From 55350398ff584a59dab248245e58476078460808 Mon Sep 17 00:00:00 2001 From: sticky-note Date: Thu, 14 Nov 2024 01:25:54 +0000 Subject: [PATCH] feat(pkgrepo): impl new logic after migration to `packages.broadcom.com` --- docs/README.rst | 6 +++--- pillar.example | 20 +++++++++++--------- salt/osfamilymap.yaml | 13 +++++++------ salt/osfingermap.yaml | 7 ++++--- salt/osmap.yaml | 19 ++++++++++--------- salt/pkgrepo/debian/absent.sls | 2 +- salt/pkgrepo/debian/clean.sls | 2 +- salt/pkgrepo/debian/install.sls | 2 +- 8 files changed, 38 insertions(+), 33 deletions(-) diff --git a/docs/README.rst b/docs/README.rst index 7e86882de..a26f136de 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -134,7 +134,7 @@ Git repositories under ``/srv/formulas`` and makes them available in the relevan 'saltmain': - salt.formulas - salt.master - + Pillar data can be used to customize all paths, URLs, etc. Here's a minimal pillar sample installing two formulas in the base environment: @@ -203,8 +203,8 @@ salt-minion packages on MacOS will not be upgraded by default. To enable package :: install_packages: True - version: 2017.7.4 - salt_minion_pkg_source: https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg + version: 3006.9 + salt_minion_pkg_source: https://packages.broadcom.com/artifactory/saltproject-generic/macos/3006.9/salt-3006.9-py3-x86_64.pkg install_packages must indicate that the installation of a package is desired. If so, version will be used to compare the version of the installed .pkg against the downloaded one. If version is not set and a salt.pkg is already installed the .pkg will not be installed again. diff --git a/pillar.example b/pillar.example index c2d0d0a45..3a565478b 100644 --- a/pillar.example +++ b/pillar.example @@ -22,7 +22,7 @@ salt: install_packages: true # Optional: set salt version (if install_packages is set to true) - version: 2017.7.2-1.el7 + version: '3006.9' # Pin version provided under 'version' key by using apt-pinning # available only on Debian family OS-es @@ -37,15 +37,17 @@ salt: salt_ssh: 'salt-ssh' pyinotify: 'python-pyinotify' # the package to be installed for pyinotify - # Set which salt repository to use, default to https://repo.saltproject.io - # For older releases use https://archive.repo.saltproject.io - repo: 'https://archive.repo.saltproject.io' + # Set which salt repository to use, default to https://packages.broadcom.com/artifactory + # yamllint disable rule:line-length + repo: 'https://packages.broadcom.com/artifactory' + repo_key_url: 'https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public' + # yamllint enable rule:line-length # Set which release of SaltStack to use, default to 'latest' # To get the available releases: - # * http://repo.saltproject.io/yum/redhat/7/x86_64/ - # * http://repo.saltproject.io/apt/debian/8/amd64/ - release: '2018.3' + # * https://packages.broadcom.com/artifactory/saltproject-rpm/ + # * https://packages.broadcom.com/artifactory/saltproject-deb + release: '3006' # MacOS has no package management. # Instead, we use file.managed to download an appropriate .pkg file and @@ -57,8 +59,8 @@ salt: # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's # source_hash, use URL or hash string # yamllint disable rule:line-length - salt_minion_pkg_source: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg' - salt_minion_pkg_hash: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg.md5' + salt_minion_pkg_source: 'https://packages.broadcom.com/artifactory/saltproject-generic/macos/3006.9/salt-3006.9-py3-x86_64.pkg' + salt_minion_pkg_hash: 'sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' # yamllint enable rule:line-length # tofs: diff --git a/salt/osfamilymap.yaml b/salt/osfamilymap.yaml index e2e48a640..809c7f0c8 100644 --- a/salt/osfamilymap.yaml +++ b/salt/osfamilymap.yaml @@ -13,7 +13,8 @@ {%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %} {%- set oscodename = salt['grains.get']('oscodename') %} {%- set opensuse_repo_suffix = 'Leap_' ~ osrelease if salt['grains.get']('osfinger', '') == 'Leap-15' else 'Tumbleweed' %} -{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %} +{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://packages.broadcom.com/artifactory') %} +{%- set salt_repo_key_url = salt['pillar.get']('salt:repo_key_url', salt_repo ~ '/api/security/keypair/SaltProjectKey/public') %} #from template-formula {%- if grains.os_family == 'MacOS' %} @@ -25,9 +26,9 @@ Debian: - pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' - pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg' - pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 + pkgrepo: 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=amd64] {{ salt_repo }}/saltproject-deb stable main' + pkgrepo_keyring: '{{ salt_repo_key_url }}' + pkgrepo_keyring_hash: sha256=36decef986477acb8ba2a1fc4041bcf9f22229ef6c939d0317c9e36a9d142b34 libgit2: libgit2-22 pyinotify: python-pyinotify gitfs: @@ -43,8 +44,8 @@ Debian: