Merge pull request #713 from StatensPensjonskasse/apt-key-to-keyring

Use keyring for apt repository; update dependency versions

Author: h-haaks

REFERENCE.md

@@ -109,6 +109,19 @@ class {'mongodb::globals':
 -> class {'mongodb::server': }
 ```
 
+##### Use a custom MongoDB apt repository.
+
+```puppet
+
+class {'mongodb::globals':
+  manage_package_repo => true,
+  repo_location       => 'https://example.com/repo',
+  keyring_location    => 'https://example.com/keyring.asc'
+}
+-> class {'mongodb::client': }
+-> class {'mongodb::server': }
+```
+
 ##### To disable managing of repository, but still enable managing packages.
 
 ```puppet
@@ -145,6 +158,7 @@ The following parameters are available in the `mongodb::globals` class:
 * [`proxy_username`](#-mongodb--globals--proxy_username)
 * [`proxy_password`](#-mongodb--globals--proxy_password)
 * [`repo_location`](#-mongodb--globals--repo_location)
+* [`keyring_location`](#-mongodb--globals--keyring_location)
 * [`use_enterprise_repo`](#-mongodb--globals--use_enterprise_repo)
 * [`pidfilepath`](#-mongodb--globals--pidfilepath)
 * [`pidfilemode`](#-mongodb--globals--pidfilemode)
@@ -324,6 +338,15 @@ If not specified, the module will use the default repository for your OS distro.
 
 Default value: `undef`
 
+##### <a name="-mongodb--globals--keyring_location"></a>`keyring_location`
+
+Data type: `Any`
+
+When `repo_location` is used for an apt repository this setting can be used for the keyring
+file to download.
+
+Default value: `undef`
+
 ##### <a name="-mongodb--globals--use_enterprise_repo"></a>`use_enterprise_repo`
 
 Data type: `Any`

manifests/globals.pp

@@ -19,6 +19,16 @@
 #   -> class {'mongodb::client': }
 #   -> class {'mongodb::server': }
 #
+# @example Use a custom MongoDB apt repository.
+#
+#   class {'mongodb::globals':
+#     manage_package_repo => true,
+#     repo_location       => 'https://example.com/repo',
+#     keyring_location    => 'https://example.com/keyring.asc'
+#   }
+#   -> class {'mongodb::client': }
+#   -> class {'mongodb::server': }
+#
 # @example To disable managing of repository, but still enable managing packages.
 #
 #   class {'mongodb::globals':
@@ -101,6 +111,10 @@
 #   This setting can be used to override the default MongoDB repository location.
 #   If not specified, the module will use the default repository for your OS distro.
 #
+# @param keyring_location
+#   When `repo_location` is used for an apt repository this setting can be used for the keyring
+#   file to download.
+#
 # @param use_enterprise_repo
 #   When manage_package_repo is set to true, this setting indicates if it will use the Community Edition
 #   (false, the default) or the Enterprise one (true).
@@ -139,6 +153,7 @@
   $proxy_password              = undef,
 
   $repo_location               = undef,
+  $keyring_location            = undef,
   $use_enterprise_repo         = undef,
 
   $pidfilepath                 = undef,
@@ -158,7 +173,10 @@
       version             => $repo_version,
       use_enterprise_repo => $use_enterprise_repo,
       repo_location       => $repo_location,
+      keyring_location    => $keyring_location,
       proxy               => $repo_proxy,
+      proxy_username      => $proxy_username,
+      proxy_password      => $proxy_password,
     }
   }
 }

