Aptly user uid/gid and fixes
diff --git a/aptly/files/aptly b/aptly/files/aptly
index cc4dabc..ce11b80 100644
--- a/aptly/files/aptly
+++ b/aptly/files/aptly
@@ -25,7 +25,7 @@
APTLY_HOME=${APTLY_HOME:-"{{ aptly_home }}"}
APTLY_ROOT=${APTLY_ROOT:-"{{ aptly_root }}"}
-id -u aptly && APTLY_ENV="${APTLY_ENV} -e LOCAL_USER_ID=$(id -u aptly)" || true
+id -u aptly >/dev/null && APTLY_ENV="${APTLY_ENV} -e LOCAL_USER_ID=$(id -u aptly)" || true
# Setup volume mounts for compose config and context
if [ "$(pwd)" != '/' ]; then
@@ -41,7 +41,7 @@
fi
if [ -d "$APTLY_ROOT" ]; then
- VOLUMES="-v $APTLY_ROOT:$APTLY_ROOT"
+ VOLUMES="-v $APTLY_ROOT:/var/lib/aptly"
fi
if [ -n "$HOME" ]; then
@@ -56,4 +56,4 @@
DOCKER_RUN_OPTIONS="$DOCKER_RUN_OPTIONS -i"
fi
-exec docker run --rm $DOCKER_RUN_OPTIONS $APTLY_OPTIONS $APTLY_ENV $VOLUMES -w "$(pwd)" $IMAGE "$@"
+exec docker run --rm $DOCKER_RUN_OPTIONS $APTLY_OPTIONS $APTLY_ENV $VOLUMES -w "$(pwd)" $IMAGE aptly "$@"
diff --git a/aptly/files/aptly-publisher.yaml b/aptly/files/aptly-publisher.yaml
index 1a8c7b3..f0273c3 100644
--- a/aptly/files/aptly-publisher.yaml
+++ b/aptly/files/aptly-publisher.yaml
@@ -1,5 +1,5 @@
{%- from "aptly/map.jinja" import server with context %}
-{%- if server.repo %}
+{%- if server.repo is defined %}
repo:
{%- for repo_name, repo in server.repo.iteritems() %}
{{ repo_name }}:
@@ -11,7 +11,7 @@
{%- endfor %}
{%- endif %}
-{%- if server.mirror %}
+{%- if server.mirror is defined %}
mirror:
{%- for mirror_name, mirror in server.mirror.iteritems() %}
{{ mirror_name }}:
diff --git a/aptly/map.jinja b/aptly/map.jinja
index 1894767..93d52a7 100644
--- a/aptly/map.jinja
+++ b/aptly/map.jinja
@@ -10,22 +10,18 @@
'secure': True,
'repo': {},
'gpg': {
- 'keypair_id': '',
- 'passphrase': '',
+ 'keypair_id': pillar.aptly.server.gpg_keypair_id|default(''),
+ 'passphrase': pillar.aptly.server.gpg_passphrase|default(''),
'keyring': 'trustedkeys.gpg',
'keyserver': 'keys.gnupg.net',
},
+ 'user': {
+ 'name': 'aptly',
+ 'group': 'aptly',
+ },
},
}, merge=salt['pillar.get']('aptly:server')) %}
-{# Backward compatibility #}
-{%- if server.gpg_keypair_id is defined %}
-{%- do server.update({'gpg': {'keypair_id': server.gpg_keypair_id}}) %}
-{%- endif %}
-{%- if server.gpg_passphrase is defined %}
-{%- do server.update({'gpg': {'passphrase': server.gpg_passphrase}}) %}
-{%- endif %}
-
{%- set publisher = salt['grains.filter_by']({
'default': {
'source': {
diff --git a/aptly/publisher.sls b/aptly/publisher.sls
index 3631d69..63e7866 100644
--- a/aptly/publisher.sls
+++ b/aptly/publisher.sls
@@ -24,10 +24,10 @@
publisher_wrapper:
file.managed:
- name: /usr/local/bin/aptly-publisher
- - source: salt://docker/files/aptly-publisher
+ - source: salt://aptly/files/aptly-publisher
- template: jinja
- defaults:
- image: {{ client.compose.source.image|default('tcpcloud/aptly-publisher') }}
+ image: {{ publisher.source.image|default('tcpcloud/aptly-publisher') }}
- mode: 755
publisher_installed:
diff --git a/aptly/server/init.sls b/aptly/server/init.sls
index 2945e0b..17e3d4b 100644
--- a/aptly/server/init.sls
+++ b/aptly/server/init.sls
@@ -14,6 +14,8 @@
pkg.installed:
- names: {{ server.pkgs }}
