Skip to content

Commit

Permalink
Add rpm repo profile
Browse files Browse the repository at this point in the history
  • Loading branch information
ehelms committed Sep 13, 2024
1 parent 1c960e3 commit 524eca2
Show file tree
Hide file tree
Showing 16 changed files with 482 additions and 1 deletion.
11 changes: 11 additions & 0 deletions Vagrantfile
Original file line number Diff line number Diff line change
Expand Up @@ -134,4 +134,15 @@ Vagrant.configure("2") do |config|
provider.vm.box_url = CENTOS_9_BOX_URL
end
end

config.vm.define "repo-rpm" do |override|
override.vm.hostname = "repo-rpm"
override.vm.box = "centos/stream9"

override.vm.provider "libvirt" do |libvirt, provider|
libvirt.memory = "2048"
libvirt.machine_virtual_size = 40
provider.vm.box_url = CENTOS_9_BOX_URL
end
end
end
12 changes: 12 additions & 0 deletions puppet/data/common.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
stable_release: '3.11'
profiles::web::stable: '%{alias("stable_release")}'
profiles::repo::deb::stable: '%{alias("stable_release")}'
profiles::repo::rpm::stable_foreman: '%{alias("stable_release")}'

backup_servicename: 'backups.theforeman.org'
backup_username: 'backup-%{facts.networking.hostname}'
Expand Down Expand Up @@ -241,3 +242,14 @@ sudo::wheel_config: password
redmine::https: true

apache::default_vhost: false

rsync_usernames:
- 'ehelms'
- 'ekohl'
- 'evgeni'
- 'Odilhao'
- 'pcreech'
- 'zhunting'

web::vhost::stagingrpm::usernames: '%{alias("rsync_usernames")}'
web::vhost::stagingyum::usernames: '%{alias("rsync_usernames")}'
1 change: 1 addition & 0 deletions puppet/data/vagrant.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,6 @@ profiles::jenkins::node::swap_size_mb: 0
profiles::web::https: false

profiles::repo::deb::https: false
profiles::repo::rpm::https: false

redmine::https: false
5 changes: 5 additions & 0 deletions puppet/manifests/site.pp
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,8 @@
include profiles::base
include profiles::repo::deb
}

node /^repo-rpm\d+\.[a-z]+\.theforeman\.org$/ {
include profiles::base
include profiles::repo::rpm
}
25 changes: 25 additions & 0 deletions puppet/modules/profiles/manifests/repo/rpm.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# @summary A profile for the rpm repo machines
#
# @param stable_foreman
# Latest Foreman release that users expect
#
# @param https
# Whether to enable HTTPS. This is typically wanted but can only be enabled
# in a 2 pass setup. First Apache needs to run for Letsencrypt to function.
# Then Letsencrypt can be enabled. Also useful to turn off in test setups.
class profiles::repo::rpm (
String[1] $stable_foreman,
Boolean $https = true,
) {
class { 'web':
https => $https,
}
contain web

class { 'web::vhost::rpm':
stable_foreman => $stable_foreman,
}
contain web::vhost::rpm

contain web::vhost::stagingrpm
}
3 changes: 3 additions & 0 deletions puppet/modules/web/files/rpm/pulpcore-HEADER.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
<h1>Pulpcore packages</h1>

These are RPM builds for <a href="https://pulpproject.org">Pulp 3</a> and various plugins for use by <a href="https://theforeman.org/plugins/katello/">Katello</a>. They are only intended to be used by Katello. Only branches used by Katello are maintained. No explicit end of life announcements will be made.
3 changes: 3 additions & 0 deletions puppet/modules/web/files/rpm/robots.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
User-agent: *
Disallow: /foreman/nightly/
Disallow: /pulpcore/nightly/
2 changes: 2 additions & 0 deletions puppet/modules/web/files/stagingrpm/robots.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
User-agent: *
Disallow: /
106 changes: 106 additions & 0 deletions puppet/modules/web/manifests/vhost/rpm.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
# @summary Set up the rpm vhost
# @api private
class web::vhost::rpm (
String[1] $stable_foreman,
Stdlib::Fqdn $servername = 'rpm.theforeman.org',
Stdlib::Absolutepath $rpm_directory = '/var/www/vhosts/rpm/htdocs',
Stdlib::Absolutepath $rpm_staging_directory = '/var/www/vhosts/stagingrpm/htdocs/',
String $user = 'rpmrepo',
) {
$rpm_directory_config = [
{
path => $rpm_directory,
options => ['+Indexes', '+FollowSymLinks'],
expires_active => 'on',
expires_default => 'access plus 2 minutes',
},
{
path => '.+\.(bz2|gz|rpm|xz)$',
provider => 'filesmatch',
expires_active => 'on',
expires_default => 'access plus 30 days',
},
{
path => 'repomd.xml',
provider => 'files',
expires_active => 'on',
expires_default => 'access plus 2 minutes',
},
]

