Fix libsodium downgrade issue
* For some reason, apt going to be crazy
if found identical pkgs in different repos:
apt-cache policy libsodium18
libsodium18:
Installed: 1.0.8-5
Candidate: 1.0.8-5
Version table:
*** 1.0.8-5 500
500 http://mirror.mirantis.com/proposed/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
1.0.8-5 500
500 https://mirror.mirantis.com/testing/saltstack-2017.7/xenial xenial/main amd64 Packages
So, lets pin it from the began to _one_ repo
* Misc: switch to always use staric bootstrap.saltstack.com.sh
remove non-relevant anymore AllowUnauthenticated
Closes-Bug: PROD-22326 (PROD:22326)
Change-Id: Ib9f7cdd1bcfb1451b1e17dfcdacadace249cccc3
diff --git a/common/ubuntu_cleanup.sh b/common/ubuntu_cleanup.sh
index c469bbd..3097bee 100644
--- a/common/ubuntu_cleanup.sh
+++ b/common/ubuntu_cleanup.sh
@@ -5,6 +5,7 @@
rm -rf /var/lib/apt/lists/*
rm -rv /etc/apt/sources.list.d/* || true
+rm -rv /etc/apt/preferences.d/* || true
echo > /etc/apt/sources.list || true
rm -vf /usr/sbin/policy-rc.d || true
diff --git a/common/ubuntu_salt_bootstrap.sh b/common/ubuntu_salt_bootstrap.sh
index eb065f9..446ead9 100644
--- a/common/ubuntu_salt_bootstrap.sh
+++ b/common/ubuntu_salt_bootstrap.sh
@@ -18,7 +18,18 @@
wget -O - ${SALTSTACK_GPG} | sudo apt-key add -
wget -O - ${APT_MIRANTIS_GPG} | apt-key add -
-echo "deb [arch=amd64] ${SALTSTACK_REPO}" > /etc/apt/sources.list.d/saltstack.list
+echo "deb [arch=amd64] ${SALTSTACK_REPO}" > /etc/apt/sources.list.d/mcp_saltstack.list
+# This Pin-Priority fil should be always aligned with
+# https://github.com/Mirantis/reclass-system-salt-model/blob/master/linux/system/repo/mcp/apt_mirantis/saltstack.yml
+cat <<EOF >> /etc/apt/preferences.d/mcp_saltstack
+Package: libsodium18
+Pin: release o=SaltStack
+Pin-Priority: 50
+
+Package: *
+Pin: release o=SaltStack
+Pin-Priority: 1100
+EOF
apt-get update
apt-get install git-core -y
@@ -49,12 +60,10 @@
export APT_REPOSITORY=" deb [arch=amd64] ${APT_MIRANTIS_SALT_REPO} "
export APT_REPOSITORY_GPG=${APT_MIRANTIS_GPG}
export SALT_STOPSTART_WAIT=${SALT_STOPSTART_WAIT:-10}
-if [[ ! -z "${PACKER_OFFLINE_BUILD}" ]];then
- echo "INFO: build in offline detected!"
- export BOOTSTRAP_SALTSTACK_COM="file:///tmp/bootstrap.saltstack.com.sh"
- # extra opts will push bootstrap script NOT install upstream repos.
- export BOOTSTRAP_SALTSTACK_OPTS=${BOOTSTRAP_SALTSTACK_OPTS:- -dXr $BOOTSTRAP_SALTSTACK_VERSION }
-fi
+echo "INFO: build in offline build!"
+export BOOTSTRAP_SALTSTACK_COM="file:///tmp/bootstrap.saltstack.com.sh"
+# extra opts will push bootstrap script NOT install upstream repos.
+export BOOTSTRAP_SALTSTACK_OPTS=${BOOTSTRAP_SALTSTACK_OPTS:- -dXr $BOOTSTRAP_SALTSTACK_VERSION }
#
if [[ ! -f /srv/salt/scripts/bootstrap.sh ]]; then
diff --git a/ubuntu-16.04/scripts/salt.sh b/ubuntu-16.04/scripts/salt.sh
index eba5bca..b1a1389 100644
--- a/ubuntu-16.04/scripts/salt.sh
+++ b/ubuntu-16.04/scripts/salt.sh
@@ -4,10 +4,19 @@
SALTSTACK_GPG=${SALTSTACK_GPG:-"https://mirror.mirantis.com/proposed/saltstack-2017.7/xenial/SALTSTACK-GPG-KEY.pub"}
wget -O - ${SALTSTACK_GPG} | sudo apt-key add -
-echo "${SALTSTACK_REPO}" > /etc/apt/sources.list.d/saltstack.list
+echo "${SALTSTACK_REPO}" > /etc/apt/sources.list.d/mcp_saltstack.list
-# We expect issues with GPG,related to our mirrors - so temporary disable check.
-echo "APT::Get::AllowUnauthenticated true;" > /etc/apt/apt.conf.d/99allow_unauthenticated
+# This Pin-Priority fil should be always aligned with
+# https://github.com/Mirantis/reclass-system-salt-model/blob/master/linux/system/repo/mcp/apt_mirantis/saltstack.yml
+cat <<EOF >> /etc/apt/preferences.d/mcp_saltstack
+Package: libsodium18
+Pin: release o=SaltStack
+Pin-Priority: 50
+
+Package: *
+Pin: release o=SaltStack
+Pin-Priority: 1100
+EOF
apt-get update
apt-get -y install salt-minion
@@ -25,4 +34,5 @@
EOF
rm -vf /etc/apt/apt.conf.d/99allow_unauthenticated
-rm -vf /etc/apt/sources.list.d/saltstack.list
+rm -vf /etc/apt/sources.list.d/mcp_saltstack.list
+rm -vf /etc/apt/preferences.d/mcp_saltstack