From 5de3a87c1c7427845989bf80af1da7b1346b7172 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Couralet?= Date: Thu, 18 Feb 2021 08:38:04 +0100 Subject: [PATCH 1/3] Add parameters to `apt::source` to avoid requiring an internet connexion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cédric Couralet --- REFERENCE.md | 27 +++++++++++++++++++++++++++ manifests/init.pp | 44 +++++++++++++++++++++++++++----------------- manifests/repo.pp | 17 ++++++++++++----- 3 files changed, 66 insertions(+), 22 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 862d69e..ddeef4e 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -167,6 +167,33 @@ Data type: `Optional[Stdlib::Fqdn]` The keyserver which should be used to get the repository key. +Default value: `undef` + +##### `repo_keycontent` + +Data type: `Optional[String]` + +The key content to use, useful when internet connexion is not available. + +Default value: `undef` + +##### `repo_keysource` + +Data type: `Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]` + +The key source to use, useful when internet connexion is not available and you want to use +an internal source. + +Default value: `undef` + +##### `repo_keyweak_ssl` + +Data type: `Boolean` + +Specifies whether strict SSL verification on a https URL should be disabled when fetching the key. +Valid options: true or false. + + Default value: `undef` ##### `config_path` diff --git a/manifests/init.pp b/manifests/init.pp index b6d1bd3..3d65137 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -43,27 +43,37 @@ # The base repository url. # @param repo_keyserver # The keyserver which should be used to get the repository key. +# @param repo_keycontent +# Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient. +# @param repo_keysource +# Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or +# an absolute path. +# @param repo_keyweak_ssl +# Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false. # @param config_path # The path to the config file of Gitlab runner. # class gitlab_ci_runner ( - String $xz_package_name, # Defaults in module hieradata - Hash $runners = {}, - Hash $runner_defaults = {}, - Optional[Integer] $concurrent = undef, - Optional[Integer] $check_interval = undef, - Optional[String] $builds_dir = undef, - Optional[String] $cache_dir = undef, - Optional[Pattern[/.*:.+/]] $metrics_server = undef, - Optional[Pattern[/.*:.+/]] $listen_address = undef, - Optional[String] $sentry_dsn = undef, - Boolean $manage_docker = false, - Boolean $manage_repo = true, - String $package_ensure = installed, - String $package_name = 'gitlab-runner', - Stdlib::HTTPUrl $repo_base_url = 'https://packages.gitlab.com', - Optional[Stdlib::Fqdn] $repo_keyserver = undef, - String $config_path = '/etc/gitlab-runner/config.toml', + String $xz_package_name, # Defaults in module hieradata + Hash $runners = {}, + Hash $runner_defaults = {}, + Optional[Integer] $concurrent = undef, + Optional[Integer] $check_interval = undef, + Optional[String] $builds_dir = undef, + Optional[String] $cache_dir = undef, + Optional[Pattern[/.*:.+/]] $metrics_server = undef, + Optional[Pattern[/.*:.+/]] $listen_address = undef, + Optional[String] $sentry_dsn = undef, + Boolean $manage_docker = false, + Boolean $manage_repo = true, + String $package_ensure = installed, + String $package_name = 'gitlab-runner', + Stdlib::HTTPUrl $repo_base_url = 'https://packages.gitlab.com', + Optional[Stdlib::Fqdn] $repo_keyserver = undef, + Optional[String] $repo_keycontent = undef, + Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $repo_keysource = undef, + Boolean $repo_keyweak_ssl = false, + String $config_path = '/etc/gitlab-runner/config.toml', ) { if $manage_docker { # workaround for cirunner issue #1617 diff --git a/manifests/repo.pp b/manifests/repo.pp index 6ac58bd..58d4611 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -3,9 +3,13 @@ # @api private # class gitlab_ci_runner::repo ( - $repo_base_url = $gitlab_ci_runner::repo_base_url, - $repo_keyserver = $gitlab_ci_runner::repo_keyserver, - $package_name = $gitlab_ci_runner::package_name, + $repo_base_url = $gitlab_ci_runner::repo_base_url, + $repo_keyserver = $gitlab_ci_runner::repo_keyserver, + $repo_keyid = $gitlab_ci_runner::repo_keyid, + $repo_keycontent = $gitlab_ci_runner::repo_keycontent, + $repo_keysource = $gitlab_ci_runner::repo_keysource, + $repo_keyweak_ssl = $gitlab_ci_runner::repo_keyweak_ssl, + $package_name = $gitlab_ci_runner::package_name, ) { assert_private() case $facts['os']['family'] { @@ -15,8 +19,11 @@ location => "${repo_base_url}/runner/${package_name}/${facts['os']['distro']['id'].downcase}/", repos => 'main', key => { - 'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', - 'server' => $repo_keyserver, + 'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', + 'server' => $repo_keyserver, + 'content' => $repo_keycontent, + 'source' => $repo_keysource, + 'weak_ssl' => $repo_keyweak_ssl, }, include => { 'src' => false, From 0c0c8feb99e6329e7073199a6749176c79c7539e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Couralet?= Date: Thu, 18 Feb 2021 08:38:04 +0100 Subject: [PATCH 2/3] Add parameters to `apt::source` to avoid requiring an internet connexion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cedric Couralet Signed-off-by: Cédric Couralet --- manifests/init.pp | 40 +++++++++++++------------- manifests/repo.pp | 1 - spec/classes/gitlab_ci_runner_spec.rb | 41 +++++++++++++++++++++++++-- 3 files changed, 59 insertions(+), 23 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 3d65137..e048de5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -54,26 +54,26 @@ # The path to the config file of Gitlab runner. # class gitlab_ci_runner ( - String $xz_package_name, # Defaults in module hieradata - Hash $runners = {}, - Hash $runner_defaults = {}, - Optional[Integer] $concurrent = undef, - Optional[Integer] $check_interval = undef, - Optional[String] $builds_dir = undef, - Optional[String] $cache_dir = undef, - Optional[Pattern[/.*:.+/]] $metrics_server = undef, - Optional[Pattern[/.*:.+/]] $listen_address = undef, - Optional[String] $sentry_dsn = undef, - Boolean $manage_docker = false, - Boolean $manage_repo = true, - String $package_ensure = installed, - String $package_name = 'gitlab-runner', - Stdlib::HTTPUrl $repo_base_url = 'https://packages.gitlab.com', - Optional[Stdlib::Fqdn] $repo_keyserver = undef, - Optional[String] $repo_keycontent = undef, - Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $repo_keysource = undef, - Boolean $repo_keyweak_ssl = false, - String $config_path = '/etc/gitlab-runner/config.toml', + String $xz_package_name, # Defaults in module hieradata + Hash $runners = {}, + Hash $runner_defaults = {}, + Optional[Integer] $concurrent = undef, + Optional[Integer] $check_interval = undef, + Optional[String] $builds_dir = undef, + Optional[String] $cache_dir = undef, + Optional[Pattern[/.*:.+/]] $metrics_server = undef, + Optional[Pattern[/.*:.+/]] $listen_address = undef, + Optional[String] $sentry_dsn = undef, + Boolean $manage_docker = false, + Boolean $manage_repo = true, + String $package_ensure = installed, + String $package_name = 'gitlab-runner', + Stdlib::HTTPUrl $repo_base_url = 'https://packages.gitlab.com', + Optional[Stdlib::Fqdn] $repo_keyserver = undef, + Optional[String] $repo_keycontent = undef, + Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $repo_keysource = undef, + Boolean $repo_keyweak_ssl = false, + String $config_path = '/etc/gitlab-runner/config.toml', ) { if $manage_docker { # workaround for cirunner issue #1617 diff --git a/manifests/repo.pp b/manifests/repo.pp index 58d4611..6d59c51 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -5,7 +5,6 @@ class gitlab_ci_runner::repo ( $repo_base_url = $gitlab_ci_runner::repo_base_url, $repo_keyserver = $gitlab_ci_runner::repo_keyserver, - $repo_keyid = $gitlab_ci_runner::repo_keyid, $repo_keycontent = $gitlab_ci_runner::repo_keycontent, $repo_keysource = $gitlab_ci_runner::repo_keysource, $repo_keyweak_ssl = $gitlab_ci_runner::repo_keyweak_ssl, diff --git a/spec/classes/gitlab_ci_runner_spec.rb b/spec/classes/gitlab_ci_runner_spec.rb index 3991311..ed54e7c 100644 --- a/spec/classes/gitlab_ci_runner_spec.rb +++ b/spec/classes/gitlab_ci_runner_spec.rb @@ -230,7 +230,10 @@ repos: 'main', key: { 'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', - 'server' => undef_value + 'server' => undef_value, + 'content' => undef_value, + 'source' => undef_value, + 'weak_ssl' => false }, include: { 'src' => false, @@ -294,7 +297,41 @@ it { is_expected.to contain_class('gitlab_ci_runner::repo') } it do - is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'keys.gnupg.net') + is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F','server' => 'keys.gnupg.net', 'content' => undef_value,'source' => undef_value,'weak_ssl' => false) + end + end + end + if facts[:os]['family'] == 'Debian' + context 'with manage_repo => true and repo_keysource => http://path.to/gpg.key' do + let(:params) do + super().merge( + manage_repo: true, + repo_keysource: 'http://path.to/gpg.key' + ) + end + + it { is_expected.to compile } + it { is_expected.to contain_class('gitlab_ci_runner::repo') } + + it do + is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F','server'=> undef_value,'content'=> undef_value,'source' => 'http://path.to/gpg.key','weak_ssl' => false) + end + end + end + if facts[:os]['family'] == 'Debian' + context 'with manage_repo => true and repo_keycontent => "somebase64encodedContent"' do + let(:params) do + super().merge( + manage_repo: true, + repo_keycontent: 'somebase64encodedContent' + ) + end + + it { is_expected.to compile } + it { is_expected.to contain_class('gitlab_ci_runner::repo') } + + it do + is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F','server' => undef_value,'content' => 'somebase64encodedContent','source' => undef_value,'weak_ssl' => false) end end end From 32274342613c4b1476eb58580bf6a4c63d4d51f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Couralet?= Date: Mon, 17 Jan 2022 13:32:58 +0100 Subject: [PATCH 3/3] Fix CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cédric Couralet --- spec/classes/gitlab_ci_runner_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/classes/gitlab_ci_runner_spec.rb b/spec/classes/gitlab_ci_runner_spec.rb index 8f12825..5d875f7 100644 --- a/spec/classes/gitlab_ci_runner_spec.rb +++ b/spec/classes/gitlab_ci_runner_spec.rb @@ -421,7 +421,7 @@ it { is_expected.to contain_class('gitlab_ci_runner::repo') } it do - is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F','server' => 'keys.gnupg.net', 'content' => undef_value,'source' => undef_value,'weak_ssl' => false) + is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'keys.gnupg.net', 'content' => undef_value, 'source' => undef_value, 'weak_ssl' => false) end end end @@ -438,7 +438,7 @@ it { is_expected.to contain_class('gitlab_ci_runner::repo') } it do - is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F','server'=> undef_value,'content'=> undef_value,'source' => 'http://path.to/gpg.key','weak_ssl' => false) + is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => undef_value, 'content' => undef_value, 'source' => 'http://path.to/gpg.key', 'weak_ssl' => false) end end end @@ -455,7 +455,7 @@ it { is_expected.to contain_class('gitlab_ci_runner::repo') } it do - is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F','server' => undef_value,'content' => 'somebase64encodedContent','source' => undef_value,'weak_ssl' => false) + is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => undef_value, 'content' => 'somebase64encodedContent', 'source' => undef_value, 'weak_ssl' => false) end end