pkg.installed:
- name: {{ arvados.api.pkg.name }}
- version: {{ arvados.version }}
+ - refresh: true
- require:
- sls: {{ sls_config_file }}
pkg.installed:
- name: arvados-server
- version: {{ arvados.version }}
+ - refresh: true
pkg.installed:
- name: {{ arvados.controller.pkg.name }}
- version: {{ arvados.version }}
+ - refresh: true
pkg.installed:
- name: {{ arvados.dispatcher.pkg.name }}
- version: {{ arvados.version }}
+ - refresh: true
# FIXME! Until https://dev.arvados.org/issues/16995 makes it to
# a new release, this is required so the dependency is installed
arvados-dispatcher-package-install-crunch-run-pkg-installed:
pkg.installed:
- name: crunch-run
+ - version: {{ arvados.version }}
+ - refresh: true
- require:
- pkg: arvados-dispatcher-package-install-pkg-installed
- - version: {{ arvados.version }}
{%- endif %}
- .shell
- .workbench
- .dispatcher
+ - .keepbalance
pkg.installed:
- name: {{ arvados.keepproxy.pkg.name }}
- version: {{ arvados.version }}
+ - refresh: true
pkg.installed:
- name: {{ arvados.keepstore.pkg.name }}
- version: {{ arvados.version }}
+ - refresh: true
pkg.installed:
- name: {{ arvados.keepweb.pkg.name }}
- version: {{ arvados.version }}
+ - refresh: true
repo:
url_base: 'http://apt.arvados.org'
file: /etc/apt/sources.list.d/arvados.list
- key_url: 'http://apt.arvados.org/pubkey.gpg'
+ keyring_file: /usr/share/keyrings/arvados-archive-keyring.gpg
+ keyring_source: 'http://apt.arvados.org/keyring.gpg'
+ keyring_source_hash: 53c2c84849ada21e383f55af0753adb321cc941e7efab94483e3a1703fcc66f1
RedHat:
repo:
{%- else %}
{%- set release = distro %}
{%- endif %}
-arvados-repo-install-pkgrepo-managed:
- pkgrepo.managed:
- - humanname: {{ arvados.repo.humanname }}
- - name: deb {{ arvados.repo.url_base }}/{{ distro }} {{ release }} main
- - file: {{ arvados.repo.file }}
- - key_url: {{ arvados.repo.key_url }}
+
+arvados-repo-install-pkgrepo-keyring-managed:
+ file.managed:
+ - name: {{ arvados.repo.keyring_file }}
+ - source:
+ - {{ arvados.repo.keyring_source }}
+ - source_hash: sha256={{ arvados.repo.keyring_source_hash }}
+ - require_in:
+ - file: arvados-repo-install-file-managed
+
+arvados-repo-install-file-managed:
+ file.managed:
+ - name: {{ arvados.repo.file }}
+ - contents: >
+ deb [signed-by={{ arvados.repo.keyring_file }} arch=amd64]
+ {{ arvados.repo.url_base }}/{{ distro }} {{ release }} main
{%- elif grains.get('os_family') == 'RedHat' %}
{%- if arvados.release == 'testing' %}
- {{ package }}
{%- endif %}
{%- endfor %}
+ - refresh: true
arvados-shell-package-install-gems-deps-pkg-installed:
pkg.installed:
pkg.installed:
- name: {{ arvados.websocket.pkg.name }}
- version: {{ arvados.version }}
+ - refresh: true
pkg.installed:
- name: {{ arvados.workbench.pkg.name }}
- version: {{ arvados.version }}
+ - refresh: true
- require:
{%- if arvados.ruby.manage_ruby %}
- {{ ruby_dep }}: arvados-ruby-package-install-ruby-{{ ruby_dep }}-installed
pkg.installed:
- name: {{ arvados.workbench2.pkg.name }}
- version: {{ arvados.version }}
+ - refresh: true
- require:
- sls: {{ sls_config_file }}
driver:
image: saltimages/salt-master-py3:centos-7
+ ## SALT `3004.0`
+ - name: debian-11-3004.0-py3
+ driver:
+ image: saltimages/salt-3004.0-py3:debian-11
+ - name: debian-10-3004.0-py3
+ driver:
+ image: saltimages/salt-3004.0-py3:debian-10
+ - name: ubuntu-2004-3004.0-py3
+ driver:
+ image: saltimages/salt-3004.0-py3:ubuntu-20.04
+ - name: ubuntu-1804-3004.0-py3
+ driver:
+ image: saltimages/salt-3004.0-py3:ubuntu-18.04
+ - name: centos-7-3004.0-py3
+ driver:
+ image: saltimages/salt-3004.0-py3:centos-7
+
## SALT `3003.3`
- name: debian-11-3003.3-py3
driver:
image: saltimages/salt-3003.3-py3:centos-7
## SALT `3002.7`
- - name: debian-11-3002.7-py3
- driver:
- image: saltimages/salt-3002.7-py3:debian-11
- name: debian-10-3002.7-py3
driver:
image: saltimages/salt-3002.7-py3:debian-10
driver:
image: saltimages/salt-3002.7-py3:centos-7
- ## SALT `3001.8`
- - name: debian-10-3001.8-py3
- driver:
- image: saltimages/salt-3001.8-py3:debian-10
- - name: ubuntu-2004-3001.8-py3
- driver:
- image: saltimages/salt-3001.8-py3:ubuntu-20.04
- - name: ubuntu-1804-3001.8-py3
- driver:
- image: saltimages/salt-3001.8-py3:ubuntu-18.04
- - name: centos-7-3001.8-py3
- driver:
- image: saltimages/salt-3001.8-py3:centos-7
-
verifier:
# https://www.inspec.io/
name: inspec
codename = 'bullseye'
end
repo_file = '/etc/apt/sources.list.d/arvados.list'
- repo_url = "deb http://apt.arvados.org/#{codename} #{codename} main"
+ repo_keyring = '/usr/share/keyrings/arvados-archive-keyring.gpg'
+ repo_url = "deb [signed-by=/usr/share/keyrings/arvados-archive-keyring.gpg arch=amd64] http://apt.arvados.org/#{codename} #{codename} main"
+end
+
+control 'arvados repository keyring' do
+ title 'should be installed'
+
+ only_if('Requirement for Debian family') do
+ platform.family == 'debian'
+ end
+
+ describe file(repo_keyring) do
+ it { should exist }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ end
end
control 'arvados repository' do
codename = 'bullseye'
end
repo_file = '/etc/apt/sources.list.d/arvados.list'
- repo_url = "deb http://apt.arvados.org/#{codename} #{codename}-dev main"
+ repo_keyring = '/usr/share/keyrings/arvados-archive-keyring.gpg'
+ repo_url = "deb [signed-by=/usr/share/keyrings/arvados-archive-keyring.gpg arch=amd64] http://apt.arvados.org/#{codename} #{codename}-dev main"
+end
+
+control 'arvados repository keyring' do
+ title 'should be installed'
+
+ only_if('Requirement for Debian family') do
+ platform.family == 'debian'
+ end
+
+ describe file(repo_keyring) do
+ it { should exist }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ end
end
control 'arvados repository' do