Commit 628d4fc6 authored by Christopher Huhn's avatar Christopher Huhn 🥚
Browse files

First working version

parent 8bf4d145
...@@ -2,10 +2,6 @@ ...@@ -2,10 +2,6 @@
driver: driver:
name: vagrant name: vagrant
box_check_update: true box_check_update: true
# network:
# - ["forwarded_port", {guest: 80, host: 8977}]
# synced_folders:
# - ["data/%{instance_name}", "/tmp/data", "type: :rsync"]
provisioner: provisioner:
require_chef_omnibus: false require_chef_omnibus: false
...@@ -42,3 +38,12 @@ suites: ...@@ -42,3 +38,12 @@ suites:
run_list: run_list:
- recipe[debmirror] - recipe[debmirror]
attributes: attributes:
debmirror:
mirrors:
cvmfs:
server: cvmrepo.web.cern.ch
path: /cvmrepo/apt
release:
- buster-prod
key: "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQGiBEuGP6YRBADV89cbF4uoEX89Q8uxOklIDVJhOJAFKZ33LSdzHv3iObnjo5w4\nwbb8FiSir4oWgarAco4u0kR1yKjHJ33oVB2xmPOzW3NWoHI7aPF7tCgo7FY9hNoC\n4NEkNycvbfSoCScsv2yY5qz2q2sY1LWGZGbUXjBvKbmASe9sJFKJV7NsmwCg76W/\naMazleHyDtooD8tk3ZWvpKcD/Rg51Oad+ZLc7h45wDMHpaDvOBeGoyp+k7JgQd87\nHfXiJtg/Q6zyTwrV3vCQvMpw3GRjRkZBcPgRWb6rUk68dL8fa2cTxhISX5/DIQzc\nmmuDa0EgCGGAKUZ4bHqaexFFnp/B+VKBPvJuxLa0cBDd6eewxNwtHJ90EaMeBzGd\n6zU2BADO9YbXiEMqRkfVLnuvD5G31/WJZvffXCxspnSfg923DbILWa4vNW9MLMsK\nIVHvyVr0mZF8xdyQNVPUX3/4uahKM4hwuFqdbyjuLGEIF3U73aIJ0+YDep/+I6yU\nJGHnxy8Ex+a1XIhJ1hSI7+oalSdt+w/pE3+2MQyUfSDPSXVA3LQ+Q2VyblZNIEFk\nbWluaXN0cmF0b3IgKGN2bWFkbWluKSA8Y2VybnZtLmFkbWluaXN0cmF0b3JAY2Vy\nbi5jaD6IXgQTEQIAHgIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAUCVwOYkgAKCRAj\nDTidiuRc50E1AJ9AYvH/cydD7029jxGcs8K87lo3jACdEhbCj3cjPsp2U/WfpgK1\nBQOMiwe5Ag0ES4Y/qBAIAL3sWKXQKpbIOpwX+mNX2IV2XxNBM3KYjYOEii66i9ap\nPo3BA39a9Wm9vh1kYIHTkh9Qqb8w53hc4ANkVT+cYzxXythGBjWoLtwCzKCPrIb7\nRQJRc956Ot0q4qmlcUEGi5zefSIoJZR5jyR7rZS+1PNJYI05xY2+Eah1u9UxrlzB\nH5DCsvUqTNK12WrPIibmLo8u+yIDJjwgh9O5YITC+et/g47NLfZdiAGPLEjvJFRi\n7Ju+8ywO32dSVBPJQDktr5BC950DKZHA9n+sJ63iF3lP/aCTECpxxUqXVVqioobw\ng5ytl60hw9I9sfwBP6z9PR90RcyT1l4giiBz9LV+KpcAAwUIAKeAxArGaJxzWziK\ns7D8TTuE50Nw+S3RGhVzwSKy7183Z11iOEMqbm2/zwp65wFkntCKmLKDnGsTgFNp\nstIyFwJmj34Axp7N3KGqXnTI+SIQd6VmzQ1phxfCOw8IGueOR6YI7S1GYWt7Dose\nZKz4EWdvXCOkQAhbxq/HT2c3ihxsuxrErxz7QtNaYOFXiuLj3mYH9XaMeEe8Pkl+\nyyRTvyUNlMIu/i79qf+QUlsi10nCUm88cSXQiKWOJ4GiUoT+jD7pN4ohdALRVl0t\nl/EyPTw+asG3lQhPZ+solvJXp+i7KF7nwnyXDB63WNH15S1pQLMnqCuGCFyegf6j\nnOJU0AqISQQYEQIACQIbDAUCVwOYgwAKCRAjDTidiuRc534jAKDu/9BZU3rirEMr\nDuGbmN3ulUM+UgCfe7lg5qrGXUzZlJFTnTaTgS3Z0Rg=\n=fspm\n-----END PGP PUBLIC KEY BLOCK-----\n"
rsync_extra: none
# defaulf basedir for mirrored repositories
default_unless['debmirror']['base_dir'] = '/srv/debmirror'
# keyring where debmirror looks for repository keys
default_unless['debmirror']['keyring'] = node['debmirror']['base_dir'] + "/.gnupg/trustedkeys.gpg"
# the user that runs the scripts:
default_unless['debmirror']['mirrors'] = {}
# the directory the generated debmirror scripts are placed into:
default_unless['debmirror']['script_dir'] = '/etc/debmirror.d'
# the user that runs the scripts:
default_unless['debmirror']['user'] = 'nobody'
default_unless['debmirror']['cron'] = {
day: '*',
hour: 2,
minute: 42
}