manifests/repo.pp

@@ -15,6 +15,9 @@
 # @param repo_location
 #   Location of the upstream repository
 #
+# @param keyring_location
+#   Location of the upstream keyring
+#
 # @param proxy
 #   Proxy hostnam
 #
@@ -24,18 +27,15 @@
 # @param proxy_password
 #   Proxy pasword
 #
-# @param aptkey_options
-#   Options for debian aptkey
-#
 class mongodb::repo (
-  Enum['present', 'absent'] $ensure   = 'present',
-  Optional[String] $version           = undef,
-  Boolean $use_enterprise_repo        = false,
-  Optional[String] $repo_location     = undef,
-  Optional[String] $proxy             = undef,
-  Optional[String] $proxy_username    = undef,
-  Optional[String] $proxy_password    = undef,
-  Optional[String[1]] $aptkey_options = undef,
+  Enum['present', 'absent'] $ensure     = 'present',
+  Optional[String] $version             = undef,
+  Boolean $use_enterprise_repo          = false,
+  Optional[String[1]] $repo_location    = undef,
+  Optional[String[1]] $keyring_location = undef,
+  Optional[String[1]] $proxy            = undef,
+  Optional[String[1]] $proxy_username   = undef,
+  Optional[String[1]] $proxy_password   = undef,
 ) {
   if $version == undef and $repo_location == undef {
     fail('`version` or `repo_location` is required')
@@ -50,36 +50,48 @@
   case $facts['os']['family'] {
     'RedHat', 'Linux': {
       if $repo_location != undef {
-        $location = $repo_location
+        $_repo_location = $repo_location
         $description = 'MongoDB Custom Repository'
       } else {
         if $use_enterprise_repo {
-          $location = "https://repo.mongodb.com/yum/redhat/\$releasever/mongodb-enterprise/${version}/\$basearch/"
+          $_repo_location = "https://repo.mongodb.com/yum/redhat/\$releasever/mongodb-enterprise/${version}/\$basearch/"
           $description = 'MongoDB Enterprise Repository'
         } else {
-          $location = "https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/${version}/\$basearch/"
+          $_repo_location = "https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/${version}/\$basearch/"
           $description = 'MongoDB Repository'
         }
       }
 
-      contain mongodb::repo::yum
+      class { 'mongodb::repo::yum':
+        ensure         => $ensure,
+        repo_location  => $_repo_location,
+        description    => $description,
+        proxy          => $proxy,
+        proxy_username => $proxy_username,
+        proxy_password => $proxy_password,
+      }
     }
 
     'Suse': {
       if $repo_location {
-        $location = $repo_location
+        $_repo_location = $repo_location
         $description = 'MongoDB Custom Repository'
       } else {
-        $location = "https://repo.mongodb.org/zypper/suse/\$releasever_major/mongodb-org/${version}/\$basearch/"
+        $_repo_location = "https://repo.mongodb.org/zypper/suse/\$releasever_major/mongodb-org/${version}/\$basearch/"
         $description = 'MongoDB Repository'
       }
 
-      contain mongodb::repo::zypper
+      class { 'mongodb::repo::zypper':
+        ensure        => $ensure,
+        repo_location => $_repo_location,
+        description   => $description,
+      }
     }
 
     'Debian': {
       if $repo_location != undef {
-        $location = $repo_location
+        $_repo_location = $repo_location
+        $_keyring_location = $keyring_location
       } else {
         if $use_enterprise_repo == true {
           $repo_domain = 'repo.mongodb.com'
@@ -89,31 +101,34 @@
           $repo_path   = 'mongodb-org'
         }
 
-        $location = $facts['os']['name'] ? {
+        $_repo_location = $facts['os']['name'] ? {
           'Debian' => "https://${repo_domain}/apt/debian",
           'Ubuntu' => "https://${repo_domain}/apt/ubuntu",
           default  => undef
         }
+        $_keyring_location = "https://www.mongodb.org/static/pgp/server-${version}.asc"
         $release     = "${facts['os']['distro']['codename']}/${repo_path}/${version}"
         $repos       = $facts['os']['name'] ? {
           'Debian' => 'main',
           'Ubuntu' => 'multiverse',
           default => undef
         }
-        $key = $version ? {
-          '5.0'   => 'F5679A222C647C87527C2F8CB00A0BD1E2C63C11',
-          '4.4'   => '20691EEC35216C63CAF66CE1656408E390CFB1F5',
-          default => '20691EEC35216C63CAF66CE1656408E390CFB1F5'
-        }
-        $key_server = 'hkp://keyserver.ubuntu.com:80'
+        $comment = 'MongoDB Repository'
       }
 
-      contain mongodb::repo::apt
+      class { 'mongodb::repo::apt':
+        ensure           => $ensure,
+        repo_location    => $_repo_location,
+        keyring_location => $_keyring_location,
+        release          => $release,
+        repos            => $repos,
+        comment          => $comment,
+      }
     }
 
     default: {
       if($ensure == 'present') {
-        fail("Unsupported managed repository for osfamily: ${facts['os']['family']}, operatingsystem: ${facts['os']['name']}, module ${module_name} currently only supports managing repos for osfamily RedHat, Suse, Debian and Ubuntu")
+        fail("Unsupported managed repository for osfamily: ${facts['os']['family']}, operatingsystem: ${facts['os']['name']}")
       }
     }
   }