RedHat: pkgrepo_name: saltstack pkgrepo_humanname: SaltStack repo for RHEL/CentOS $releasever - pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/$releasever/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + pkgrepo: '{{ salt_repo }}/saltproject-rpm/' + key_url: '{{ salt_repo_key_url }}' pygit2: python-pygit2 python_git: GitPython gitfs: diff --git a/salt/osfingermap.yaml b/salt/osfingermap.yaml index d92030d1b..d484e6a39 100644 --- a/salt/osfingermap.yaml +++ b/salt/osfingermap.yaml @@ -10,9 +10,10 @@ {%- set salt_release = 'archive/' ~ salt_release %} {%- endif %} {%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %} -{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %} +{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://packages.broadcom.com/artifactory') %} +{%- set salt_repo_key_url = salt['pillar.get']('salt:repo_key_url', salt_repo ~ '/api/security/keypair/SaltProjectKey/public') %} Oracle Linux Server-7: pkgrepo_humanname: SaltStack repo for RHEL/CentOS {{ osmajorrelease }} - pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/redhat/{{ osmajorrelease }}/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + pkgrepo: '{{ salt_repo }}/saltproject-rpm/' + key_url: '{{ salt_repo_key_url }}' diff --git a/salt/osmap.yaml b/salt/osmap.yaml index c55372822..f5d66b757 100644 --- a/salt/osmap.yaml +++ b/salt/osmap.yaml @@ -13,7 +13,8 @@ {%- set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %} {%- set oscodename = salt['grains.get']('oscodename') %} {%- set os_family_lower = salt['grains.get']('os_family')|lower %} -{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://repo.saltproject.io') %} +{%- set salt_repo = salt['pillar.get']('salt:repo', 'https://packages.broadcom.com/artifactory') %} +{%- set salt_repo_key_url = salt['pillar.get']('salt:repo_key_url', salt_repo ~ '/api/security/keypair/SaltProjectKey/public') %} Fedora: pygit2: python2-pygit2 @@ -21,14 +22,14 @@ Fedora: Amazon: pkgrepo_name: saltstack-amzn-repo pkgrepo_humanname: SaltStack repo for Amazon Linux 2 - pkgrepo: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}' - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'yum' }}/amazon/2/$basearch/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + pkgrepo: '{{ salt_repo }}/saltproject-rpm/' + key_url: '{{ salt_repo_key_url }}' Ubuntu: - pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] {{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' - pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/salt-archive-keyring.gpg' - pkgrepo_keyring_hash: sha256=ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47 - key_url: '{{ salt_repo }}/{{ py_ver_repr or 'apt' }}/{{ os_lower }}/{{ osrelease }}/amd64/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' + pkgrepo: 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=amd64] {{ salt_repo }}/saltproject-deb stable main' + pkgrepo_keyring: '{{ salt_repo_key_url }}' + pkgrepo_keyring_hash: sha256=36decef986477acb8ba2a1fc4041bcf9f22229ef6c939d0317c9e36a9d142b34 + key_url: '{{ salt_repo_key_url }}' pygit2: python-pygit2 gitfs: pygit2: @@ -38,8 +39,8 @@ Ubuntu: install_from_package: Null Raspbian: - pkgrepo: 'deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=armhf] {{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }} {{ oscodename }} main' - pkgrepo_keyring: '{{ salt_repo }}/{{ py_ver_repr or 'py3' }}/{{ os_family_lower }}/{{ osmajorrelease }}/armhf/{{ salt_release }}/salt-archive-keyring.gpg' + pkgrepo: 'deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.pgp arch=armhf] {{ salt_repo }}/saltproject-deb stable main' + pkgrepo_keyring: '{{ salt_repo_key_url }}' SmartOS: salt_master: salt diff --git a/salt/pkgrepo/debian/absent.sls b/salt/pkgrepo/debian/absent.sls index 5a0448912..6d3226229 100644 --- a/salt/pkgrepo/debian/absent.sls +++ b/salt/pkgrepo/debian/absent.sls @@ -10,4 +10,4 @@ salt-pkgrepo-clean-saltstack-debian: salt-pkgrepo-clean-saltstack-debian-apt-key: file.absent: - - name: /usr/share/keyrings/salt-archive-keyring.gpg + - name: /etc/apt/keyrings/salt-archive-keyring.pgp diff --git a/salt/pkgrepo/debian/clean.sls b/salt/pkgrepo/debian/clean.sls index 5a0448912..6d3226229 100644 --- a/salt/pkgrepo/debian/clean.sls +++ b/salt/pkgrepo/debian/clean.sls @@ -10,4 +10,4 @@ salt-pkgrepo-clean-saltstack-debian: salt-pkgrepo-clean-saltstack-debian-apt-key: file.absent: - - name: /usr/share/keyrings/salt-archive-keyring.gpg + - name: /etc/apt/keyrings/salt-archive-keyring.pgp diff --git a/salt/pkgrepo/debian/install.sls b/salt/pkgrepo/debian/install.sls index 21ac37ad7..02b74c41b 100644 --- a/salt/pkgrepo/debian/install.sls +++ b/salt/pkgrepo/debian/install.sls @@ -4,7 +4,7 @@ salt-pkgrepo-install-saltstack-debian-keyring: file.managed: - - name: /usr/share/keyrings/salt-archive-keyring.gpg + - name: /etc/apt/keyrings/salt-archive-keyring.pgp - source: {{ salt_settings.pkgrepo_keyring }} - source_hash: {{ salt_settings.pkgrepo_keyring_hash }} - require_in: