summaryrefslogtreecommitdiffstats
path: root/mcp/patches
diff options
context:
space:
mode:
Diffstat (limited to 'mcp/patches')
-rw-r--r--mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch110
-rw-r--r--mcp/patches/patches.list1
-rw-r--r--mcp/patches/pharos/0001-Update-MaaS-PXE-config.patch47
-rw-r--r--mcp/patches/pharos/0002-Add-proxy-node-management-network-VIP.patch29
4 files changed, 111 insertions, 76 deletions
diff --git a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
new file mode 100644
index 000000000..1ff519e84
--- /dev/null
+++ b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
@@ -0,0 +1,110 @@
+From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
+Date: Mon, 22 Jan 2018 00:28:09 +0100
+Subject: [PATCH] system.repo: Debian: Add keyserver proxy support
+
+Introduce a new, optional set of parameters to configure the proxy
+used for key fetching / keyserver access under:
+linux:system:proxy:keyserver:http(s).
+
+Previously, when fetching GPG keys for APT keyring, either using
+public key download & import (as for default repos) or via keyserver,
+we relied on simple `curl` calls or passed it down to Salt aptpkg
+module.
+To be able to retrieve APT keys behind a proxy, one used to have to
+configure the proxy for the Salt minion, which does not yet have
+`no_proxy` support (either *all* or *no* traffic hits the proxy).
+
+When the new http(s) proxy param is set:
+- no longer pass key configuration to Salt aptpkg (until it properly
+ supports `no_proxy`);
+- handle all keys explicitly with `curl` and `apt-key`;
+- set 'http(s)_proxy' env vars for `cmd.run`/`cmd.wait` calls;
+
+If linux:system:proxy:keyserver is not defined, the behavior is
+unchanged for backwards compatibility.
+
+Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
+---
+ README.rst | 16 ++++++++++++++++
+ linux/system/repo.sls | 40 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 56 insertions(+)
+
+diff --git a/linux/system/repo.sls b/linux/system/repo.sls
+index 5d4d059..724db5a 100644
+--- a/linux/system/repo.sls
++++ b/linux/system/repo.sls
+@@ -96,13 +96,50 @@ linux_repo_{{ name }}_key:
+ - name: "curl -s {{ repo.key_url }} | apt-key add -"
+ - watch:
+ - file: default_repo_list
++{%- if system.proxy.keyserver is defined %}
++ - env:
++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }}
++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }}
++{%- endif %}
+
+ {%- endif %}
+
++{#- repo.default is false #}
+ {%- else %}
+
+ {%- if repo.get('enabled', True) %}
+
++{%- if system.proxy.keyserver is defined %}
++
++{%- if repo.get('key') %}
++
++linux_repo_{{ name }}_key:
++ cmd.run:
++ - name: "echo '{{ repo.key }}' | apt-key add -"
++
++{%- elif repo.key_url|default(False) %}
++
++linux_repo_{{ name }}_key:
++ cmd.run:
++ - name: "curl -s {{ repo.key_url }} | apt-key add -"
++ - env:
++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }}
++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }}
++
++{%- elif repo.key_id is defined and repo.key_server is defined %}
++
++linux_repo_{{ name }}_key:
++ cmd.run:
++ - name: "apt-key adv --keyserver {{ repo.key_server }} --recv {{ repo.key_id }}"
++ - env:
++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }}
++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }}
++
++{%- endif %}
++
++{#- system.proxy.keyserver #}
++{%- endif %}
++
+ linux_repo_{{ name }}:
+ pkgrepo.managed:
+ {%- if repo.ppa is defined %}
+@@ -115,6 +152,7 @@ linux_repo_{{ name }}:
+ {%- endif %}
+ - file: /etc/apt/sources.list.d/{{ name }}.list
+ - clean_file: {{ repo.clean|default(True) }}
++ {%- if system.proxy.keyserver is not defined %}
+ {%- if repo.key_id is defined %}
+ - keyid: {{ repo.key_id }}
+ {%- endif %}
+@@ -124,6 +162,7 @@ linux_repo_{{ name }}:
+ {%- if repo.key_url is defined %}
+ - key_url: {{ repo.key_url }}
+ {%- endif %}
++ {%- endif %}
+ - consolidate: {{ repo.get('consolidate', False) }}
+ - clean_file: {{ repo.get('clean_file', False) }}
+ - refresh_db: {{ repo.get('refresh_db', True) }}
+@@ -140,6 +179,7 @@ linux_repo_{{ name }}:
+ {%- endif %}
+ {%- endif %}
+
++{#- repo.enabled is false #}
+ {%- else %}
+
+ linux_repo_{{ name }}_absent:
diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list
index 284f1bcec..1b3bfeab0 100644
--- a/mcp/patches/patches.list
+++ b/mcp/patches/patches.list
@@ -15,4 +15,5 @@
/usr/share/salt-formulas/env: 0008-Handle-file_recv-option.patch
/usr/share/salt-formulas/env: 0009-controller-Use-keystoneclient-to-check-project-ID.patch
/usr/share/salt-formulas/env: 0010-maas-region-allow-timeout-override.patch
+/usr/share/salt-formulas/env: 0011-system.repo-Debian-Add-keyserver-proxy-support.patch
/usr/share/salt-formulas/env: 0012-linux.storage.lvm-Disable-filter.patch
diff --git a/mcp/patches/pharos/0001-Update-MaaS-PXE-config.patch b/mcp/patches/pharos/0001-Update-MaaS-PXE-config.patch
deleted file mode 100644
index 27467dd61..000000000
--- a/mcp/patches/pharos/0001-Update-MaaS-PXE-config.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-: Copyright (c) 2017 Mirantis Inc., Enea AB and others.
