults to true
 #
+# [*package_require*]
+#   (optional) Whether or not to run 'apt-get update' before
+#   installing any packages.
+#   Defaults to false
+#
+# [*use_extrepo*]
+#   (optional) Should this module use extrepo to
+#   setup the Debian apt sources.list. If true, the
+#   below parameters aren't in use.
+#   Defaults to true.
+#
 # [*source_hash*]
 #   (optional) A hash of apt::source resources to
 #   create and manage
@@ -25,11 +36,6 @@
 #   resources created by this class
 #   Defaults to {}
 #
-# [*package_require*]
-#   (optional) Whether or not to run 'apt-get update' before
-#   installing any packages.
-#   Defaults to false
-#
 # [*deb_location*]
 #   (optional) Debian package repository location.
 #   Defaults to "http://${::lsbdistcodename}-${release}.debian.net/debian"
@@ -43,16 +49,43 @@
 class openstack_extras::repo::debian::debian(
   $release         = $::openstack_extras::repo::debian::params::release,
   $manage_deb      = true,
+  $package_require = false,
+  $use_extrepo     = true,
+  # Below params only used if $use_extrepo is set to false
   $source_hash     = {},
   $source_defaults = {},
-  $package_require = false,
   $deb_location    = "http://${::lsbdistcodename}-${release}.debian.net/debian",
   # DEPRECATED
   $manage_whz      = undef,
 ) inherits openstack_extras::repo::debian::params {
   # handle deprecation
   $deb_manage = pick($manage_whz, $manage_deb)
+
+  $lowercase_release = downcase($release)
+
+
   if $deb_manage {
+
+    if $use_extrepo {
+      # Extrepo is much nicer than what's below, because
+      # the repositories are authenticated by extrepo itself.
+      # Also, using apt-key is now deprecated (to be removed in 2021).
+      # We use ensure_packages to avoid conflict with any other class
+      # external to this module that may also install extrepo.
+      ensure_packages(['extrepo',], {'ensure' => 'present'})
+
+      exec { "extrepo enable openstack_${lowercase_release}":
+        command     => "extrepo enable openstack_${lowercase_release}",
+        logoutput   => 'on_failure',
+        tries       => 3,
+        try_sleep   => 1,
+        refreshonly => true,
+        require     => Package['extrepo'],
+      }
+      if $package_require {
+        Exec["extrepo enable openstack_${lowercase_release}"] -> Exec['apt_update']
+      }
+    }else{
       exec { 'installing openstack-backports-archive-keyring':
         command     => "/usr/bin/apt-get update ; \
                      wget ${deb_location}/dists/pubkey.gpg ; \
@@ -67,17 +100,17 @@ class openstack_extras::repo::debian::debian(
       }
       apt::source { $::openstack_extras::repo::debian::params::deb_name:
         location => $deb_location,
-      release  => "${::lsbdistcodename}-${release}-backports",
+        release  => "${::lsbdistcodename}-${lowercase_release}-backports",
         repos    => $::openstack_extras::repo::debian::params::deb_repos,
       }
       -> apt::source { "${::openstack_extras::repo::debian::params::deb_name}-nochange":
         location => $deb_location,
-      release  => "${::lsbdistcodename}-${release}-backports-nochange",
+        release  => "${::lsbdistcodename}-${lowercase_release}-backports-nochange",
         repos    => $::openstack_extras::repo::debian::params::deb_repos,
       }
     }
-
     create_resources('apt::source', $source_hash, $source_defaults)
+  }
 
   if $package_require {
     Exec['apt_update'] -> Package<||>

releasenotes/notes/debian-uses-extrepo-a77c672920581e4e.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    The class openstack_extras::repo::debian::debian has now a new parameter
+    use_extrepo, which is true by default. If true, extrepo will be used for
+    setting-up the OpenStack apt sources.list, and the parameters source_hash,
+    source_defaults and deb_location are ignored. Beware that this is now
+    the new default!

spec/classes/openstack_extras_repo_debian_debian_spec.rb

@@ -7,7 +7,8 @@ describe 'openstack_extras::repo::debian::debian' do
         :manage_deb      => true,
         :source_hash     => {},
         :source_defaults => {},
-        :package_require => false
+        :package_require => false,
+        :use_extrepo     => false,
       }
     end
 
@@ -21,9 +22,37 @@ describe 'openstack_extras::repo::debian::debian' do
       class_params.merge!(paramclass_defaults)
     end
 
-    context 'with default parameters' do
+    context 'with default params' do
+      it { should contain_exec('extrepo enable openstack_victoria').with(
+        :command => 'extrepo enable openstack_victoria',
+      )}
+      it { should contain_package('extrepo').with(
+        :ensure => 'present',
+        :name   => 'extrepo',
+      )}
+    end
+
+    context 'wallaby with extrepo' do
       let :params do
-        {}
+        {
+          :release     => 'wallaby',
+          :use_extrepo => true,
+        }
+      end
+      it { should contain_exec('extrepo enable openstack_wallaby').with(
+        :command => 'extrepo enable openstack_wallaby',
+      )}
+      it { should contain_package('extrepo').with(
+        :ensure => 'present',
+        :name   => 'extrepo',
+      )}
+    end
+
+    context 'with extrepo set to false' do
+      let :params do
+        {
+          :use_extrepo => false,
+        }
       end
 
       it { should contain_apt__source('debian-openstack-backports').with(
@@ -87,19 +116,20 @@ describe 'openstack_extras::repo::debian::debian' do
                                    }
                                 }
                               })
+        default_params.merge!({ :use_extrepo => false })
       end
 
       it { should contain_apt__source('debian_unstable').with(
         :location    => 'http://mymirror/debian/',
         :release     => 'unstable',
-        :repos    => 'main'
+        :repos       => 'main',
       )}
 
       it { should contain_apt__source('puppetlabs').with(
         :location    => 'http://apt.puppetlabs.com',
         :repos       => 'main',
         :release     => 'stretch',
-        :key      => { 'id' => '4BD6EC30', 'server' => 'pgp.mit.edu' }
+        :key         => { 'id' => '4BD6EC30', 'server' => 'pgp.mit.edu' },
       )}
 
       it { should contain_exec('installing openstack-backports-archive-keyring') }
@@ -119,6 +149,7 @@ describe 'openstack_extras::repo::debian::debian' do
                                    'include' => { 'src' => true }
                                 }
                               })
+        default_params.merge!({ :use_extrepo => false })
       end
 
       it { should contain_apt__source('debian_unstable').with(