- refresh: true
+ - require_in:
+ - user: aptly_user
aptly_installed:
cmd.wait:
@@ -23,15 +25,15 @@
- require:
- user: aptly_user
-{%- elif publisher.source.engine == 'docker' %}
+{%- elif server.source.engine == 'docker' %}
aptly_wrapper:
file.managed:
- name: /usr/local/bin/aptly
- - source: salt://docker/files/aptly
+ - source: salt://aptly/files/aptly
- template: jinja
- defaults:
- image: {{ client.compose.source.image|default('tcpcloud/aptly') }}
+ image: {{ server.source.image|default('tcpcloud/aptly') }}
aptly_home: {{ server.home_dir }}
aptly_root: {{ server.root_dir }}
- mode: 755
@@ -50,11 +52,28 @@
aptly_user:
user.present:
- - name: aptly
- - shell: /bin/bash
+ - name: {{ server.user.name }}
- home: {{ server.home_dir }}
- - require:
- - cmd: aptly_installed
+ - shell: /bin/bash
+ {%- if server.user.uid is defined %}
+ - uid: {{ server.user.uid }}
+ {%- endif %}
+ {%- if server.user.gid is defined %}
+ - gid: {{ server.user.gid }}
+ {%- endif %}
+ - system: True
+ - groups:
+ - aptly
+
+aptly_group:
+ group.present:
+ - name: {{ server.user.group }}
+ {%- if server.user.gid is defined %}
+ - gid: {{ server.user.gid }}
+ {%- endif %}
+ - system: True
+ - require_in:
+ - user: aptly_user
aptly_home_dir:
file.directory:
@@ -82,6 +101,11 @@
- require:
- file: aptly_home_dir
+{%- if server.no_config|default(False) == True %}
+aptly_conf:
+ file.directory:
+ - name: {{ server.home_dir }}
+{%- else %}
aptly_conf:
file.managed:
- name: {{ server.home_dir }}/.aptly.conf
@@ -92,6 +116,7 @@
- mode: 664
- require:
- file: aptly_pub_dir
+{%- endif %}
aptly_mirror_update_script:
file.managed:
@@ -116,7 +141,7 @@
gpg_priv_key:
file.managed:
- name: {{ gpgprivfile }}
- - contents_pillar: aptly:server:gpg_private_key
+ - contents: {{ server.gpg.private_key|yaml }}
- user: aptly
- group: aptly
- mode: 600
@@ -126,7 +151,7 @@
gpg_pub_key:
file.managed:
- name: {{ gpgpubfile }}
- - contents_pillar: aptly:server:gpg_public_key
+ - contents: {{ server.gpg.public_key|yaml }}
- user: aptly
- group: aptly
- mode: 644
@@ -137,7 +162,7 @@
cmd.run:
- name: gpg --no-tty --import {{ gpgpubfile }}
- user: aptly
- - unless: gpg --no-tty --list-keys | grep '{{ server.gpg_keypair_id }}'
+ - unless: gpg --no-tty --list-keys | grep '{{ server.gpg.keypair_id }}'
- require:
- file: aptly_gpg_key_dir
@@ -145,7 +170,7 @@
cmd.run:
- name: gpg --no-tty --allow-secret-key-import --import {{ gpgprivfile }}
- user: aptly
- - unless: gpg --no-tty --list-secret-keys | grep '{{ server.gpg_keypair_id }}'
+ - unless: gpg --no-tty --list-secret-keys | grep '{{ server.gpg.keypair_id }}'
- require:
- file: aptly_gpg_key_dir
- require_in:
diff --git a/aptly/server/mirrors.sls b/aptly/server/mirrors.sls
index 6e29e7a..2b863e7 100644
--- a/aptly/server/mirrors.sls
+++ b/aptly/server/mirrors.sls
@@ -37,7 +37,9 @@
gpg_add_keys_{{ mirror_name }}_{{ gpgkey }}:
cmd.run:
- name: gpg --no-tty --no-default-keyring --keyring {{ server.gpg.keyring }} --keyserver {{ mirror.keyserver|default(server.gpg.keyserver) }} --recv-keys {{ gpgkey }}
+ {%- if server.source.engine != "docker" %}
- user: aptly
+ {%- endif %}
- unless: gpg --no-tty --no-default-keyring --keyring {{ server.gpg.keyring }} --list-public-keys {{gpgkey}}
