diff --git a/REFERENCE.md b/REFERENCE.md
index 4206c1b..e6e101f 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -8,8 +8,7 @@
#### Public Classes
-* [`fetchcrl`](#fetchcrl): Main class, installs fetch-crl and configured it.
-https://wiki.nikhef.nl/grid/FetchCRL3
+* [`fetchcrl`](#fetchcrl)
#### Private Classes
@@ -23,43 +22,35 @@ https://wiki.nikhef.nl/grid/FetchCRL3
## Classes
-### `fetchcrl`
+### `fetchcrl`
-fetchcrl
-
-#### Examples
-
-##### Simple Example
-
-```puppet
-class{'fetchcrl':
- http_proxy => 'http:://squid.example.org:8000',
- carepo => 'http://yum.example.org/yumrepo',
- cache_control_request => '3600',
-}
-```
+The fetchcrl class.
#### Parameters
-The following parameters are available in the `fetchcrl` class.
-
-##### `capkgs`
-
-Data type: `Array[String[1]]`
-
-CA policy packages to install.
-
-Default value: `['ca-policy-egi-core']`
-
-##### `carepo`
-
-Data type: `Stdlib::Httpurl`
-
-Repository URL of CA packages.
-
-Default value: `'http://repository.egi.eu/sw/production/cas/1/current/'`
-
-##### `manage_carepo`
+The following parameters are available in the `fetchcrl` class:
+
+* [`manage_carepo`](#manage_carepo)
+* [`capkgs_version`](#capkgs_version)
+* [`pkg_version`](#pkg_version)
+* [`agingtolerance`](#agingtolerance)
+* [`nosymlinks`](#nosymlinks)
+* [`noerrors`](#noerrors)
+* [`nowarnings`](#nowarnings)
+* [`http_proxy`](#http_proxy)
+* [`httptimeout`](#httptimeout)
+* [`parallelism`](#parallelism)
+* [`logmode`](#logmode)
+* [`pkgname`](#pkgname)
+* [`runcron`](#runcron)
+* [`runboot`](#runboot)
+* [`randomcron`](#randomcron)
+* [`cache_control_request`](#cache_control_request)
+* [`capkgs`](#capkgs)
+* [`carepo`](#carepo)
+* [`carepo_gpgkey`](#carepo_gpgkey)
+
+##### `manage_carepo`
Data type: `Boolean`
@@ -67,7 +58,7 @@ Should package repository be configured.
Default value: ``true``
-##### `capkgs_version`
+##### `capkgs_version`
Data type: `String`
@@ -75,7 +66,7 @@ Version of CA packages.
Default value: `'present'`
-##### `pkg_version`
+##### `pkg_version`
Data type: `String`
@@ -83,7 +74,7 @@ Version of fetch-crl package.
Default value: `'present'`
-##### `agingtolerance`
+##### `agingtolerance`
Data type: `Integer`
@@ -91,7 +82,7 @@ Number of hours delay time before errors are generated in case downloads consist
Default value: `24`
-##### `nosymlinks`
+##### `nosymlinks`
Data type: `Boolean`
@@ -99,7 +90,7 @@ do not create serial number symlinks.
Default value: ``true``
-##### `noerrors`
+##### `noerrors`
Data type: `Boolean`
@@ -107,7 +98,7 @@ do not produce errors.
Default value: ``false``
-##### `nowarnings`
+##### `nowarnings`
Data type: `Boolean`
@@ -115,7 +106,7 @@ do not produce warnings.
Default value: ``true``
-##### `http_proxy`
+##### `http_proxy`
Data type: `Optional[Stdlib::Httpurl]`
@@ -123,7 +114,7 @@ List of http proxy URLs.
Default value: ``undef``
-##### `httptimeout`
+##### `httptimeout`
Data type: `Integer`
@@ -131,7 +122,7 @@ Time out for http.
Default value: `30`
-##### `parallelism`
+##### `parallelism`
Data type: `Integer`
@@ -139,7 +130,7 @@ Number of fetchs to run concurrently.
Default value: `4`
-##### `logmode`
+##### `logmode`
Data type: `Enum['direct','qualified', 'cache','syslog']`
@@ -147,7 +138,7 @@ Specify how logging is done.
Default value: `'syslog'`
-##### `pkgname`
+##### `pkgname`
Data type: `String[1]`
@@ -155,7 +146,7 @@ Name of fetch-crl package.
Default value: `'fetch-crl'`
-##### `runcron`
+##### `runcron`
Data type: `Boolean`
@@ -163,7 +154,7 @@ Should fetch-crl be run as a cron job.
Default value: ``true``
-##### `runboot`
+##### `runboot`
Data type: `Boolean`
@@ -173,7 +164,7 @@ that do not use a cron based package and not a systemd timer.
