Hi!

Setting a custom config file path is supported in init.pp, but the path is hard coded in both mirror.pp and repo.pp, so you can't really use the module to create mirrors and repos with a custom config file path.

So defining aptly::config_file to a custom path other than /etc/aptly.conf, and a few mirrors with aptly::aptly_mirrors and repos with aptly::aptly_repos through hiera, makes puppet agent fail during run.

This is the error message I get:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Could not find resource 'File[/etc/aptly.conf]' in parameter 'require' (file: /etc/puppetlabs/code/environments/some_user/modules/aptly/manifests/repo.pp, line: 62) on node XYZ
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Could not find resource 'File[/etc/aptly.conf]' in parameter 'require' (file: /etc/puppetlabs/code/environments/some_user/modules/aptly/manifests/mirror.pp, line: 153) on node XYZ

• Joacim

When setting a configuration variable (f.e. downloadSourcePackages) which Aptly expects to be boolean, the function to_pson generates a string. Aptly then complains about a bad configuration: ERROR: error loading config file /etc/aptly.conf: json: cannot unmarshal string into Go value of type bool. Maybe to_json would be better, but I have not checked it.

Currently, puppet-aptly checks if a mirror by the same name already exists. If it does, no action is taken. This has the side effect of not allowing edits to be made to an already created mirror. Since aptly has an aptly mirror edit feature, puppet-aptly should look into adding support for this.

Hello,
any chance for a new release soon on puppet forge ? (with the new gpg key)

Thank you

could you change the aptly-api to be symlinked to init.d so that it can be tab completed?

Hy,

I'm using your 0.4.0 tag via forge... My problem is, that other modules in my puppet environment require puppetlabs-apt to be >2.0.0. So this leads to a conflict and I'm not able to use your module.

That's why I'd like to ask for a new release allowing puppetlabs-apt to be more current?

Kind regards
ITler

Currently, this module requires apt < 2.0

It would be nice to support newer versions of the module, I believe the only problem I could spot was the include_src in:
https://github.com/gds-operations/puppet-aptly/blob/master/manifests/init.pp#L68

I use this module in my application and every time I ran Puppet for the 1st time, it fails to install aptly. Is this a know-issue or it's only happening for me?

Here is a snippet from the output during the Puppet run:

Notice: /Stage[main]/Aptly/Apt::Source[aptly]/Apt::Key[Add key: B6140515643C2AE155596690E083A3782A194991 from Apt::Source aptly]/Apt_key[Add key: B6140515643C2AE155596690E083A3782A194991 from Apt::Source aptly]/ensure: created
Notice: /Stage[main]/Aptly/Apt::Source[aptly]/Apt::Setting[list-aptly]/File[/etc/apt/sources.list.d/aptly.list]/ensure: created
Info: /Stage[main]/Aptly/Apt::Source[aptly]/Apt::Setting[list-aptly]/File[/etc/apt/sources.list.d/aptly.list]: Scheduling refresh of Class[Apt::Update]
Error: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install aptly' returned 100: Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package aptly
Error: /Stage[main]/Aptly/Package[aptly]/ensure: change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install aptly' returned 100: Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package aptly

Thanks!

Right now there are only old versions of ubuntu present in the metadata.json.
Does this module work with Ubuntu 20.04? If so, could you add that to the metadata, please?

When I use the puppet-aptly module (from github master) in an Ubuntu Xenial system, I can define the creation of a mirror and can see puppet handling correctly the check that that repo does not exist and the creation return a successful result. However, if I run aptly mirror list the command line know nothing about the aptly repo. Log attached (aptly repo is called ros_stable)

Debug: /Package[aptly]: The container Class[Aptly] will propagate my refresh event
Debug: Exec[aptly_mirror_create-ros_stable](provider=posix): Executing check '/usr/bin/aptly -config /etc/aptly.conf mirror show ros_stable >/dev/null'
Debug: Executing '/usr/bin/aptly -config /etc/aptly.conf mirror show ros_stable >/dev/null'
Debug: /Stage[main]/Main/Node[default]/Aptly::Mirror[ros_stable]/Exec[aptly_mirror_create-ros_stable]/unless: ERROR: unable to show: mirror with name ros_stable not found
Debug: Exec[aptly_mirror_create-ros_stable](provider=posix): Executing '/usr/bin/aptly -config /etc/aptly.conf mirror create -architectures="amd64" -with-sources=false -with-udebs=false ros_stable http://packages.ros.org/ros/ubuntu trusty'
Debug: Executing '/usr/bin/aptly -config /etc/aptly.conf mirror create -architectures="amd64" -with-sources=false -with-udebs=false ros_stable http://packages.ros.org/ros/ubuntu trusty'
Notice: /Stage[main]/Main/Node[default]/Aptly::Mirror[ros_stable]/Exec[aptly_mirror_create-ros_stable]/returns: executed successfully
Debug: /Stage[main]/Main/Node[default]/Aptly::Mirror[ros_stable]/Exec[aptly_mirror_create-ros_stable]: The container Aptly::Mirror[ros_stable] will propagate my refresh event
Debug: Aptly::Mirror[ros_stable]: The container Node[default] will propagate my refresh event
Debug: Node[default]: The container Class[Main] will propagate my refresh event
Debug: Class[Aptly]: The container Stage[main] will propagate my refresh event
Debug: Class[Apt]: The container Stage[main] will propagate my refresh event
Debug: Class[Main]: The container Stage[main] will propagate my refresh event
Debug: Finishing transaction 20499700
Debug: Storing state
Info: Creating state file /var/lib/puppet/state/state.yaml
Debug: Stored state in 0.02 seconds
Notice: Finished catalog run in 38.50 seconds
Debug: Using settings: adding file resource 'rrddir': 'File[/var/lib/puppet/rrd]{:path=>"/var/lib/puppet/rrd", :mode=>"750", :owner=>"puppet", :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: /File[/var/lib/puppet/rrd]/ensure: created
Debug: Finishing transaction 21477520
Debug: Received report to process from 8f1d5c64a418.telefonica.net
Debug: Evicting cache entry for environment 'production'
Debug: Caching environment 'production' (ttl = 0 sec)
Debug: Processing report from 8f1d5c64a418.telefonica.net with processor Puppet::Reports::Store

