1. Home
  2. MCP Deployment Guide
  3. Deployment customizations guidelines
  4. Customize the prebuilt mirror node
  5. Enable authentication for Aptly repositories
  6. Enable authentication for Aptly repositories

Enable authentication for Aptly repositories

Enable authentication for Aptly repositoriesΒΆ

After you have configured authentication through HAProxy or NGINX as described in Configure Aptly authentication through HAProxy or Configure Aptly authentication through NGINX, enable authentication for Aptly repositories.

To enable authentication for Aptly repositories:

  1. Log in to the Salt Master node.

  2. Select from the following options:

    • For MCP versions starting from 2019.2.7, specify the following parameters in the linux:system:repo pillar in cluster/<cluster_name>/infra/init.yml:

      linux:
  system:
    common_repo_secured:
      user: aptly_user
      password: <aptly_user_password>
      secured_repos: [ 'all' ]

      Specify all in the secured_repos parameter to enable authentication for all available repositories. To enable authentication for a list of repositories, specify them within secured_repos. For example:

      linux:
  system:
    ...
    common_repo_secured:
      user: aptly_user
      password: <aptly_user_password>
      secured_repos: [ 'test1', 'test2' ]
    repo:
      test1:
        ...
      test2:
        ...
      test3:
        secure: False
        ...

      In the example above, the test1 and test2 repositories will be secured. However, the repo parameter has precedence over common_repo_secured. Therefore, the test3 repository will not be secured.

    • For MCP versions prior to 2019.2.7, specify the entire pillar structure in the configuration files of the Aptly repositories. For details, see Use secured sources for mirrors, repositories, and files.

      For example:

      linux:
  system:
    ...
    common_repo_secured:
      arch: deb
      protocol: http
      user: aptly_user
      password: <aptly_user_password>
      distribution: stable
      component: main
    repo:
      test1:
        secure: true
        url: <mirror_address>/ubuntu
      test2:
        secure: true
        url: <mirror_address>/ubuntu

  3. Apply the new Linux repository configuration on the nodes that are using Aptly:

    salt -C '<target_compound>' saltutil.sync_all
salt -C '<target_compound>' state.apply linux.system.repo

  4. If you use MAAS, also enable authentication for Aptly repositories for MAAS:

    1. Obtain the Aptly repositories for MAAS. For example:

      salt-call pillar.get _param:maas_region_main_archive
local:
    http://10.10.0.14/update/proposed//ubuntu/

salt-call pillar.get _param:maas_region_boot_sources_maas_ephemeral_v3_bs_url
local:
    http://10.10.0.14:8078/2019.2.0/maas-ephemeral-v3/

salt-call pillar.get maas:cluster:saltstack_repo_trusty
local:
    deb [arch=amd64] http://10.10.0.14/2019.2.0//saltstack-2017.7//trusty/ trusty main

salt-call pillar.get maas:cluster:saltstack_repo_xenial
local:
    deb [arch=amd64] http://10.10.0.14/2019.2.0//saltstack-2017.7//xenial/ xenial main

    2. In the cluster/<name>/infra/maas.yml file, specify the following pillar using the obtained repositories and Aptly credentials. For example:

      parameters:
  _param:
    maas_region_main_archive: http://aptly_user:<aptly_user_password>@10.10.0.14/update/proposed//ubuntu/
    maas_region_boot_sources_maas_ephemeral_v3_bs_url: http://aptly_user:<aptly_user_password>@10.10.0.14:8078/2019.2.0/maas-ephemeral-v3/
  maas:
    cluster:
      saltstack_repo_trusty: deb [arch=amd64] http://aptly_user:<aptly_user_password>@10.10.0.14/2019.2.0//saltstack-2017.7//trusty/ trusty main
      saltstack_repo_xenial: deb [arch=amd64] http://aptly_user:<aptly_user_password>@10.10.0.14/2019.2.0//saltstack-2017.7//xenial/ xenial main

    3. Apply the MAAS configuration changes:

      salt -C 'I@salt:master' saltutil.sync_all
salt -C 'I@salt:master' state.sls maas
updated: 2024-01-04 11:44