Puppet users - Dec 2009 - How to add Ubuntu PPA repository (with signing key)?

I''m new to Puppet. I''ve read the docs, followed the tutorials,
and have
the software up and running on 4 Ubuntu systems. I''ve written a few
simple modules but could use some help.

I use several PPAs (Personal Package Archives/Ubuntu). Can anyone
suggest how to add a PPA repository, along with the signing key, into
the base Ubuntu repository? (My goal is to manage Ubuntu upgrades on
heavily customized systems, should anyone have pointers or code that
might help.)

(I intend to practice by installing VLC from the PPA -
https://launchpad.net/~c-korn/+archive/vlc )

Thank you.

--

You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Use the /etc/apt/sources.list.d/ for adding repositories. Note the files 
in there must have ".list" extension to be considered.

For signing the easy way out is creating a define similar to this one:
I''d advise against this one because I made it when I started using
puppet.


In a class:
         $folder = "/etc/apt/rkeys/"
         file { $folder :
                 owner   => root,
                 group   => root,
                 mode    => 700,
                 ensure  => directory
         }

In the define
define apt_sign_key($sign_key)
{

         $file_dest = "${folder}${sign_key}"
         file { $file_dest :
                 owner   => root,
                 group   => root,
                 mode    => 600,
                 source  => "puppet:///somepath/${sign_key}",
                 require => File[$folder]
         }

         exec { "apt-key add ${file_dest}":
                 refreshonly     => true,
                 require         => File[$file_dest],
                 subscribe       => File[$file_dest]
         }
}

Another way would be doing something like

file{ "${repokey}": ......}
exec { "apt-key add ${repokey}":
     require    => File[$repokey],
     unless    => "apt-key list | grep $repokeyid"
}

And of course the best way would be to do another provider like yumrepo 
in ruby :-)


Silviu

On 07.12.2009 17:54, Ron wrote:
> I''m new to Puppet. I''ve read the docs, followed the
tutorials, and have
> the software up and running on 4 Ubuntu systems. I''ve written a
few
> simple modules but could use some help.
>
> I use several PPAs (Personal Package Archives/Ubuntu). Can anyone
> suggest how to add a PPA repository, along with the signing key, into
> the base Ubuntu repository? (My goal is to manage Ubuntu upgrades on
> heavily customized systems, should anyone have pointers or code that
> might help.)
>
> (I intend to practice by installing VLC from the PPA -
> https://launchpad.net/~c-korn/+archive/vlc )
>
> Thank you.
>
> --
>
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
>
>    
--

You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thank you Silviu,

Very simple and straight forward. I followed a previous thread that
discussed the sources.list.d directory, but didn''t quite connect the
dots. With your advise, I looked at a few of my systems and found that
Google parks the repo for their Chrome browser there. That example
should help me debug any problems.

As far as the yumrepo, I''m still smarting from Red Hat going all
enterprisie ... I jumped 5 machines to Gentoo, and after 3 years of
daily compiles, I twitch a bit when the Ubuntu Update Manager pops
up ;-)

Thanks again!

On Mon, 2009-12-07 at 20:00 +0200, Silviu Paragina
wrote:
> Use the /etc/apt/sources.list.d/ for adding repositories. Note the files 
> in there must have ".list" extension to be considered.
> 
> For signing the easy way out is creating a define similar to this one:
> I''d advise against this one because I made it when I started using
puppet.
> 
> 
> In a class:
>          $folder = "/etc/apt/rkeys/"
>          file { $folder :
>                  owner   => root,
>                  group   => root,
>                  mode    => 700,
>                  ensure  => directory
>          }
> 
> In the define
> define apt_sign_key($sign_key)
> {
> 
>          $file_dest = "${folder}${sign_key}"
>          file { $file_dest :
>                  owner   => root,
>                  group   => root,
>                  mode    => 600,
>                  source  => "puppet:///somepath/${sign_key}",
>                  require => File[$folder]
>          }
> 
>          exec { "apt-key add ${file_dest}":
>                  refreshonly     => true,
>                  require         => File[$file_dest],
>                  subscribe       => File[$file_dest]
>          }
> }
> 
> Another way would be doing something like
> 
> file{ "${repokey}": ......}
> exec { "apt-key add ${repokey}":
>      require    => File[$repokey],
>      unless    => "apt-key list | grep $repokeyid"
> }
> 
> And of course the best way would be to do another provider like yumrepo 
> in ruby :-)
> 
> 
> Silviu
> 
> On 07.12.2009 17:54, Ron wrote:
> > I''m new to Puppet. I''ve read the docs, followed the
tutorials, and have
> > the software up and running on 4 Ubuntu systems. I''ve written
a few
> > simple modules but could use some help.
> >
> > I use several PPAs (Personal Package Archives/Ubuntu). Can anyone
> > suggest how to add a PPA repository, along with the signing key, into
> > the base Ubuntu repository? (My goal is to manage Ubuntu upgrades on
> > heavily customized systems, should anyone have pointers or code that
> > might help.)
> >
> > (I intend to practice by installing VLC from the PPA -
> > https://launchpad.net/~c-korn/+archive/vlc )
> >
> > Thank you.
> >
> > --
> >
> > You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> >
> >
> >    
> 
> --
> 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
> 
--

You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 08.12.2009 19:37, Ron wrote:
> Thank you Silviu,
>
> Very simple and straight forward. I followed a previous thread that
> discussed the sources.list.d directory, but didn''t quite connect
the
> dots. With your advise, I looked at a few of my systems and found that
> Google parks the repo for their Chrome browser there. That example
> should help me debug any problems.
>    
Super cool. :-)
> As far as the yumrepo, I''m still smarting from Red Hat going all
> enterprisie ... I jumped 5 machines to Gentoo, and after 3 years of
> daily compiles, I twitch a bit when the Ubuntu Update Manager pops
> up ;-)
>    
I meant implementing a new type like aptrepo there. Actually the best 
design decision would be: rename yumrepo as packagerepo, split some of 
the code as a provider yumrepo, add new code for a provider aptrepo. But 
that isn''t easy as pie and it requires ruby knowledge, apt and puppet 
internals. This is the elegant, but complex solution. Now I''m
balabbering.

