Created
November 5, 2014 22:00
-
-
Save iggy/09a2d843ff2e02619ba9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/aptly/aptly_config.sls b/aptly/aptly_config.sls | |
index 28b053c..b8bc69c 100644 | |
--- a/aptly/aptly_config.sls | |
+++ b/aptly/aptly_config.sls | |
@@ -33,7 +33,7 @@ aptly_conf: | |
- require: | |
- file: aptly_homedir | |
-{% if {{ salt['pillar.get']('aptly:secure') %} | |
+{% if salt['pillar.get']('aptly:secure') %} | |
aptly_gpg_key_dir: | |
file: | |
- directory | |
@@ -44,11 +44,16 @@ aptly_gpg_key_dir: | |
- require: | |
- file: aptly_homedir | |
+{% set gpgprivfile = '{}/.gnupg/secret.gpg'.format(salt['pillar.get']('aptly:homedir', '/var/lib/aptly')) %} | |
+# goes in a different path so it's fetchable by the pkgrepo module | |
+{% set gpgpubfile = '{}/public.gpg'.format(salt['pillar.get']('aptly:rootdir', '/var/lib/aptly/.aptly')) %} | |
+{% set gpgid = salt['pillar.get']('aptly:gpg_keypair_id', '') %} | |
+ | |
gpg_priv_key: | |
file: | |
- managed | |
- - name: {{ salt['pillar.get']('aptly:homedir', '/var/lib/aptly') }}/.gnupg/secret.gpg | |
- - source: salt://aptly/files/secret.gpg | |
+ - name: {{ gpgprivfile }} | |
+ - contents_pillar: aptly:gpg_priv_key | |
- user: aptly | |
- group: aptly | |
- mode: 700 | |
@@ -58,8 +63,8 @@ gpg_priv_key: | |
gpg_pub_key: | |
file: | |
- managed | |
- - name: {{ salt['pillar.get']('aptly:homedir', '/var/lib/aptly') }}/.aptly/public.gpg | |
- - source: salt://aptly/files/public.gpg | |
+ - name: {{ gpgpubfile }} | |
+ - contents_pillar: aptly:gpg_pub_key | |
- user: aptly | |
- group: aptly | |
- mode: 755 | |
@@ -69,18 +74,18 @@ gpg_pub_key: | |
import_gpg_pub_key: | |
cmd: | |
- run | |
- - name: gpg --import {{ salt['pillar.get']('aptly:pub_key', '') }} | |
+ - name: gpg --import {{ gpgpubfile }} | |
- user: aptly | |
- - unless: '{{ salt['pillar.get']('aptly:pub_key', '') }}' in gpg --list-keys | |
+ - unless: gpg --list-keys | grep '{{ gpgid }}' | |
- require: | |
- file: aptly_gpg_key_dir | |
import_gpg_priv_key: | |
cmd: | |
- run | |
- - name: gpg --allow-secret-key-import --import {{ salt['pillar.get']('aptly:priv_key', '') }} | |
+ - name: gpg --allow-secret-key-import --import {{ gpgprivfile }} | |
- user: aptly | |
- - unless: '{{ salt['pillar.get']('aptly:pub_key', ) }}' in gpg --list-keys | |
+ - unless: gpg --list-secret-keys | grep '{{ gpgid }}' | |
- require: | |
- file: aptly_gpg_key_dir | |
{% endif %} | |
diff --git a/aptly/create_trusty_repos.sls b/aptly/create_trusty_repos.sls | |
index 2f16a86..8a97d26 100644 | |
--- a/aptly/create_trusty_repos.sls | |
+++ b/aptly/create_trusty_repos.sls | |
@@ -4,29 +4,22 @@ include: | |
- aptly | |
- aptly.aptly_config | |
-create_edge_trusty_repo: | |
- cmd: | |
- - run | |
- - name: aptly repo create -distribution="trusty-edge" {{ salt['pillar.get']('aptly:organization', 'company' }}-edge-trusty | |
- - unless: aptly repo show {{ salt['pillar.get']('aptly:organization', 'company' }}-edge-trusty | |
+{% for repo, opts in salt['pillar.get']('aptly:repos').items() %} | |
+create-{{ repo }}-repo: | |
+ cmd.run: | |
+ - name: aptly repo create -distribution="{{ opts['distribution'] }}" -comment="{{ opts['comment'] }}" {{ repo }} | |
+ - unless: aptly repo show {{ repo }} | |
- user: aptly | |
- require: | |
- sls: aptly.aptly_config | |
-create_test_trusty_repo: | |
- cmd: | |
- - run | |
- - name: aptly repo create -distribution="trusty-test" {{ salt['pillar.get']('aptly:organization', 'company' }}-test-trusty | |
- - unless: aptly repo show {{ salt['pillar.get']('aptly:organization', 'company' }}-test-trusty | |