manifests/repo/apt.pp

@@ -1,29 +1,58 @@
+# @api private
+#
 # @summary This is a repo class for apt
 #
-# @api private
-class mongodb::repo::apt inherits mongodb::repo {
+# @param ensure
+#   present or absent
+#
+# @param repo_location
+#   Location of the upstream repository
+#
+# @param keyring_location
+#   Location of the upstream keyring
+#
+# @param version
+#   The version of the mongodb repo
+#
+# @param release
+#   Specifies a distribution of the Apt repository.
+#
+# @param repos
+#   Specifies a component of the Apt repository.
+#
+# @param comment
+#   Supplies a comment for adding to the Apt source file.
+#
+class mongodb::repo::apt (
+  Enum['present', 'absent'] $ensure,
+  String[1] $repo_location,
+  String[1] $keyring_location,
+  Optional[String[1]] $release = undef,
+  Optional[String[1]] $repos = undef,
+  Optional[String[1]] $comment = undef,
+) {
   # we try to follow/reproduce the instruction
   # from http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/
 
+  assert_private()
+
   include apt
 
-  if($mongodb::repo::ensure == 'present' or $mongodb::repo::ensure == true) {
-    apt::source { 'mongodb':
-      location => $mongodb::repo::location,
-      release  => $mongodb::repo::release,
-      repos    => $mongodb::repo::repos,
-      key      => {
-        'id'      => $mongodb::repo::key,
-        'server'  => $mongodb::repo::key_server,
-        'options' => $mongodb::repo::aptkey_options,
-      },
-    }
+  $keyring_file = split($keyring_location, '/')[-1]
+  apt::source { 'mongodb':
+    ensure   => $ensure,
+    location => $repo_location,
+    release  => $mongodb::repo::release,
+    repos    => $mongodb::repo::repos,
+    key      => {
+      dir    => '/usr/share/keyrings/',
+      name   => "mongodb-${keyring_file}",
+      source => $keyring_location,
+    },
+    comment  => $comment,
+  }
 
+  if($ensure == 'present') {
     Apt::Source['mongodb'] -> Class['apt::update'] -> Package<| tag == 'mongodb_package' |>
   }
-  else {
-    apt::source { 'mongodb':
-      ensure => absent,
-    }
-  }
 }

manifests/repo/yum.pp

@@ -1,25 +1,47 @@
+# @api private
+#
 # @summary This is a repo class for yum
 #
-# @api private
-class mongodb::repo::yum inherits mongodb::repo {
+# @param ensure
+#   present or absent
+#
+# @param repo_location
+#   Location of the upstream repository
+#
+# @param description
+#   A human-readable description of the repository.
+#
+# @param proxy
+#   Proxy hostnam
+#
+# @param proxy_username
+#   Proxy user name
+#
+# @param proxy_password
+#   Proxy pasword
+#
+class mongodb::repo::yum (
+  Enum['present', 'absent'] $ensure,
+  String[1] $repo_location,
+  String[1] $description,
+  Optional[String[1]] $proxy          = undef,
+  Optional[String[1]] $proxy_username = undef,
+  Optional[String[1]] $proxy_password = undef,
+) {
   # We try to follow/reproduce the instruction
-  # http://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat-centos-or-fedora-linux/
+  # https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-red-hat/
 
-  if $mongodb::repo::ensure == 'present' or $mongodb::repo::ensure == true {
-    yumrepo { 'mongodb':
-      descr          => $mongodb::repo::description,
-      baseurl        => $mongodb::repo::location,
-      gpgcheck       => '0',
-      enabled        => '1',
-      proxy          => $mongodb::repo::proxy,
-      proxy_username => $mongodb::repo::proxy_username,
-      proxy_password => $mongodb::repo::proxy_password,
-    }
-    Yumrepo['mongodb'] -> Package<| tag == 'mongodb_package' |>
+  yumrepo { 'mongodb':
+    ensure         => $ensure,
+    descr          => $description,
+    baseurl        => $repo_location,
+    gpgcheck       => '0',
+    enabled        => '1',
+    proxy          => $proxy,
+    proxy_username => $proxy_username,
+    proxy_password => $proxy_password,
   }
-  else {
-    yumrepo { 'mongodb':
-      ensure => absent,
-    }
+  if $ensure == 'present' {
+    Yumrepo['mongodb'] -> Package<| tag == 'mongodb_package' |>
   }
 }