From a37ddcaa06bbd915d8212eaddc616362fc0d352e Mon Sep 17 00:00:00 2001
From: Dennis Ahrens <dennis.ahrens@hs-hannover.de>
Date: Tue, 26 Apr 2016 15:21:37 +0200
Subject: [PATCH] Include apt proxy, sources.list and salt.list
---
README.md | 30 +++++++++++++++-
hshbase/apt.sls | 37 -------------------
hshbase/apt/init.sls | 43 ++++++++++++++++++++++
hshbase/apt/proxy.sls | 33 +++++++++++++++++
hshbase/apt/sources.tpl | 55 +++++++++++++++++++++++++++++
hshbase/apt/sources.tpl.d/salt.list | 5 +++
hshbase/init.sls | 6 +++-
hshbase/map.jinja | 9 ++---
pillar.example | 2 +-
9 files changed, 176 insertions(+), 44 deletions(-)
delete mode 100644 hshbase/apt.sls
create mode 100644 hshbase/apt/init.sls
create mode 100644 hshbase/apt/proxy.sls
create mode 100644 hshbase/apt/sources.tpl
create mode 100644 hshbase/apt/sources.tpl.d/salt.list
diff --git a/README.md b/README.md
index 3230cfb..7bc4a20 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# hshbase
-Basic server configuration, used for all unix based servers at HsH.
+Basic server configuration used for most unix based servers at HsH.
## States
@@ -8,3 +8,31 @@ Basic server configuration, used for all unix based servers at HsH.
* iptables
* locale
* open-vm-tools
+
+## Configuration
+
+The states of this formula should be configurable using one central pillar
+for all configurations. Have a look at pillar.example for details.
+
+## Development
+
+**All features should be as configurable as necessary.
+Keep it simple, stupid ([KISS](https://de.wikipedia.org/wiki/KISS-Prinzip)).**
+
+Working on this formula requires virtualbox and vagrant installed.
+It comes with an vagrant box you can instantly set up to get a machine where all states will apply against.
+
+```bash
+git clone ssh://git@lab.it.hs-hannover.de:2222/salt/hshbase-formula.git
+cd hshbase-formula
+vagrant up
+vagrant ssh
+sudo salt-call state.highstate
+```
+
+### Default values when developing the formula
+
+If you introduce a new feature and want to make it configurable you might need
+default values. Just add them to defauls.yaml and they are magically available.
+
+Consult map.jinja for details on this topic.
diff --git a/hshbase/apt.sls b/hshbase/apt.sls
deleted file mode 100644
index 57fcba4..0000000
--- a/hshbase/apt.sls
+++ /dev/null
@@ -1,37 +0,0 @@
-{% from "hshbase/map.jinja" import config with context %}
-
-{% set proxy_address = {{ config.apt.proxy_address | default('http://apt-proxy.it.hs-hannover.de:8080') }} %}
-
-{% if grains['os'] == 'FreeBSD' %}
-
- hsh_freebsd_apt_proxy_folder:
- file.directory:
- - name: /usr/local/etc/pkg/repos
- - makedirs: True
- - mode: 755
- - user: root
- - group: wheel
-
- hsh_freebsd_apt_proxy:
- file.managed:
- - name: /usr/local/etc/pkg/repos/FreeBSD.conf
- - contents: 'FreeBSD { url: "pkg+http://apt-proxy.it.hs-hannover.de:8080/pkg.FreeBSD.org/${ABI}/latest" }'
- - mode: 644
- - user: root
- - group: wheel
-
-{% elif grains['os'] == 'Debian' or grains['os'] == 'Ubuntu' %}
