Skip to content

Commit

Permalink
Use keyring for apt repository
Browse files Browse the repository at this point in the history
  • Loading branch information
h-haaks committed Mar 21, 2024
1 parent b4f0d17 commit fbf4431
Show file tree
Hide file tree
Showing 7 changed files with 190 additions and 54 deletions.
23 changes: 23 additions & 0 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,19 @@ class {'mongodb::globals':
-> class {'mongodb::server': }
```

##### Use a custom MongoDB apt repository.

```puppet
class {'mongodb::globals':
manage_package_repo => true,
repo_location => 'https://example.com/repo',
keyring_location => 'https://example.com/keyring.asc'
}
-> class {'mongodb::client': }
-> class {'mongodb::server': }
```

##### To disable managing of repository, but still enable managing packages.

```puppet
Expand Down Expand Up @@ -145,6 +158,7 @@ The following parameters are available in the `mongodb::globals` class:
* [`proxy_username`](#-mongodb--globals--proxy_username)
* [`proxy_password`](#-mongodb--globals--proxy_password)
* [`repo_location`](#-mongodb--globals--repo_location)
* [`keyring_location`](#-mongodb--globals--keyring_location)
* [`use_enterprise_repo`](#-mongodb--globals--use_enterprise_repo)
* [`pidfilepath`](#-mongodb--globals--pidfilepath)
* [`pidfilemode`](#-mongodb--globals--pidfilemode)
Expand Down Expand Up @@ -324,6 +338,15 @@ If not specified, the module will use the default repository for your OS distro.

Default value: `undef`

##### <a name="-mongodb--globals--keyring_location"></a>`keyring_location`

Data type: `Any`

When `repo_location` is used for an apt repository this setting can be used for the keyring
file to download.

Default value: `undef`

##### <a name="-mongodb--globals--use_enterprise_repo"></a>`use_enterprise_repo`

Data type: `Any`
Expand Down
18 changes: 18 additions & 0 deletions manifests/globals.pp
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,16 @@
# -> class {'mongodb::client': }
# -> class {'mongodb::server': }
#
# @example Use a custom MongoDB apt repository.
#
# class {'mongodb::globals':
# manage_package_repo => true,
# repo_location => 'https://example.com/repo',
# keyring_location => 'https://example.com/keyring.asc'
# }
# -> class {'mongodb::client': }
# -> class {'mongodb::server': }
#
# @example To disable managing of repository, but still enable managing packages.
#
# class {'mongodb::globals':
Expand Down Expand Up @@ -101,6 +111,10 @@
# This setting can be used to override the default MongoDB repository location.
# If not specified, the module will use the default repository for your OS distro.
#
# @param keyring_location
# When `repo_location` is used for an apt repository this setting can be used for the keyring
# file to download.
#
# @param use_enterprise_repo
# When manage_package_repo is set to true, this setting indicates if it will use the Community Edition
# (false, the default) or the Enterprise one (true).
Expand Down Expand Up @@ -139,6 +153,7 @@
$proxy_password = undef,

$repo_location = undef,
$keyring_location = undef,
$use_enterprise_repo = undef,

$pidfilepath = undef,
Expand All @@ -158,7 +173,10 @@
version => $repo_version,
use_enterprise_repo => $use_enterprise_repo,
repo_location => $repo_location,
keyring_location => $keyring_location,
proxy => $repo_proxy,
proxy_username => $proxy_username,
proxy_password => $proxy_password,
}
}
}
73 changes: 45 additions & 28 deletions manifests/repo.pp
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@
# @param repo_location
# Location of the upstream repository
#
# @param keyring_location
# Location of the upstream keyring
#
# @param proxy
# Proxy hostnam
#
Expand All @@ -24,19 +27,18 @@
# @param proxy_password
# Proxy pasword
#
# @param aptkey_options
# Options for debian aptkey
#
class mongodb::repo (
Enum['present', 'absent'] $ensure = 'present',
Optional[String] $version = undef,
Boolean $use_enterprise_repo = false,
Optional[String] $repo_location = undef,
Optional[String] $proxy = undef,
Optional[String] $proxy_username = undef,
Optional[String] $proxy_password = undef,
Optional[String[1]] $aptkey_options = undef,
Enum['present', 'absent'] $ensure = 'present',
Optional[String] $version = undef,
Boolean $use_enterprise_repo = false,
Optional[String[1]] $repo_location = undef,
Optional[String[1]] $keyring_location = undef,
Optional[String[1]] $proxy = undef,
Optional[String[1]] $proxy_username = undef,
Optional[String[1]] $proxy_password = undef,
) {
assert_private()

