ubuntu: Add options to ignore mirror components and use insecure repos

When using the upstream cloud images with the "ubuntu" element, they
have universe and multiverse enabled which we don't mirror.

To use the infra mirrors as a DIB_DISTRIBUTION_MIRROR with this
element, we need to be able to skip redirecting to universe and
multiverse, and additionally enable insecure repos (as we don't gpg
sign our mirrors).

Add and document two new variables with the ubuntu element to do this.
This is then setup by the openstack-ci-mirrors element so that we use
local mirrors duing dib functional testing for the "ubuntu" element.

Change-Id: I6ffbde07fa0e103641ee5c5f9d9e854e5b2168dc
This commit is contained in:
Ian Wienand 2018-10-15 16:00:18 +11:00
parent b86af3dc6a
commit c47ee6e121
3 changed files with 35 additions and 5 deletions

View File

@ -27,8 +27,12 @@ if [ -f /etc/ci/mirror_info.sh ]; then
fi
# This is repo files pre-created for the fedora/centos-minimal jobs in
# the gate
# Infra doesn't mirror non-free repos, so instruct to ignore these
export DIB_DISTRIBUTION_MIRROR_UBUNTU_IGNORE="(universe|multiverse)"
export DIB_DISTRIBUTION_MIRROR_UBUNTU_INSECURE=1
# These repo files are pre-created for the fedora/centos-minimal jobs
# in the gate. Not relevant inside the chroot.
if [[ -d ${WORKSPACE:-/not/a/path/}/dib-mirror ]]; then
if [[ "${DISTRO_NAME}" == "fedora" ]]; then

View File

@ -11,5 +11,15 @@ Overrides:
* To download a non-default release of Ubuntu cloud images, use the
environment variable ``DIB_RELEASE``. This element will export the
``DIB_RELEASE`` variable.
* Use ``DIB_DISTRIBUTION_MIRROR`` to override the ``sources.list``
with an alternative mirror
* Setting ``DIB_DISTRIBUTION_MIRROR_UBUNTU_IGNORE`` to an
extended-regexp (i.e. the argument to the ``=~`` bash comparitor)
which, when matched, will *not* set that line to the
``DIB_DISTRIBUTION_MIRROR``. For example, if your local mirror
does not mirror the universe and multiverse components, set this to
``(universe|multiverse)``
* Setting ``DIB_DISTRIBUTION_MIRROR_UBUNTU_INSECURE`` updates apt
settings to allow insecure/unuthenticated repositories.
.. element_deps::

View File

@ -1,6 +1,6 @@
#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
if [ ${DIB_DEBUG_TRACE:-0} -gt 1 ]; then
set -x
fi
set -eu
@ -10,5 +10,21 @@ DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-}
[ -n "$DIB_DISTRIBUTION_MIRROR" ] || exit 0
sudo sed -ie "s&http://\(archive\|security\).ubuntu.com/ubuntu&$DIB_DISTRIBUTION_MIRROR&" \
/etc/apt/sources.list
while IFS= read line
do
if [[ "$line" =~ "${DIB_DISTRIBUTION_MIRROR_UBUNTU_IGNORE:-}" ]]; then
# append line unmodified
echo "$line" | tee --append /etc/apt/sources.list.new
else
echo "$line" | \
sed -e "s&http://\(archive\|security\).ubuntu.com/ubuntu&$DIB_DISTRIBUTION_MIRROR&" | \
tee --append /etc/apt/sources.list.new
fi
done < /etc/apt/sources.list
if [[ -n "${DIB_DISTRIBUTION_MIRROR_UBUNTU_INSECURE:-}" ]]; then
echo "APT::Get::AllowUnauthenticated \"true\";" | tee /etc/apt/apt.conf.d/95allow-unauthenticated
echo "Acquire::AllowInsecureRepositories \"true\";" | tee -a /etc/apt/apt.conf.d/95allow-unauthenticated
fi
mv /etc/apt/sources.list.new /etc/apt/sources.list