mirrors/puppet-hashi_stack
1
0
Fork 0
mirror of https://github.com/voxpupuli/puppet-hashi_stack.git synced 2025-05-24 19:05:01 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add support for repo_gpgcheck, which should default to 0 since HashiCorp does not sign this repo (vs the RPMs in the repo, which are signed).

Browse source 
Without this, RHEL-like nodes with a global `repo_gpgcheck=1` setting will not be able to use this repo.  This global setting is required on many hardened systems.
This commit is contained in:
hammondr 2022-01-27 09:47:06 -05:00 committed by Ryan Hammond
parent 8197cc3dad
commit 49edc2e297
1 changed files with 9 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
manifests/repo.pp
View file

@ -25,6 +25,7 @@ class hashi_stack::repo (
Stdlib::HTTPSUrl $key_source = 'https://apt.releases.hashicorp.com/gpg', Stdlib::HTTPSUrl $key_source = 'https://apt.releases.hashicorp.com/gpg',
String $description = 'HashiCorp package repository.', String $description = 'HashiCorp package repository.',
String $rpm_base = 'https://rpm.releases.hashicorp.com', String $rpm_base = 'https://rpm.releases.hashicorp.com',
Integer[0,1] $repo_gpgcheck = 0,
) { ) {
case $facts['os']['family'] { case $facts['os']['family'] {
'Debian': { 'Debian': {
@ -53,6 +54,7 @@ class hashi_stack::repo (
baseurl => "${rpm_base}/RHEL/\$releasever/\$basearch/stable", baseurl => "${rpm_base}/RHEL/\$releasever/\$basearch/stable",
gpgcheck => 1, gpgcheck => 1,
gpgkey => $key_source, gpgkey => $key_source,
repo_gpgcheck => $repo_gpgcheck,
enabled => 1, enabled => 1,
proxy => $proxy, proxy => $proxy,
priority => $priority, priority => $priority,