From abdb3ec8cb3883f3aca99957b57dc133867b36a9 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sat, 16 Nov 2024 21:43:11 +1100
Subject: [PATCH] feat: update packagerepo

- remove almalinux/centos/epel repos
- manage consul service `packagerepo`
- manage ssh principals
- update vault alt-names
---
 hieradata/roles/infra/reposync/syncer.yaml | 137 ++++++---------------
 1 file changed, 38 insertions(+), 99 deletions(-)

diff --git a/hieradata/roles/infra/reposync/syncer.yaml b/hieradata/roles/infra/reposync/syncer.yaml
index a33550c..21f130d 100644
--- a/hieradata/roles/infra/reposync/syncer.yaml
+++ b/hieradata/roles/infra/reposync/syncer.yaml
@@ -2,110 +2,42 @@
 profiles::packages::include:
   createrepo: {}
 
+profiles::ssh::sign::principals:
+  - packagerepo.service.consul
+  - packagerepo.query.consul
+  - "packagerepo.service.%{facts.country}-%{facts.region}.consul"
+
+# additional altnames
 profiles::pki::vault::alt_names:
-  - repos.main.unkin.net
+  - packagerepo.main.unkin.net
+  - packagerepo.service.consul
+  - packagerepo.query.consul
+  - "packagerepo.service.%{facts.country}-%{facts.region}.consul"
+
+# configure consul service
+consul::services:
+  jupyterhub:
+    service_name: 'packagerepo'
+    tags:
+      - 'packagerepo'
+    address: "%{facts.networking.ip}"
+    port: 443
+    checks:
+      - id: 'packagerepo_http_check'
+        name: 'packagerepo HTTP Check'
+        http: "https://%{facts.networking.fqdn}"
+        method: 'GET'
+        tls_skip_verify: true
+        interval: '10s'
+        timeout: '1s'
+profiles::consul::client::node_rules:
+  - resource: service
+    segment: packagerepo
+    disposition: write
 
 profiles::reposync::webserver::nginx_listen_mode: both
 profiles::reposync::webserver::nginx_cert_type: vault
 profiles::reposync::repos_list:
-  almalinux_8_9_baseos:
-    repository: 'BaseOS'
-    description: 'AlmaLinux 8.9 - BaseOS'
-    osname: 'almalinux'
-    release: '8.9'
-    mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/baseos
-    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
-  almalinux_8_9_appstream:
-    repository: 'AppStream'
-    description: 'AlmaLinux 8.9 - AppStream'
-    osname: 'almalinux'
-    release: '8.9'
-    mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/appstream
-    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
-  almalinux_8_9_highavailability:
-    repository: 'HighAvailability'
-    description: 'AlmaLinux 8.9 - HighAvailability'
-    osname: 'almalinux'
-    release: '8.9'
-    mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/ha
-    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
-  almalinux_8_9_powertools:
-    repository: 'PowerTools'
-    description: 'AlmaLinux 8.9 - PowerTools'
-    osname: 'almalinux'
-    release: '8.9'
-    mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/powertools
-    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
-  almalinux_8_9_extras:
-    repository: 'extras'
-    description: 'AlmaLinux 8.9 - extras'
-    osname: 'almalinux'
-    release: '8.9'
-    mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/extras
-    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
-  centos_8_advanced_virtualization:
-    repository: 'virt-advanced-virtualization'
-    description: 'CentOS Advanced Virtualization'
-    osname: 'centos'
-    release: '8' # Assumed static value for demonstration
-    mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=virt-advanced-virtualization' # Assuming 'stream' and 'x86_64'
-    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
-  centos_8_ceph_pacific:
-    repository: 'storage-ceph-pacific'
-    description: 'CentOS Ceph Pacific'
-    osname: 'centos'
-    release: '8' # Assumed static value for demonstration
-    mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=storage-ceph-pacific' # Assuming '8' and 'x86_64'
-    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
-  centos_8_rabbitmq_38:
-    repository: 'messaging-rabbitmq-38'
-    description: 'CentOS RabbitMQ 38'
-    osname: 'centos'
-    release: '8-stream' # Specified based on the repository name
-    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=messaging-rabbitmq-38' # Assuming '8' and 'x86_64'
-    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
-  centos_8_nfv_openvswitch:
-    repository: 'nfv-openvswitch-2'
-    description: 'CentOS NFV OpenvSwitch'
-    osname: 'centos'
-    release: '8-stream' # Assumed static value for demonstration
-    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=nfv-openvswitch-2' # Assuming 'stream' and 'x86_64'
-    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
-  centos_8_openstack_xena:
-    repository: 'cloud-openstack-xena'
-    description: 'CentOS OpenStack Xena'
-    osname: 'centos'
-    release: '8-stream' # Directly taken from the provided mirrorlist
-    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=cloud-openstack-xena' # Assuming 'x86_64'
-    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
-  centos_8_opstools:
-    repository: 'opstools-collectd-5'
-    description: 'CentOS OpsTools - collectd'
-    osname: 'centos'
-    release: '8-stream' # Assumed static value for demonstration
-    mirrorlist: 'http://mirrorlist.centos.org/?arch=x86_64&release=8-stream&repo=opstools-collectd-5' # Assuming 'stream' and 'x86_64'
-    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
-  centos_8_ovirt45:
-    repository: 'virt-ovirt-45'
-    description: 'CentOS oVirt 4.5'
-    osname: 'centos'
-    release: '8-stream' # Assumed static value for demonstration
-    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=virt-ovirt-45' # Assuming 'stream' and 'x86_64'
-    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
-  centos_8_stream_gluster10:
-    repository: 'storage-gluster-10'
-    description: 'CentOS oVirt 4.5 - Glusterfs 10'
-    osname: 'centos'
-    release: '8-stream' # Assumed static value for demonstration
-    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=storage-gluster-10' # Assuming 'stream' and 'x86_64'
-    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
-  epel_8_everything:
-    repository: 'Everything'
-    description: 'EPEL 8 Everything'
-    osname: 'epel'
-    release: '8'
-    mirrorlist: 'https://mirrors.fedoraproject.org/mirrorlist?repo=epel-8&arch=x86_64'
-    gpgkey: 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8'
   mariadb_11_2_el8:
     repository: 'el8'
     description: 'MariaDB 11.2'
@@ -120,6 +52,13 @@ profiles::reposync::repos_list:
     release: 'el'
     baseurl: 'https://yum.puppet.com/puppet7/el/8/x86_64/'
     gpgkey: 'https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406'
+  puppet8_el8:
+    repository: '8'
+    description: 'Puppet 8 EL8'
+    osname: 'puppet8'
+    release: 'el'
+    baseurl: 'https://yum.puppet.com/puppet8/el/8/x86_64/'
+    gpgkey: 'https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406'
   postgresql_rhel8_common:
     repository: 'common'
     description: 'PostgreSQL Common RHEL 8'
-- 
2.47.3