+ {% if opts['pkgdir'] %} | |
+add-{{ repo }}-pkgs: | |
+ cmd.run: | |
+ - name: aptly repo add {{ repo }} {{ opts['pkgdir'] }} | |
- user: aptly | |
- require: | |
- - sls: aptly.aptly_config | |
+ - cmd: create-{{ repo }}-repo | |
+ {% endif %} | |
-create_prod_trusty_repo: | |
- cmd: | |
- - run | |
- - name: aptly repo create -distribution="trusty-prod" {{ salt['pillar.get']('aptly:organization', 'company' }}-prod-trusty | |
- - unless: aptly repo show {{ salt['pillar.get']('aptly:organization', 'company' }}-prod-trusty | |
- - user: aptly | |
- - require: | |
- - sls: aptly.aptly_config | |
+{% endfor %} | |
\ No newline at end of file | |
diff --git a/aptly/files/aptly.jinja b/aptly/files/aptly.jinja | |
index f030ed5..ca855fc 100644 | |
--- a/aptly/files/aptly.jinja | |
+++ b/aptly/files/aptly.jinja | |
@@ -1,5 +1,5 @@ | |
server { | |
- root /var/lib/aptly/.aptly/public; | |
+ root {{ salt['pillar.get']('aptly:rootdir') }}/public; | |
server_name {{ salt['pillar.get']('aptly:server_name') }}; | |
location / { | |
diff --git a/aptly/init.sls b/aptly/init.sls | |
index 6c95c92..037f999 100644 | |
--- a/aptly/init.sls | |
+++ b/aptly/init.sls | |
@@ -16,6 +16,10 @@ aptly: | |
- name: aptly | |
- refresh: True | |
+# dependency for publishing | |
+bzip2: | |
+ pkg.installed | |
+ | |
aptly_user: | |
user: | |
- present | |
diff --git a/aptly/publish_trusty_repos.sls b/aptly/publish_trusty_repos.sls | |
index ee8f40c..3a0baed 100644 | |
--- a/aptly/publish_trusty_repos.sls | |
+++ b/aptly/publish_trusty_repos.sls | |
@@ -1,23 +1,13 @@ | |
include: | |
- aptly.create_trusty_repos | |
-publish_edge: | |
- cmd: | |
- - run | |
- - name: aptly publish repo {{ salt['pillar.get']('aptly:organization', 'company' }}-edge-trusty | |
- - user: aptly | |
- - unless: aptly publish update trusty-edge | |
- | |
-publish_test: | |
- cmd: | |
- - run | |
- - name: aptly publish repo {{ salt['pillar.get']('aptly:organization', 'company' }}-test-trusty | |
- - user: aptly | |
- - unless: aptly publish update trusty-test | |
+{% set gpgid = salt['pillar.get']('aptly:gpg_keypair_id', '') %} | |
+{% set gpgpassphrase = salt['pillar.get']('aptly:gpg_passphrase', '') %} | |
-publish_prod: | |
- cmd: | |
- - run | |
- - name: aptly publish repo {{ salt['pillar.get']('aptly:organization', 'company' }}-prod-trusty | |
+{% for repo, opts in salt['pillar.get']('aptly:repos').items() %} | |
+publish-{{ repo }}-repo: | |
+ cmd.run: | |
+ - name: aptly publish repo -gpg-key='{{ gpgid }}' -passphrase='{{ gpgpassphrase }}' {{ repo }} | |
- user: aptly | |
- - unless: aptly publish update trusty-prod | |
+ - unless: aptly publish update -gpg-key='{{ gpgid }}' -passphrase='{{ gpgpassphrase }}' {{ opts['distribution'] }} | |
+{% endfor %} | |
\ No newline at end of file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aptly: | |
homedir: /var/lib/aptly | |
rootdir: /var/lib/aptly/repo | |
organization: "OnCenter Software" | |
repos: | |
OnCenter01: | |
distribution: wheezy | |
comment: "OnCenter Software Repo" | |
pkgdir: /srv/dist/dist/repo | |
secure: True | |
gpg_keypair_id: 00000000 | |
gpg_passphrase: 'my voice is my passport' | |
gpg_pub_key: | | |
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
Version: GnuPG v1.4.12 (GNU/Linux) | |
.... | |
-----END PGP PUBLIC KEY BLOCK----- | |
gpg_priv_key: | | |
-----BEGIN PGP PRIVATE KEY BLOCK----- | |
Version: GnuPG v1.4.12 (GNU/Linux) | |
.... | |
-----END PGP PRIVATE KEY BLOCK----- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment