Skip to main content

artifactory cfengine cache repository

Industrial Linux administration

I manage a bunch of servers, more or less 1000 VMs, running either Debian (lenny,wheezy, jessie) or CentOS (5,6,7).
In order to handle this, I use CFEngine.
I mostly:

  • Create the VM
  • Add CFEngine repository (apt or yum)
  • Install CFEngine (via apt or yum)
  • Bootstrap  CFEngine


State of the nation

I performed the same steps for all VM I installed for the last 3 years.
The main problem I face is the fragmentation of the agents versions: some old installations are still with CFEngine 3.5.x and the latests are on 3.8. This is not a bearable situation: I need to align versions.

Methods and attempts

My attempts to upgrade CFEngine from CFEngine did not pass tests, mostly because promising version from within CFEngine will remove the package (the running process) and leave the system in an anormal state.
I tried several other ways to do it and specifically for the case of CFEngine package, I will manage it with a script that I'm going to launch outside CFEngine and will upgrade CFEngine (including restart the deamon) then bootstrap from the hub and we're done.

The CFEngine APT & Yum repository

CFEngine is very kind to provide a repository for their APT or Yum packages. The problem is, if I'm going to massively upgrade my thousand of VMs, there is a small risk of disturbance. As far as I use Artifactory for the development activity, I decided to use its YUm & Apt component to be a cache of CFEngine repository.

How it looks like without Artifactory

Apt source list:

deb https://cfengine.com/pub/apt/packages stable main

Yum repo file

[cfenginerepository]
name=CFEngine
baseurl=http://cfengine.com/pub/yum/$basearch/
enabled=1
gpgcheck=1


Configure Artifactory to cache those


I need to be adminsitrator of the Artifactory instance. Then I got to the "Admin" section:

Then I go to the "remote" tab, as I want to provide something related to a remote repository:

Next I create a new repository and there I can choose wether I want to setup an Apt or a Yum one:
Finally I enter

  • What I want as local name for the repository
  • The URL of the root of the remote

Specifically for our case,

For the Apt repository:

  • Name: cfengine-debian
  • URL: https://cfengine.com/pub/apt/packages

For th Yum repository:

  • Name cfengine-centos
  • URL: http://cfengine.com/pub/yum/x86_64/

How to use this

Apt source list:
deb https://artifactory.rktmb.org/artifactory/cfengine-debian stable main

Yum repo file:
[cfenginerepository]
name=CFEngine
baseurl=https://artifactory.rktmb.org/artifactory/cfengine-centos/
enabled=1
gpgcheck=1

Note that the GPG check is enabled both on Debian and CentOS and as far as this repository is just a cache one, the needed key is the original CFEngine repository key: https://cfengine.com/pub/gpg.key

The local artifactory GPG key is useless in our case now.

Popular posts from this blog

npm run build base-href

Using NPM to specify base-href When building an Angular application, people usually use "ng" and pass arguments to that invocation. Typically, when wanting to hard code "base-href" in "index.html", one will issue: ng build --base-href='https://ngx.rktmb.org/foo' I used to build my angular apps through Bamboo or Jenkins and they have a "npm" plugin. I got the habit to build the application with "npm run build" before deploying it. But the development team once asked me to set the "--base-href='https://ngx.rktmb.org/foo'" parameter. npm run build --base-href='https://ngx.rktmb.org/foo did not set the base href in indext.html After looking for a while, I found https://github.com/angular/angular-cli/issues/13560 where it says: You need to use −− to pass arguments to npm scripts. This did the job! The command to issue is then: npm run build -- --base-href='https://ngx.rktmb.org/foo&

dockerfile multiline to file

Outputing a multiline string from Dockerfile I motsly use a Dockerfile by sourcing from a base ditribution: CentOS or Debian. But I also have a local mirror and would like to use it for packages installation. Espacially on CentOS it is about many lines to write to the /etc/yum.repos.d/CentOS-Base.repo file. Easiest way: one RUN per line The first method that comes in mind is to issue one RUN per line to write. Here you are: RUN echo "[base] " > /etc/yum.repos.d/CentOS-Base.repo RUN echo "name=CentOS-$releasever - Base " >> /etc/yum.repos.d/CentOS-Base.repo RUN echo "baseurl=ftp://packages-infra.mg.rktmb.org/pub/centos/7/base-reposync-7 " >> /etc/yum.repos.d/CentOS-Base.repo RUN echo "gpgcheck=0 &quo

Emacs TypeScript Development

Emacs Configuration for Typescript In order to comfortably develop on Node, React or Angular projects with Emacs, TIDE is a good solution. We have TypeScript code highlight (that is the minimum!) and code completion based on the codebase (not only on locally defined and builtins) In order to achieve that: Install Emacs (24+) Install Node Install Typescript (which will provide "tsserver") Install TIDE and some usefull dependencies Configure Emacs to use all those Node is then installed in " /home/mihamina/Apps/node-v12.18.0-linux-x64/bin ": you should add it to your PATH. Installing Typescript is done with: npm install --save typescript @types/browserify After that, "tsserver" will be in " /home/mihamina/node_modules/.bin " Then comes the installation of TIDE: With the Emacs package manager, M-x package-install , install "tide". Do the same for "web-mode", "flycheck", "company" "js2-mode" and "