-
-foobar_test:
- cmd.run:
- - name: echo "{{ config.apt.proxy_address }}"
-
-# hsh_debian_apt_proxy:
-# file.managed:
-# - name: /etc/apt/apt.conf.d/02proxy
-# - contents: 'Acquire::http { Proxy "http://apt-proxy.it.hs-hannover.de:8080"; };'
-# - mode: 644
-# - user: root
-# - group: root
-
-{% endif %}
diff --git a/hshbase/apt/init.sls b/hshbase/apt/init.sls
new file mode 100644
index 0000000..68a8cf0
--- /dev/null
+++ b/hshbase/apt/init.sls
@@ -0,0 +1,43 @@
+{% from "hshbase/map.jinja" import hshbase with context %}
+{% set oscodename = grains['oscodename'] %}
+
+include:
+ - .proxy
+
+# control /apt/sources.list and apt.sources.list.d on ubuntu and debian
+{% if grains['os'] == 'Debian' and grains['oscodename'] in ['squeeze', 'wheezy', 'jessie']
+ or grains['os'] == 'Ubuntu' and grains['oscodename'] in ['trusty'] %}
+hsh_apt_sources_list:
+ file.managed:
+ - name: /etc/apt/sources.list
+ - source: salt://hahbase/apt/sources.tpl
+ - template: jinja
+ - mode: 644
+ - user: root
+ - group: root
+
+{% if grains['os'] == 'Debian' and oscodename == 'jessie' %}
+hsh_apt_sources_d_salt_jessie:
+ pkgrepo.managed:
+ - humanname: deb-salt
+ - name: deb http://repo.saltstack.com/apt/debian/latest {{ oscodename }} main
+ - file: /etc/apt/sources.list.d/salt.list
+ - gpgcheck: 1
+ - key_url: salt://apt-sources/SALTSTACK-GPG-KEY.pub
+
+{% endif %}
+
+
+{% if grains['os'] == 'Debian' and oscodename != 'jessie' %}
+hsh_apt_sources_d_salt_not_jessie:
+ file.managed:
+ - name: /etc/apt/sources.list.d/salt.list
+ - source: salt://hshbase/apt/sources.tpl.d/salt.tpl
+ - template: jinja
+ - mode: 644
+ - user: root
+ - group: root
+
+{% endif %}
+
+{% endif %}
diff --git a/hshbase/apt/proxy.sls b/hshbase/apt/proxy.sls
new file mode 100644
index 0000000..291f38e
--- /dev/null
+++ b/hshbase/apt/proxy.sls
@@ -0,0 +1,33 @@
+{% from "hshbase/map.jinja" import hshbase with context %}
+
+{% if hshbase.apt.proxy %}
+
+{% if grains['os'] == 'FreeBSD' %}
+hsh_freebsd_apt_proxy_folder:
+ file.directory:
+ - name: /usr/local/etc/pkg/repos
+ - makedirs: True
+ - mode: 755
+ - user: root
+ - group: wheel
+
+hsh_freebsd_apt_proxy:
+ file.managed:
+ - name: /usr/local/etc/pkg/repos/FreeBSD.conf
+ - contents: 'FreeBSD { url: "pkg+{{ hshbase.apt.proxy_address }}/${ABI}/latest" }'
+ - mode: 644
+ - user: root
+ - group: wheel
+
+{% elif grains['os'] == 'Debian' or grains['os'] == 'Ubuntu' %}
+hsh_debian_apt_proxy:
+ file.managed:
+ - name: /etc/apt/apt.conf.d/02proxy
+ - contents: 'Acquire::http { Proxy "{{ hshbase.apt.proxy_address }}"; };'
+ - mode: 644
+ - user: root
+ - group: root
+
+{% endif %}
+
+{% endif %}
diff --git a/hshbase/apt/sources.tpl b/hshbase/apt/sources.tpl
new file mode 100644
index 0000000..9e654b6
--- /dev/null
+++ b/hshbase/apt/sources.tpl
@@ -0,0 +1,55 @@
+{% set os = grains['os'] -%}
+{% set oscodename = grains['oscodename'] -%}
+# This file is managed by salt!
+# If you want to add or modify sources, please use salt!
