opendev/system-config
Code Issues Proposed changes
52945f81ce
system-config/modules/openstack_project/manifests/mirror_update.pp
Monty Taylor 1c2aa68647 Start mirroring focal, stop mirroring trusty 
Focal is released next week and the rc has been cut. The repos
are out there, start mirroring them so that we can start building
images.

While we're at it - we don't do trusty anymore, so stop mirroring
it.

Change-Id: Ibfe4984b24374862b0bd03cf47c47b0d83e6cacb
2020-04-17 13:40:44 -05:00

470 lines
19 KiB
Puppet
Raw Blame History

# == Class: openstack_project::mirror_update
#
class openstack_project::mirror_update (
$reprepro_keytab = '',
$admin_keytab = '',
$gem_keytab = '',
$centos_keytab = '',
$epel_keytab = '',
$yum_puppetlabs_keytab = '',
$fedora_keytab = '',
$opensuse_keytab = '',
) {
include ::gnupg
include ::openstack_project::reprepro_mirror
class { 'openstack_project::server':
afs => true,
}
class { 'openstack_project::gem_mirror': }
file { '/etc/gem.keytab':
owner => 'rubygems',
group => 'root',
mode => '0400',
content => $gem_keytab,
require => Class['openstack_project::gem_mirror'],
}
file { '/etc/afsadmin.keytab':
owner => 'root',
group => 'root',
mode => '0400',
content => $admin_keytab,
}
file { '/usr/local/bin/gem-mirror-update':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/openstack_project/gem-mirror-update.sh',
}
file { '/etc/reprepro.keytab':
owner => 'root',
group => 'root',
mode => '0400',
content => $reprepro_keytab,
}
file { '/usr/local/bin/reprepro-mirror-update':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/openstack_project/reprepro/reprepro-mirror-update.sh',
}
### Debian mirror ###
::openstack_project::reprepro { 'debian-reprepro-mirror':
confdir => '/etc/reprepro/debian',
basedir => '/afs/.openstack.org/mirror/debian',
distributions => 'openstack_project/reprepro/distributions.debian.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-updates',
releases => ['stretch', 'buster'],
skip_backports_for => [''],
}
cron { 'reprepro debian':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'reprepro-debian'),
command => 'flock -n /var/run/reprepro/debian.lock reprepro-mirror-update /etc/reprepro/debian mirror.debian >>/var/log/reprepro/debian-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['debian-reprepro-mirror'],
]
}
# This key is included as a workaround, as GnuPG (at least the version on
# Xenial) and so by extension reprepro is unable to parse multi-signature
# Release files so only sees the first one it encounters, which in the case
# of the Stretch archive is the Jessie archive signing key.
gnupg_key { 'Debian 8/jessie Archive':
ensure => present,
key_id => '7638D0442B90D010',
user => 'root',
key_source => 'puppet:///modules/openstack_project/reprepro/debian-jessie-mirror-gpg-key.asc',
key_type => 'public',
}
gnupg_key { 'Debian 9/stretch Archive':
ensure => present,
key_id => 'E0B11894F66AEC98',
user => 'root',
key_source => 'puppet:///modules/openstack_project/reprepro/debian-stretch-mirror-gpg-key.asc',
key_type => 'public',
}
gnupg_key { 'Debian 10/buster Archive':
ensure => present,
key_id => 'DC30D7C23CBBABEE',
user => 'root',
key_source => 'puppet:///modules/openstack_project/reprepro/debian-buster-mirror-gpg-key.asc',