{%- endfor %}
@@ -47,7 +49,9 @@
aptly_addsnapshot_{{ mirror_name }}_{{ snapshot }}:
cmd.run:
- name: aptly snapshot create {{ snapshot }} from mirror {{ mirror_name }}
+ {%- if server.source.engine != "docker" %}
- user: aptly
+ {%- endif %}
- unless: aptly snapshot show {{ snapshot }}
- require:
- cmd: aptly_{{ mirror_name }}_update
@@ -57,14 +61,18 @@
aptly_{{ mirror_name }}_mirror:
cmd.run:
- name: aptly mirror create {% if mirror.get('udebs', False) %}-with-udebs=true {% endif %}-architectures={{ mirror.architectures }} {{ mirror_name }} {{ mirror.source }} {{ mirror.distribution }} {{ mirror.components }}
+ {%- if server.source.engine != "docker" %}
- user: aptly
+ {%- endif %}
- unless: aptly mirror show {{ mirror_name }}
{%- if mirror.get('update', False) == True %}
aptly_{{ mirror_name }}_update:
cmd.run:
- name: aptly mirror update {{ mirror_name }}
+ {%- if server.source.engine != "docker" %}
- user: aptly
+ {%- endif %}
- require:
- cmd: aptly_{{ mirror_name }}_mirror
{%- endif %}
@@ -72,8 +80,10 @@
{%- if mirror.publish is defined %}
aptly_publish_{{ server.mirror[mirror_name].publish }}_snapshot:
cmd.run:
- - name: aptly publish snapshot -batch=true -gpg-key='{{ server.gpg_keypair_id }}' -passphrase='{{ server.gpg_passphrase }}' {{ server.mirror[mirror_name].publish }}
+ - name: aptly publish snapshot -batch=true -gpg-key='{{ server.gpg.keypair_id }}' -passphrase='{{ server.gpg.passphrase }}' {{ server.mirror[mirror_name].publish }}
+ {%- if server.source.engine != "docker" %}
- user: aptly
+ {%- endif %}
{% endif %}
{%- endfor %}
diff --git a/aptly/server/repos.sls b/aptly/server/repos.sls
index 981508d..05e224c 100644
--- a/aptly/server/repos.sls
+++ b/aptly/server/repos.sls
@@ -6,7 +6,9 @@
cmd.run:
- name: aptly repo create -distribution="{{ repo.distribution }}" -component="{{ repo.component }}" -architectures="{{ repo.architectures }}" -comment="{{ repo.comment }}" {{ repo_name }}
- unless: aptly repo show {{ repo_name }}
+ {%- if server.source.engine != "docker" %}
- user: aptly
+ {%- endif %}
- require:
- file: aptly_conf
@@ -22,7 +24,9 @@
aptly_{{ repo_name }}_pkgs_add:
cmd.run:
- name: aptly repo add {{ repo_name }} {{ repo.pkg_dir }}
+ {%- if server.source.engine != "docker" %}
- user: aptly
+ {%- endif %}
- require:
- cmd: aptly_{{ repo_name }}_repo_create
- file: pkgdir
@@ -32,9 +36,11 @@
{%- if repo.publish is defined and repo.publish == True %}
aptly_{{ repo_name }}_repo_publish:
cmd.run:
- - name: aptly publish repo -batch=true -gpg-key='{{ server.gpg_keypair_id }}' -passphrase='{{ server.gpg_passphrase }}' {{ repo_name }}
+ - name: aptly publish repo -batch=true -gpg-key='{{ server.gpg.keypair_id }}' -passphrase='{{ server.gpg.passphrase }}' {{ repo_name }}
+ {%- if server.source.engine != "docker" %}
- user: aptly
- - unless: aptly publish update -batch=true -gpg-key='{{ server.gpg_keypair_id }}' -passphrase='{{ server.gpg_passphrase }}' {{ repo.distribution }}
+ {%- endif %}
+ - unless: aptly publish update -batch=true -gpg-key='{{ server.gpg.keypair_id }}' -passphrase='{{ server.gpg.passphrase }}' {{ repo.distribution }}
{%- endif %}
{%- endfor %}