From 327acd54d66a7987ca39a4e002a5210384fd2165 Mon Sep 17 00:00:00 2001 From: Nodar Nutsubidze Date: Sun, 5 Jan 2014 16:02:07 -0600 Subject: [PATCH] initial commit --- LICENSE | 191 +++++++++++++++++++++ README.md | 17 ++ apt-cacher/client.sls | 4 + apt-cacher/files/01proxy | 2 + apt-cacher/files/apt-cacher.conf | 278 +++++++++++++++++++++++++++++++ apt-cacher/server.sls | 18 ++ pillar.example | 2 + 7 files changed, 512 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 apt-cacher/client.sls create mode 100644 apt-cacher/files/01proxy create mode 100644 apt-cacher/files/apt-cacher.conf create mode 100644 apt-cacher/server.sls create mode 100644 pillar.example diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..37ec93a --- /dev/null +++ b/LICENSE @@ -0,0 +1,191 @@ +Apache License +Version 2.0, January 2004 +http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + +"License" shall mean the terms and conditions for use, reproduction, and +distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the copyright owner or entity authorized by the copyright +owner that is granting the License. + +"Legal Entity" shall mean the union of the acting entity and all other entities +that control, are controlled by, or are under common control with that entity. +For the purposes of this definition, "control" means (i) the power, direct or +indirect, to cause the direction or management of such entity, whether by +contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the +outstanding shares, or (iii) beneficial ownership of such entity. + +"You" (or "Your") shall mean an individual or Legal Entity exercising +permissions granted by this License. + +"Source" form shall mean the preferred form for making modifications, including +but not limited to software source code, documentation source, and configuration +files. + +"Object" form shall mean any form resulting from mechanical transformation or +translation of a Source form, including but not limited to compiled object code, +generated documentation, and conversions to other media types. + +"Work" shall mean the work of authorship, whether in Source or Object form, made +available under the License, as indicated by a copyright notice that is included +in or attached to the work (an example is provided in the Appendix below). + +"Derivative Works" shall mean any work, whether in Source or Object form, that +is based on (or derived from) the Work and for which the editorial revisions, +annotations, elaborations, or other modifications represent, as a whole, an +original work of authorship. For the purposes of this License, Derivative Works +shall not include works that remain separable from, or merely link (or bind by +name) to the interfaces of, the Work and Derivative Works thereof. + +"Contribution" shall mean any work of authorship, including the original version +of the Work and any modifications or additions to that Work or Derivative Works +thereof, that is intentionally submitted to Licensor for inclusion in the Work +by the copyright owner or by an individual or Legal Entity authorized to submit +on behalf of the copyright owner. For the purposes of this definition, +"submitted" means any form of electronic, verbal, or written communication sent +to the Licensor or its representatives, including but not limited to +communication on electronic mailing lists, source code control systems, and +issue tracking systems that are managed by, or on behalf of, the Licensor for +the purpose of discussing and improving the Work, but excluding communication +that is conspicuously marked or otherwise designated in writing by the copyright +owner as "Not a Contribution." + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf +of whom a Contribution has been received by Licensor and subsequently +incorporated within the Work. + +2. Grant of Copyright License. + +Subject to the terms and conditions of this License, each Contributor hereby +grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, +irrevocable copyright license to reproduce, prepare Derivative Works of, +publicly display, publicly perform, sublicense, and distribute the Work and such +Derivative Works in Source or Object form. + +3. Grant of Patent License. + +Subject to the terms and conditions of this License, each Contributor hereby +grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, +irrevocable (except as stated in this section) patent license to make, have +made, use, offer to sell, sell, import, and otherwise transfer the Work, where +such license applies only to those patent claims licensable by such Contributor +that are necessarily infringed by their Contribution(s) alone or by combination +of their Contribution(s) with the Work to which such Contribution(s) was +submitted. If You institute patent litigation against any entity (including a +cross-claim or counterclaim in a lawsuit) alleging that