key_type => 'public',
}
# Note debian-security needs it's own mirroring process, as we found
# that including it in the main "debian-updates" config lead to
# weird conflicts of package names breaking the mirror.
::openstack_project::reprepro { 'debian-security-reprepro-mirror':
confdir => '/etc/reprepro/debian-security',
basedir => '/afs/.openstack.org/mirror/debian-security',
distributions => 'openstack_project/reprepro/distributions.debian-security.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-security-updates',
releases => ['stretch', 'buster'],
}
cron { 'reprepro debian security':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'reprepro-debian-security'),
command => 'flock -n /var/run/reprepro/debian-security.lock reprepro-mirror-update /etc/reprepro/debian-security mirror.debian-security >>/var/log/reprepro/debian-security-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['debian-security-reprepro-mirror'],
]
}
gnupg_key { 'Debian 9/stretch Security':
ensure => present,
key_id => 'EDA0D2388AE22BA9',
user => 'root',
key_source => 'puppet:///modules/openstack_project/reprepro/debian-stretch-security-mirror-gpg-key.asc',
key_type => 'public',
}
gnupg_key { 'Debian 10/buster Security':
ensure => present,
key_id => '4DFAB270CAA96DFA',
user => 'root',
key_source => 'puppet:///modules/openstack_project/reprepro/debian-buster-security-mirror-gpg-key.asc',
key_type => 'public',
}
::openstack_project::reprepro { 'ubuntu-reprepro-mirror':
confdir => '/etc/reprepro/ubuntu',
basedir => '/afs/.openstack.org/mirror/ubuntu',
distributions => 'openstack_project/reprepro/distributions.ubuntu.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates',
releases => ['bionic', 'focal', 'xenial'],
}
cron { 'reprepro ubuntu':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'reprepro-ubuntu'),
command => 'flock -n /var/run/reprepro/ubuntu.lock reprepro-mirror-update /etc/reprepro/ubuntu mirror.ubuntu >>/var/log/reprepro/ubuntu-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['ubuntu-reprepro-mirror'],
]
}
::openstack_project::reprepro { 'ubuntu-ports-reprepro-mirror':
confdir => '/etc/reprepro/ubuntu-ports',
basedir => '/afs/.openstack.org/mirror/ubuntu-ports',
distributions => 'openstack_project/reprepro/distributions.ubuntu-ports.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-updates',
releases => ['bionic', 'focal', 'xenial'],
}
cron { 'reprepro ubuntu-ports':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'reprepro-ubuntu-ports'),
command => 'flock -n /var/run/reprepro/ubuntu-ports.lock reprepro-mirror-update /etc/reprepro/ubuntu-ports mirror.ubuntu-ports >>/var/log/reprepro/ubuntu-ports-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['ubuntu-ports-reprepro-mirror'],
]
}
gnupg_key { 'Ubuntu Archive':
ensure => present,
key_id => '40976EAF437D05B5',
user => 'root',
key_server => 'hkp://keyserver.ubuntu.com',
key_type => 'public',
}
gnupg_key { 'Ubuntu Archive (2012)':
ensure => present,
key_id => '3B4FE6ACC0B21F32',
user => 'root',
key_server => 'hkp://keyserver.ubuntu.com',
key_type => 'public',
}
::openstack_project::reprepro { 'debian-ceph-hammer-reprepro-mirror':
confdir => '/etc/reprepro/debian-ceph-hammer',
basedir => '/afs/.openstack.org/mirror/ceph-deb-hammer',
distributions => 'openstack_project/reprepro/distributions.debian-ceph-hammer.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-hammer-updates',
releases => ['xenial'],
}
cron { 'reprepro debian ceph hammer':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'debian-ceph-hammer'),
command => 'flock -n /var/run/reprepro/debian-ceph-hammer.lock reprepro-mirror-update /etc/reprepro/debian-ceph-hammer mirror.deb-hammer >>/var/log/reprepro/debian-ceph-hammer-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['debian-ceph-hammer-reprepro-mirror'],