Default value: ``false``
-##### `randomcron`
+##### `randomcron`
Data type: `Boolean`
@@ -183,7 +174,7 @@ The systemd timer for fetch-crl is already very random.
Default value: ``true``
-##### `cache_control_request`
+##### `cache_control_request`
Data type: `Optional[Integer]`
@@ -191,9 +182,33 @@ sends a cache-control max-age hint in seconds towards the server in the HTTP req
Default value: ``undef``
+##### `capkgs`
+
+Data type: `Array[String[1]]`
+
+
+
+Default value: `['ca-policy-egi-core']`
+
+##### `carepo`
+
+Data type: `Stdlib::Httpurl`
+
+
+
+Default value: `'http://repository.egi.eu/sw/production/cas/1/current/'`
+
+##### `carepo_gpgkey`
+
+Data type: `Stdlib::Httpurl`
+
+
+
+Default value: `'https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3'`
+
## Defined types
-### `fetchcrl::ca`
+### `fetchcrl::ca`
Creates per CA configuration files.
@@ -209,13 +224,21 @@ fetchcrl::ca{'EDG-Tutorial-CA':
#### Parameters
-The following parameters are available in the `fetchcrl::ca` defined type.
+The following parameters are available in the `fetchcrl::ca` defined type:
+
+* [`name`](#name)
+* [`anchorname`](#anchorname)
+* [`nowarnings`](#nowarnings)
+* [`noerrors`](#noerrors)
+* [`httptimeout`](#httptimeout)
+* [`agingtolerance`](#agingtolerance)
+* [`crl_url`](#crl_url)
-##### `name`
+##### `name`
The name of the CA to manage a configuration for.
-##### `anchorname`
+##### `anchorname`
Data type: `String[1]`
@@ -223,7 +246,7 @@ The name of the CA to manage a configuration for.
Default value: `$title`
-##### `nowarnings`
+##### `nowarnings`
Data type: `Boolean`
@@ -231,7 +254,7 @@ Should warnings be supressed for this CA.
Default value: ``false``
-##### `noerrors`
+##### `noerrors`
Data type: `Boolean`
@@ -239,7 +262,7 @@ Should errors be supressed for this CA.
Default value: ``false``
-##### `httptimeout`
+##### `httptimeout`
Data type: `Optional[Integer]`
@@ -247,7 +270,7 @@ The timeout for this CA.
Default value: ``undef``
-##### `agingtolerance`
+##### `agingtolerance`
Data type: `Optional[Integer]`
@@ -255,7 +278,7 @@ The delay if failures before it is considered an error.
Default value: ``undef``
-##### `crl_url`
+##### `crl_url`
Data type: `Array[Stdlib::Httpurl]`
diff --git a/files/GPG-KEY-EUGridPMA-RPM-3 b/files/GPG-KEY-EUGridPMA-RPM-3
deleted file mode 100644
index fafa922..0000000
--- a/files/GPG-KEY-EUGridPMA-RPM-3
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.1 (GNU/Linux)
-
-mQGiBELTiyYRBAD8goP2vWdf46e/stZvzgkBgJIFTMkHqZOpLqlCKTRGf4VHUASh
-hdaktDtPx44fVO4E3zmugc7FP6xz/Hj3SqrUKt98vzF1EMb3i4UMCOBif+jM6VFS
-N5N3gDEukNpP2h46LkNPbRPgAEeUmUZy4kTyB9xC/VA7d1sFx6sJZpCHiwCg7DNX
-bj4Wuk5b+FyyCOg9++xabokEAJwt4+iyDX3uYZrkzh9hOXgrbBiyGrorAz3jOpqM
-4L9+OKs5q9UsBwVXs5Zjei/irgxNjHNZCPo/V4f7o2CHxa88rn4GvstftSK6Oeey
-8PaV3vdb5C5SRSbRgvxoUOo6eGVBpv8bVpKm//tNkTboHVsEAKQ1rYzx/m89aCZj
-VCw5A/0c3E0rH4ZCeNg7yvta9ur3U7n/aFhzbU3wFLhcIndrPaufz5Sy/SYhOaS9
-RgH36GbsmOq6JskdtSpBLq0768BUmrjcosgWl3REpMAZc4vvtb55WRYsrNSrqmXZ
-/jHLjQkFHFdObIEcvxl+yIIwUxybMkvdxPZxnpGjF2gg6AoP7rQ5RVVHcmlkUE1B
-IERpc3RyaWJ1dGlvbiBTaWduaW5nIEtleSAzIDxpbmZvQGV1Z3JpZHBtYS5vcmc+
-iFkEExECABkFAkLTiyYECwcDAgMVAgMDFgIBAh4BAheAAAoJEMMtmcg827xx5PQA
-oON2EH0dqfwNjGr1GlGyt1o5bWkzAJ0Y4QOPWaCIJFABoluX5nifjKWV9w==
-=qXx1
------END PGP PUBLIC KEY BLOCK-----
diff --git a/manifests/init.pp b/manifests/init.pp
index ff68e11..ab50835 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -17,6 +17,9 @@
# @param carepo
# Repository URL of CA packages.
#
+## @param carepo_gpgkey
+# Repository URL of GPG key for CA packages.
