The mirror-update server uses /var/run/reprepro to stash reprepro flock
files. We do that to ensure that we don't have stale locks after a
reboot bceause /var/run is cleaned on reboot. Problem is we rely on
daily ansible runs to recreate this dir which means that after a reboot
we can wait up to 24 hours before we get reprepro mirroring again.
Fix this via the use of tmpfiles.d which instructs systemd to create the
dir for us on boot. We specifically note (via the !) that this directory
should only be created on boot and we set the age value to - to prevent
systemd from deleting this directory.
Change-Id: I68e49475c54e756ce5a6933390dbe13ace976c29
It seems we're trying to rotate everything in this directory, leading
to an ever increasing set of weird rotation files as old rotations get
rotated themselves.
Change-Id: Ifd53879061baac35253782126367016b74a9cb70
The config should use the full path to the config directory, append
/etc/reprepro to the job.
Currently all the reprepro jobs hash to the same start time because it
uses the hostname as a seed. Use the unique string name as the seed
so each job starts at a unique time.
Change-Id: If2745d0cd274f390dbff6337b7a44093b5919908
Enable the Ansible based cron jobs, and disable the puppet host
versions to cut over the mirroring to the new server.
Change-Id: I0ffb1c484e64e67f5a5017dc3c3c8ebcdc3845c8
I missed these in the original port. For some reason we are
installing these directly from upstream keyservers in the puppet,
rather than from files like everything else.
Change-Id: Ie1fa956b96f3e6d091b3ffcaab5e0be370da8fc7
In converting this to ansible I forgot to install the reprepro keytab.
The encoded secret has been added for production.
Change-Id: I39d586e375ad96136cc151a7aed6f4cd5365f3c7
This converts the reprepro configuration from our existing puppet to
Ansible.
This takes a more direct approach; the templating done by the puppet
version started simple but over the years grew several different
options to handle various use-cases. This means you not only had to
understand the rather obscure reprepro configuration, but then *also*
figure out how to translate that from our puppet template layers.
Here the configuration files are kept directly (they were copied from
the existing mirror-update.openstack.org) and deployed with some light
wrapper tasks in reprepro/tasks/utils which avoids most duplication.
Note the initial cron jobs are left disabled so we can run some manual
testing before letting it go automatically.
Change-Id: I96a9ff1efbf51c4164621028b7a3a1e2e1077d5c