-:
-: All rights reserved. This program and the accompanying materials
-: are made available under the terms of the Apache License, Version 2.0
-: which accompanies this distribution, and is available at
-: http://www.apache.org/licenses/LICENSE-2.0
-::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
-Date: Sat, 16 Dec 2017 21:14:35 +0100
-Subject: [PATCH] Update MaaS PXE config
-
-- reduce DHCP range to silence a dummy MaaS warning about address exhaustion;
-- define PXE/admin address for Salt Master node;
-- drop obsolete opnfv_infra_maas_pxe_address;
-
-JIRA: FUEL-316
-
-Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
----
- config/installers/fuel/pod_config.yml.j2 | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/config/installers/fuel/pod_config.yml.j2 b/config/installers/fuel/pod_config.yml.j2
-index 28c6188..f380535 100644
---- a/config/installers/fuel/pod_config.yml.j2
-+++ b/config/installers/fuel/pod_config.yml.j2
-@@ -40,6 +40,7 @@ parameters:
- {%- endif %}
-
- opnfv_infra_config_address: {{ net_mgmt | ipaddr_index('100') }}
-+ opnfv_infra_config_pxe_address: {{ net_admin | ipaddr_index('2') }}
- opnfv_infra_maas_node01_address: {{ net_mgmt | ipaddr_index('3') }}
- opnfv_infra_maas_node01_deploy_address: {{ net_admin | ipaddr_index('3') }}
- opnfv_infra_kvm_address: {{ net_mgmt | ipaddr_index('140') }}
-@@ -48,9 +49,8 @@ parameters:
- opnfv_infra_kvm_node03_address: {{ net_mgmt | ipaddr_index('143') }}
-
- opnfv_infra_maas_pxe_network_address: {{ net_admin }}
-- opnfv_infra_maas_pxe_address: {{ net_admin | ipaddr_index('3') }}
-- opnfv_infra_maas_pxe_start_address: {{ net_admin | ipaddr_index('5') }}
-- opnfv_infra_maas_pxe_end_address: {{ net_admin | ipaddr_index('250') }}
-+ opnfv_infra_maas_pxe_start_address: {{ net_admin | ipaddr_index('4') }}
-+ opnfv_infra_maas_pxe_end_address: {{ net_admin | ipaddr_index('100') }}
-
- opnfv_openstack_gateway_node01_address: {{ net_mgmt | ipaddr_index('124') }}
- opnfv_openstack_gateway_node02_address: {{ net_mgmt | ipaddr_index('125') }}
diff --git a/mcp/patches/pharos/0002-Add-proxy-node-management-network-VIP.patch b/mcp/patches/pharos/0002-Add-proxy-node-management-network-VIP.patch
deleted file mode 100644
index 346d7505c..000000000
--- a/mcp/patches/pharos/0002-Add-proxy-node-management-network-VIP.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-: Copyright (c) 2017 Mirantis Inc., Enea AB and others.
-:
-: All rights reserved. This program and the accompanying materials
-: are made available under the terms of the Apache License, Version 2.0
-: which accompanies this distribution, and is available at
-: http://www.apache.org/licenses/LICENSE-2.0
-::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
-Date: Mon, 1 Jan 2018 17:06:59 +0100
-Subject: [PATCH] Add proxy node management network VIP
-
-Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
----
- config/installers/fuel/pod_config.yml.j2 | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/config/installers/fuel/pod_config.yml.j2 b/config/installers/fuel/pod_config.yml.j2
-index f380535..2d0cdee 100644
---- a/config/installers/fuel/pod_config.yml.j2
-+++ b/config/installers/fuel/pod_config.yml.j2
-@@ -61,6 +61,7 @@ parameters:
- opnfv_openstack_proxy_address: {{ net_public | ipaddr_index('103') }}
- opnfv_openstack_proxy_node01_address: {{ net_public | ipaddr_index('104') }}
- opnfv_openstack_proxy_node02_address: {{ net_public | ipaddr_index('105') }}
-+ opnfv_openstack_proxy_control_address: {{ net_mgmt | ipaddr_index('103') }}
- opnfv_openstack_proxy_node01_control_address: {{ net_mgmt | ipaddr_index('104') }}
- opnfv_openstack_proxy_node02_control_address: {{ net_mgmt | ipaddr_index('105') }}
- opnfv_openstack_control_address: {{ net_mgmt | ipaddr_index('10') }}