Add ability to configure secure apt mirror
PROD-31387
Change-Id: Idb1dda21694316e4b47b7058954a286fd1386764
diff --git a/README.rst b/README.rst
index 3832eac..a14ae15 100644
--- a/README.rst
+++ b/README.rst
@@ -1135,6 +1135,47 @@
http: http://proxy.host.local:3142
https: https://proxy.host.local:3143
+
+Add secured apt repository:
+
+.. code-block:: yaml
+
+ linux:
+ system:
+ ...
+ repo:
+ test:
+ secure: true
+ url: example.org/ubuntu
+ arch: deb
+ protocol: http
+ user: foo
+ password: bar
+ distribution: stable
+ component: main
+
+Add multiply secured apt repositories with same credentials:
+
+.. code-block:: yaml
+
+ linux:
+ system:
+ ...
+ common_repo_secured:
+ arch: deb
+ protocol: http
+ user: foo
+ password: bar
+ distribution: stable
+ component: main
+ repo:
+ test1:
+ secure: true
+ url: example1.org/ubuntu
+ test2:
+ secure: true
+ url: example2.org/ubuntu
+
Remove all repositories:
.. code-block:: yaml
diff --git a/linux/system/repo.sls b/linux/system/repo.sls
index 3322f07..4d59761 100644
--- a/linux/system/repo.sls
+++ b/linux/system/repo.sls
@@ -48,10 +48,20 @@
{%- for name, repo in system.repo.items() %}
{%- if grains.os_family == 'Debian' %}
+ {%- if repo.get('secure', False) %}
+ {%- set repo_source = repo.get('arch', system.get('common_repo_secured', {}).get('arch', 'deb')) + ' ' +
+ repo.get('protocol', system.get('common_repo_secured', {}).get('protocol', 'http')) + '://' +
+ repo.get('user', system.get('common_repo_secured', {}).get('user')) + ':' +
+ repo.get('password', system.get('common_repo_secured', {}).get('password')) + '@' +
+ repo.url + ' ' + repo.get('distribution', system.get('common_repo_secured', {}).get('distribution')) + ' ' +
+ repo.get('component', system.get('common_repo_secured', {}).get('component')) %}
+ {%- else %}
+ {%- set repo_source = repo.source %}
+ {%- endif %}
# per repository proxy setup
{%- if repo.get('proxy', {}).get('enabled', False) %}
- {%- set external_host = repo.proxy.get('host', None) or repo.source.split('/')[2] %}
+ {%- set external_host = repo.proxy.get('host', None) or repo_source.split('/')[2] %}
/etc/apt/apt.conf.d/99proxies-salt-{{ name }}:
file.managed:
- template: jinja
@@ -129,7 +139,7 @@
- ppa: {{ repo.ppa }}
{%- else %}
- humanname: {{ repo.get('name', name) }}
- - name: {{ repo.source }}
+ - name: {{ repo_source }}
{%- if repo.architectures is defined %}
- architectures: {{ repo.architectures }}
{%- endif %}
@@ -192,6 +202,11 @@
{%- endif %}
{%- if not repo.get('default', False) %}
+ {%- set repo_source = repo.source %}
+ {%- if repo.get('secure', False) %}
+ # PLACEHOLDER
+ # TODO, implement secured mirror for yum
+ {%- endif %}
linux_repo_{{ name }}:
pkgrepo.managed:
- {{ refresh_cmd }}: False
@@ -202,7 +217,7 @@
{%- if repo.mirrorlist is defined %}
- mirrorlist: {{ repo.mirrorlist }}
{%- else %}
- - baseurl: {{ repo.source }}
+ - baseurl: {{ repo_source }}
{%- endif %}
- gpgcheck: {% if repo.get('gpgcheck', False) %}1{% else %}0{% endif %}
{%- if repo.gpgkey is defined %}