diff --git a/docker/bin/helpers/run-install.sh b/docker/bin/helpers/run-install.sh index 3e028cb5..628b09a0 100755 --- a/docker/bin/helpers/run-install.sh +++ b/docker/bin/helpers/run-install.sh @@ -7,19 +7,22 @@ if [[ -z "${to_version}" ]]; then echo "$0: The version to install must be passed as an argument" exit 1 fi +to_collection="$2" puppet_version=( ${to_version//./ } ) puppet_major=${puppet_version[0]} -case $puppet_major in - 7) - to_collection=puppetcore7 - ;; - 8) - to_collection=puppetcore8 - ;; - *) - echo "$0: Invalid version supplied" 1>&2 - exit 1 -esac +if [[ -z "$to_collection" ]]; then + case $puppet_major in + 7) + to_collection=puppetcore7 + ;; + 8) + to_collection=puppetcore8 + ;; + *) + echo "$0: Invalid version supplied" 1>&2 + exit 1 + esac +fi export PT__installdir=../ export PT_version=${to_version} diff --git a/docker/bin/install.sh b/docker/bin/install.sh index 78eec109..988946dc 100755 --- a/docker/bin/install.sh +++ b/docker/bin/install.sh @@ -27,48 +27,50 @@ fi cd "$(dirname "$0")/../.." platforms=${1:-rocky} version=${2:-8.11.0} +collection=${3:-puppetcore8} for platform in ${platforms//,/ } do - dockerfile='docker/install/dnf/Dockerfile' - case $platform in - amazon*) - base_image='amazonlinux:2023' - ;; - - fedora40) - base_image='fedora:40' - ;; - - fedora36) - base_image='fedora:36' - ;; - - fedora*) - base_image='fedora:41' - ;; - - rocky8) - base_image='rockylinux/rockylinux:8' + amazon*|fedora*|rocky*) + dockerfile='docker/install/dnf/Dockerfile' ;; - - rocky*) - base_image='rockylinux/rockylinux:9' - ;; - sles*) - base_image='registry.suse.com/suse/sle15:15.6' dockerfile='docker/install/sles/Dockerfile' ;; + debian*|ubuntu*) + dockerfile='docker/install/apt/Dockerfile' + ;; + *) + echo "$0: platform ${platform} is not supported" + exit 1 + ;; + esac + # Default to the latest OS version for each distro + case $platform in + amazon*) base_image='amazonlinux:2023';; + fedora36) base_image='fedora:36';; + fedora40) base_image='fedora:40';; + fedora*) base_image='fedora:41';; + rocky8) base_image='rockylinux/rockylinux:8';; + rocky*) base_image='rockylinux/rockylinux:9';; + sles*) base_image='registry.suse.com/suse/sle15:15.6';; + debian10) base_image='debian:buster';; + debian11) base_image='debian:bullseye';; + debian*) base_image='debian:bookworm';; + ubuntu1804) base_image='ubuntu:bionic';; + ubuntu2004) base_image='ubuntu:focal';; + ubuntu2204) base_image='ubuntu:jammy';; + ubuntu*) base_image='ubuntu:noble';; *) - echo "$0: Usage install.sh [amazon|fedora|rocky|sles]" + echo "$0: Usage install.sh [amazon|debian|fedora|rocky|sles|ubuntu]" exit 1 ;; esac + # Add "--progress plain" for complete build output docker build --rm -f "${dockerfile}" . -t pa-dev:$platform.install \ --build-arg BASE_IMAGE="${base_image}" - docker run -e PUPPET_FORGE_TOKEN --rm -ti pa-dev:$platform.install "${version}" + docker run -e PUPPET_FORGE_TOKEN --rm -ti pa-dev:$platform.install "${version}" "${collection}" done echo Complete diff --git a/docker/bin/upgrade.sh b/docker/bin/upgrade.sh index 52ecc548..64c86e6a 100755 --- a/docker/bin/upgrade.sh +++ b/docker/bin/upgrade.sh @@ -56,12 +56,25 @@ do dockerfile='docker/upgrade/sles/Dockerfile' ;; + debian) + base_image='debian:bookworm' + release_package='https://apt.puppet.com/puppet7-release-bookworm.deb' + dockerfile='docker/upgrade/apt/Dockerfile' + ;; + + ubuntu) + base_image='ubuntu:jammy' + release_package='https://apt.puppet.com/puppet7-release-jammy.deb' + dockerfile='docker/upgrade/apt/Dockerfile' + ;; + *) - echo "$0: Usage upgrade.sh [amazon|fedora|rocky|sles] [before] [after]" + echo "$0: Usage upgrade.sh [amazon|debian|fedora|rocky|sles|ubuntu] [before] [after]" exit 1 ;; esac + # Add "--progress plain" for complete build output docker build --rm -f ${dockerfile} . -t pa-dev:$platform \ --build-arg before=${before} \ --build-arg BASE_IMAGE=${base_image} \ diff --git a/docker/install/apt/Dockerfile b/docker/install/apt/Dockerfile new file mode 100644 index 00000000..5fd580e8 --- /dev/null +++ b/docker/install/apt/Dockerfile @@ -0,0 +1,57 @@ +# This Dockerfile enables an iterative development workflow where you can make +# a change and test it out quickly. The majority of commands in this file will +# be cached, making the feedback loop typically quite short. The workflow is +# as follows: +# 1. Set