the Work or a +Contribution incorporated within the Work constitutes direct or contributory +patent infringement, then any patent licenses granted to You under this License +for that Work shall terminate as of the date such litigation is filed. + +4. Redistribution. + +You may reproduce and distribute copies of the Work or Derivative Works thereof +in any medium, with or without modifications, and in Source or Object form, +provided that You meet the following conditions: + +You must give any other recipients of the Work or Derivative Works a copy of +this License; and +You must cause any modified files to carry prominent notices stating that You +changed the files; and +You must retain, in the Source form of any Derivative Works that You distribute, +all copyright, patent, trademark, and attribution notices from the Source form +of the Work, excluding those notices that do not pertain to any part of the +Derivative Works; and +If the Work includes a "NOTICE" text file as part of its distribution, then any +Derivative Works that You distribute must include a readable copy of the +attribution notices contained within such NOTICE file, excluding those notices +that do not pertain to any part of the Derivative Works, in at least one of the +following places: within a NOTICE text file distributed as part of the +Derivative Works; within the Source form or documentation, if provided along +with the Derivative Works; or, within a display generated by the Derivative +Works, if and wherever such third-party notices normally appear. The contents of +the NOTICE file are for informational purposes only and do not modify the +License. You may add Your own attribution notices within Derivative Works that +You distribute, alongside or as an addendum to the NOTICE text from the Work, +provided that such additional attribution notices cannot be construed as +modifying the License. +You may add Your own copyright statement to Your modifications and may provide +additional or different license terms and conditions for use, reproduction, or +distribution of Your modifications, or for any such Derivative Works as a whole, +provided Your use, reproduction, and distribution of the Work otherwise complies +with the conditions stated in this License. + +5. Submission of Contributions. + +Unless You explicitly state otherwise, any Contribution intentionally submitted +for inclusion in the Work by You to the Licensor shall be under the terms and +conditions of this License, without any additional terms or conditions. +Notwithstanding the above, nothing herein shall supersede or modify the terms of +any separate license agreement you may have executed with Licensor regarding +such Contributions. + +6. Trademarks. + +This License does not grant permission to use the trade names, trademarks, +service marks, or product names of the Licensor, except as required for +reasonable and customary use in describing the origin of the Work and +reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. + +Unless required by applicable law or agreed to in writing, Licensor provides the +Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, +including, without limitation, any warranties or conditions of TITLE, +NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are +solely responsible for determining the appropriateness of using or +redistributing the Work and assume any risks associated with Your exercise of +permissions under this License. + +8. Limitation of Liability. + +In no event and under no legal theory, whether in tort (including negligence), +contract, or otherwise, unless required by applicable law (such as deliberate +and grossly negligent acts) or agreed to in writing, shall any Contributor be +liable to You for damages, including any direct, indirect, special, incidental, +or consequential damages of any character arising as a result of this License or +out of the use or inability to use the Work (including but not limited to +damages for loss of goodwill, work stoppage, computer failure or malfunction, or +any and all other commercial damages or losses), even if such Contributor has +been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. + +While redistributing the Work or Derivative Works thereof, You may choose to +offer, and charge a fee for, acceptance of support, warranty, indemnity, or +other liability obligations and/or rights consistent with this License. However, +in accepting such obligations, You may act only on Your own behalf and on Your +sole responsibility, not on behalf of any other Contributor, and only if You +agree to indemnify, defend, and hold each Contributor harmless for any liability +incurred by, or claims asserted against, such Contributor by reason of your +accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work + +To apply the Apache License to your work, attach the following boilerplate +notice, with