diff options
Diffstat (limited to 'mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch')
-rw-r--r-- | mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch | 122 |
1 files changed, 0 insertions, 122 deletions
diff --git a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch deleted file mode 100644 index 48e945acd..000000000 --- a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch +++ /dev/null @@ -1,122 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2018 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> -Date: Mon, 22 Jan 2018 00:28:09 +0100 -Subject: [PATCH] system.repo: Debian: Add keyserver proxy support - -Introduce a new, optional set of parameters to configure the proxy -used for key fetching / keyserver access under: -linux:system:proxy:keyserver:http(s). - -Previously, when fetching GPG keys for APT keyring, either using -public key download & import (as for default repos) or via keyserver, -we relied on simple `curl` calls or passed it down to Salt aptpkg -module. -To be able to retrieve APT keys behind a proxy, one used to have to -configure the proxy for the Salt minion, which does not yet have -`no_proxy` support (either *all* or *no* traffic hits the proxy). - -When the new http(s) proxy param is set: -- no longer pass key configuration to Salt aptpkg (until it properly - supports `no_proxy`); -- handle all keys explicitly with `curl` and `apt-key`; -- set 'http(s)_proxy' env vars for `cmd.run`/`cmd.wait` calls; - -If linux:system:proxy:keyserver is not defined, the behavior is -unchanged for backwards compatibility. - -To allow runtime decisions whether the keyserver proxy should be used -add an additional condition for it to match the first nameserver. -This allows us to mix virtual nodes with MaaS-provisioned nodes in -Fuel@OPNFV, while keeping the ext_pillar common. - -Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> ---- - README.rst | 16 ++++++++++++++++ - linux/system/repo.sls | 40 ++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 56 insertions(+) - -diff --git a/linux/system/repo.sls b/linux/system/repo.sls ---- a/linux/system/repo.sls -+++ b/linux/system/repo.sls -@@ -96,13 +96,50 @@ linux_repo_{{ name }}_key: - - name: "curl -s {{ repo.key_url }} | apt-key add -" - - watch: - - file: default_repo_list -+{%- if system.proxy.keyserver is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.http %} -+ - env: -+ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} -+ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} -+{%- endif %} - - {%- endif %} - -+{#- repo.default is false #} - {%- else %} - - {%- if repo.get('enabled', True) %} - -+{%- if system.proxy.keyserver is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.http %} -+ -+{%- if repo.get('key') %} -+ -+linux_repo_{{ name }}_key: -+ cmd.run: -+ - name: "echo '{{ repo.key }}' | apt-key add -" -+ -+{%- elif repo.key_url|default(False) %} -+ -+linux_repo_{{ name }}_key: -+ cmd.run: -+ - name: "curl -s {{ repo.key_url }} | apt-key add -" -+ - env: -+ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} -+ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} -+ -+{%- elif repo.key_id is defined and repo.key_server is defined %} -+ -+linux_repo_{{ name }}_key: -+ cmd.run: -+ - name: "apt-key adv --keyserver {{ repo.key_server }} --recv {{ repo.key_id }}" -+ - env: -+ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} -+ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} -+ -+{%- endif %} -+ -+{#- system.proxy.keyserver #} -+{%- endif %} -+ - linux_repo_{{ name }}: - pkgrepo.managed: - {%- if repo.ppa is defined %} -@@ -115,6 +152,7 @@ linux_repo_{{ name }}: - {%- endif %} - - file: /etc/apt/sources.list.d/{{ name }}.list - - clean_file: {{ repo.clean|default(True) }} -+ {%- if system.proxy.keyserver is not defined or grains['dns']['nameservers'][0] not in system.proxy.keyserver.http %} - {%- if repo.key_id is defined %} - - keyid: {{ repo.key_id }} - {%- endif %} -@@ -124,6 +162,7 @@ linux_repo_{{ name }}: - {%- if repo.key_url is defined %} - - key_url: {{ repo.key_url }} - {%- endif %} -+ {%- endif %} - - consolidate: {{ repo.get('consolidate', False) }} - - clean_file: {{ repo.get('clean_file', False) }} - - refresh_db: {{ repo.get('refresh_db', True) }} -@@ -140,6 +179,7 @@ linux_repo_{{ name }}: - {%- endif %} - {%- endif %} - -+{#- repo.enabled is false #} - {%- else %} - - linux_repo_{{ name }}_absent: |