Skip to content
Permalink
Browse files Browse the repository at this point in the history
Secure private repo files added to environment
The yum repo files had insecure settings for sslverify and
gpgcheck. Also change references to http to https.

Change-Id: I10cbc33a734f9ed36ef6f22174c65efaf3b659d7
  • Loading branch information
aweiteka committed Apr 4, 2014
1 parent 45602bf commit 65a4f8b
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 27 deletions.
Expand Up @@ -12,9 +12,8 @@ if [ "${OSE_VERSION}" == "1.2" ]; then
name=OpenShift Client
baseurl=${DIB_CONF_REPO_BASE}/Client/x86_64/os/
enabled=1
gpgcheck=0
gpgcheck=1
priority=1
sslverify=false
YUM

Expand All @@ -23,9 +22,8 @@ YUM
name=OpenShift Infrastructure
baseurl=${DIB_CONF_REPO_BASE}/Infrastructure/x86_64/os/
enabled=1
gpgcheck=0
gpgcheck=1
priority=1
sslverify=false
YUM
fi
Expand All @@ -36,17 +34,15 @@ else
name=OpenShift Client
baseurl=${DIB_CONF_REPO_BASE}/RHOSE-CLIENT-2.0/x86_64/os/
enabled=1
gpgcheck=0
gpgcheck=1
priority=10
sslverify=false
[openshift_infrastructure]
name=OpenShift Infrastructure
baseurl=${DIB_CONF_REPO_BASE}/RHOSE-INFRA-2.0/x86_64/os/
enabled=1
gpgcheck=0
gpgcheck=1
priority=10
sslverify=false
YUM
fi
Expand Down
Expand Up @@ -12,9 +12,8 @@ if [ "${OSE_VERSION}" == "1.2" ]; then
name=OpenShift Node
baseurl=${DIB_CONF_REPO_BASE}/Node/x86_64/os/
enabled=1
gpgcheck=0
gpgcheck=1
priority=1
sslverify=false
YUM

Expand All @@ -23,9 +22,8 @@ YUM
name=OpenShift JBossEAP
baseurl=${DIB_CONF_REPO_BASE}/JBoss_EAP6_Cartridge/x86_64/os/
enabled=1
gpgcheck=0
gpgcheck=1
priority=1
sslverify=false
YUM

Expand All @@ -35,7 +33,7 @@ name=jbosseap
baseurl=${DIB_CONF_JBOSS_REPO_BASE}/jbeap/6/os
enabled=1
priority=3
gpgcheck=0
gpgcheck=1
YUM

Expand All @@ -45,7 +43,7 @@ name=jbossews
baseurl=${DIB_CONF_JBOSS_REPO_BASE}/jbews/2/os
enabled=1
priority=3
gpgcheck=0
gpgcheck=1
YUM
fi
Expand All @@ -56,17 +54,15 @@ else
name=OpenShift JBossEAP
baseurl=${DIB_CONF_REPO_BASE}/RHOSE-JBOSSEAP-2.0/x86_64/os/
enabled=1
gpgcheck=0
gpgcheck=1
priority=10
sslverify=false
[openshift_node]
name=OpenShift Node
baseurl=${DIB_CONF_REPO_BASE}/RHOSE-NODE-2.0/x86_64/os/
enabled=1
gpgcheck=0
gpgcheck=1
priority=10
sslverify=false
YUM
fi

Expand All @@ -77,7 +73,7 @@ name=jbosseap62
baseurl=${DIB_CONF_JBOSS_REPO_BASE}
enabled=1
priority=30
gpgcheck=0
gpgcheck=1
YUM
fi
fi
Expand Down
Expand Up @@ -145,7 +145,7 @@ parameters:
type: string
default: ""
rh_reg_opts:
description: RHN options, e.g. --serverUrl=http://my.sat.server.com/XMLRPC
description: RHN options, e.g. --serverUrl=https://my.sat.server.com/XMLRPC
type: string
default: ""
rhel_repo_base:
Expand Down
Expand Up @@ -109,7 +109,7 @@ parameters:
type: string
default: ""
rh_reg_opts:
description: RHN options, e.g. --serverUrl=http://my.sat.server.com/XMLRPC
description: RHN options, e.g. --serverUrl=https://my.sat.server.com/XMLRPC
type: string
default: ""
rhel_repo_base:
Expand Down
8 changes: 4 additions & 4 deletions openshift-origin/centos65/OpenShift-1B1N.yaml
Expand Up @@ -64,8 +64,8 @@ resources:
template: |
#!/bin/bash -v
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
yum -y install https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
yum -y install augeas
augtool setm /files/etc/yum.repos.d/puppetlabs.repo/* exclude '*mcollective*\ activemq'
Expand Down Expand Up @@ -119,8 +119,8 @@ resources:
template: |
#!/bin/bash -v
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
yum -y install https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
yum -y install augeas
augtool setm /files/etc/yum.repos.d/puppetlabs.repo/* exclude '*mcollective*\ activemq'
Expand Down
4 changes: 2 additions & 2 deletions openshift-origin/centos65/OpenShift.yaml
Expand Up @@ -39,8 +39,8 @@ resources:
template: |
#!/bin/bash -v
yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
yum -y install https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum -y install https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
yum -y install augeas
augtool setm /files/etc/yum.repos.d/puppetlabs.repo/* exclude '*mcollective*\ activemq'
Expand Down

0 comments on commit 65a4f8b

Please sign in to comment.