the fields enclosed by brackets "[]" replaced with your own +identifying information. (Don't include the brackets!) The text should be +enclosed in the appropriate comment syntax for the file format. We also +recommend that a file or class name and description of purpose be included on +the same "printed page" as the copyright notice for easier identification within +third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..6f7f796 --- /dev/null +++ b/README.md @@ -0,0 +1,17 @@ +apt-cacher-formula +================== + +Install the apt-cacher. This allows you to install either the server or the +client version.o + +Requirements +------------ +apache-formula + +Available states +---------------- + +``apt-cacher.server`` + Installs the server +``apt-cacher.client`` + Sets up the device to use the apt-cacher for apt-get packages diff --git a/apt-cacher/client.sls b/apt-cacher/client.sls new file mode 100644 index 0000000..bd535a3 --- /dev/null +++ b/apt-cacher/client.sls @@ -0,0 +1,4 @@ +/etc/apt/apt.conf.d/01proxy: + file.managed: + - source: salt://apt-cacher/files/01proxy + - template: jinja diff --git a/apt-cacher/files/01proxy b/apt-cacher/files/01proxy new file mode 100644 index 0000000..b7c975c --- /dev/null +++ b/apt-cacher/files/01proxy @@ -0,0 +1,2 @@ +{% set apt_cacher = pillar.get('apt-cacher', {}) -%} +Acquire::http::Proxy "http://{{ apt_cacher.get('host', 'localhost') }}:3142"; diff --git a/apt-cacher/files/apt-cacher.conf b/apt-cacher/files/apt-cacher.conf new file mode 100644 index 0000000..0381db1 --- /dev/null +++ b/apt-cacher/files/apt-cacher.conf @@ -0,0 +1,278 @@ +# This file is managed by Salt, do not edit by hand!! +{% set apt_cacher = pillar.get('apt-cacher', {}) -%} +################################################################################# +# This is the config file for apt-cacher. On most Debian systems you can safely # +# leave the defaults alone. # +# # +# Commented defaults or examples are given. They can be changed here, or # +# overridden using a fragment placed in ./conf.d/ # +################################################################################# + +### GENERAL ### + +# The location of the local cache/working directory. This can become quite +# large, so make sure it is somewhere with plenty of space. +# +#cache_dir = /var/cache/apt-cacher + +# The directory to use for apt-cacher access and error logs. +# The access log records every request in the format: +# +# date-time|PID|client IP address|HIT/HEAD/MISS/EXPIRED/NOTMOD|object size|object name +# +# The error log is slightly more free-form, and is also used for debug messages +# if debug mode is turned on. +# +#log_dir = /var/log/apt-cacher + +# The email address of the administrator is displayed in the info page and +# traffic reports. +# +admin_email = {{ apt_cacher.get('admin_email', 'root@localhost') }} + +# Daemon port setting, only useful in stand-alone mode. You need to run the +# daemon as root to use privileged ports (<1024). +# +# For standalone daemon auto startup settings please edit the file +# /etc/default/apt-cacher. +# +#daemon_port = 3142 + +# Optional settings, user and group to run the daemon as. Make sure they have +# sufficient permissions within the cache and log directories. Comment the +# settings to run apt-cacher as the invoking user. +# +group = www-data +user = www-data + +# optional setting, binds the listening daemon to specified IP(s). +# +#daemon_addr = localhost + +# Apt-cacher can be used in offline mode which just uses files already cached, +# but doesn't make any new outgoing connections by setting this to 1. +# +#offline_mode = 1 + +# To enable data checksumming, install libberkeleydb-perl and set this option to +# 1. Then wait until the Packages/Sources files have been refreshed once (and so +# the database has been built up). You can also delete them from the cache to +# trigger the database update. +# +#checksum = 1 + +# Importing checksums from new index files into the checksum database can cause +# high CPU usage on slower systems. This option sets a limit to the number of +# index files that are imported simultaneously, thereby limiting CPU load +# average, but, possibly, taking longer. Set to 0 for no limit. +# +#concurrent_import_limit = 1 + +# CGI mode is deprecated. +# +# Send a 410 (Gone) HTTP message with the specified text when accessed via +# CGI. Useful to tell users to adapt their sources.list files when the +# apt-cacher server is being relocated (via apt-get's error messages while +# running "update") +# +#cgi_advise_to_use = Please use http://cacheserver:3142/ as apt-cacher access URL +#cgi_advise_to_use = Server relocated. To change sources.list, run +# perl -pe "s,/apt-cacher??,:3142," -i /etc/apt/sources.list +# +# To further facilitate migration from CGI to daemon mode this setting will +# automatically redirect incoming CGI requests to the specified