Merge pull request #14 from netmanagers/master

Add a state to manage repositories, with tests

.kitchen.yml

@@ -0,0 +1,45 @@
+---
+driver:
+  name: vagrant
+
+platforms:
+  - name: debian-jessie64
+    driver_config:
+      box: ssplatt/salt-deb-8
+
+provisioner:
+  name: salt_solo
+  salt_version: 2015.8.8
+  is_file_root: true
+  grains:
+    os_family: Debian
+
+suites:
+  - name: repositories
+    provisioner:
+      state_top:
+        base:
+          '*':
+            - apt.repositories
+            - apt.update
+      pillars:
+        top.sls:
+          base:
+            '*':
+              - apt
+        apt.sls:
+          apt:
+            remove_sources_list: true
+            clean_sources_list_d: true
+            repositories:
+              debian-jessie-source:
+                distro: jessie
+                url: http://httpredir.debian.org/debian
+                type: [source]
+                comps: [main, contrib, non-free]
+              dropbox-repo:
+                distro: jessie
+                url: http://linux.dropbox.com/debian
+                arch: [i386, amd64]
+                keyid: 1C61A2656FB57B7E4DE0F4C1FC918B335044912E
+                keyserver: pgp.mit.edu

README.rst

@@ -29,6 +29,15 @@ Runs ``apt-get update``.
 
 Runs ``apt-get upgrade``.
 
+``apt.repositories``
+---------------
+
+Allows you to configure and manage repositories from pillar. Check ``pillar.example``
+to see possible values. If used and no repositories are provided, sane default
+values from ``map.jinja`` are used.
+
+Check https://wiki.debian.org/SourcesList for an explanation about the resulting
+files structure.
 
 ``apt.ppa``
 -------------

apt/dist_upgrade.sls

@@ -1,4 +1,5 @@
 apt-get dist-upgrade:
-  cmd:
-    - run
-
+  cmd.wait:
+    - watch:
+      - file: /etc/apt/sources.list
+      - file: /etc/apt/sources.list.d

apt/map.jinja

@@ -1,8 +1,30 @@
+{% set distribution = salt['grains.get']('lsb_distrib_codename') %}
+{% set distribution_updates = salt['grains.get']('lsb_distrib_codename') ~ '/updates' %}
+{% set arch = salt['grains.get']('osarch').split(' ') %}
 {% set apt = salt['grains.filter_by']({
     'Debian': {
         'pkgs': ['unattended-upgrades'],
         'confd_dir': '/etc/apt/apt.conf.d',
         'unattended_config': '50unattended-upgrades',
         'periodic_config': '10periodic',
+        'sources_list_dir': '/etc/apt/sources.list.d',
+        'remove_sources_list': false,
+        'clean_sources_list_d': false,
+        'default_url': 'http://httpredir.debian.org/debian/',
+        'repositories': {
+          'sane_default': {
+             'distro': distribution,
+             'url': 'http://httpredir.debian.org/debian/',
+             'arch': arch,
+             'comps': ['main'],
+          },
+          'security-stable': {
+             'distro': distribution_updates,
+             'url': 'http://security.debian.org/',
+             'arch': arch,
+             'comps': ['main'],
+          },
+       },
     },
 }, merge=salt['pillar.get']('apt:lookup'), default='Debian') %}
+

apt/repositories.sls

@@ -0,0 +1,53 @@
+{% from "apt/map.jinja" import apt as apt_map with context %}
+{% set apt = pillar.get('apt', {}) %}
+{% set remove_sources_list = apt.get('remove_sources_list', apt_map.remove_sources_list) %}
+{% set clean_sources_list_d = apt.get('clean_sources_list_d', apt_map.clean_sources_list_d) %}
+{% set sources_list_dir = apt.get('sources_list_dir', apt_map.sources_list_dir) %}
+{% set repositories = apt.get('repositories', apt_map.repositories) %}
+{% set default_url = apt.get('default_url', apt_map.default_url) %}
+
+debian-archive-keyring:
+  pkg.installed
+
+/etc/apt/sources.list:
+  {% if remove_sources_list %}
+  file.absent
+  {% else %}
+  file.managed:
+    - mode: '0644'
+    - user: root
+    - group: root
+  {% endif %}
+
+{{ sources_list_dir }}:
+  file.directory:
+    - mode: '0755'
+    - user: root
+    - group: root
+    - clean: {{ clean_sources_list_d }}
+
+{% for repo, args in repositories.iteritems() %}
+{%- set r_arch = '[arch=' ~ args.arch|join(',') ~ ']' if args.arch is defined else '' %}
+{%- set r_url = args.url or default_url %}
+{%- set r_distro = args.distro or 'stable' %}
+{%- set r_comps = args.comps|default(['main'])|join(' ') %}
+{%- set r_keyserver = args.keyserver if args.keyserver is defined else apt_map.default_keyserver %}
+
+  {%- for type in args.type|d(['binary']) %}
+  {%- set r_type = 'deb-src' if type == 'source' else 'deb' %}
+{{ repo }}:
+  pkgrepo.managed:
+    - name: {{ r_type }} {{ r_arch }} {{ r_url }} {{ r_distro }} {{ r_comps }}
+    - file: {{ sources_list_dir }}/{{ repo }}.list
+    {# You can use either keyid+keyserver or key_url. If both are provided
+       the latter will be used. #}
+    {% if args.key_url is defined %}
+    - key_url: {{ args.key_url }}
+    {% elif args.keyid is defined %}
+    - keyid: {{ args.keyid }}
+    - keyserver: {{ r_keyserver }}
+    {% endif %}
+    - clean_file: true
+  {%- endfor %}
+{% endfor %}
+

