Skip to content

Commit

Permalink
Merge pull request #566 from sticky-note/feat/repos
Browse files Browse the repository at this point in the history
feat(pkgrepo): impl new logic after migration to `packages.broadcom.com`
  • Loading branch information
sticky-note authored Dec 3, 2024
2 parents 570c44b + d79c22d commit bf52207
Show file tree
Hide file tree
Showing 9 changed files with 43 additions and 58 deletions.
6 changes: 3 additions & 3 deletions docs/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ Git repositories under ``/srv/formulas`` and makes them available in the relevan
'saltmain':
- salt.formulas
- salt.master


Pillar data can be used to customize all paths, URLs, etc. Here's a minimal pillar sample installing two formulas in the base environment:

Expand Down Expand Up @@ -203,8 +203,8 @@ salt-minion packages on MacOS will not be upgraded by default. To enable package
::

install_packages: True
version: 2017.7.4
salt_minion_pkg_source: https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg
version: 3006.9
salt_minion_pkg_source: https://packages.broadcom.com/artifactory/saltproject-generic/macos/3006.9/salt-3006.9-py3-x86_64.pkg

install_packages must indicate that the installation of a package is desired. If so, version will be used to compare the version of the installed .pkg against the downloaded one. If version is not set and a salt.pkg is already installed the .pkg will not be installed again.

Expand Down
21 changes: 12 additions & 9 deletions pillar.example
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ salt:
install_packages: true

# Optional: set salt version (if install_packages is set to true)
version: 2017.7.2-1.el7
version: '3006.9'

# Pin version provided under 'version' key by using apt-pinning
# available only on Debian family OS-es
Expand All @@ -37,15 +37,18 @@ salt:
salt_ssh: 'salt-ssh'
pyinotify: 'python-pyinotify' # the package to be installed for pyinotify

# Set which salt repository to use, default to https://repo.saltproject.io
# For older releases use https://archive.repo.saltproject.io
repo: 'https://archive.repo.saltproject.io'
# Set which salt repository to use
# -> defaults to https://packages.broadcom.com/artifactory
repo: 'https://packages.broadcom.com/artifactory'
# yamllint disable rule:line-length
repo_key_url: 'https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public'
# yamllint enable rule:line-length

# Set which release of SaltStack to use, default to 'latest'
# To get the available releases:
# * http://repo.saltproject.io/yum/redhat/7/x86_64/
# * http://repo.saltproject.io/apt/debian/8/amd64/
release: '2018.3'
# * https://packages.broadcom.com/artifactory/saltproject-rpm/
# * https://packages.broadcom.com/artifactory/saltproject-deb
release: '3006'

# MacOS has no package management.
# Instead, we use file.managed to download an appropriate .pkg file and
Expand All @@ -57,8 +60,8 @@ salt:
# NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
# source_hash, use URL or hash string
# yamllint disable rule:line-length
salt_minion_pkg_source: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg'
salt_minion_pkg_hash: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
salt_minion_pkg_source: 'https://packages.broadcom.com/artifactory/saltproject-generic/macos/3006.9/salt-3006.9-py3-x86_64.pkg'
salt_minion_pkg_hash: 'sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
# yamllint enable rule:line-length

# tofs:
Expand Down
24 changes: 9 additions & 15 deletions salt/osfamilymap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,9 @@
{%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %}

{%- set osrelease = salt['grains.get']('osrelease', '') %}
{%- set salt_release = salt['pillar.get']('salt:release', 'latest') %}
{%- if salt_release.split('.')|length >= 3 %}
{%- set salt_release = 'archive/' ~ salt_release %}
{%- endif %}
{%- set osfamily_lower = salt['grains.get']('os_family')|lower %}
{%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %}
{%- set oscodename = salt['grains.get']('oscodename') %}
{%- set opensuse_repo_suffix = 'Leap_' ~ osrelease if salt['grains.get']('osfinger', '') == 'Leap-15' else 'Tumbleweed' %}
{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %}
{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://packages.broadcom.com/artifactory') %}
{%- set salt_repo_key_url = salt['pillar.get']('salt:repo_key_url', salt_repo ~ '/api/security/keypair/SaltProjectKey/public') %}

#from template-formula
{%- if grains.os_family == 'MacOS' %}
Expand All @@ -25,9 +19,9 @@


Debian:
pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main'
pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg'
pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47
pkgrepo: 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=amd64] {{ salt_repo }}/saltproject-deb stable main'
pkgrepo_keyring: '{{ salt_repo_key_url }}'
pkgrepo_keyring_hash: sha256=36decef986477acb8ba2a1fc4041bcf9f22229ef6c939d0317c9e36a9d142b34
libgit2: libgit2-22
pyinotify: python-pyinotify
gitfs:
Expand All @@ -41,10 +35,10 @@ Debian:
install_from_source: false

RedHat:
pkgrepo_name: saltstack
pkgrepo_humanname: SaltStack repo for RHEL/CentOS $releasever
pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}'
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
pkgrepo_name: salt-repo-latest
pkgrepo_humanname: Salt Repo for Salt LATEST release
pkgrepo: '{{ salt_repo }}/saltproject-rpm/'
key_url: '{{ salt_repo_key_url }}'
pygit2: python-pygit2
python_git: GitPython
gitfs:
Expand Down
13 changes: 4 additions & 9 deletions salt/osfingermap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,12 @@
# vim: ft=yaml
---

