Merge pull request 'feat: firstrun optimisations' (#216) from neoloc/yumrepos into develop

Reviewed-on: unkinben/puppet-prod#216
2024-05-19 22:46:19 +09:30 · 2024-05-19 22:46:19 +09:30 · 4b0ff2deee
commit 4b0ff2deee
parent adf27a3090 598a8c0f52
3 changed files with 26 additions and 1 deletions
--- a/site/profiles/manifests/firstrun/complete.pp
+++ b/site/profiles/manifests/firstrun/complete.pp
@ -1,11 +1,19 @@
 # profiles::firstrun::complete
 class profiles::firstrun::complete {

+  file { '/root/.cache':
+    ensure => 'directory',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0750',
+  }
+
  file {'/root/.cache/puppet_firstrun_complete':
    ensure  => 'file',
    owner   => 'root',
    group   => 'root',
    mode    => '0750',
    content => 'firstrun completed',
+    require => File['/root/.cache'],
  }
 }
--- a/site/profiles/manifests/firstrun/init.pp
+++ b/site/profiles/manifests/firstrun/init.pp
@ -12,7 +12,8 @@ class profiles::firstrun::init {
  include profiles::firstrun::complete


-  Class['profiles::pki::vaultca']
+  Class['profiles::defaults']
+  -> Class['profiles::pki::vaultca']
  -> Class['profiles::base::repos']
  -> Class['profiles::firstrun::packages']
  -> Class['profiles::firstrun::complete']
--- a/site/profiles/manifests/yum/global.pp
+++ b/site/profiles/manifests/yum/global.pp
@ -11,10 +11,26 @@ class profiles::yum::global (
    },
  }

+  # purge all yum repos not defined by puppet
  resources { 'yumrepo':
    purge => $purge,
  }

+  # download all gpg keys if a repo defines it
+  $repos.each |$name, $repo| {
+    if $repo['gpgkey'] {
+      $key_url = $repo['gpgkey']
+      $key_file = "/etc/pki/rpm-gpg/${name}-gpg-key"
+
+      exec { "download_gpg_key_${name}":
+        command => "curl -s -o ${key_file} ${key_url} && rpm --import ${key_file}",
+        path    => ['/bin', 'usr/bin'],
+        creates => $key_file,
+        before  => Yumrepo[$name],
+      }
+    }
+  }
+
  # create repos
  create_resources('yumrepo', $repos)