]
}
::openstack_project::reprepro { 'debian-ceph-jewel-reprepro-mirror':
confdir => '/etc/reprepro/debian-ceph-jewel',
basedir => '/afs/.openstack.org/mirror/ceph-deb-jewel',
distributions => 'openstack_project/reprepro/distributions.debian-ceph-jewel.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-jewel-updates',
releases => ['xenial'],
}
cron { 'reprepro debian ceph jewel':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'debian-ceph-jewel'),
command => 'flock -n /var/run/reprepro/debian-ceph-jewel.lock reprepro-mirror-update /etc/reprepro/debian-ceph-jewel mirror.deb-jewel >>/var/log/reprepro/debian-ceph-jewel-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['debian-ceph-jewel-reprepro-mirror'],
]
}
::openstack_project::reprepro { 'debian-ceph-luminous-reprepro-mirror':
confdir => '/etc/reprepro/debian-ceph-luminous',
basedir => '/afs/.openstack.org/mirror/ceph-deb-luminous',
distributions => 'openstack_project/reprepro/distributions.debian-ceph-luminous.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-luminous-updates',
releases => ['stretch', 'xenial'],
}
cron { 'reprepro debian ceph luminous':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'debian-ceph-luminous'),
command => 'flock -n /var/run/reprepro/debian-ceph-luminous.lock reprepro-mirror-update /etc/reprepro/debian-ceph-luminous mirror.deb-luminous >>/var/log/reprepro/debian-ceph-luminous-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['debian-ceph-luminous-reprepro-mirror'],
]
}
::openstack_project::reprepro { 'debian-ceph-mimic-reprepro-mirror':
confdir => '/etc/reprepro/debian-ceph-mimic',
basedir => '/afs/.openstack.org/mirror/ceph-deb-mimic',
distributions => 'openstack_project/reprepro/distributions.debian-ceph-mimic.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-mimic-updates',
releases => ['stretch', 'xenial', 'bionic'],
}
cron { 'reprepro debian ceph mimic':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'debian-ceph-mimic'),
command => 'flock -n /var/run/reprepro/debian-ceph-mimic.lock reprepro-mirror-update /etc/reprepro/debian-ceph-mimic mirror.deb-mimic >>/var/log/reprepro/debian-ceph-mimic-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['debian-ceph-mimic-reprepro-mirror'],
]
}
::openstack_project::reprepro { 'debian-ceph-nautilus-reprepro-mirror':
confdir => '/etc/reprepro/debian-ceph-nautilus',
basedir => '/afs/.openstack.org/mirror/ceph-deb-nautilus',
distributions => 'openstack_project/reprepro/distributions.debian-ceph-nautilus.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-ceph-nautilus-updates',
releases => ['stretch', 'bionic'],
}
cron { 'reprepro debian ceph nautilus':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'debian-ceph-nautilus'),
command => 'flock -n /var/run/reprepro/debian-ceph-nautilus.lock reprepro-mirror-update /etc/reprepro/debian-ceph-nautilus mirror.deb-nautilus >>/var/log/reprepro/debian-ceph-nautilus-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['debian-ceph-nautilus-reprepro-mirror'],
]
}
gnupg_key { 'Ceph Archive':
ensure => present,
# 08B7 3419 AC32 B4E9 66C1 A330 E84A C2C0 460F 3994
key_id => 'E84AC2C0460F3994',
user => 'root',
key_type => 'public',
key_source => 'puppet:///modules/openstack_project/reprepro/ceph-mirror-gpg-key.asc',
}
## Docker APT mirror
::openstack_project::reprepro { 'debian-docker-reprepro-mirror':
confdir => '/etc/reprepro/debian-docker',
basedir => '/afs/.openstack.org/mirror/deb-docker',
distributions => 'openstack_project/reprepro/distributions.debian-docker.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debian-docker-updates',
releases => ['bionic', 'xenial'],
}
cron { 'reprepro debian docker':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'debian-docker'),
