Further split Debian and Ubuntu reprepro configs

Sharing an updates file between the Debian and Ubuntu reprepro runs causes some warnings, and is generally just unclean. They use different release naming and repositories, so should just have separate updates files to track them (they're already separate on the server, they were just being copied from the same source file in the module). While here, remove the label and suite parameters from the Debian reprepro distribution templates, as they're unnecessary and potentially confusing (job nodes should never be relying on the suite names as they change at the next release). Also allow signatures from subkeys of the listed keys to be sufficient to verify the debian-security mirror's release files, like we do for the debian mirror. Change-Id: Id0ff476864f936bbd7c4637f3dc9e2c219c6e465
2019-10-15 18:40:34 +00:00 · 2019-10-15 18:40:34 +00:00 · 4f0342be70
commit 4f0342be70
parent f05dd90ddb
5 changed files with 12 additions and 19 deletions
--- a/modules/openstack_project/files/reprepro/debian-security-updates
+++ b/modules/openstack_project/files/reprepro/debian-security-updates
@ -3,4 +3,4 @@ Method: http://security.debian.org/
 Suite: */updates
 Architectures: amd64 arm64
 GetInRelease: no
-VerifyRelease: EDA0D2388AE22BA9|4DFAB270CAA96DFA
+VerifyRelease: EDA0D2388AE22BA9+|4DFAB270CAA96DFA+
--- a/modules/openstack_project/files/reprepro/debian-updates
+++ b/modules/openstack_project/files/reprepro/debian-updates
@ -0,0 +1,7 @@
+Name: debian
+Method: http://ftp.us.debian.org/debian/
+Components: main
+UDebComponents: main
+Architectures: amd64 arm64 source
+GetInRelease: no
+VerifyRelease: 7638D0442B90D010+|E0B11894F66AEC98+|DC30D7C23CBBABEE+
--- a/modules/openstack_project/files/reprepro/debuntu-updates
+++ b/modules/openstack_project/files/reprepro/debuntu-updates
@ -29,11 +29,3 @@ UDebComponents: main
 Architectures: arm64 source
 GetInRelease: no
 VerifyRelease: 437D05B5|C0B21F32
-
-Name: debian
-Method: http://ftp.us.debian.org/debian/
-Components: main
-UDebComponents: main
-Architectures: amd64 arm64 source
-GetInRelease: no
-VerifyRelease: 7638D0442B90D010+|E0B11894F66AEC98+|DC30D7C23CBBABEE+
--- a/modules/openstack_project/manifests/mirror_update.pp
+++ b/modules/openstack_project/manifests/mirror_update.pp
@ -62,7 +62,7 @@ class openstack_project::mirror_update (
    confdir            => '/etc/reprepro/debian',
    basedir            => '/afs/.openstack.org/mirror/debian',
    distributions      => 'openstack_project/reprepro/distributions.debian.erb',
-    updates_file       => 'puppet:///modules/openstack_project/reprepro/debuntu-updates',
+    updates_file       => 'puppet:///modules/openstack_project/reprepro/debian-updates',
    releases           => ['stretch', 'buster'],
    skip_backports_for => [''],
  }
@ -111,7 +111,7 @@ class openstack_project::mirror_update (


  # Note debian-security needs it's own mirroring process, as we found
-  # that including it in the main "debuntu-updates" config lead to
+  # that including it in the main "debian-updates" config lead to
  # weird conflicts of package names breaking the mirror.
  ::openstack_project::reprepro { 'debian-security-reprepro-mirror':
    confdir       => '/etc/reprepro/debian-security',
@ -155,7 +155,7 @@ class openstack_project::mirror_update (
    confdir       => '/etc/reprepro/ubuntu',
    basedir       => '/afs/.openstack.org/mirror/ubuntu',
    distributions => 'openstack_project/reprepro/distributions.ubuntu.erb',
-    updates_file  => 'puppet:///modules/openstack_project/reprepro/debuntu-updates',
+    updates_file  => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates',
    releases      => ['bionic', 'trusty', 'xenial'],
  }

@ -177,7 +177,7 @@ class openstack_project::mirror_update (
    confdir       => '/etc/reprepro/ubuntu-ports',
    basedir       => '/afs/.openstack.org/mirror/ubuntu-ports',
    distributions => 'openstack_project/reprepro/distributions.ubuntu-ports.erb',
-    updates_file  => 'puppet:///modules/openstack_project/reprepro/debuntu-updates',
+    updates_file  => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates',
    releases      => ['bionic', 'xenial'],
  }

--- a/modules/openstack_project/templates/reprepro/distributions.debian.erb
+++ b/modules/openstack_project/templates/reprepro/distributions.debian.erb
@ -1,7 +1,5 @@
 <% @releases.each do |release| -%>
 Origin: Debian
-Label: Debian
-Suite: stable
 Codename: <%= release %>
 Description: OpenStack Debian <%= release.capitalize %> mirror
 Architectures: amd64 arm64 source
@ -12,8 +10,6 @@ Update: debian
 Log: <%= @logdir %>/debian-<%= release %>.log

 Origin: Debian
-Label: Debian
-Suite: stable-updates
 Codename: <%= release %>-updates
 Description: OpenStack Debian <%= release.capitalize %> Updates mirror
 Architectures: amd64 arm64 source
@ -25,8 +21,6 @@ Log: <%= @logdir %>/debian-<%= release %>-updates.log

 <% if not @skip_backports_for.include?(release) %>
 Origin: Debian Backports
-Label: Debian Backports
-Suite: <%= release %>-backports
 Codename: <%= release %>-backports
 NotAutomatic: yes
 ButAutomaticUpgrades: yes