{%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %}

{%- set osrelease = salt['grains.get']('osrelease', '') %}
{%- set salt_release = salt['pillar.get']('salt:release', 'latest') %}
{%- if salt_release.split('.')|length >= 3 %}
{%- set salt_release = 'archive/' ~ salt_release %}
{%- endif %}
{%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %}
{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %}
{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://packages.broadcom.com/artifactory') %}
{%- set salt_repo_key_url = salt['pillar.get']('salt:repo_key_url', salt_repo ~ '/api/security/keypair/SaltProjectKey/public') %}

Oracle Linux Server-7:
pkgrepo_humanname: SaltStack repo for RHEL/CentOS {{ osmajorrelease }}
pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}'
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
pkgrepo: '{{ salt_repo }}/saltproject-rpm/'
key_url: '{{ salt_repo_key_url }}'
28 changes: 10 additions & 18 deletions salt/osmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,31 +4,23 @@

{%- set py_ver_repr = salt['pillar.get']('salt:py_ver', '') %}

{%- set osrelease = salt['grains.get']('osrelease', '') %}
{%- set salt_release = salt['pillar.get']('salt:release', 'latest') %}
{%- if salt_release.split('.')|length >= 3 %}
{%- set salt_release = 'archive/' ~ salt_release %}
{%- endif %}
{%- set os_lower = salt['grains.get']('os')|lower %}
{%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %}
{%- set oscodename = salt['grains.get']('oscodename') %}
{%- set os_family_lower = salt['grains.get']('os_family')|lower %}
{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %}
{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://packages.broadcom.com/artifactory') %}
{%- set salt_repo_key_url = salt['pillar.get']('salt:repo_key_url', salt_repo ~ '/api/security/keypair/SaltProjectKey/public') %}

Fedora:
pygit2: python2-pygit2

Amazon:
pkgrepo_name: saltstack-amzn-repo
pkgrepo_humanname: SaltStack repo for Amazon Linux 2
pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}'
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
pkgrepo: '{{ salt_repo }}/saltproject-rpm/'
key_url: '{{ salt_repo_key_url }}'

Ubuntu:
pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }} {{ oscodename }} main'
pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg'
pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47
key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALTSTACK-GPG-KEY.pub'
pkgrepo: 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=amd64] {{ salt_repo }}/saltproject-deb stable main'
pkgrepo_keyring: '{{ salt_repo_key_url }}'
pkgrepo_keyring_hash: sha256=36decef986477acb8ba2a1fc4041bcf9f22229ef6c939d0317c9e36a9d142b34
key_url: '{{ salt_repo_key_url }}'
pygit2: python-pygit2
gitfs:
pygit2:
Expand All @@ -38,8 +30,8 @@ Ubuntu:
install_from_package: Null

Raspbian:
pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=armhf] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }} {{ oscodename }} main'
pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/salt-archive-keyring.gpg'
pkgrepo: 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=armhf] {{ salt_repo }}/saltproject-deb stable main'
pkgrepo_keyring: '{{ salt_repo_key_url }}'

SmartOS:
salt_master: salt
Expand Down
2 changes: 1 addition & 1 deletion salt/pkgrepo/debian/absent.sls
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ salt-pkgrepo-clean-saltstack-debian:
salt-pkgrepo-clean-saltstack-debian-apt-key:
file.absent:
- name: /usr/share/keyrings/salt-archive-keyring.gpg
- name: /etc/apt/keyrings/salt-archive-keyring.pgp
2 changes: 1 addition & 1 deletion salt/pkgrepo/debian/clean.sls
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ salt-pkgrepo-clean-saltstack-debian:
salt-pkgrepo-clean-saltstack-debian-apt-key:
file.absent:
- name: /usr/share/keyrings/salt-archive-keyring.gpg
- name: /etc/apt/keyrings/salt-archive-keyring.pgp
2 changes: 1 addition & 1 deletion salt/pkgrepo/debian/install.sls
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
salt-pkgrepo-install-saltstack-debian-keyring:
file.managed:
- name: /usr/share/keyrings/salt-archive-keyring.gpg
- name: /etc/apt/keyrings/salt-archive-keyring.pgp
- source: {{ salt_settings.pkgrepo_keyring }}
- source_hash: {{ salt_settings.pkgrepo_keyring_hash }}
- require_in:
Expand Down
3 changes: 2 additions & 1 deletion salt/pkgrepo/redhat/install.sls
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,12 @@ salt-pkgrepo-install-saltstack-redhat:
- name: {{ salt_settings.pkgrepo_name }}
- humanname: {{ salt_settings.pkgrepo_humanname }}
- baseurl: {{ salt_settings.pkgrepo }}
- priority: 10
- enabled: 1
- enabled_metadata: 1
- gpgcheck: 1
- gpgkey: {{ salt_settings.key_url }}
{%- if grains['os']|lower in ['amazon'] %}
- failovermethod: priority
- priority: 10
{%- endif %}
{%- endif %}

0 comments on commit bf52207

Please sign in to comment.