refactor(pkgs): readbility

This commit is contained in:
Javier Bértoli 2022-02-02 19:32:48 -03:00
parent 037c13a674
commit b76e8cc664
4 changed files with 27 additions and 18 deletions

View File

@ -10,8 +10,8 @@ in favor of using `keyring files` which contain a binary OpenPGP format of the k
As nginx and passenger don't provide such key files, we created them following the As nginx and passenger don't provide such key files, we created them following the
official recomendations in their sites and install the resulting files. official recomendations in their sites and install the resulting files.
Ngninx Nginx
------ -----
See https://nginx.org/en/linux_packages.html#Debian for details See https://nginx.org/en/linux_packages.html#Debian for details

View File

@ -19,6 +19,9 @@
'server_use_symlink': True, 'server_use_symlink': True,
'pid_file': '/run/nginx.pid', 'pid_file': '/run/nginx.pid',
'openssl_package': 'openssl', 'openssl_package': 'openssl',
'package_repo_keyring': '/usr/share/keyrings/nginx-archive-keyring.gpg',
'passenger_package_repo_keyring': '/usr/share/keyrings/phusionpassenger-archive-keyring.gpg',
}, },
'CentOS': { 'CentOS': {
'package': 'nginx', 'package': 'nginx',

View File

@ -37,11 +37,11 @@ nginx_install:
- name: {{ nginx.lookup.package }} - name: {{ nginx.lookup.package }}
{% endif %} {% endif %}
{% if salt['grains.get']('os_family') == 'Debian' %} {% if grains.os_family == 'Debian' %}
{%- if from_official %} {%- if from_official %}
nginx_official_repo_keyring: nginx_official_repo_keyring:
file.managed: file.managed:
- name: /usr/share/keyrings/nginx-archive-keyring.gpg - name: {{ nginx.lookup.package_repo_keyring }}
- source: {{ files_switch(['nginx-archive-keyring.gpg'], - source: {{ files_switch(['nginx-archive-keyring.gpg'],
lookup='nginx_official_repo_keyring' lookup='nginx_official_repo_keyring'
) )
@ -58,8 +58,10 @@ nginx_official_repo:
- absent - absent
{%- endif %} {%- endif %}
- humanname: nginx apt repo - humanname: nginx apt repo
- name: deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/{{ grains['os'].lower() }}/ {{ grains['oscodename'] }} nginx - name: >-
- file: /etc/apt/sources.list.d/nginx-official-{{ grains['oscodename'] }}.list deb [signed-by={{ nginx.lookup.package_repo_keyring }}]
http://nginx.org/packages/{{ grains.os | lower }}/ {{ grains.oscodename }} nginx
- file: /etc/apt/sources.list.d/nginx-official-{{ grains.oscodename }}.list
- require_in: - require_in:
- pkg: nginx_install - pkg: nginx_install
- watch_in: - watch_in:
@ -74,10 +76,10 @@ nginx_ppa_repo:
{%- else %} {%- else %}
- absent - absent
{%- endif %} {%- endif %}
{% if salt['grains.get']('os') == 'Ubuntu' %} {% if grains.os == 'Ubuntu' %}
- ppa: nginx/{{ nginx.ppa_version }} - ppa: nginx/{{ nginx.ppa_version }}
{% else %} {% else %}
- name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains['oscodename'] }} main - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains.oscodename }} main
- keyid: C300EE8C - keyid: C300EE8C
- keyserver: keyserver.ubuntu.com - keyserver: keyserver.ubuntu.com
{% endif %} {% endif %}
@ -101,12 +103,12 @@ nginx_phusionpassenger_repo_keyring:
# Remove the old repo file # Remove the old repo file
nginx_phusionpassenger_repo_remove: nginx_phusionpassenger_repo_remove:
pkgrepo.absent: pkgrepo.absent:
- name: deb http://nginx.org/packages/{{ grains['os'].lower() }}/ {{ grains['oscodename'] }} nginx - name: deb http://nginx.org/packages/{{ grains.os |lower }}/ {{ grains.oscodename }} nginx
- keyid: 561F9B9CAC40B2F7 - keyid: 561F9B9CAC40B2F7
- require_in: - require_in:
- pkgrepo: nginx_phusionpassenger_repo - pkgrepo: nginx_phusionpassenger_repo
file.absent: file.absent:
- name: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains['oscodename'] }}.list - name: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains.oscodename }}.list
- require_in: - require_in:
- pkgrepo: nginx_phusionpassenger_repo - pkgrepo: nginx_phusionpassenger_repo
{%- endif %} {%- endif %}
@ -119,15 +121,17 @@ nginx_phusionpassenger_repo:
- absent - absent
{%- endif %} {%- endif %}
- humanname: nginx phusionpassenger repo - humanname: nginx phusionpassenger repo
- name: deb [signed-by=/usr/share/keyrings/phusionpassenger-archive-keyring.gpg] https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains['oscodename'] }} main - name: >-
- file: /etc/apt/sources.list.d/phusionpassenger-official-{{ grains['oscodename'] }}.list deb [signed-by={{ nginx.lookup.passenger_package_repo_keyring }}]
https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains.oscodename }} main
- file: /etc/apt/sources.list.d/phusionpassenger-official-{{ grains.oscodename }}.list
- require_in: - require_in:
- pkg: nginx_install - pkg: nginx_install
- watch_in: - watch_in:
- pkg: nginx_install - pkg: nginx_install
{% endif %} {% endif %}
{% if salt['grains.get']('os_family') == 'Suse' or salt['grains.get']('os') == 'SUSE' %} {% if grains.os_family == 'Suse' or grains.os == 'SUSE' %}
nginx_zypp_repo: nginx_zypp_repo:
pkgrepo: pkgrepo:
{%- if from_official %} {%- if from_official %}
@ -148,8 +152,8 @@ nginx_zypp_repo:
- pkg: nginx_install - pkg: nginx_install
{% endif %} {% endif %}
{% if salt['grains.get']('os_family') == 'RedHat' %} {% if grains.os_family == 'RedHat' %}
{% if salt['grains.get']('osfinger', '') in ['Amazon Linux-2'] %} {% if grains.osfinger in ['Amazon Linux-2'] %}
nginx_epel_repo: nginx_epel_repo:
pkgrepo.managed: pkgrepo.managed:
- name: epel - name: epel

View File

@ -1,10 +1,10 @@
# frozen_string_literal: true # frozen_string_literal: true
case os[:name] case os.family
when 'centos' when 'redhat'
repo_file = '/etc/yum.repos.d/passenger.repo' repo_file = '/etc/yum.repos.d/passenger.repo'
repo_url = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch' repo_url = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
when 'debian', 'ubuntu' when 'debian'
# Inspec does not provide a `codename` matcher, so we add ours # Inspec does not provide a `codename` matcher, so we add ours
case platform[:release].to_f.truncate case platform[:release].to_f.truncate
# ubuntu # ubuntu
@ -13,6 +13,8 @@ when 'debian', 'ubuntu'
when 20 when 20
codename = 'focal' codename = 'focal'
# debian # debian
when 9
codename = 'stretch'
when 10 when 10
codename = 'buster' codename = 'buster'
when 11 when 11