feat(repo): install_from_repo

Adrien "ze" Urban · Adrien "ze" Urban · commit 734644a3b38f · 2023-01-27T11:35:02.000+01:00
Allow install via package from a repository
diff --git a/pillar.example b/pillar.example
@@ -143,3 +143,7 @@ vault:
     ZF5q4h4I33PSGDdSvGXn9UMY5Isjpg==
     =7pIB
     -----END PGP PUBLIC KEY BLOCK-----
+
+  install_from_repo: false  # Set to True to install package rather than extract archive
+  repo: ...  # Might specify a specific repo, if not present in map
+  package: vault  # If package would have any other name
diff --git a/vault/config/clean.sls b/vault/config/clean.sls
@@ -2,6 +2,8 @@
 # vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
 {% from "vault/map.jinja" import vault with context %}
 
+{% if not vault.install_from_repo %}
 vault-config-clean-file-absent:
   file.absent:
     - name: {{ vault.config_path }}/vault
+{% endif %}
diff --git a/vault/config/config.sls b/vault/config/config.sls
@@ -2,10 +2,15 @@
 # vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
 
 {% from "vault/map.jinja" import vault with context -%}
+{% if not vault.install_from_repo %}
+{%   set configfile = vault.config_path ~ '/vault/conf.d/config.json' %}
+{% else %}
+{%   set configfile = vault.repo_configfile %}
+{% endif %}
 
 vault-config-config-file-serialize:
   file.serialize:
-    - name: {{ vault.config_path }}/vault/conf.d/config.json
+    - name: {{ configfile }}
     - encoding: utf-8
     - formatter: json
     - dataset: {{ vault.config | json }}
diff --git a/vault/defaults.yaml b/vault/defaults.yaml
@@ -144,3 +144,6 @@ vault:
     ZF5q4h4I33PSGDdSvGXn9UMY5Isjpg==
     =7pIB
     -----END PGP PUBLIC KEY BLOCK-----
+
+  install_from_repo: false
+  package: vault
diff --git a/vault/osfamilymap.yaml b/vault/osfamilymap.yaml
@@ -3,6 +3,10 @@
 ---
 Debian:
   setcap_pkg: libcap2-bin
+  repo: 'deb [arch={{ grains["osarch"] }}] https://apt.releases.hashicorp.com
+         {{ grains["oscodename"] }} main'
+  repo_key: "https://apt.releases.hashicorp.com/gpg"
+  repo_configfile: /etc/vault.d/vault.hcl
 
 Suse:
   gpg_pkg: gpg2
diff --git a/vault/package/clean.sls b/vault/package/clean.sls
@@ -3,6 +3,7 @@
 
 {% from "vault/map.jinja" import vault with context %}
 
+{% if not vault.install_from_repo %}
 include:
   - .gpg.clean
 
@@ -25,3 +26,12 @@ vault-package-clean-user-absent:
 vault-package-clean-group-absent:
   group.absent:
     - name: vault
+{% else %}
+vault-package-clean-pkg:
+  pkg.removed:
+  - name: {{ vault.package }}
+
+valut-package-clean-repository:
+  pkgrepo.absent:
+  - name: {{ vault.repo }}
+{% endif %}
diff --git a/vault/package/init.sls b/vault/package/init.sls
@@ -5,6 +5,6 @@
 
 include:
   - .install
-  {%- if vault.verify_download %}
+  {%- if vault.verify_download and not vault.install_from_repo %}
   - .gpg
   {%- endif %}
diff --git a/vault/package/install.sls b/vault/package/install.sls
@@ -3,6 +3,7 @@
 
 {% from "vault/map.jinja" import vault with context %}
 
+{% if not vault.install_from_repo %}
 vault-package-install-group-present:
   group.present:
     - name: vault
@@ -65,7 +66,7 @@ vault-package-install-cmd-run:
       - pkg: vault-package-install-pkg-installed
     - onchanges:
       - archive: vault-package-install-archive-extracted
-{% else %}
+{% else %}{# FreeBSD #}
 vault-package-install-login-file:
   file.replace:
     - name: /etc/login.conf
@@ -83,3 +84,21 @@ vault-package-install-cmd-run:
     - onchanges:
       - file: vault-package-install-login-file
 {% endif %}
+{% else %}{# From repo #}
+vault-package-repository:
+  pkgrepo.managed:
+  - name: {{ vault.repo }}
+  - key_url: {{ vault.repo_key }}
+  - file: /etc/apt/sources.list.d/vault.list
+
+vault-package-installed:
+{% if vault.version == 'latest' %}
+  pkg.latest:
+  - name: {{ vault.package }}
+{% else %}
+  pkg.installed:
+  - pkgs:
+    - {{ vault.package }}{% if vault.version %}: {{ vault.version }}{% endif %}
+{% endif %}
+
+{% endif %}
diff --git a/vault/service/clean.sls b/vault/service/clean.sls
@@ -8,6 +8,8 @@ vault-service-clean-service-dead:
     - name: vault
     - enable: False
 
+{% if not vault.install_from_repo %}
 vault-service-clean-file-absent:
   file.absent:
     - name: {{ vault.service.path }}
+{% endif %}
diff --git a/vault/service/init.sls b/vault/service/init.sls
@@ -3,6 +3,7 @@
 
 {% from "vault/map.jinja" import vault with context %}
 
+{% if not vault.install_from_repo %}
 vault-service-init-file-managed:
   file.managed:
     - name: {{ vault.service.path }}
@@ -11,17 +12,24 @@ vault-service-init-file-managed:
 {% if grains.os_family == "FreeBSD" %}
     - mode: 555
 {% endif %}
+    - watch_in:
+      - service: vault-service-init-service-running:
 {% if grains.get('init', '') == 'upstart' %}
   cmd.run:
     - name: initctl reload-configuration
     - onchanges:
       - file: vault-service-init-file-managed
 {% endif -%}
+{% endif %}
 
 vault-service-init-service-running:
   service.running:
     - name: vault
     - enable: True
     - watch:
+{% if not vault.install_from_repo %}
       - archive: vault-package-install-archive-extracted
       - file: vault-service-init-file-managed
+{% else %}
+      - pkg: vault-package-installed
+{% endif %}
