Puppet Class: profile::aptrepo::staging
- Defined in:
- modules/profile/manifests/aptrepo/staging.pp
Summary
Provides a staging repository for CI to build and distribute debian packages.Overview
SPDX-License-Identifier: Apache-2.0
. stored in .gnupg relative to this path.
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'modules/profile/manifests/aptrepo/staging.pp', line 12
class profile::aptrepo::staging (
Stdlib::Unixpath $basedir = lookup('profile::aptrepo::staging::basedir'),
Stdlib::Unixpath $homedir = lookup('profile::aptrepo::staging::homedir'),
String $gpg_user = lookup('profile::aptrepo::staging::gpg_user'),
Optional[String] $gpg_pubring = lookup('profile::aptrepo::staging::gpg_pubring'),
Optional[String] $gpg_secring = lookup('profile::aptrepo::staging::gpg_secring'),
) {
class { 'aptrepo::common':
homedir => $homedir,
basedir => $basedir,
gpg_user => $gpg_user,
gpg_secring => $gpg_secring,
gpg_pubring => $gpg_pubring,
}
aptrepo::repo { 'staging_apt_repository':
basedir => $basedir,
incomingdir => 'incoming',
distributions_file => 'puppet:///modules/aptrepo/distributions-wikimedia-staging',
}
firewall::service { 'apt_staging_http':
proto => 'tcp',
port => [80,443],
src_sets => ['DOMAIN_NETWORKS', 'MGMT_NETWORKS'],
}
nginx::site { 'apt-staging.wikimedia.org':
content => template('aptrepo/apt-staging.wikimedia.org.conf.erb'),
}
systemd::sysuser { 'apt-uploader': }
file { '/srv/incoming-packages':
ensure => directory,
mode => '0755',
owner => 'apt-uploader',
group => 'apt-uploader',
}
file { '/etc/rsync-apt-auth-secrets':
ensure => file,
owner => 'root',
group => 'root',
mode => '0400',
content => secret('apt-staging/rsync-secrets'),
}
class { '::rsync::server': }
rsync::server::module { 'apt-auth':
ensure => present,
comment => 'Incoming packages for apt-staging.wm.o, from gitlab runners',
read_only => 'no',
path => '/srv/incoming-packages',
uid => 'apt-uploader',
gid => 'apt-uploader',
incoming_chmod => 'D755,F644',
hosts_allow => wmflib::role::hosts('gitlab_runner'),
auto_firewall => true,
auth_users => ['apt-publisher'],
secrets_file => '/etc/rsync-apt-auth-secrets',
}
ensure_packages(['python3-gitlab'])
file { '/usr/local/bin/gitlab-package-puller':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/aptrepo/gitlab_package_puller.py',
}
file { '/etc/gitlab-puller-auth':
ensure => file,
owner => 'root',
group => 'root',
mode => '0400',
content => secret('apt-staging/gitlab-puller-token'),
}
systemd::timer::job { 'gitlab-package-puller':
ensure => present,
user => 'root',
description => 'Runs the script to pull apt packages from Gitlab CI jobs',
command => '/usr/local/bin/gitlab-package-puller',
interval => { 'start' => 'OnUnitInactiveSec', 'interval' => '5m' },
}
profile::auto_restarts::service { 'nginx': }
profile::auto_restarts::service { 'envoyproxy': }
profile::auto_restarts::service { 'rsync': }
}
|