New carepo_gpgkey parameter

New parameter `carepo_gpgkey` for url location of rpm package signing key. No longer ship public key with module.
voxpupuli · Mar 22, 2021 · 67c60a7 · 67c60a7
1 parent 1c4f4c9
commit 67c60a7
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 90 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -8,8 +8,7 @@
 
 #### Public Classes
 
-* [`fetchcrl`](#fetchcrl): Main class, installs fetch-crl and configured it.
-https://wiki.nikhef.nl/grid/FetchCRL3
+* [`fetchcrl`](#fetchcrl)
 
 #### Private Classes
 
@@ -23,147 +22,139 @@ https://wiki.nikhef.nl/grid/FetchCRL3
 
 ## Classes
 
-### `fetchcrl`
+### <a name="fetchcrl"></a>`fetchcrl`
 
-fetchcrl
-
-#### Examples
-
-##### Simple Example
-
-```puppet
-class{'fetchcrl':
-  http_proxy            => 'http:://squid.example.org:8000',
-  carepo                => 'http://yum.example.org/yumrepo',
-  cache_control_request => '3600',
-}
-```
+The fetchcrl class.
 
 #### Parameters
 
-The following parameters are available in the `fetchcrl` class.
-
-##### `capkgs`
-
-Data type: `Array[String[1]]`
-
-CA policy packages to install.
-
-Default value: `['ca-policy-egi-core']`
-
-##### `carepo`
-
-Data type: `Stdlib::Httpurl`
-
-Repository URL of CA packages.
-
-Default value: `'http://repository.egi.eu/sw/production/cas/1/current/'`
-
-##### `manage_carepo`
+The following parameters are available in the `fetchcrl` class:
+
+* [`manage_carepo`](#manage_carepo)
+* [`capkgs_version`](#capkgs_version)
+* [`pkg_version`](#pkg_version)
+* [`agingtolerance`](#agingtolerance)
+* [`nosymlinks`](#nosymlinks)
+* [`noerrors`](#noerrors)
+* [`nowarnings`](#nowarnings)
+* [`http_proxy`](#http_proxy)
+* [`httptimeout`](#httptimeout)
+* [`parallelism`](#parallelism)
+* [`logmode`](#logmode)
+* [`pkgname`](#pkgname)
+* [`runcron`](#runcron)
+* [`runboot`](#runboot)
+* [`randomcron`](#randomcron)
+* [`cache_control_request`](#cache_control_request)
+* [`capkgs`](#capkgs)
+* [`carepo`](#carepo)
+* [`carepo_gpgkey`](#carepo_gpgkey)
+
+##### <a name="manage_carepo"></a>`manage_carepo`
 
 Data type: `Boolean`
 
 Should package repository be configured.
 
 Default value: ``true``
 
-##### `capkgs_version`
+##### <a name="capkgs_version"></a>`capkgs_version`
 
 Data type: `String`
 
 Version of CA packages.
 
 Default value: `'present'`
 
-##### `pkg_version`
+##### <a name="pkg_version"></a>`pkg_version`
 
 Data type: `String`
 
 Version of fetch-crl package.
 
 Default value: `'present'`
 
-##### `agingtolerance`
+##### <a name="agingtolerance"></a>`agingtolerance`
 
 Data type: `Integer`
 
 Number of hours delay time before errors are generated in case downloads consistently fail.
 
 Default value: `24`
 
-##### `nosymlinks`
+##### <a name="nosymlinks"></a>`nosymlinks`
 
 Data type: `Boolean`
 
 do not create serial number symlinks.
 
 Default value: ``true``
 
-##### `noerrors`
+##### <a name="noerrors"></a>`noerrors`
 
 Data type: `Boolean`
 
 do not produce errors.
 
 Default value: ``false``
 
-##### `nowarnings`
+##### <a name="nowarnings"></a>`nowarnings`
 
 Data type: `Boolean`
 
 do not produce warnings.
 
 Default value: ``true``
 
-##### `http_proxy`
+##### <a name="http_proxy"></a>`http_proxy`
 
 Data type: `Optional[Stdlib::Httpurl]`
 
 List of http proxy URLs.
 
 Default value: ``undef``
 
-##### `httptimeout`
+##### <a name="httptimeout"></a>`httptimeout`
 
 Data type: `Integer`
 
 Time out for http.
 
 Default value: `30`
 
-##### `parallelism`
+##### <a name="parallelism"></a>`parallelism`
 
 Data type: `Integer`
 
 Number of fetchs to run concurrently.
 
 Default value: `4`
 
-##### `logmode`
+##### <a name="logmode"></a>`logmode`
 
 Data type: `Enum['direct','qualified', 'cache','syslog']`
 
 Specify how logging is done.
 
 Default value: `'syslog'`
 
-##### `pkgname`
+##### <a name="pkgname"></a>`pkgname`
 
 Data type: `String[1]`
 
 Name of fetch-crl package.
 
 Default value: `'fetch-crl'`
 
-##### `runcron`
+##### <a name="runcron"></a>`runcron`
 
 Data type: `Boolean`
 
 Should fetch-crl be run as a cron job.
 
 Default value: ``true``
 
-##### `runboot`
+##### <a name="runboot"></a>`runboot`
 
 Data type: `Boolean`
 
@@ -173,7 +164,7 @@ that do not use a cron based package and not a systemd timer.
 