if $version == undef and $repo_location == undef {
fail('`version` or `repo_location` is required')
}
Expand All @@ -50,36 +52,48 @@
case $facts['os']['family'] {
'RedHat', 'Linux': {
if $repo_location != undef {
$location = $repo_location
$_repo_location = $repo_location
$description = 'MongoDB Custom Repository'
} else {
if $use_enterprise_repo {
$location = "https://repo.mongodb.com/yum/redhat/\$releasever/mongodb-enterprise/${version}/\$basearch/"
$_repo_location = "https://repo.mongodb.com/yum/redhat/\$releasever/mongodb-enterprise/${version}/\$basearch/"
$description = 'MongoDB Enterprise Repository'
} else {
$location = "https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/${version}/\$basearch/"
$_repo_location = "https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/${version}/\$basearch/"
$description = 'MongoDB Repository'
}
}

contain mongodb::repo::yum
class { 'mongodb::repo::yum':
ensure => $ensure,
repo_location => $_repo_location,
description => $description,
proxy => $proxy,
proxy_username => $proxy_username,
proxy_password => $proxy_password,
}
}

'Suse': {
if $repo_location {
$location = $repo_location
$_repo_location = $repo_location
$description = 'MongoDB Custom Repository'
} else {
$location = "https://repo.mongodb.org/zypper/suse/\$releasever_major/mongodb-org/${version}/\$basearch/"
$_repo_location = "https://repo.mongodb.org/zypper/suse/\$releasever_major/mongodb-org/${version}/\$basearch/"
$description = 'MongoDB Repository'
}

contain mongodb::repo::zypper
class { 'mongodb::repo::zypper':
ensure => $ensure,
repo_location => $_repo_location,
description => $description,
}
}

'Debian': {
if $repo_location != undef {
$location = $repo_location
$_repo_location = $repo_location
$_keyring_location = $keyring_location
} else {
if $use_enterprise_repo == true {
$repo_domain = 'repo.mongodb.com'
Expand All @@ -89,31 +103,34 @@
$repo_path = 'mongodb-org'
}

$location = $facts['os']['name'] ? {
$_repo_location = $facts['os']['name'] ? {
'Debian' => "https://${repo_domain}/apt/debian",
'Ubuntu' => "https://${repo_domain}/apt/ubuntu",
default => undef
}
$_keyring_location = "https://www.mongodb.org/static/pgp/server-${version}.asc"
$release = "${facts['os']['distro']['codename']}/${repo_path}/${version}"
$repos = $facts['os']['name'] ? {
'Debian' => 'main',
'Ubuntu' => 'multiverse',
default => undef
}
$key = $version ? {
'5.0' => 'F5679A222C647C87527C2F8CB00A0BD1E2C63C11',
'4.4' => '20691EEC35216C63CAF66CE1656408E390CFB1F5',
default => '20691EEC35216C63CAF66CE1656408E390CFB1F5'
}
$key_server = 'hkp://keyserver.ubuntu.com:80'
$comment = 'MongoDB Repository'
}

contain mongodb::repo::apt
class { 'mongodb::repo::apt':
ensure => $ensure,
repo_location => $_repo_location,
keyring_location => $_keyring_location,
release => $release,
repos => $repos,
comment => $comment,
}
}

