feat: adding reposync wrapper and tooling
- add autosyncer/autopromoter scripts - add timer and service to initial sync process - add timer/service for daily/weekly/monthly autopromote - add define to manage each repo - add nginx webserver to share repos - add favion.ico if enabled - add selinux management, and packages for selinux - cleanup package management, sorting package groups into package classes
This commit is contained in:
@@ -0,0 +1,105 @@
|
||||
# setup the autopromoter
|
||||
class profiles::reposync::autopromoter {
|
||||
|
||||
# Ensure the autopromoter script is present and executable
|
||||
file { '/usr/local/bin/autopromoter':
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
content => template('profiles/reposync/autopromoter.erb'),
|
||||
}
|
||||
|
||||
# daily autopromote service/timer
|
||||
$_daily_timer = @(EOT)
|
||||
[Unit]
|
||||
Description=autopromoter daily timer
|
||||
[Timer]
|
||||
OnCalendar=*-*-* 05:00:00
|
||||
RandomizedDelaySec=1s
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
EOT
|
||||
|
||||
$_daily_service = @(EOT)
|
||||
[Unit]
|
||||
Description=autopromoter daily service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/autopromoter daily
|
||||
User=root
|
||||
Group=root
|
||||
PermissionsStartOnly=false
|
||||
PrivateTmp=no
|
||||
EOT
|
||||
|
||||
systemd::timer { 'autopromoter-daily.timer':
|
||||
timer_content => $_daily_timer,
|
||||
service_content => $_daily_service,
|
||||
active => true,
|
||||
enable => true,
|
||||
require => File['/usr/local/bin/autopromoter'],
|
||||
}
|
||||
|
||||
# weekly autopromote service/timer
|
||||
$_weekly_timer = @(EOT)
|
||||
[Unit]
|
||||
Description=autopromoter weekly timer
|
||||
[Timer]
|
||||
OnCalendar=Sun *-*-* 05:05:00
|
||||
RandomizedDelaySec=1s
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
EOT
|
||||
|
||||
$_weekly_service = @(EOT)
|
||||
[Unit]
|
||||
Description=autopromoter weekly service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/autopromoter weekly
|
||||
User=root
|
||||
Group=root
|
||||
PermissionsStartOnly=false
|
||||
PrivateTmp=no
|
||||
EOT
|
||||
|
||||
systemd::timer { 'autopromoter-weekly.timer':
|
||||
timer_content => $_weekly_timer,
|
||||
service_content => $_weekly_service,
|
||||
active => true,
|
||||
enable => true,
|
||||
require => File['/usr/local/bin/autopromoter'],
|
||||
}
|
||||
|
||||
# monthly autopromote service/timer
|
||||
$_monthly_timer = @(EOT)
|
||||
[Unit]
|
||||
Description=autopromoter monthly timer
|
||||
[Timer]
|
||||
OnCalendar=*-*-01 05:10:00
|
||||
RandomizedDelaySec=1s
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
EOT
|
||||
|
||||
$_monthly_service = @(EOT)
|
||||
[Unit]
|
||||
Description=autopromoter monthly service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/autopromoter monthly
|
||||
User=root
|
||||
Group=root
|
||||
PermissionsStartOnly=false
|
||||
PrivateTmp=no
|
||||
EOT
|
||||
|
||||
systemd::timer { 'autopromoter-monthly.timer':
|
||||
timer_content => $_monthly_timer,
|
||||
service_content => $_monthly_service,
|
||||
active => true,
|
||||
enable => true,
|
||||
require => File['/usr/local/bin/autopromoter'],
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,44 @@
|
||||
# setup the autosyncer
|
||||
class profiles::reposync::autosyncer {
|
||||
|
||||
# Ensure the autosyncer script is present and executable
|
||||
file { '/usr/local/bin/autosyncer':
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
content => template('profiles/reposync/autosyncer.erb'),
|
||||
require => Class['profiles::packages::reposync'],
|
||||
}
|
||||
|
||||
# daily autosyncr service/timer
|
||||
$_timer = @(EOT)
|
||||
[Unit]
|
||||
Description=autosyncer timer
|
||||
[Timer]
|
||||
OnCalendar=*-*-* 03:00:00
|
||||
RandomizedDelaySec=1s
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
EOT
|
||||
|
||||
$_service = @(EOT)
|
||||
[Unit]
|
||||
Description=autosyncer service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/autosyncer
|
||||
User=root
|
||||
Group=root
|
||||
PermissionsStartOnly=false
|
||||
PrivateTmp=no
|
||||
EOT
|
||||
|
||||
systemd::timer { 'autosyncer.timer':
|
||||
timer_content => $_timer,
|
||||
service_content => $_service,
|
||||
active => true,
|
||||
enable => true,
|
||||
require => File['/usr/local/bin/autosyncer'],
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,46 @@
|
||||
# define to generate repositories in yum
|
||||
define profiles::reposync::repos (
|
||||
String $repository,
|
||||
String $description,
|
||||
String $osname,
|
||||
String $release,
|
||||
Stdlib::HTTPUrl $baseurl,
|
||||
Stdlib::HTTPUrl $gpgkey,
|
||||
String $arch = 'x86_64',
|
||||
String $repo_owner = 'root',
|
||||
String $repo_group = 'root',
|
||||
Stdlib::Absolutepath $basepath = '/data/repos',
|
||||
){
|
||||
|
||||
$repos_name = downcase("${osname}-${release}-${repository}-${arch}")
|
||||
$conf_file = "/etc/reposync/conf.d/${repos_name}.conf"
|
||||
|
||||
# Create the repository configuration
|
||||
yumrepo { $repos_name:
|
||||
ensure => 'present',
|
||||
descr => $description,
|
||||
baseurl => $baseurl,
|
||||
gpgkey => $gpgkey,
|
||||
target => '/etc/yum.repos.d/reposync.repo',
|
||||
enabled => 0,
|
||||
gpgcheck => 1,
|
||||
}
|
||||
|
||||
# Ensure the repo dest path exists
|
||||
file { "${basepath}/live/${repos_name}" :
|
||||
ensure => 'directory',
|
||||
owner => $repo_owner,
|
||||
group => $repo_group,
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
# Create the repo configuration file
|
||||
file { $conf_file:
|
||||
ensure => file,
|
||||
owner => $repo_owner,
|
||||
group => $repo_group,
|
||||
mode => '0644',
|
||||
content => template('profiles/reposync/repo_conf.erb'),
|
||||
require => File['/etc/reposync/conf.d'],
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,30 @@
|
||||
# setup a reposync syncer
|
||||
class profiles::reposync::syncer {
|
||||
|
||||
include profiles::packages::reposync
|
||||
include profiles::reposync::autosyncer
|
||||
include profiles::reposync::autopromoter
|
||||
include profiles::reposync::webserver
|
||||
|
||||
# Ensure the reposync config path exists
|
||||
file { '/etc/reposync':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
file { '/etc/reposync/conf.d':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
# get a list of repos as a hash, and iterate through them
|
||||
$repos = lookup('profiles::reposync::repos_list', {})
|
||||
$repos.each | String $name, Hash $repo_hash | {
|
||||
profiles::reposync::repos { $name:
|
||||
* => $repo_hash,
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,58 @@
|
||||
# setup a reposync webserver
|
||||
class profiles::reposync::webserver (
|
||||
String $www_root = '/data/repos/snap',
|
||||
String $nginx_vhost = 'repos.main.unkin.net',
|
||||
Integer $nginx_port = 80,
|
||||
Boolean $favicon = true,
|
||||
Boolean $selinux = true,
|
||||
) {
|
||||
|
||||
class { 'nginx': }
|
||||
|
||||
# create the nginx vhost
|
||||
nginx::resource::server { $nginx_vhost:
|
||||
listen_port => $nginx_port,
|
||||
server_name => [$nginx_vhost],
|
||||
use_default_location => true,
|
||||
access_log => "/var/log/nginx/${nginx_vhost}_access.log",
|
||||
error_log => "/var/log/nginx/${nginx_vhost}_error.log",
|
||||
www_root => $www_root,
|
||||
autoindex => 'on',
|
||||
}
|
||||
|
||||
if $favicon {
|
||||
file { "${www_root}/favicon.ico":
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source => 'puppet:///modules/profiles/reposync/favicon.ico',
|
||||
}
|
||||
}
|
||||
|
||||
if $selinux {
|
||||
|
||||
# include packages that are required
|
||||
include profiles::packages::selinux
|
||||
|
||||
# set httpd_sys_content_t to all files under the www_root
|
||||
selinux::fcontext { $www_root:
|
||||
ensure => 'present',
|
||||
seltype => 'httpd_sys_content_t',
|
||||
pathspec => "${www_root}(/.*)?",
|
||||
}
|
||||
|
||||
# make sure we can connect to port 80
|
||||
selboolean { 'httpd_can_network_connect':
|
||||
persistent => true,
|
||||
value => 'on',
|
||||
}
|
||||
|
||||
exec { "restorecon_${www_root}":
|
||||
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
||||
command => "restorecon -Rv ${www_root}",
|
||||
refreshonly => true,
|
||||
subscribe => Selinux::Fcontext[$www_root],
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user