apt/update.sls

@@ -1,3 +1,5 @@
 apt-get update:
-  cmd:
-    - run
+  cmd.wait:
+    - watch:
+      - file: /etc/apt/sources.list
+      - file: /etc/apt/sources.list.d

apt/upgrade.sls

@@ -1,3 +1,5 @@
 apt-get upgrade:
-  cmd:
-    - run
+  cmd.wait:
+    - watch:
+      - file: /etc/apt/sources.list
+      - file: /etc/apt/sources.list.d

pillar.example

@@ -1,4 +1,7 @@
 apt:
+  remove_sources_list: true
+  clean_sources_list_d: true
+
   unattended:
     allowed_origins:
       - origin1
@@ -6,17 +9,39 @@ apt:
     package_blacklist:    
       - package1
       - package2  
-   auto_fix_interrupted_dpkg: true     
-   minimal_steps: false
-   install_on_shutdown: false
-   mail: root
-   mail_only_on_error: false
-   remove_unused_dependencies: true
-   automatic_reboot: false
-   dl_limit: 0
-   enabled: 1
-   update_package_lists: 1
-   download_upgradeable_packages: 1
-   unattended_upgrade: 1
-   auto_clean_interval: 7
-   verbose: 2
+    auto_fix_interrupted_dpkg: true     
+    minimal_steps: false
+    install_on_shutdown: false
+    mail: root
+    mail_only_on_error: false
+    remove_unused_dependencies: true
+    automatic_reboot: false
+    dl_limit: 0
+    enabled: 1
+    update_package_lists: 1
+    download_upgradeable_packages: 1
+    unattended_upgrade: 1
+    auto_clean_interval: 7
+    verbose: 2
+
+  repositories:
+    security-stable:
+      distro: stable/updates
+      url: http://security.debian.org
+      comps: [main, contrib, non-free]
+      arch: [amd64, i386]
+      type: [binary, source]
+    updates:
+      distro: stable-updates
+      url: http://httpredir.debian.org/debian/
+      comps: [main, contrib, non-free]
+    my-fancy-repo:
+      distro: whatever/is/needed/here
+      url: http://my.repo.url
+      type: [source]
+      key_url: http://my.repo.url/GPG-KEY-my.repo
+    perconap-repo:
+      distro: stable
+      url: http://repo.percona.com/apt
+      keyid: CD2EFD2A
+      keyserver: pool.sks-keyservers.net

test/integration/repositories/serverspec/repositories_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe 'apt.repositories' do
+
+  describe package('debian-archive-keyring') do
+    it { should be_installed }
+  end
+
+  describe file('/etc/apt/sources.list') do
+    it { should_not exist }
+  end
+
+  describe file('/etc/apt/sources.list.d') do
+    it { should be_directory }
+    it { should be_mode 755 }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+  end
+
+  describe file('/etc/apt/sources.list.d/debian-jessie-source.list') do
+    it { should exist }
+    it { should be_mode 644 }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its(:content) { should match('deb-src http://httpredir.debian.org/debian jessie contrib non-free main') }
+  end
+
+  describe file('/etc/apt/sources.list.d/dropbox-repo.list') do
+    it { should exist }
+    it { should be_mode 644 }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its(:content) { should match(%r{deb \[arch=i386,amd64\] http://linux.dropbox.com/debian jessie main}) }
+  end
+end

test/integration/repositories/serverspec/spec_helper.rb

@@ -0,0 +1,9 @@
+require "serverspec"
+require "pathname"
+
+# Set backend type
+set :backend, :exec
+
+RSpec.configure do |c|
+  c.path = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+end