Allow to use mirror/proxy for security.debian.org as well.

debops · Nov 5, 2015 · cda8674 · cda8674
1 parent 1a24b1e
commit cda8674
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 4 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -50,3 +50,5 @@ v0.1.0
 - Change the SSH public key lookup to avoid issues when ``ssh-add`` does not
   return any keys. Thanks, xorgic! [drybjed]
 
+- Allow to use mirror/proxy for security.debian.org as well. [ypid]
+
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -159,8 +159,11 @@ lxc_template_admin_sshkeys: [ '{{ lookup("pipe", "ssh-add -L | grep ^ssh || cat
 
 # .. envvar:: lxc_template_debootstrap_mirror
 #
-# Address of Debian mirror to use in ``debootstrap``.
-# Example usage with local apt-cacher-ng proxy: 'http://cache.{{ ansible_domain }}:3142/debian'
+# Address of a Debian mirror to use in ``debootstrap``.
+# Example usage with local apt-cacher-ng proxy::
+#
+#   lxc_template_debootstrap_mirror: 'http://cache.{{ ansible_domain }}:3142/debian'
+#
 lxc_template_debootstrap_mirror: 'http://http.debian.net/debian'
 
 
@@ -172,12 +175,24 @@ lxc_template_debootstrap_release: '{{ ansible_distribution_release }}'
 
 # .. envvar:: lxc_template_security_upgrade
 #
-# Automatically add 'security.debian.org' repository and perform 'apt-get
-# upgrade' during container creation to get the latest security updates.
+# Automatically add ``security.debian.org`` repository and perform :command:`apt-get
+# upgrade` during container creation to get the latest security updates.
 # Container creation takes longer, but the resulting system is more secure.
 lxc_template_security_upgrade: True
 
 
+# .. envvar:: lxc_template_security_mirror
+#
+# Address of a Debian mirror to use by APT for security updates.
+# Note that ``http://security.debian.org/`` is still going to be configured as
+# fallback security update source.
+# Example usage with local apt-cacher-ng proxy::
+#
+#   lxc_template_security_mirror: 'http://cache.{{ ansible_domain }}:3142/security.debian.org/'
+#
+lxc_template_security_mirror: ''
+
+
 # .. envvar:: lxc_template_debootstrap_base_packages
 #
 # Lists of packages downloaded and installed by ``debootstrap``.

diff --git a/templates/usr/share/lxc/templates/lxc-debops.j2 b/templates/usr/share/lxc/templates/lxc-debops.j2
@@ -62,6 +62,12 @@ EOF
     # To make new LXC containers secure, let's do a quick upgrade during container
     # creation
 
+{% if lxc_template_security_mirror|d() %}
+    # Add Security repository to sources.list
+    # For the security repository, you should not rely on third party mirrors. You should always use them in addition to the main mirrors. I.e. list the third party mirror first, and then security.debian.org.
+    echo "deb {{ lxc_template_security_mirror }} ${DEFAULT_RELEASE}/updates main" >> $rootfs/etc/apt/sources.list
+
+{% endif %}
     # Add Security repository to sources.list
     echo "deb http://security.debian.org/ ${DEFAULT_RELEASE}/updates main" >> $rootfs/etc/apt/sources.list