+
# @param manage_carepo
# Should package repository be configured.
#
@@ -72,6 +75,7 @@
class fetchcrl (
Array[String[1]] $capkgs = ['ca-policy-egi-core'],
Stdlib::Httpurl $carepo = 'http://repository.egi.eu/sw/production/cas/1/current/',
+ Stdlib::Httpurl $carepo_gpgkey = 'https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3',
Boolean $manage_carepo = true,
String $capkgs_version = 'present',
String $pkg_version = 'present',
diff --git a/manifests/install.pp b/manifests/install.pp
index d7baba3..3b196c1 100644
--- a/manifests/install.pp
+++ b/manifests/install.pp
@@ -7,6 +7,7 @@
$pkgname = $fetchcrl::pkgname,
$capkgs = $fetchcrl::capkgs,
$carepo = $fetchcrl::carepo,
+ $carepo_gpgkey = $fetchcrl::carepo_gpgkey,
$manage_carepo = $fetchcrl::manage_carepo,
$capkgs_version = $fetchcrl::capkgs_version,
$pkg_version = $fetchcrl::pkg_version
@@ -19,22 +20,12 @@
}
if $manage_carepo {
- file { '/etc/pki/rpm-gpg/GPG-KEY-EUGridPMA-RPM-3':
- ensure => file,
- source => 'puppet:///modules/fetchcrl/GPG-KEY-EUGridPMA-RPM-3',
- replace => false,
- owner => root,
- group => root,
- mode => '0644',
- }
-
yumrepo { 'carepo':
descr => 'IGTF CA Repository',
enabled => 1,
baseurl => $carepo,
gpgcheck => 1,
- gpgkey => 'file:///etc/pki/rpm-gpg/GPG-KEY-EUGridPMA-RPM-3',
- require => File['/etc/pki/rpm-gpg/GPG-KEY-EUGridPMA-RPM-3'],
+ gpgkey => $carepo_gpgkey,
}
$capkgs_require = Yumrepo['carepo']
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 894228c..89b571e 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -14,6 +14,11 @@
it { is_expected.to contain_package('fetch-crl') }
it { is_expected.to contain_file('/etc/fetch-crl.conf').without_content(%r{cache_control_request}) }
it { is_expected.to contain_file('/etc/fetch-crl.conf').without_content(%r{noerrors}) }
+ it {
+ is_expected.to contain_yumrepo('carepo').with({
+ baseurl: 'http://repository.egi.eu/sw/production/cas/1/current/',
+ gpgkey: 'https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3',
+ })}
case facts[:os]['release']['major']
when '6', '7'
it { is_expected.to contain_augeas('randomise_cron').with_incl('/etc/cron.d/fetch-crl') }
@@ -34,13 +39,20 @@
let(:params) do
{
cache_control_request: 1234,
- capkgs: %w[abc def]
+ capkgs: %w[abc def],
+ carepo: 'https://example.org/foo',
+ carepo_gpgkey: 'https://example.org/foo.gpg',
}
end
it { is_expected.to contain_file('/etc/fetch-crl.conf').with_content(%r{^cache_control_request = 1234$}) }
it { is_expected.to contain_package('abc').with_ensure('present') }
it { is_expected.to contain_package('def').with_ensure('present') }
+ it {
+ is_expected.to contain_yumrepo('carepo').with({
+ baseurl: 'https://example.org/foo',
+ gpgkey: 'https://example.org/foo.gpg',
+ })}
end
context 'with boolean params parameters set true' do
let(:params) do
@@ -48,10 +60,12 @@
noerrors: true,
randomcron: true,
runcron: true,
- runboot: true
+ runboot: true,
+ manage_carepo: true,
}
end
+ it { is_expected.to contain_yumrepo('carepo') }
it { is_expected.to contain_file('/etc/fetch-crl.conf').with_content(%r{^noerrors$}) }
case facts[:os]['release']['major']
when '6', '7'
@@ -74,10 +88,12 @@
noerrors: false,
randomcron: false,
runcron: false,
- runboot: false
+ runboot: false,
+ manage_carepo: false,
}
end
+ it { is_expected.not_to contain_yumrepo('carepo') }
it { is_expected.to contain_file('/etc/fetch-crl.conf').without_content(%r{^noerrors$}) }
it { is_expected.not_to contain_augeas('randomise_cron') }
case facts[:os]['release']['major']