 Default value: ``false``
 
-##### `randomcron`
+##### <a name="randomcron"></a>`randomcron`
 
 Data type: `Boolean`
 
@@ -183,17 +174,41 @@ The systemd timer for fetch-crl is already very random.
 
 Default value: ``true``
 
-##### `cache_control_request`
+##### <a name="cache_control_request"></a>`cache_control_request`
 
 Data type: `Optional[Integer]`
 
 sends a cache-control max-age hint in seconds towards the server in the HTTP request.
 
 Default value: ``undef``
 
+##### <a name="capkgs"></a>`capkgs`
+
+Data type: `Array[String[1]]`
+
+
+
+Default value: `['ca-policy-egi-core']`
+
+##### <a name="carepo"></a>`carepo`
+
+Data type: `Stdlib::Httpurl`
+
+
+
+Default value: `'http://repository.egi.eu/sw/production/cas/1/current/'`
+
+##### <a name="carepo_gpgkey"></a>`carepo_gpgkey`
+
+Data type: `Stdlib::Httpurl`
+
+
+
+Default value: `'https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3'`
+
 ## Defined types
 
-### `fetchcrl::ca`
+### <a name="fetchcrlca"></a>`fetchcrl::ca`
 
 Creates per CA configuration files.
 
@@ -209,53 +224,61 @@ fetchcrl::ca{'EDG-Tutorial-CA':
 
 #### Parameters
 
-The following parameters are available in the `fetchcrl::ca` defined type.
+The following parameters are available in the `fetchcrl::ca` defined type:
+
+* [`name`](#name)
+* [`anchorname`](#anchorname)
+* [`nowarnings`](#nowarnings)
+* [`noerrors`](#noerrors)
+* [`httptimeout`](#httptimeout)
+* [`agingtolerance`](#agingtolerance)
+* [`crl_url`](#crl_url)
 
-##### `name`
+##### <a name="name"></a>`name`
 
 The name of the CA to manage a configuration for.
 
-##### `anchorname`
+##### <a name="anchorname"></a>`anchorname`
 
 Data type: `String[1]`
 
 The name of the CA to manage a configuration for.
 
 Default value: `$title`
 
-##### `nowarnings`
+##### <a name="nowarnings"></a>`nowarnings`
 
 Data type: `Boolean`
 
 Should warnings be supressed for this CA.
 
 Default value: ``false``
 
-##### `noerrors`
+##### <a name="noerrors"></a>`noerrors`
 
 Data type: `Boolean`
 
 Should errors be supressed for this CA.
 
 Default value: ``false``
 
-##### `httptimeout`
+##### <a name="httptimeout"></a>`httptimeout`
 
 Data type: `Optional[Integer]`
 
 The timeout for this CA.
 
 Default value: ``undef``
 
-##### `agingtolerance`
+##### <a name="agingtolerance"></a>`agingtolerance`
 
 Data type: `Optional[Integer]`
 
 The delay if failures before it is considered an error.
 
 Default value: ``undef``
 
-##### `crl_url`
+##### <a name="crl_url"></a>`crl_url`
 
 Data type: `Array[Stdlib::Httpurl]`
 

diff --git a/files/GPG-KEY-EUGridPMA-RPM-3 b/files/GPG-KEY-EUGridPMA-RPM-3
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -17,6 +17,9 @@
 # @param carepo
 #  Repository URL of CA packages.
 #
+## @param carepo_gpgkey
+#  Repository URL of GPG key for CA packages.
+
 # @param manage_carepo
 #  Should package repository be configured.
 #
@@ -72,6 +75,7 @@
 class fetchcrl (
   Array[String[1]] $capkgs                 = ['ca-policy-egi-core'],
   Stdlib::Httpurl $carepo                  = 'http://repository.egi.eu/sw/production/cas/1/current/',
+  Stdlib::Httpurl $carepo_gpgkey           = 'https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3',
   Boolean $manage_carepo                   = true,
   String $capkgs_version                   = 'present',
   String $pkg_version                      = 'present',

diff --git a/manifests/install.pp b/manifests/install.pp
@@ -7,6 +7,7 @@
   $pkgname        = $fetchcrl::pkgname,
   $capkgs         = $fetchcrl::capkgs,
   $carepo         = $fetchcrl::carepo,
+  $carepo_gpgkey  = $fetchcrl::carepo_gpgkey,
   $manage_carepo  = $fetchcrl::manage_carepo,
   $capkgs_version = $fetchcrl::capkgs_version,
   $pkg_version    = $fetchcrl::pkg_version
@@ -19,22 +20,12 @@
   }
 
   if $manage_carepo {
-    file { '/etc/pki/rpm-gpg/GPG-KEY-EUGridPMA-RPM-3':
-      ensure  => file,
-      source  => 'puppet:///modules/fetchcrl/GPG-KEY-EUGridPMA-RPM-3',
-      replace => false,
-      owner   => root,
-      group   => root,
-      mode    => '0644',
-    }
-
     yumrepo { 'carepo':
       descr    => 'IGTF CA Repository',
       enabled  => 1,
       baseurl  => $carepo,
       gpgcheck => 1,
-      gpgkey   => 'file:///etc/pki/rpm-gpg/GPG-KEY-EUGridPMA-RPM-3',
-      require  => File['/etc/pki/rpm-gpg/GPG-KEY-EUGridPMA-RPM-3'],
+      gpgkey   => $carepo_gpgkey,
     }
 
     $capkgs_require = Yumrepo['carepo']