default: {
if($ensure == 'present') {
fail("Unsupported managed repository for osfamily: ${facts['os']['family']}, operatingsystem: ${facts['os']['name']}, module ${module_name} currently only supports managing repos for osfamily RedHat, Suse, Debian and Ubuntu")
fail("Unsupported managed repository for osfamily: ${facts['os']['family']}, operatingsystem: ${facts['os']['name']}")
}
}
}
Expand Down
59 changes: 50 additions & 9 deletions manifests/repo/apt.pp
Original file line number Diff line number Diff line change
@@ -1,22 +1,60 @@
# @api private
#
# @summary This is a repo class for apt
#
# @api private
class mongodb::repo::apt inherits mongodb::repo {
# @param ensure
# present or absent
#
# @param repo_location
# Location of the upstream repository
#
# @param keyring_location
# Location of the upstream keyring
#
# @param version
# The version of the mongodb repo
#
# @param release
# Specifies a distribution of the Apt repository.
#
# @param repos
# Specifies a component of the Apt repository.
#
# @param comment
# Supplies a comment for adding to the Apt source file.
#
class mongodb::repo::apt (
Enum['present', 'absent'] $ensure,
String[1] $repo_location,
String[1] $keyring_location,
Optional[String[1]] $release = undef,
Optional[String[1]] $repos = undef,
Optional[String[1]] $comment = undef,
) {
# we try to follow/reproduce the instruction
# from http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/

assert_private()

include apt

if($mongodb::repo::ensure == 'present' or $mongodb::repo::ensure == true) {
if($ensure == 'present') {
# The apt module does not implement gpg --dearmor
archive { '/tmp/mongodb-server.gpg':
source => $keyring_location,
extract => true,
extract_path => '/usr/share/keyrings/',
extract_command => 'gpg --dearmor < %s > mongodb-server.gpg',
creates => '/usr/share/keyrings/mongodb-server.gpg',
cleanup => true,
}

apt::source { 'mongodb':
location => $mongodb::repo::location,
location => $repo_location,
release => $mongodb::repo::release,
repos => $mongodb::repo::repos,
key => {
'id' => $mongodb::repo::key,
'server' => $mongodb::repo::key_server,
'options' => $mongodb::repo::aptkey_options,
},
keyring => '/usr/share/keyrings/mongodb-server.gpg',
comment => $comment,
}

Apt::Source['mongodb'] -> Class['apt::update'] -> Package<| tag == 'mongodb_package' |>
Expand All @@ -25,5 +63,8 @@
apt::source { 'mongodb':
ensure => absent,
}
-> file { '/usr/share/keyrings/mongodb-server-5.0.gpg':
ensure => absent,
}
}
}
44 changes: 35 additions & 9 deletions manifests/repo/yum.pp
Original file line number Diff line number Diff line change
@@ -1,19 +1,45 @@
# @api private
#
# @summary This is a repo class for yum
#
# @api private
class mongodb::repo::yum inherits mongodb::repo {
# @param ensure
# present or absent
#
# @param repo_location
# Location of the upstream repository
#
# @param description
# A human-readable description of the repository.
#
# @param proxy
# Proxy hostnam
#
# @param proxy_username
# Proxy user name
#
# @param proxy_password
# Proxy pasword
#
class mongodb::repo::yum (
Enum['present', 'absent'] $ensure,
String[1] $repo_location,
String[1] $description,
Optional[String[1]] $proxy = undef,
Optional[String[1]] $proxy_username = undef,
Optional[String[1]] $proxy_password = undef,
) {
# We try to follow/reproduce the instruction
# http://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat-centos-or-fedora-linux/
# https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-red-hat/

if $mongodb::repo::ensure == 'present' or $mongodb::repo::ensure == true {
if $ensure == 'present' {
yumrepo { 'mongodb':
descr => $mongodb::repo::description,
baseurl => $mongodb::repo::location,
descr => $description,
baseurl => $repo_location,
gpgcheck => '0',
enabled => '1',
proxy => $mongodb::repo::proxy,
proxy_username => $mongodb::repo::proxy_username,
proxy_password => $mongodb::repo::proxy_password,
proxy => $proxy,
proxy_username => $proxy_username,
proxy_password => $proxy_password,
}
Yumrepo['mongodb'] -> Package<| tag == 'mongodb_package' |>
}
Expand Down
Loading

0 comments on commit fbf4431

Please sign in to comment.