From d91e6275dc13bd5844507a38ce81a58f49588add Mon Sep 17 00:00:00 2001
From: "Eric D. Helms" <ericdhelms@gmail.com>
Date: Sun, 13 Aug 2023 15:45:37 -0400
Subject: [PATCH] Add stagingyum vhost to web01 for Copr staging repositories

---
 puppet/modules/profiles/manifests/web.pp      |  2 +
 puppet/modules/slave/manifests/packaging.pp   |  2 +
 .../modules/slave/manifests/packaging/rpm.pp  |  8 +++
 .../modules/web/manifests/vhost/stagingyum.pp | 53 +++++++++++++++++++
 .../web/templates/deploy-stagingyum.sh.erb    | 11 ++++
 5 files changed, 76 insertions(+)
 create mode 100644 puppet/modules/web/manifests/vhost/stagingyum.pp
 create mode 100644 puppet/modules/web/templates/deploy-stagingyum.sh.erb

diff --git a/puppet/modules/profiles/manifests/web.pp b/puppet/modules/profiles/manifests/web.pp
index 9383587a4..e19552534 100644
--- a/puppet/modules/profiles/manifests/web.pp
+++ b/puppet/modules/profiles/manifests/web.pp
@@ -60,4 +60,6 @@
     rsync_max_connections => $rsync_max_connections,
   }
   contain web::vhost::yum
+
+  contain web::vhost::stagingyum
 }
diff --git a/puppet/modules/slave/manifests/packaging.pp b/puppet/modules/slave/manifests/packaging.pp
index 44f6be53a..19d34ebb5 100644
--- a/puppet/modules/slave/manifests/packaging.pp
+++ b/puppet/modules/slave/manifests/packaging.pp
@@ -15,6 +15,8 @@
       class { 'slave::packaging::rpm':
         homedir          => $homedir,
         koji_certificate => $koji_certificate,
+        user             => 'jenkins',
+        workspace        => $workspace,
       }
       contain slave::packaging::rpm
     }
diff --git a/puppet/modules/slave/manifests/packaging/rpm.pp b/puppet/modules/slave/manifests/packaging/rpm.pp
index a79b6163b..4b618f712 100644
--- a/puppet/modules/slave/manifests/packaging/rpm.pp
+++ b/puppet/modules/slave/manifests/packaging/rpm.pp
@@ -3,6 +3,8 @@
 class slave::packaging::rpm (
   Stdlib::Absolutepath $homedir,
   Optional[String] $koji_certificate = undef,
+  String $user,
+  Stdlib::Absolutepath $workspace,
 ) {
   # TODO: Fix on EL8 and get rid of this
   $is_el8 = $facts['os']['release']['major'] == '8'
@@ -114,4 +116,10 @@
   package { ['dnf', 'dnf-plugins-core']:
     ensure => present,
   }
+
+  secure_ssh::rsync::uploader_key { 'yumstage':
+    user       => $user,
+    dir        => "${workspace}/staging_key",
+    manage_dir => true,
+  }
 }
diff --git a/puppet/modules/web/manifests/vhost/stagingyum.pp b/puppet/modules/web/manifests/vhost/stagingyum.pp
new file mode 100644
index 000000000..6485b3811
--- /dev/null
+++ b/puppet/modules/web/manifests/vhost/stagingyum.pp
@@ -0,0 +1,53 @@
+# @summary Set up the yum vhost
+# @api private
+class web::vhost::stagingyum (
+  Stdlib::Fqdn $servername = 'stagingyum.theforeman.org',
+  Stdlib::Absolutepath $yum_directory = '/var/www/vhosts/stagingyum/htdocs',
+  String $user = 'yumrepostage',
+) {
+  $yum_directory_config = [
+    {
+      path            => $yum_directory,
+      options         => ['Indexes', 'FollowSymLinks', 'MultiViews'],
+      expires_active  => 'on',
+      expires_default => 'access plus 2 minutes',
+    },
+    {
+      path            => '.+\.(bz2|gz|rpm|xz)$',
+      provider        => 'filesmatch',
+      expires_active  => 'on',
+      expires_default => 'access plus 30 days',
+    },
+    {
+      path            => 'repomd.xml',
+      provider        => 'files',
+      expires_active  => 'on',
+      expires_default => 'access plus 2 minutes',
+    },
+  ]
+
+  secure_ssh::receiver_setup { $user:
+    user           => $user,
+    foreman_search => 'host ~ node*.jenkins.*.theforeman.org and (name = external_ip4 or name = external_ip6)',
+    script_content => template('web/deploy-stagingyum.sh.erb'),
+  }
+
+  web::vhost { 'stagingyum':
+    servername    => $servername,
+    docroot       => $yum_directory,
+    docroot_owner => $user,
+    docroot_group => $user,
+    docroot_mode  => '0755',
+    directories   => $yum_directory_config,
+  }
+
+  ['HEADER.html', 'robots.txt'].each |$filename| {
+    file { "${yum_directory}/${filename}":
+      ensure  => file,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => file("web/yum/${filename}"),
+    }
+  }
+}
diff --git a/puppet/modules/web/templates/deploy-stagingyum.sh.erb b/puppet/modules/web/templates/deploy-stagingyum.sh.erb
new file mode 100644
index 000000000..996e3e790
--- /dev/null
+++ b/puppet/modules/web/templates/deploy-stagingyum.sh.erb
@@ -0,0 +1,11 @@
+  # Make sure target dir can be created
+  YUM_PATH=`echo "${SSH_ORIGINAL_COMMAND}" | awk '{ print $NF }'`
+  PROJECT=`echo $YUM_PATH | /bin/cut -f2 -d/`
+  RELEASE=`echo $YUM_PATH | /bin/cut -f3 -d/`
+  mkdir -p <%= @home %>/rsync_cache/$PROJECT/$RELEASE
+
+  # Permit transfer
+  $SSH_ORIGINAL_COMMAND
+
+  # Publish the site - stderr/out redirect is required to stop the noninteractive shell from hanging
+  rsync -rvx --delete-after <%= @home %>/rsync_cache/$PROJECT/$RELEASE <%= @yum_directory %>/ 2>&1 >/dev/null ;