command => 'flock -n /var/run/reprepro/debian-docker.lock reprepro-mirror-update /etc/reprepro/debian-docker mirror.deb-docker >>/var/log/reprepro/debian-docker-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['debian-docker-reprepro-mirror'],
]
}
gnupg_key { 'Docker Archive':
ensure => present,
# pub 4096R/0EBFCD88 2017-02-22 Docker Release (CE deb) <docker@docker.com>
# fingerprint: 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
# Note the key that signs the release file is actually the subkey F273FCD8
key_id => '0EBFCD88',
user => 'root',
key_type => 'public',
key_source => 'puppet:///modules/openstack_project/reprepro/docker-mirror-gpg-key.asc',
}
## Puppetlabs APT mirror
::openstack_project::reprepro { 'apt-puppetlabs-reprepro-mirror':
confdir => '/etc/reprepro/apt-puppetlabs',
basedir => '/afs/.openstack.org/mirror/apt-puppetlabs',
distributions => 'openstack_project/reprepro/distributions.apt-puppetlabs.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/puppetlabs-debs',
releases => { 'xenial' => 'puppet5', 'stretch' => 'puppet5 puppet6', 'bionic' => 'puppet5 puppet6' },
}
cron { 'reprepro ubuntu puppetlabs':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'ubuntu-puppetlabs'),
command => 'flock -n /var/run/reprepro/apt-puppetlabs.lock reprepro-mirror-update /etc/reprepro/apt-puppetlabs mirror.apt-puppetlabs >>/var/log/reprepro/apt-puppetlabs-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['apt-puppetlabs-reprepro-mirror'],
]
}
gnupg_key { 'Puppetlabs Archive':
ensure => present,
key_id => 'EF8D349F',
user => 'root',
key_type => 'public',
key_source => 'puppet:///modules/openstack_project/reprepro/puppetlabs-mirror-gpg-key.asc',
}
### CentOS mirror ###
file { '/etc/centos.keytab':
owner => 'root',
group => 'root',
mode => '0400',
content => $centos_keytab,
}
file { '/usr/local/bin/centos-mirror-update':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/openstack_project/mirror/centos-mirror-update.sh',
}
cron { 'centos mirror':
ensure => 'absent',
user => 'root',
minute => fqdn_rand(45, 'centos-mirror'),
hour => '*/2',
command => 'flock -n /var/run/centos-mirror.lock centos-mirror-update mirror.centos >>/var/log/centos-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/centos-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/centos.keytab'],
]
}
### Ubuntu Cloud Archive Mirror ###
::openstack_project::reprepro { 'ubuntu-cloud-archive-reprepro-mirror':
confdir => '/etc/reprepro/ubuntu-cloud-archive',
basedir => '/afs/.openstack.org/mirror/ubuntu-cloud-archive',
distributions => 'openstack_project/reprepro/distributions.ubuntu-cloud-archive.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/ubuntu-cloud-archive-updates',
releases => { 'xenial'=>['newton', 'ocata', 'pike', 'queens'], 'bionic'=>['rocky', 'stein', 'train', 'ussuri'] },
}
cron { 'reprepro ubuntu-cloud-archive':
user => 'root',
hour => '*/2',
minute => fqdn_rand(45, 'ubuntu-cloud-archive-mirror'),
command => 'flock -n /var/run/reprepro/ubuntu-cloud-archive.lock reprepro-mirror-update /etc/reprepro/ubuntu-cloud-archive mirror.ubuntu-cloud >>/var/log/reprepro/ubuntu-cloud-archive-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::Openstack_project::Reprepro['ubuntu-cloud-archive-reprepro-mirror'],
]
}
gnupg_key { 'Canonical Cloud Archive Signing Key':
ensure => present,
# 391A 9AA2 1471 9283 9E9D B031 5EDB 1B62 EC49 26EA
key_id => '5EDB1B62EC4926EA',
user => 'root',
key_type => 'public',
key_source => 'puppet:///modules/openstack_project/reprepro/ubuntu-cloud-archive-gpg-key.asc',
}
# AFS Monitoring
# NOTE(ianw) 2020-02 : moved to mirror-update.opendev.org and ansible
cron { 'afsmon':
minute => [0, 30],
command => '/usr/afsmon-env/bin/afsmon statsd >> /var/log/afsmon.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
ensure => absent,
}
}
View Git Blame Copy Permalink