yum: Multiple enhancements

* Add support for specifying path for X.509 CA file so Yum validates HTTPS connections to repository. * Add support for disabling package's GPG signature validation. * Add support for validating repository's metadata using GPG signature. * Add define for using repositories from packagecloud.io. * Add repository for Basho's Riak using packagecloud.io.
2015-01-20 14:52:49 +00:00 · 2015-01-20 14:52:49 +00:00 · 6c56b0dc3b
commit 6c56b0dc3b
parent 1661e89691
3 changed files with 130 additions and 5 deletions
--- a/yum/manifests/init.pp
+++ b/yum/manifests/init.pp
@ -199,8 +199,16 @@ class yum::exclude {
 #   $descr:
 #       Repository description. Defaults to $name.
 #   $gpgkey:
-#       Location where GPG signing key can be found. If not set
-#       GPG check will be disabled.
+#       Location where GPG signing key can be found.
+#   $gpgcheck:
+#       Perform GPG signature check for packages. Enabled by default
+#       if $gpgkey is set.
+#   $repocheck:
+#       Perform GPG signature check for repository metadata.
+#   $sslcacert:
+#       Path to the file containing the certificates of the
+#       certificate authorities yum should use to verify TLS
+#       connections.
 #   $priority:
 #       Optional priority for this repository.
 #
@ -212,7 +220,17 @@ class yum::exclude {
 #     gpgkey  => "http://tmz.fedorapeople.org/repo/RPM-GPG-KEY-tmz",
 # }
 #
-define yum::repo($ensure="present", $baseurl="", $mirrorlist="", $descr="", $gpgkey="", $priority="") {
+define yum::repo(
+  $ensure="present",
+  $baseurl="",
+  $mirrorlist="",
+  $descr="",
+  $gpgkey="",
+  $gpgcheck=true,
+  $repocheck=false,
+  $sslcacert="",
+  $priority=""
+) {

    tag("bootstrap")

@ -271,6 +289,30 @@ define yum::repo($ensure="present", $baseurl="", $mirrorlist="", $descr="", $gpg
 }


+# packagecloud.io repositories
+#
+# === Parameters
+#
+#   $name:
+#       Repository path under packagecloud.io. For example
+#       "basho/riak".
+#
+define yum::repo::packagecloud() {
+
+  $filename = regsubst($name, '\/', '_')
+
+  yum::repo { $filename:
+    descr     => "$name repository from packagecloud.io",
+    baseurl   => "https://packagecloud.io/$name/el/\$releasever/\$basearch",
+    gpgkey    => "puppet:///modules/yum/keys/packagecloud.io.key",
+    gpgcheck  => false,
+    repocheck => true,
+    sslcacert => "/etc/pki/tls/certs/ca-bundle.crt",
+  }
+
+}
+
+
 # Add Adobe repository
 #
 class yum::repo::adobe {
@ -676,3 +718,12 @@ class yum::repo::mod_spdy {
  }

 }
+
+
+# Add Basho's riak repository
+#
+class yum::repo::riak {
+
+  yum::repo::packagecloud { "basho/riak": }
+
+}