+# Generated for:
+# OS: {{ os }}
+# Codename: {{ oscodename }}
+{% if os == 'Debian' -%}
+
+deb http://ftp.de.debian.org/debian {{ oscodename }} main non-free
+deb-src http://ftp.de.debian.org/debian {{ oscodename }} main non-free
+
+deb http://security.debian.org/ {{ oscodename }}/updates main
+deb-src http://security.debian.org/ {{ oscodename }}/updates main
+
+deb http://ftp.de.debian.org/debian/ {{ oscodename }}-updates main
+deb-src http://ftp.de.debian.org/debian/ {{ oscodename }}-updates main
+
+{% if oscodename == 'squeeze' %}
+# Make sure this gets updated! - see dates here: https://wiki.debian.org/LTS/
+# LTS for squeeze only until 02/2016
+# See https://www.debian.org/News/2014/20140424
+deb http://ftp.de.debian.org/debian {{ oscodename }}-lts main non-free
+deb-src http://ftp.de.debian.org/debian {{ oscodename }}-lts main non-free
+{% endif %}
+
+{% elif os == 'Ubuntu' %}
+
+{% if oscodename == 'trusty' %}
+deb http://de.archive.ubuntu.com/ubuntu/ trusty main restricted
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty main restricted
+deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
+deb http://de.archive.ubuntu.com/ubuntu/ trusty universe
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty universe
+deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe
+deb http://de.archive.ubuntu.com/ubuntu/ trusty multiverse
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty multiverse
+deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
+deb http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
+deb http://security.ubuntu.com/ubuntu trusty-security main restricted
+deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
+deb http://security.ubuntu.com/ubuntu trusty-security universe
+deb-src http://security.ubuntu.com/ubuntu trusty-security universe
+deb http://security.ubuntu.com/ubuntu trusty-security multiverse
+deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse
+{% endif %}
+
+{% else %}
+# Something went wrong - apt-sources not ready BUT CONFIGURED (init.sls) for this!
+{% endif %}
+# End of file.
diff --git a/hshbase/apt/sources.tpl.d/salt.list b/hshbase/apt/sources.tpl.d/salt.list
new file mode 100644
index 0000000..a9cecdf
--- /dev/null
+++ b/hshbase/apt/sources.tpl.d/salt.list
@@ -0,0 +1,5 @@
+{% set os = grains['os'] -%}
+{% set oscodename = grains['oscodename'] -%}
+{% if os == 'Debian' %}
+deb http://debian.saltstack.com/debian {{ oscodename }}-saltstack main
+{% endif %}
diff --git a/hshbase/init.sls b/hshbase/init.sls
index 0f166f7..e401adb 100644
--- a/hshbase/init.sls
+++ b/hshbase/init.sls
@@ -1,5 +1,9 @@
+{% from "hshbase/map.jinja" import hshbase with context %}
+
+# Include all submodules by default.
+
include:
- hshbase.apt
-echo "hshbase is under construction":
+echo "hshbase is under construction look at the issue tracker!":
cmd.run
diff --git a/hshbase/map.jinja b/hshbase/map.jinja
index 66f1320..e0f5c3f 100644
--- a/hshbase/map.jinja
+++ b/hshbase/map.jinja
@@ -1,6 +1,7 @@
-{% set base_config = salt['pillar.get']('hshbase') %}
-{% import_yaml 'hshbase/defaults.yaml' as default_config %}
+{% import_yaml 'hshbase/defaults.yaml' as defaults %}
-{% do default_config.update(base_config) %}
+{% set lookup = salt['pillar.get']('hshbase',
+ default=defaults.hshbase,
+ merge=True) %}
-{% set config = default_config %}
+{% set hshbase = salt['pillar.get']('hshbase', default=lookup, merge=True) %}
diff --git a/pillar.example b/pillar.example
index 74efa6f..3f2a853 100644
--- a/pillar.example
+++ b/pillar.example
@@ -1,3 +1,3 @@
hshbase:
apt:
- proxy: True
+ proxy: True # if you do not want to to use apt-proxy: set to False
--
GitLab