Distro change requires a lot of work, so I wouldn''t recommend that that
easily (and I didn''t).


Silviu
> Thanks again!
>
> On Mon, 2009-12-07 at 20:00 +0200, Silviu Paragina wrote:
>    
>> Use the /etc/apt/sources.list.d/ for adding repositories. Note the
files
>> in there must have ".list" extension to be considered.
>>
>> For signing the easy way out is creating a define similar to this one:
>> I''d advise against this one because I made it when I started
using puppet.
>>
>>
>> In a class:
>>           $folder = "/etc/apt/rkeys/"
>>           file { $folder :
>>                   owner   =>  root,
>>                   group   =>  root,
>>                   mode    =>  700,
>>                   ensure  =>  directory
>>           }
>>
>> In the define
>> define apt_sign_key($sign_key)
>> {
>>
>>           $file_dest = "${folder}${sign_key}"
>>           file { $file_dest :
>>                   owner   =>  root,
>>                   group   =>  root,
>>                   mode    =>  600,
>>                   source  => 
"puppet:///somepath/${sign_key}",
>>                   require =>  File[$folder]
>>           }
>>
>>           exec { "apt-key add ${file_dest}":
>>                   refreshonly     =>  true,
>>                   require         =>  File[$file_dest],
>>                   subscribe       =>  File[$file_dest]
>>           }
>> }
>>
>> Another way would be doing something like
>>
>> file{ "${repokey}": ......}
>> exec { "apt-key add ${repokey}":
>>       require    =>  File[$repokey],
>>       unless    =>  "apt-key list | grep $repokeyid"
>> }
>>
>> And of course the best way would be to do another provider like yumrepo
>> in ruby :-)
>>
>>
>> Silviu
>>
>> On 07.12.2009 17:54, Ron wrote:
>>      
>>> I''m new to Puppet. I''ve read the docs, followed
the tutorials, and have
>>> the software up and running on 4 Ubuntu systems. I''ve
written a few
>>> simple modules but could use some help.
>>>
>>> I use several PPAs (Personal Package Archives/Ubuntu). Can anyone
>>> suggest how to add a PPA repository, along with the signing key,
into
>>> the base Ubuntu repository? (My goal is to manage Ubuntu upgrades
on
>>> heavily customized systems, should anyone have pointers or code
that
>>> might help.)
>>>
>>> (I intend to practice by installing VLC from the PPA -
>>> https://launchpad.net/~c-korn/+archive/vlc )
>>>
>>> Thank you.
>>>
>>> --
>>>
>>> You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>>
>>>        
>> --
>>
>> You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>>      
> --
>
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
>
>    
--

You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

> I meant implementing a new type like aptrepo there. Actually the best
> design decision would be: rename yumrepo as packagerepo, split some of
> the code as a provider yumrepo, add new code for a provider aptrepo. But
> that isn''t easy as pie and it requires ruby knowledge, apt and
puppet
> internals. This is the elegant, but complex solution. Now I''m
balabbering.
You''re not blabbering.  A new type in Puppet seems like the right idea
to me.

J.

-- 
Julian Simpson
Software Build and Deployment
http://www.build-doctor.com
http://twitter.com/builddoctor

--

You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

This is a very old thread, but I am a new puppet user and it still seems 
very relevant.

I am a SuSE user struggling to find  a tidy way of managing repository 
keys, but I think the principles are the same for all distributions.
As far as I can see, both yumrepo and zypprepo are of limited value because 
they don''t provide a mechanism to import keys. I suspect most people
bottle
out of this by disabling the GPG checking, and that sounds to me like a bad 
idea.

So I think the way to go is
(1) new type packagerepo to supercede yumrepo and zypprepo
(2) the gpgkey parameter should do something useful, i.e. import the key 
from the puppet server

Then the administrator would install trusted keys on the Puppet server and 
they would be automatically distributed to clients.

I may well be missing something here, so I am happy to be corrected if i am 
wrong

Bob
 
On Tuesday, 8 December 2009 21:02:28 UTC, Julian Simpson
wrote:
>
> > I meant implementing a new type like aptrepo there. Actually the best 
> > design decision would be: rename yumrepo as packagerepo, split some of
> > the code as a provider yumrepo, add new code for a provider aptrepo.
But
> > that isn''t easy as pie and it requires ruby knowledge, apt
and puppet
> > internals. This is the elegant, but complex solution. Now I''m
> balabbering. 
>
> You''re not blabbering.  A new type in Puppet seems like the right
idea to
> me. 
>
> J. 
>
> -- 
> Julian Simpson 
> Software Build and Deployment 
> http://www.build-doctor.com 
> http://twitter.com/builddoctor 
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/qGmj6SxAicUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.