#
# Cookbook Name:: debmirror # Cookbook Name:: debmirror
# Recipe:: default # Recipe:: default
# #
# Copyright 2020, GSI Helmholtzzentrum fuer Schwerionenforschung GmbH # Copyright 2013-2021 GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
#
# Authors:
# Christopher Huhn <C.Huhn@gsi.de>
# Dennis Klein <d.klein@gsi.de>
# Victor Penso <v.penso@gsi.de>
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
...@@ -15,5 +19,41 @@ ...@@ -15,5 +19,41 @@
# GNU General Public License for more details. # GNU General Public License for more details.
# #
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <https://www.gnu.org/licenses/>.
# #
package 'debmirror'
# Holds the script to sync with package archives
directory node['debmirror']['script_dir']
# Holds the mirrored repositories:
directory node['debmirror']['base_dir']
# Configure all mirrors defined by attributes
node['debmirror']['mirrors'].each do |name, conf|
debmirror_repository name do
server conf['server']
proto conf['method'] if conf['method']
path conf['path']
distribution conf['release'] if conf['release']
components conf['section'] if conf['section']
deb_src conf['deb_src'] if conf['deb_src']
arch conf['arch'] if conf['arch']
key conf['key']
rsync_extra conf['rsync_extra']
end
end
# FIXME: cron_d instead
cron 'debmirror_update' do
user node['debmirror']['user']
minute node['debmirror']['cron']['minute']
hour node['debmirror']['cron']['hour']
day node['debmirror']['cron']['day']
mailto node['debmirror']['notify'] if node['debmirror']['notify']
home node['debmirror']['base_dir']
# we cannot prevent this error message:
# therefore we don't `run-parts --report`
command "run-parts --regex=.sh$ #{node['debmirror']['script_dir']}"
end
#
# Copyright 2013-2021 GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
#
# Authors:
# Christopher Huhn <c.huhn@gsi.de>
# Dennis Klein <d.klein@gsi.de>
# Victor Penso <v.penso@gsi.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
property :arch, Array, default: ['amd64']
property :components, Array, default: %w[main]
property :deb_src, [true, false], default: false
property :distribution, Array, default: [ node['lsb']['codename'] ]
property :user, String, default: node['debmirror']['user']
property :key, [String, nil]
property :keyring, [String, nil], default: node['debmirror']['keyring']
property :server, String, default: 'deb.debian.org'
property :proto, String, default: 'http'
property :path, String, default: "/"
property :mirror_dir, [String, nil]
property :options, Array, default: []
property :script_dir, String, default: node['debmirror']['script_dir']
property :rsync_extra, [Array, String, nil],
# turn strings into an array, default to ['trace']
coerce: proc { |x| x.is_a?(String) ? Array[x] : x.nil? ? %w[trace] : x }
default_action :add
action :add do
# TODO: use ruby-gpgme for key management
if new_resource.key
package 'gnupg'
home = node['debmirror']['base_dir']
keyring = new_resource.keyring
directory ::File.dirname(keyring) do
owner new_resource.user
end
# fingerprint = `gpg --with-colons --with-fingerprint <<<"#{new_resource.key}" | grep ...`
# TODO: avoid re-runs
execute "Adding repository key for #{new_resource.name}" do
command "gpg --no-default-keyring --keyring #{keyring}" \
" --import <<-EOD\n#{new_resource.key}\nEOD"
user user
# without $HOME gpg tries to create /root/.gnupg :(
environment( 'HOME' => home )
