feat: adding reposync wrapper and tooling

- add autosyncer/autopromoter scripts
- add timer and service to initial sync process
- add timer/service for daily/weekly/monthly autopromote
- add define to manage each repo
- add nginx webserver to share repos
- add favion.ico if enabled
- add selinux management, and packages for selinux
- cleanup package management, sorting package groups into package classes
This commit is contained in:
2023-11-02 20:09:22 +11:00
parent f5ce438679
commit 19836e2069
21 changed files with 547 additions and 70 deletions
@@ -0,0 +1,105 @@
# setup the autopromoter
class profiles::reposync::autopromoter {
# Ensure the autopromoter script is present and executable
file { '/usr/local/bin/autopromoter':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0755',
content => template('profiles/reposync/autopromoter.erb'),
}
# daily autopromote service/timer
$_daily_timer = @(EOT)
[Unit]
Description=autopromoter daily timer
[Timer]
OnCalendar=*-*-* 05:00:00
RandomizedDelaySec=1s
[Install]
WantedBy=timers.target
EOT
$_daily_service = @(EOT)
[Unit]
Description=autopromoter daily service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/autopromoter daily
User=root
Group=root
PermissionsStartOnly=false
PrivateTmp=no
EOT
systemd::timer { 'autopromoter-daily.timer':
timer_content => $_daily_timer,
service_content => $_daily_service,
active => true,
enable => true,
require => File['/usr/local/bin/autopromoter'],
}
# weekly autopromote service/timer
$_weekly_timer = @(EOT)
[Unit]
Description=autopromoter weekly timer
[Timer]
OnCalendar=Sun *-*-* 05:05:00
RandomizedDelaySec=1s
[Install]
WantedBy=timers.target
EOT
$_weekly_service = @(EOT)
[Unit]
Description=autopromoter weekly service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/autopromoter weekly
User=root
Group=root
PermissionsStartOnly=false
PrivateTmp=no
EOT
systemd::timer { 'autopromoter-weekly.timer':
timer_content => $_weekly_timer,
service_content => $_weekly_service,
active => true,
enable => true,
require => File['/usr/local/bin/autopromoter'],
}
# monthly autopromote service/timer
$_monthly_timer = @(EOT)
[Unit]
Description=autopromoter monthly timer
[Timer]
OnCalendar=*-*-01 05:10:00
RandomizedDelaySec=1s
[Install]
WantedBy=timers.target
EOT
$_monthly_service = @(EOT)
[Unit]
Description=autopromoter monthly service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/autopromoter monthly
User=root
Group=root
PermissionsStartOnly=false
PrivateTmp=no
EOT
systemd::timer { 'autopromoter-monthly.timer':
timer_content => $_monthly_timer,
service_content => $_monthly_service,
active => true,
enable => true,
require => File['/usr/local/bin/autopromoter'],
}
}
@@ -0,0 +1,44 @@
# setup the autosyncer
class profiles::reposync::autosyncer {
# Ensure the autosyncer script is present and executable
file { '/usr/local/bin/autosyncer':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0755',
content => template('profiles/reposync/autosyncer.erb'),
require => Class['profiles::packages::reposync'],
}
# daily autosyncr service/timer
$_timer = @(EOT)
[Unit]
Description=autosyncer timer
[Timer]
OnCalendar=*-*-* 03:00:00
RandomizedDelaySec=1s
[Install]
WantedBy=timers.target
EOT
$_service = @(EOT)
[Unit]
Description=autosyncer service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/autosyncer
User=root
Group=root
PermissionsStartOnly=false
PrivateTmp=no
EOT
systemd::timer { 'autosyncer.timer':
timer_content => $_timer,
service_content => $_service,
active => true,
enable => true,
require => File['/usr/local/bin/autosyncer'],
}
}
+46
View File
@@ -0,0 +1,46 @@
# define to generate repositories in yum
define profiles::reposync::repos (
String $repository,
String $description,
String $osname,
String $release,
Stdlib::HTTPUrl $baseurl,
Stdlib::HTTPUrl $gpgkey,
String $arch = 'x86_64',
String $repo_owner = 'root',
String $repo_group = 'root',
Stdlib::Absolutepath $basepath = '/data/repos',
){
$repos_name = downcase("${osname}-${release}-${repository}-${arch}")
$conf_file = "/etc/reposync/conf.d/${repos_name}.conf"
# Create the repository configuration
yumrepo { $repos_name:
ensure => 'present',
descr => $description,
baseurl => $baseurl,
gpgkey => $gpgkey,
target => '/etc/yum.repos.d/reposync.repo',
enabled => 0,
gpgcheck => 1,
}
# Ensure the repo dest path exists
file { "${basepath}/live/${repos_name}" :
ensure => 'directory',
owner => $repo_owner,
group => $repo_group,
mode => '0755',
}
# Create the repo configuration file
file { $conf_file:
ensure => file,
owner => $repo_owner,
group => $repo_group,
mode => '0644',
content => template('profiles/reposync/repo_conf.erb'),
require => File['/etc/reposync/conf.d'],
}
}
@@ -0,0 +1,30 @@
# setup a reposync syncer
class profiles::reposync::syncer {
include profiles::packages::reposync
include profiles::reposync::autosyncer
include profiles::reposync::autopromoter
include profiles::reposync::webserver
# Ensure the reposync config path exists
file { '/etc/reposync':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/etc/reposync/conf.d':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
# get a list of repos as a hash, and iterate through them
$repos = lookup('profiles::reposync::repos_list', {})
$repos.each | String $name, Hash $repo_hash | {
profiles::reposync::repos { $name:
* => $repo_hash,
}
}
}
@@ -0,0 +1,58 @@
# setup a reposync webserver
class profiles::reposync::webserver (
String $www_root = '/data/repos/snap',
String $nginx_vhost = 'repos.main.unkin.net',
Integer $nginx_port = 80,
Boolean $favicon = true,
Boolean $selinux = true,
) {
class { 'nginx': }
# create the nginx vhost
nginx::resource::server { $nginx_vhost:
listen_port => $nginx_port,
server_name => [$nginx_vhost],
use_default_location => true,
access_log => "/var/log/nginx/${nginx_vhost}_access.log",
error_log => "/var/log/nginx/${nginx_vhost}_error.log",
www_root => $www_root,
autoindex => 'on',
}
if $favicon {
file { "${www_root}/favicon.ico":
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/profiles/reposync/favicon.ico',
}
}
if $selinux {
# include packages that are required
include profiles::packages::selinux
# set httpd_sys_content_t to all files under the www_root
selinux::fcontext { $www_root:
ensure => 'present',
seltype => 'httpd_sys_content_t',
pathspec => "${www_root}(/.*)?",
}
# make sure we can connect to port 80
selboolean { 'httpd_can_network_connect':
persistent => true,
value => 'on',
}
exec { "restorecon_${www_root}":
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
command => "restorecon -Rv ${www_root}",
refreshonly => true,
subscribe => Selinux::Fcontext[$www_root],
}
}
}