opendev/system-config
Code Issues Proposed changes
system-config/modules/openstack_project/manifests/mirror_update.pp
Michael Krotscheck 841e7e2f57 Added NPM Mirror to mirror_update 
This patch adds a cron job to our mirror_update servers which will
begin mirroring the npm registry into our own AFS mirror directories,
under the /npm path.

It uses two major components: First, the registry-static project,
available here: https://github.com/davglass/registry-static

Secondly, a custom implementation of the fs-blob-store named
afs-blob-store, which creates a virtual filesystem that automatically
translates paths to accomodate AFS' folder size limit. This project
is currently still hosted on github, however will be added to
OpenStack soon: https://github.com/krotscheck/js-afs-blob-store

This will require creating ACL's as well as the AFS principal before
this can be landed.

Change-Id: Ib78852fc5cde4fb04fe6439e01a591ca2781ce21
2016-04-11 17:34:30 +00:00

164 lines
4.4 KiB
Puppet
Raw Blame History

# == Class: openstack_project::mirror_update
#
class openstack_project::mirror_update (
$sysadmins = [],
$bandersnatch_keytab = '',
$reprepro_keytab = '',
$admin_keytab = '',
$npm_keytab = '',
) {
class { 'openstack_project::server':
sysadmins => $sysadmins,
afs => true,
}
class { 'openstack_project::npm_mirror':
data_directory => '/afs/.openstack.org/mirror/npm',
uri_rewrite => 'localhost',
}
class { 'bandersnatch':
bandersnatch_source => 'https://bitbucket.org/jeblair/bandersnatch',
}
class { 'bandersnatch::mirror':
mirror_root => '/afs/.openstack.org/mirror/pypi',
static_root => '/afs/.openstack.org/mirror',
hash_index => true,
require => Class['bandersnatch'],
}
file { '/etc/bandersnatch.keytab':
owner => 'root',
group => 'root',
mode => '0400',
content => $bandersnatch_keytab,
}
file { '/etc/npm.keytab':
owner => 'root',
group => 'root',
mode => '0400',
content => $npm_keytab,
}
file { '/etc/afsadmin.keytab':
owner => 'root',
group => 'root',
mode => '0400',
content => $admin_keytab,
}
file { '/usr/local/bin/bandersnatch-mirror-update':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/openstack_project/bandersnatch-mirror-update.sh',
}
file { '/usr/local/bin/npm-mirror-update':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
content => template('openstack_project/npm-mirror-update.sh'),
}
cron { 'bandersnatch':
user => $user,
minute => '*/5',
command => 'flock -n /var/run/bandersnatch/mirror.lock bandersnatch-mirror-update >>/var/log/bandersnatch/mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/bandersnatch-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/bandersnatch.keytab'],
Class['bandersnatch::mirror']
]
}
cron { 'npm-mirror-update':
user => $user,
minute => '*/5',
command => 'flock -n /var/run/npm-mirror-update/mirror.lock npm-mirror-update >>/var/log/npm-mirror-update/mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/npm-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/npm.keytab'],
Class['openstack_project::npm_mirror'],
]
}
# TODO(clarkb) this setup needs to go in a class of its own. It is not
# in the define because it is common to all reprepro mirrors.
package { 'reprepro':
ensure => present,
}
file { '/var/log/reprepro':
ensure => directory,
}
file { '/var/run/reprepro':
ensure => directory,
}
file { '/etc/reprepro':
ensure => directory,
}
file { '/etc/reprepro.keytab':
owner => 'root',
group => 'root',
mode => '0400',
content => $reprepro_keytab,
}
file { '/usr/local/bin/reprepro-mirror-update':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/openstack_project/reprepro/reprepro-mirror-update.sh',
}
cron { 'reprepro':
ensure => absent,
}
::openstack_project::reprepro { 'ubuntu-reprepro-mirror':
confdir => '/etc/reprepro/ubuntu',
basedir => '/afs/.openstack.org/mirror/ubuntu',
distributions => 'openstack_project/reprepro/distributions.ubuntu.erb',
updates_file => 'puppet:///modules/openstack_project/reprepro/debuntu-updates',
releases => ['trusty', 'xenial'],
}
cron { 'reprepro ubuntu':
user => $user,
hour => '*/2',
minute => '0',
command => 'flock -n /var/run/reprepro/ubuntu.lock reprepro-mirror-update /etc/reprepro/ubuntu mirror.ubuntu >>/var/log/reprepro/ubuntu-mirror.log 2>&1',
environment => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/usr/local/bin/reprepro-mirror-update'],
File['/etc/afsadmin.keytab'],
File['/etc/reprepro.keytab'],
::openstack_project::reprepro['ubuntu-reprepro-mirror'],
]
}
include ::gnupg
gnupg_key { 'Ubuntu Archive':
ensure => present,
key_id => '40976EAF437D05B5',
user => 'root',
key_server => 'hkp://keyserver.ubuntu.com',
key_type => 'public',
}
}
View Git Blame Copy Permalink