Adding the nginx-plus Repository to apt-mirror and Puppet

Nginx Inc. provides access to the nginx-plus package and repository using SSL certificates. Their instructions include the configuration of apt for Ubuntu, but for people using apt-mirror and Puppet to manage their internal servers, additional custom configurations are required.

The standard apt configuration for nginx-plus might look like this:

$ cat /etc/apt/apt.conf.d/90nginx 
Acquire::https::plus-pkgs.nginx.com::Verify-Peer "true";
Acquire::https::plus-pkgs.nginx.com::Verify-Host "true";
Acquire::https::plus-pkgs.nginx.com::CaInfo      "/etc/ssl/nginx/CA.crt";
Acquire::https::plus-pkgs.nginx.com::SslCert     "/etc/ssl/nginx/nginx-repo.crt";
Acquire::https::plus-pkgs.nginx.com::SslKey      "/etc/ssl/nginx/nginx-repo.key";

The connection to the nginx-plus repository must be made using HTTPS and authentication is handled by client certificates. As provided, apt-mirror is not able to manage SSL certificates, so two sections in the apt-mirror script must be modified. The %config_variables array defines the settings read from its configuration files. We will add the ‘certificate’, ‘private_key’, and ‘ca_certificate’ settings to the array.

Continue reading


Remove MultiArch / i386 in Ubuntu with Puppet

Here’s a little snippet I use to remove multiarch / i386 support from Ubuntu with Puppet.

if versioncmp( $::lsbdistrelease, "12.04" ) > 0 {
    exec { "remove-architecture i386":
        command => "/usr/bin/dpkg --remove-architecture i386",
        onlyif => "/usr/bin/dpkg --print-foreign-architectures | /bin/grep -q i386",
    }
} else {
    file { "/etc/dpkg/dpkg.cfg.d/multiarch": ensure => absent, }
}

Continue reading