# not_if { `gpg --no-default-keyring --keyring #{keyring} --with-colons --fingerprint`match %r{^fpr:+#{fingerpring}:$} }
end
end
storage = new_resource.mirror_dir ||
"#{node['debmirror']['base_dir']}/#{new_resource.name}"
# Make sure the archive directory exists
directory storage do
owner new_resource.user
recursive true
end
# Generate the mirror script
template "#{new_resource.script_dir}/#{new_resource.name}.sh" do
source 'debmirror.sh.erb'
mode '0755'
variables(
release: new_resource.distribution,
arch: new_resource.arch,
section: new_resource.components,
server: new_resource.server,
proto: new_resource.proto,
path: new_resource.path,
storage: storage,
keyring: new_resource.keyring,
options: new_resource.options,
rsync_extra: new_resource.rsync_extra
)
end
end
action :remove do
file "#{script_dir}/#{name}.sh" do
action :remove
end
# TODO: Remove key from keyring?
end
#!/bin/bash
#
# generated by Chef from the debmirror cookbook
#
# Architecture (i386, powerpc, amd64, etc.)
arch=<%= @arch.join(',') %>
# Section (main,contrib,non-free)
section=<%= @section.join(',') %>
# Release of the system (squeeze,lenny,stable,testing,etc)
release=<%= @release.join(',') %>
# Server name, minus the protocol and the path at the end
server=<%= @server %>
# Path from the main server, so http://my.web.server/$dir, Server dependant
path=<%= @path %>
# Protocol to use for transfer (http, ftp, hftp, rsync)
proto=<%= @proto %>
# Directory to store the mirror in
storage=<%= @storage %>
# Start script
<%- if @rsync_extra == ['none'] -%>
# filter out trace warning assuming we know what we are doing:
error_filter() {
"$@" 2> >(sed -e '/Warning: --rsync-extra is not configured to mirror the trace files\.$/{N;/ *This configuration is not recommended\./d}' >&2)
}
error_filter <%- end -%>debmirror \
--dist $release \
--arch $arch \
--section $section \
--method $proto \
--host $server \
--root $path \
--keyring <%= @keyring %> \
<%- if @rsync_extra -%>
--rsync-extra <%= @rsync_extra.join(',') %> \
<%- end -%>
<% @options.each do |option| %>
<%= option %> \
<% end -%>
$storage "$@"
#
# Copyright 2021 GSI Helmholtzzentrum fuer Schwerionenforschung GmbH
#
# Authors:
# Christopher Huhn <c.huhn@gsi.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
require 'spec_helper'
describe file '/etc/debmirror.d/cvmfs.sh' do
it { should exist }
end
describe command 'gpg --no-default-keyring --list-keys --keyring /srv/debmirror/.gnupg/trustedkeys.gpg' do
its(:exit_status) { should be_zero }
its(:stdout) { should contain "CernVM Administrator" }
# its(:stderr) { should be_empty } # complains about "unsafe ownership on /home/vagrant/.gnupg"
end
describe command 'sudo -u nobody LC_ALL=C /etc/debmirror.d/cvmfs.sh --dry-run' do
its(:exit_status) { should be_zero }
its(:stdout) { should be_empty }
its(:stderr) { should be_empty }
end
describe command 'sudo -u nobody /etc/debmirror.d/cvmfs.sh --verbose --dry-run' do
its(:exit_status) { should be_zero }
its(:stdout) { should contain 'gpgv: Good signature from "CernVM Administrator' }
its(:stdout) { should contain 'All done.' }
end
describe file '/srv/debmirror/cvmfs' do
it { should exist }
it { should be_directory }
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment