Update module to support yum-puppetcore.puppet.com #757
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bastelfreak
reviewed
Feb 19, 2025
joshcooper
force-pushed
the
private
branch
2 times, most recently
from
fa3c641 to
b26d342
Compare
joshcooper
commented
Feb 20, 2025
This module requires puppet 7 or greater, so drop references to puppet6 and earlier. Update `puppet module install` to install correct dependencies.
CentOS image went EOL in 2020.
joshcooper
force-pushed
the
private
branch
2 times, most recently
from
c8016b8 to
e16a460
Compare
joshcooper
changed the title
Adds support for puppetcore* collections to the install task.
Adds optional username and password parameters. The username defaults to
'forge-key' and the password must be specified as a forge API key.
When installing the puppetcore* collection, the task will download a release
package from yum-puppetcore.puppet.com/public and add the credentials to the
repo. For most RPM platforms, this is done by adding credentials to the baseurl.
For SLES, the credentials are added to /etc/zypp/credentials.d/PuppetcoreCreds.
Create dnf and sles Dockerfiles for testing the install task.
Create install.sh script to build docker image and run it:
docker/bin/install.sh [image] [version]
By default install 8.11.0 on rocky8.
The `PUPPET_FORGE_TOKEN` environment variable must be set, which will be passed
as the `password` to the task.
Add optional username and password parameters to the `puppet_agent` class.
If `manage_repo` is true, then add the credentials to the repo config (for RPM
platforms other than SLES) with secure permissions.
For SLES, add credentials to /etc/zypp/credentials.d/PuppetcoreCreds with secure
permissions. Also include auth=basic and credentials=PuppetcoreCreds to the
baseurl.
Update the Dockerfile to install 7.34.0 from yum.puppet.com and upgrade to
8.11.0 from yum-puppetcore, to verify the module can upgrade agents on amazon
2023, fedora 40, rocky 8 and sles 15.
export PUPPET_FORGE_TOKEN=...
docker/bin/upgrade.sh [platform] [from] [to]
where platform is one of amazon, fedora, rocky or sles and from/to are
puppet-agent versions.
The password is passed to the `docker run` command as an environment variable,
so that it's not persisted in the docker image.
The `pkg` variable already refers to the release package name, so just use that.
Checkout the latest tagged module version when installing the agent. This has to be done separately for dnf & sles. We can't use `puppet module install` in the install task, because puppet hasn't been installed yet. As a result of this change, we have to clone the entire repo, rather than using depth=1, since there's no guarantee that the latest commit will be tagged. Also update the commented out git clone commands in the upgrade scripts. Those can be useful if you need to test that an unreleased change in a module dependency won't break this module.
joshcooper
commented
Feb 26, 2025
| ensure => file, | ||
| owner => 0, | ||
| group => 0, | ||
| mode => '0600', |
There was a problem hiding this comment.
mhashizume
approved these changes
Feb 28, 2025
joshcooper
added a commit
to joshcooper/puppetlabs-puppet_agent
that referenced
this pull request
Mar 4, 2025
An earlier version of PR puppetlabs#757 assumed the default yum_source was changing to yum-puppetcore.puppet.com. Later we decided not to introduce a breaking change and instead use puppetcore* collections to opt-into the new behavior. However, the PR wasn't updated to account for that. And I didn't notice the problem because the docker upgrade script was using the puppet8 collection. Change the upgrade script to use puppetcore* collections and update the redhat and suse classes to install from yum-puppetcore.puppet.com when using the core repos. ❯ export PUPPET_FORGE_TOKEN=... ❯ docker/bin/upgrade.sh rocky 7.34.0 8.11.0 ... Notice: /Stage[main]/Puppet_agent::Install/Package[puppet-agent]/ensure: ensure changed '7.34.0-1.el8' to '8.11.0' ❯ docker/bin/upgrade.sh sles 7.34.0 8.11.0 ... Notice: /Stage[main]/Puppet_agent::Install::Suse/Package[puppet-agent]/ensure: ensure changed '7.34.0-1.sles15' to '8.11.0'
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This updates the
puppet_agent::installtask so it is possible to install rpm-based packages from https://yum-puppetcore.puppet.com. Includes, amazon, fedora, rocky/alma/redhat and sles. Credentials are required when installing from yum-puppetcore. The username defaults toforge-keyand the password must be set to your forge API token.This also updates the
puppet_agentclass so it's possible to manage agent versions over time:And it updates the Dockerfiles used to test install and upgrades. See
docker/README.mdfor details.I haven't changed the default behavior of the module if the collection is unspecified or is one of the existing
puppet7,puppet7-nightly,puppet8, etc collections. If no collection is specified, then it continues to use the "unversioned" release package fromyum.puppet.com. For example, on RHEL 9 https://yum.puppet.com/puppet-release-el-9.noarch.rpm.Still to do:
/etc/zypp/credentials.d/puppet-lintcheck