daemon URL. +# +#cgi_redirect = http://localhost:3142/ + +### UPSTREAM PROXY ### + +# Apt-cacher can pass all its requests to an external HTTP proxy like Squid, +# which could be very useful if you are using an ISP that blocks port 80 and +# requires all web traffic to go through its proxy. The format is +# 'hostname:port', eg: 'proxy.example.com:8080'. +# +#http_proxy = proxy.example.com:8080 + +# External http proxy sometimes need authentication to get full access. The +# format is 'username:password'. +# +#http_proxy_auth = proxyuser:proxypass + +# Use of the configured external proxy can be turned on or off with this flag. +# Value should be either 0 (off) or 1 (on). +# +#use_proxy = 0 + +# Use of external proxy authentication can be turned on or off with this flag. +# Value should be either 0 (off) or 1 (on). +# +#use_proxy_auth = 0 + +# This sets the interface to use for the upstream connection. +# Specify an interface name, an IP address or a host name. +# If unset, the default route is used. +# +#interface = eth0 + +# Rate limiting sets the maximum bandwidth in bytes per second to use for +# fetching packages. Use 0 value for no rate limiting. +# +#limit = 0 + +### ACCESS and SECURITY ### + +# Server mapping - this allows mapping virtual paths that appear in the access +# URL to real server names. The syntax is the part of the beginning of the URL +# to replace (the key), followed by a list of mirror URLs, all space +# separated. Multiple mappings are separated by semicolons or commas, as +# usual. Note that you need to specify all keys (or use the 'PATH_MAP' +# shorthand) in the allowed_locations option, if you make use of it. Also note +# that the paths should not overlap each other. +# +# The keys are also used to separate the caching of multiple distributions +# within a single apt-cacher instance if distinct_namespaces is also set. +# +#path_map = debian ftp.uni-kl.de/pub/linux/debian ftp2.de.debian.org/debian ; +# ubuntu archive.ubuntu.com/ubuntu ; +# security security.debian.org/debian-security ftp2.de.debian.org/debian-security +# +# There are 2 default internal path_map settings for the Debian and Ubuntu +# changelog servers which will be merged with this option. +# +# debian-changelogs packages.debian.org +# ubuntu-changelogs changelogs.ubuntu.com +# +# These can be overridden by specifying an alternative mirror for that key, or +# deleted by just specifying the key with no mirror. +# +#path_map = debian-changelogs + +# From version 1.7.0 there is support for caching multiple distibutions (eg +# Debian and Ubuntu) within the same apt-cacher instance. Enable this by setting +# distinct_namespaces to 1. Distribution package files are cached in separate +# directories whose names are derived from the relevant path_map key. So +# generally there will be a path_map key => server(s) setting for each +# distribution that is cached. Having enabled distinct_namespaces, existing +# packages can be imported into the correct directory by running (as root) +# +# /usr/share/apt-cacher/apt-cacher-import.pl -u {cache_dir}/packages +# +#distinct_namespaces = 0 + +# If the apt-cacher machine is directly exposed to the Internet and you are +# worried about unauthorised machines fetching packages through it, you can +# specify a list of IP addresses which are allowed to use it and another list of +# IP addresses which are prohibited. +# +# Localhost (127.0.0.1, ::1 and ::7f00:1) are always allowed. Other addresses +# must be matched by allowed_hosts and not by denied_hosts to be permitted to +# use the cache. Setting allowed_hosts to "*" means "allow all" (which was the +# default before version 1.7.0). The default is now ''. +# +# The format is a comma-separated list containing addresses, optionally with +# masks (like 10.0.0.0/24 or 10.0.0.0/255.255.255.0), or ranges of addresses +# (two addresses separated by a hyphen with no masks, specifying a valid subnet, +# like '192.168.0.0-63' or '192.168.0.0 - 192.168.0.63') or a DNS resolvable +# hostname. The corresponding IPv6 options allowed_hosts_6 and denied_hosts_6 +# are deprecated (but will still be honoured, if set). IPv6 addresses can now be +# added directly to allowed_hosts and denied_hosts along with IPv4 addresses. + +allowed_hosts = {{ apt_cacher.get('allowed_hosts', '*') }} +denied_hosts = {{ apt_cacher.get('denied_hosts', '') }} + +# Only allow HTTPS/SSL proxy CONNECT to hosts or IPs which match an item in this +# list. +# +#allowed_ssl_locations = + +# Only allow HTTPS/SSL proxy CONNECT to ports which match an item in this list. +# Adding further items to this option can pose a significant security risk. DO +# NOT do it unless you understand the full implications. +# +#allowed_ssl_ports = 443 + +# Optional setting to limit access to upstream mirrors based on server names in +# the URLs. This is matched before any path_map settings are expanded. If +# 