Allow the usage of own repos instead of uca/rdo
If a deployer has a mirror of uca/rdo, it probably wants to use it. Defining the URL currently works, but that process wouldn't work if the mirror is using a different key. This commit keeps the current behavior of using UCA with signing packages from upstream everywhere, but with this change, you can also define your own mirror (CentOS/Ubuntu) with your own key. Change-Id: Icd9c3b6b7b824cb5cb29fd745777e4c6148e6481 Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
This commit is contained in:
parent
dd3cf42a4f
commit
27669f193c
|
@ -16,6 +16,40 @@
|
|||
uca_enable: True
|
||||
uca_apt_repo_url: "http://ubuntu-cloud.archive.canonical.com/ubuntu"
|
||||
|
||||
# If you want to use your own keys for UCA or RDO (instead of ubuntu or
|
||||
# CentOS defaults), please define user_external_repo_key dict with
|
||||
# keys/values corresponding to the ansible module arguments for your
|
||||
# distribution.
|
||||
#
|
||||
# For CentOS you'd define the following:
|
||||
#user_external_repo_key:
|
||||
# key: https://my-repo.example.com/signing-key.asc
|
||||
# You could also use key: <keyid> from a keyserver, see ansible rpm_key doc.
|
||||
# Validate cert option from the module is also supported.
|
||||
# In CentOS, refusing to use the RDO package also forces you to add your own
|
||||
# repository. See below to know how to include your own repository.
|
||||
#
|
||||
# For Ubuntu, you'd define the following:
|
||||
#user_external_repo_key:
|
||||
# url: https://my-repo.example.com/signing-key.asc
|
||||
# This leverages apt_key module, and passes the id, keyserver, and url argument.
|
||||
# Therefore, you can ensure the id of the key you want to import with id: <keyid>
|
||||
# or replace the source url with a keyserver.
|
||||
|
||||
# If you have defined another set of keys you want to include, the chances are
|
||||
# high you want to give also your own repository.
|
||||
# For CentOS, define the following dict+key/values:
|
||||
#user_external_repo:
|
||||
# name: "mymirror"
|
||||
# baseurl: "http://mymirrorurl/baseurl/"
|
||||
#See also gpgcheck, gpgkey, description of the Ansible yum_repository module
|
||||
# For Ubuntu, define something like the following:
|
||||
#user_external_repo:
|
||||
# repo: "deb http://mymirrorurl/ubuntu/ xenial main"
|
||||
# filename: "mymirror"
|
||||
# If your mirror includes UCA mirroring, you may then want to disable using uca
|
||||
# by setting in your user variables uca_enable: False
|
||||
|
||||
# Set the package install state for distribution packages
|
||||
# Options are 'present' and 'latest'
|
||||
pip_install_package_state: "latest"
|
||||
|
|
|
@ -20,10 +20,13 @@
|
|||
when:
|
||||
- ansible_pkg_mgr == 'apt'
|
||||
|
||||
- name: Install external repo key package
|
||||
# Under CentOS, this will add the repo and its key to the keyring
|
||||
# Under Ubuntu, this will only add the key
|
||||
- name: Install external repo key with package
|
||||
package:
|
||||
name: "{{ pip_install_external_repo_key_package }}"
|
||||
state: "{{ pip_install_package_state }}"
|
||||
when: user_external_repo_key is not defined
|
||||
tags:
|
||||
- add-repo-keys
|
||||
|
||||
|
@ -43,6 +46,72 @@
|
|||
tags:
|
||||
- add-uca-repo
|
||||
|
||||
- name: Install external repo key manually (apt)
|
||||
apt_key:
|
||||
id: "{{ user_external_repo_key.id | default(omit) }}"
|
||||
keyserver: "{{ user_external_repo_key.keyserver | default(omit) }}"
|
||||
url: "{{ user_external_repo_key.url | default(omit) }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_pkg_mgr == 'apt'
|
||||
- user_external_repo_key is defined
|
||||
register: add_keys
|
||||
until: add_keys|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
tags:
|
||||
- add-repo-keys
|
||||
|
||||
- name: Install external repo key manually (rpm)
|
||||
rpm_key:
|
||||
key: "{{ user_external_repo_key.key }}"
|
||||
validate_certs: "{{ user_external_repo_key.validate_certs | default(omit) }}"
|
||||
state: present
|
||||
when:
|
||||
- ansible_pkg_mgr == 'yum'
|
||||
- user_external_repo_key is defined
|
||||
register: add_keys
|
||||
until: add_keys|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
tags:
|
||||
- add-repo-keys
|
||||
|
||||
- name: Install external repo manually (apt)
|
||||
apt_repository:
|
||||
repo: "{{ user_external_repo.repo }}"
|
||||
state: "{{ user_external_repo.state | default('present') }}"
|
||||
update_cache: yes
|
||||
filename: "{{ user_external_repo.filename | default(omit) }}"
|
||||
register: user_external_repo
|
||||
until: user_external_repo|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
when:
|
||||
- ansible_pkg_mgr == 'apt'
|
||||
- user_external_repo is defined
|
||||
tags:
|
||||
- add-external-repo
|
||||
|
||||
- name: Install external repo manually (yum)
|
||||
yum_repository:
|
||||
name: "{{ user_external_repo.name }}"
|
||||
description: "{{ user_external_repo.description | default(omit) }}"
|
||||
baseurl: "{{ user_external_repo.baseurl | default(omit) }}"
|
||||
gpgkey: "{{ user_external_repo.gpgkey | default(omit) }}"
|
||||
gpgcheck: "{{ user_external_repo.gpgcheck | default(omit) }}"
|
||||
enabled: "{{ user_external_repo.enabled | default('yes') }}"
|
||||
register: user_external_repo
|
||||
until: user_external_repo|success
|
||||
retries: 5
|
||||
delay: 2
|
||||
when:
|
||||
- ansible_pkg_mgr == 'yum'
|
||||
- user_external_repo is defined
|
||||
- user_external_repo.name is defined
|
||||
tags:
|
||||
- add-external-repo
|
||||
|
||||
- name: Install packages
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
|
|
Loading…
Reference in New Issue