root@8f1d5c64a418:/# aptly mirror list
No mirrors found, create one with `aptly mirror create ...`.
root@8f1d5c64a418:/# aptly mirror show ros_stable
ERROR: unable to show: mirror with name ros_stable not found

If I run puppet again, it can detect it perfectly and if I run manually from the command line the same command run by puppet it creates the repo just fine. Is this bug or am I doing something wrong?

It would be great if we could support the latest version of the apt puppet module

mod 'puppetlabs-apt', '4.5.1'

I have created a pull request correcting the issue I found.

As far as I could understand from using the module and reading the code, there is no support for publishing right now.

I am using this module to create a debian reporsitory from puppet, and i would like puppet to be able to not only create the repository and mirrors, but also manage publishing them.

Right now all of those are done from my wrapper class which calls this module, but in a rather ugly way.

Is there any planned support for publishing repos/snapshots in a near future?

Thanks

Does this module work with Puppet 7? Could you add the version 7 as a supported version, please?

Hi,

the old apt key doesn't work anymore.

Please use following code:
init.pp line 63
id => '26DA9D8630302E0B86A7A2CBED75B5A4483DA07C',

There does not seem to be a tag for this release?

Can you add the flag -no-lock to the aptly-api so that the CLI can be used alongside the api?

Hi,

Some mirrors, like jessie, need 3 keys : 2B90D010, 46925553, 65FFB764.
Today, it's impossible to give an array to the class (define) mirror.
So we used a workaround for adding all keys before loading the class aptly.
Is it possible to update your code for adding a array instead of a simple variable ?

Thomas

I added the function to use the nightly release.

For me it is needed to use gpg2 on Debian 9.
Due the squeeze release only provide Aptly v1.3.0 which only supports gpg1.

Following the code for nightly release function incl. new APT key:

`
class aptly (
String $package_ensure = 'present',
Stdlib::Absolutepath $config_file = '/etc/aptly.conf',
Hash $config = {},
Optional[String] $config_contents = undef,
Boolean $repo = true,
Boolean $nightly_release = false,
String $key_server = 'keyserver.ubuntu.com',
String $user = 'root',
Hash $aptly_repos = {},
Hash $aptly_mirrors = {},
) {
if $repo {

if $nightly_release {
  $release = 'nightly'
}
else {
  $release = 'squeeze'
}

apt::source { 'aptly':
  location => 'http://repo.aptly.info',
  release  => $release,
  repos    => 'main',
  key      =>  {
    server => $key_server,
    id     => '26DA9D8630302E0B86A7A2CBED75B5A4483DA07C',
  }
}

Apt::Source['aptly'] -> Class['apt::update'] -> Package['aptly']

}

package { 'aptly':
ensure => $package_ensure,
}

$config_file_contents = $config_contents ? {
undef => inline_template("<%= Hash[@config.sort].to_pson %>\n"),
default => $config_contents,
}

file { $config_file:
ensure => file,
content => $config_file_contents,
}

$aptly_cmd = "/usr/bin/aptly -config ${config_file}"

create_resources('::aptly::repo', $aptly_repos)
create_resources('::aptly::mirror', $aptly_mirrors)
}
`

The File resource which defined /etc/aptly.conf ignores the $user parameter, making it impossible to execute the commands as any user but 'root' (the default user).

I'd like support for the -with-udebs and -with-sources flags. Support for -filter and -filter-with-deps would also be nice.

Hi,

Today, there is no limit of the number of architecture, aptly will mirroring ; it will mirror all architectures available.

I suggest to add a new option in "aptly::mirror" with the name arch. If empty, so the module will do the same thing as today, otherwise the module will limit the mirroring to theses architectures.

I have already begun to work on this feature for my company.

Thomas

Greetings,

I am a security researcher, who is looking for security smells in Puppet scripts. I found instances where the HTTP protocol is used instead of HTTPS (HTTP with TLS). According to the Common Weakness Enumeration organization this is a security weakness (https://cwe.mitre.org/data/definitions/319.html). I was wondering why HTTP is used? Is it because of lack of tool support?

I am trying to find out if developers are forced to adopt bad practices due to lack of tool support when it comes to the HTTPS protocol. Maybe it is due to dependency on a resource that uses HTTP?

Any feedback is appreciated.

Source: https://github.com/gds-operations/puppet-aptly/blob/master/manifests/init.pp (Line#72)

Howdi,

Fringe case but the aptly::apiclass does not work on RHEL6 due to the following seems invalid sytax;

setuid <%= @user %>
setgid <%= @group %>

Also the command puppet then uses to start the service is '/sbin/service aptly-api start' and if it is upstart it neds to be "initctl start aptly-api". Might be best to use good old style /etc/init.d? :)

Hi,

The latest version (1.0.0) is not compatible with the latest versions of stdlib and apt.

This module requires a version below 5.0.0 for both stdlib and apt, which have a latest version of 6.0.0 and 7.0.1 respectively.

Thanks,
Jory