Puppet has a built-in functionality to serve small files to its clients. However, for my internal use I sometimes find easier to create a custom debian package to install a specific component then to write a puppet recipe and to copy files around.
To create a local debian repository I use the package reprepro. This is a simple tool that creates and manages apt repository, it is easy to configure and for the moment it lived fully to my expectations.
First of all you need to create a configuration file where you describe your distribution. In this case I choose /var/www/debian/conf/distributions and add the following content :
Origin: PCPool
Label: PCPool
Suite: stable
Codename: pcpool
Version: 3.0
Architectures: i386 amd64
Components: contrib
Description: puppet support package repository
SignWith: D3CF695E
Notice that since reprepro wants to sign your repository, you need to provide a gpg keyid for it.
To add a package to the repository it is straightforward :
reprepro -Vb /var/www/debian/ includedeb pcpool /tmp/msm_1-2_all.deb
As I said, since the repository is signed, we need to make have a way to add the keyid to the known keys of the target machine. In order to achieve this, we add the following puppet recipe :
class apt {
#local repo sign key
$keyid = "D3CF695E"
exec { "apt-update":
command => "/usr/bin/apt-get update",
refreshonly => true;
}
file { "/etc/apt/trusted.gpg.d/pcpool.gpg":
source => "puppet://$server/etc/apt/trusted.gpg.d/pcpool.gpg"
}
# file { "/root/pcpool.key":
# source => "puppet://$server/files/root/pcpool.key"
# }
# exec { "apt-key":
# path => '/bin:/usr/bin',
# environment => 'HOME=/root',
# command => "apt-key add /root/pcpool.key",
# unless => "apt-key list | grep $keyid",
# subscribe => File["/root/pcpool.key"]
# }
file { "/etc/apt/sources.list.d/puppet.list":
content => "deb http://puppet/debian/ pcpool contrib\n",
owner => root,
group => root,
mode => 0644,
notify => Exec["apt-update"]
}
}
class msm {
package { "msm": ensure => installed }
}
First we copy the keyid that we have stored in the puppet file bucket in the root directory of the client, then we exec the apt-key command. Note that since puppet executes each action in parallel, we must specify an execution order using the attributes subscribe and notify. Similarly as soon as the file /etc/apt/sources.list.d/puppet.list is added to the machine, we run apt-get update to refresh the cache of apt.
The last stanza simply installs the package that we added to the local repository.
Update
There is a better way to add a gpg key, that is to put it in the /etc/apt/trusted.gpg.d directory. Thanks for the suggestion !