$deploy_rpmrepo_context = {
'servername' => $servername,
'rpm_directory' => $rpm_directory,
'rpm_staging_directory' => $rpm_staging_directory,
}

secure_ssh::receiver_setup { $user:
user => $user,
foreman_search => 'host ~ node*.jenkins.osuosl.theforeman.org and (name = external_ip4 or name = external_ip6)',
script_content => epp('web/deploy-rpmrepo.sh.epp', $deploy_rpmrepo_context),
}

include apache::mod::expires
include apache::mod::dir
include apache::mod::autoindex
include apache::mod::alias
include apache::mod::mime

web::vhost { 'rpm':
servername => $servername,
docroot => $rpm_directory,
docroot_owner => $user,
docroot_group => $user,
docroot_mode => '0755',
directories => $rpm_directory_config,
}

if $facts['os']['family'] == 'RedHat' {
package { 'createrepo_c':
ensure => present,
}
}

file { "${rpm_directory}/robots.txt":
ensure => file,
owner => $user,
group => $user,
mode => '0644',
content => file('web/rpm/robots.txt'),
}

file { "${rpm_directory}/HEADER.html":
ensure => file,
owner => $user,
group => $user,
mode => '0644',
content => epp("${module_name}/rpm/HEADER.html.epp", {
'stable_foreman' => $stable_foreman,
'servername' => $servername,
}),
}

['candlepin', 'foreman', 'pulpcore'].each |$directory| {
file { ["${rpm_directory}/${directory}"]:
ensure => directory,
owner => $user,
group => $user,
mode => '0755',
}

exec { "fastly-purge-${directory}-latest":
command => "fastly-purge-find 'https://${servername}' ${rpm_directory} ${directory}/latest/",
path => '/bin:/usr/bin:/usr/local/bin',
require => File['/usr/local/bin/fastly-purge-find'],
refreshonly => true,
}
}

file { "${rpm_directory}/pulpcore/HEADER.html":
ensure => file,
owner => $user,
group => $user,
mode => '0644',
content => file('web/rpm/pulpcore-HEADER.html'),
}
}
88 changes: 88 additions & 0 deletions puppet/modules/web/manifests/vhost/stagingrpm.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# @summary Set up the rpm staging vhost
# @api private
class web::vhost::stagingrpm (
Array[String[1]] $usernames,
Stdlib::Fqdn $servername = 'stagingrpm.theforeman.org',
Stdlib::Absolutepath $rpm_staging_directory = '/var/www/vhosts/stagingrpm/htdocs',
String $user = 'rpmrepostage',
Stdlib::Absolutepath $home = "/home/${user}",
) {
$rpm_staging_directory_config = [
{
path => $rpm_staging_directory,
options => ['Indexes', 'FollowSymLinks'],
expires_active => 'on',
expires_default => 'access plus 2 minutes',
},
{
path => '.+\.(bz2|gz|rpm|xz)$',
provider => 'filesmatch',
expires_active => 'on',
expires_default => 'access plus 30 days',
},
{
path => 'repomd.xml',
provider => 'files',
expires_active => 'on',
expires_default => 'access plus 2 minutes',
},
]

include apache::mod::expires
include apache::mod::dir
include apache::mod::autoindex
include apache::mod::alias
include apache::mod::mime

$authorized_keys = flatten($usernames.map |$name| {
split(file("users/${name}-authorized_keys"), "\n")
})

secure_ssh::rsync::receiver_setup { $user:
user => $user,
homedir => $home,
homedir_mode => '0750',
foreman_search => 'host ~ node*.jenkins.*.theforeman.org and (name = external_ip4 or name = external_ip6)',
authorized_keys => $authorized_keys,
script_content => epp("${module_name}/deploy-stagingrpm.sh.epp", {
'home' => $home,
'rpm_staging_directory' => $rpm_staging_directory,
}),
}

web::vhost { 'stagingrpm':
servername => $servername,
docroot => $rpm_staging_directory,
docroot_owner => $user,
docroot_group => $user,
docroot_mode => '0755',
directories => $rpm_staging_directory_config,
}

file { "${rpm_staging_directory}/robots.txt":
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => file('web/stagingrpm/robots.txt'),
}

file { "${rpm_staging_directory}/HEADER.html":
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => epp("${module_name}/stagingrpm/HEADER.html.epp", {
'servername' => $servername,
}),
}

['candlepin', 'foreman', 'pulpcore'].each |$directory| {
file { ["${rpm_staging_directory}/${directory}"]:
ensure => directory,
owner => $user,
group => $user,
mode => '0755',
}
}
}
2 changes: 1 addition & 1 deletion puppet/modules/web/manifests/vhost/stagingyum.pp
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# @summary Set up the yum vhost
# @api private
class web::vhost::stagingyum (
Array[String[1]] $usernames,
Stdlib::Fqdn $servername = 'stagingyum.theforeman.org',
Stdlib::Absolutepath $yum_directory = '/var/www/vhosts/stagingyum/htdocs',
String $user = 'yumrepostage',
Stdlib::Absolutepath $home = "/home/${user}",
Array[String[1]] $usernames = ['ehelms', 'evgeni', 'ekohl', 'Odilhao', 'pcreech', 'zhunting'],
) {
$yum_directory_config = [
{
Expand Down
Loading

0 comments on commit 524eca2

Please sign in to comment.