'PATH_MAP' in included in this option, it will be expanded to the keys of the +# path_map setting. Note these items are strings, not regexps. +# +#allowed_locations = ftp.uni-kl.de, ftp.nerim.net, debian.tu-bs.de/debian +#allowed_locations = ftp.debian.org, PATH_MAP +#allowed_locations = PATH_MAP + +# List of Ubuntu release names used to expand UBUNTU_RELEASE_NAMES in +# installer_files_regexp (see below). This is required to allow the Ubuntu +# installer to fetch upgrade information. As the naming scheme is unpredictable, +# new release names need to be added to this list. +# +#ubuntu_release_names = dapper, edgy, feisty, gutsy, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, precise + +### HOUSEKEEPING ### + +# Apt-cacher can generate usage reports every 24 hours if you set this directive +# to 1. You can view the reports in a web browser by pointing to your cache +# machine with 'report' on the end, like this: +# +# http://yourcache.example.com:3142/report +# +# Generating reports is very fast even with many thousands of logfile lines, so +# you can safely turn this on without creating much additional system load. +# +#generate_reports = 1 + +# Apt-cacher can clean up its cache directory every 24 hours if you set this +# directive to 1. Cleaning the cache can take some time to run (generally in the +# order of a few minutes) and removes all package files that are not mentioned +# in any existing 'Packages' lists. This has the effect of deleting packages +# that have been superseded by an updated 'Packages' list. +# +#clean_cache = 1 + +### INTERNALS ### + +# Debug mode makes apt-cacher write a lot of extra debug information to the +# error log (whose location is defined with the 'log_dir' directive). Leave +# this off unless you need it, or your error log will get very big. Acceptable +# values are 0 or an integer up to 7. See man apt-cacher (1) for further +# details. +# +#debug = 0 + +# You shouldn't need to change anything below here. If you do, ensure you +# understand the full implications of doing so. + +# Permitted package files -- this is a perl regular expression which matches all +# package-type files (files that are uniquely identified by their filename). +# +#package_files_regexp = (?:^[-+.a-z0-9]+_(?:\d:)?[-+.~a-zA-Z0-9]+(?:_[-a-z0-9]+\.(?:u|d)?deb|\.dsc|\.tar(?:\.gz|\.bz2|\.xz)|\.diff\.gz)|\.rpm|index\.db-.+\.gz|\.jigdo|\.template)$ + +# Permitted APT pdiff files -- this is a perl regular expression which matches +# APT pdiff files which are ed(1) scripts used to patch index files rather than +# redownloading the whole file afresh. +# +#pdiff_files_regexp = ^2\d{3}-\d{2}-\d{2}-\d{4}\.\d{2}\.gz$ + +# Permitted Index files -- this is the perl regular expression which matches all +# index-type files (files that are uniquely identified by their full path and +# need to be checked for freshness). +# +#index_files_regexp = ^(?:Index(?:\.bz2)?|Packages(?:\.gz|\.bz2)?|Release(?:\.gpg)?|InRelease|Sources(?:\.gz|\.bz2)?|Contents-(?:[a-z]+-)?[a-zA-Z0-9]+\.gz|(?:srclist|pkglist)\.[a-z-]+\.bz2|release(?:\.gz|\.bz2)?|Translation-[a-z]{2,3}(?:_[A-Z]{2})?(?:\.gz|\.bz2|\.xz)?)$ + +# Permitted installer files -- this is the perl regular expression which matches +# all installer-type files (files that are uniquely identified by their full +# path but don’t need to be checked for freshness). These are typically files +# used by Debian/Ubuntu Installer, Debian Live and apt. Within this option, the +# shorthand 'UBUNTU_RELEASE_NAMES' will be expanded to the list configured in +# ubuntu_release_names as regexp alternatives. +# +installer_files_regexp = ^(?:vmlinuz|linux|initrd\.gz|changelog|NEWS.Debian|[a-z]+\.tar\.gz(?:\.gpg)?|UBUNTU_RELEASE_NAMES\.tar\.gz(?:\.gpg)?|(?:Devel|EOL)?ReleaseAnnouncement(?:\.html)?|meta-release(?:-lts)?(?:-(?:development|proposed))?)$ + +# Perl regular expression which matches Index files from which to read checksums +# if checksum is enabled. +# +#checksum_files_regexp = ^(?:Packages(?:\.gz|\.bz2)?|Sources(?:\.gz|\.bz2)?|(?:In)?Release|Index(?:\.bz2)?)$ + +# Perl regular expression which matches URLs to be permitted for Debian bugs +# SOAP requests as made by apt-listbugs(1). +# +#soap_url_regexp = ^(?:http://)?bugs\.debian\.org(?::80)?/cgi-bin/soap.cgi$ diff --git a/apt-cacher/server.sls b/apt-cacher/server.sls new file mode 100644 index 0000000..bc1376f --- /dev/null +++ b/apt-cacher/server.sls @@ -0,0 +1,18 @@ +include: + - apache + +apt-cacher: + pkg: + - installed + service.running: + - enable: True + - require: + - pkg: apt-cacher + +/etc/apt-cacher/apt-cacher.conf: + file.managed: + - source: salt://apt-cacher/files/apt-cacher.conf + - template: jinja + - mode: 644 + - watch_in: + - service: apt-cacher diff --git a/pillar.example b/pillar.example new file mode 100644 index 0000000..90300c1 --- /dev/null +++ b/pillar.example @@ -0,0 +1,2 @@ +apt_cacher: + host: cacher.mycompany.com