repo-apt-mirror.yml

---
# Copyright 2016, Logan Vig <logan2211@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Install apt keys to repo
  tags: repo-apt-keys
  hosts: repo_all[0]
  user: root
  pre_tasks:
    - name: Ensure apt-key destination directory exists
      file:
        path: "{{ key_dir }}"
        state: directory
    - name: Ensure gnupg package is installed
      apt:
        update_cache: yes
        cache_valid_time: 600
        name: "{{ item }}"
        state: present
      with_items:
        - gnupg
  tasks:
    - name: Install apt-keys to repo keyring
      shell: gpg
        --no-default-keyring
        --primary-keyring "{{ keyring_file | quote }}"
        --keyserver "{{ (item.keyserver | default(primary_keyserver)) | quote }}"
        --recv-keys "{{ item.hash_id }}"
      register: add_keys
      until: add_keys|success
      ignore_errors: True
      retries: 5
      delay: 2
      changed_when: "'imported' in add_keys.stderr"
      with_items: "{{ mirror_keys }}"
      tags:
        - apt-key-mirror
        - apt-key-mirror-import
    - name: Export apt-keys to repo
      shell: gpg
        --no-default-keyring
        --primary-keyring "{{ keyring_file | quote }}"
        --export --armor "{{ item.hash_id }}"
        > "{{ key_dir | quote }}/{{ item.key_name | quote }}.asc"
      with_items: "{{ mirror_keys }}"
      tags:
        - apt-key-mirror
        - apt-key-mirror-export
  vars:
    keyring_file: /tmp/repo.gpg
    key_dir: "{{ repo_service_home_folder }}/repo/apt-keys"
    primary_keyserver: "{{ keyserver_default_primary | default('hkp://keyserver.ubuntu.com:80') }}"
    fallback_keyserver: "{{ keyserver_default_fallback | default('hkp://p80.pool.sks-keyservers.net:80') }}"
    mirror_keys:
      - key_name: ceph
        hash_id: '0xe84ac2c0460f3994'
      - key_name: haproxy
        hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd'
      - key_name: mariadb-trusty
        hash_id: '0xcbcb082a1bb943db'
      - key_name: mariadb-xenial
        hash_id: '0xF1656F24C74CD1D8'
      - key_name: percona-xtrabackup
        hash_id: '0x9334a25f8507efa5'
      - key_name: projectcalico
        hash_id: '0x67d7e35b3d40a6a7'
      - key_name: bird
        hash_id: '0xf2331238f9c59a45'
      - key_name: elasticsearch
        hash_id: '0x46095acc8548582c1a2699a9d27d666cd88e42B4'
      - key_name: zabbix
        hash_id: '082AB56BA14FE591'
      - key_name: influxdb
        hash_id: '2582E0C5'
      - key_name: keepalived
        hash_id: '7C33BDC6'

repo-misc-mirror.yml

---
# Copyright 2016, Logan Vig <logan2211@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Mirror upstream items to repo
  hosts: repo_all[0]
  user: root
  tasks:
    - name: Ensure repo LXC cache directory exists
      file:
        path: "{{ repo_service_home_folder }}/repo/mirror"
        state: directory
        owner: "{{ repo_service_user_name }}"
        mode: "0755"
      tags:
        - repo-mirror
    - name: Mirror misc .deb files to repo
      get_url:
        url: "{{ item.url }}"
        dest: "{{ repo_service_home_folder }}/repo/mirror"
        mode: "0644"
        sha256sum: "{{ item.sha256 }}"
      with_items: "{{ repo_files_mirror }}"
      register: package_download
      retries: 3
      delay: 10
      until: package_download|success
      tags:
        - repo-mirror-rabbitmq-package-deb
    - name: Mirror ceph-dash git repo
      git:
        repo: "{{ ceph_dash_repo }}"
        dest: "{{ repo_service_home_folder }}/repo/openstackgit/ceph-dash"
        clone: yes
        update: yes
        version: "{{ ceph_dash_version }}"
      tags:
        - repo-mirror-ceph-dash
  vars:
    ceph_dash_repo: https://github.com/Crapworks/ceph-dash
    ceph_dash_version: master

user_variables_repomirror.yml

---
# Copyright 2016, Logan Vig <logan2211@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#configure local file mirrors on repo
rabbitmq_upstream_url: http://www.rabbitmq.com/releases/rabbitmq-server/v3.6.9/rabbitmq-server_3.6.9-1_all.deb
xtrabackup_upstream_url: https://www.percona.com/downloads/XtraBackup/Percona-XtraBackup-2.4.5/binary/debian/xenial/x86_64/percona-xtrabackup-24_2.4.5-1.xenial_amd64.deb
repo_files_mirror:
  - name: rabbitmq
    url: "{{ rabbitmq_upstream_url }}"
    sha256: ff100febb8c409692e57f3dc98fd2fc667f83eeefa3958a6fda865ce40a40349
  - name: xtrabackup
    url: "{{ xtrabackup_upstream_url }}"
    sha256: 6a71704e625194689d2a6b325765608040ff5da82ac4bc8ce6ac3756f9a9130f

#set items to local repo as repo-misc-mirror.yml play caches them for us.
rabbitmq_package_url: "{{ openstack_repo_url }}/mirror/{{ rabbitmq_upstream_url | basename }}"
galera_package_url: "{{ openstack_repo_url }}/mirror/{{ xtrabackup_upstream_url | basename }}"

#fix keepalived url as the default is "ppa:keepalived/stable"
keepalived_repo_url: http://ppa.launchpad.net/keepalived/stable/ubuntu
keepalived_repo: "deb {{ keepalived_repo_url }} {{ ansible_distribution_release }} main"

# Ceph, galera, haproxy apt-keys
#TODO(logan): Remove this in Ocata
galera_key_hash: >-
  {%- if ansible_distribution_release == 'trusty' -%}0xcbcb082a1bb943db{%- endif -%}
  {%- if ansible_distribution_release == 'xenial' -%}0xF1656F24C74CD1D8{%- endif -%}

ceph_gpg_keys:
  - key_name: 'ceph'
    url: "{{ apt_keys_url }}/ceph.asc"
    hash_id: '0xe84ac2c0460f3994'
galera_gpg_keys:
  - key_name: 'mariadb'
    url: "{{ apt_keys_url }}/mariadb-{{ ansible_distribution_release }}.asc"
    hash_id: '{{ galera_key_hash }}'
  - key_name: 'percona-xtrabackup'
    url: "{{ apt_keys_url }}/percona-xtrabackup.asc"
    hash_id: '0x9334a25f8507efa5'
galera_client_gpg_keys: "{{ galera_gpg_keys }}"
haproxy_gpg_keys:
  - key_name: 'haproxy'
    url: "http://{{ hostvars[groups['pkg_repo'][0]]['ansible_host'] }}:{{ repo_server_port }}/apt-keys/haproxy.asc"
    hash_id: '0xcffb779aadc995e4f350a060505d97a41c61b9cd'
zabbix_gpg_keys:
  - key_name: 'zabbix'
    url: "{{ apt_keys_url }}/zabbix.asc"
    hash_id: 082AB56BA14FE591
influxdb_apt_key_url: "{{ apt_keys_url }}/influxdb.asc"
keepalived_keyserver: "http://{{ hostvars[groups['pkg_repo'][0]]['ansible_host'] }}:{{ repo_server_port }}/apt-keys/keepalived.asc"