up pre-conditions for the system in puppet code using `deploy.pp`. +# 2. Make a change to the module. +# 3. Run `./docker/bin/install.sh ubuntu` from the project directory. +# 4. Review the output. Repeat steps 2-3 as needed. +# +# At the end of execution, you will see a line like: +# +# REMIND + +ARG BASE_IMAGE=ubuntu:noble +FROM ${BASE_IMAGE} + +# Use this to force a cache reset (e.g. for output purposes) +#COPY $0 /tmp/Dockerfile + +# Install some other dependencies for ease of life. +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y wget git lsb-release apt-utils systemd \ + && rm -rf /var/lib/apt/lists/* + + +# This is also duplicated in docker/bin/helpers/run-upgrade.sh. +ENV module_path=/tmp/modules +WORKDIR "${module_path}/puppet_agent" +COPY metadata.json ./ + +# Installing dependencies from source. These versions should be within the range +# of `dependencies` in metadata.json. +RUN git clone --tags https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib && \ + $(cd ../stdlib && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))) +RUN git clone --tags https://github.com/puppetlabs/puppetlabs-inifile ../inifile && \ + $(cd ../inifile && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))) +RUN git clone --tags https://github.com/puppetlabs/puppetlabs-apt ../apt && \ + $(cd ../apt && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))) +RUN git clone --tags https://github.com/puppetlabs/puppetlabs-facts ../facts && \ + $(cd ../facts && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))) + +# Now move the project directory's files into the image. That way, if these +# files change, caching will skip everything before this. +COPY docker/bin/helpers/run-install.sh /tmp/bin/run-install.sh +COPY files/ ./files/ +COPY locales/ ./locales/ +COPY spec/ ./spec/ +COPY task_spec/ ./task_spec/ +COPY tasks/ ./tasks/ +COPY templates/ ./templates +COPY types/ ./types/ +COPY Gemfile Gemfile.lock Rakefile ./ +COPY lib/ ./lib/ +COPY manifests/ ./manifests/ + +# Perform the install. +ENTRYPOINT ["/tmp/bin/run-install.sh"] diff --git a/docker/upgrade/apt/Dockerfile b/docker/upgrade/apt/Dockerfile new file mode 100644 index 00000000..a01347af --- /dev/null +++ b/docker/upgrade/apt/Dockerfile @@ -0,0 +1,101 @@ +# This Dockerfile enables an iterative development workflow where you can make +# a change and test it out quickly. The majority of commands in this file will +# be cached, making the feedback loop typically quite short. The workflow is +# as follows: +# 1. Set up pre-conditions for the system in puppet code using `deploy.pp`. +# 2. Make a change to the module. +# 3. Run `docker build -f docker/Dockerfile .` or +# `./docker/bin/upgrade.sh rocky` from the project directory. If you would +# like to test specific version upgrades, you can add run this like so: +# `docker build -f docker/rocky/Dockerfile . \ +# -t pa-dev:rocky --build-arg before=1.10.14` +# 4. Upgrade the container by running the image: +# `docker run -it pa-dev:rocky` +# Specify your upgrade TO version as an argument to the `docker run` +# command. +# 5. Review the output. Repeat steps 2-5 as needed. +# +# At the end of execution, you will see a line like: +# +# Notice: /Stage[main]/Puppet_agent::Install/Package[puppet-agent]/ensure: ensure changed '1.10.14-1.el8' to '6.2.0' +# +# This specifies the versions that were used for upgrade. +# +# Arguments: +# - before: The version to do upgrade FROM. Default: "7.34.0" + +ARG BASE_IMAGE=ubuntu:noble +FROM ${BASE_IMAGE} + +# Use this to force a cache reset (e.g. for output purposes) +#COPY $0 /tmp/Dockerfile + +# Install some other dependencies for ease of life. +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y wget git lsb-release apt-utils systemd gnupg \ + && rm -rf /var/lib/apt/lists/* + +ARG before=7.34.0 +LABEL before=${before} + +ARG RELEASE_PACKAGE + +RUN apt-get update \ + && apt install -y curl \ + && rm -rf /var/lib/apt/lists/* + +# Install proper FROM repo pupet 7 +RUN curl -L -o puppet7.deb ${RELEASE_PACKAGE} \ + && dpkg -i puppet7.deb + +# Print out which versions of the puppet-agent package are available (for reference). +#RUN dnf list puppet-agent --showduplicates + +# Install FROM version of puppet-agent. +RUN apt-get update \ + && apt list -a puppet-agent \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y puppet-agent \ + && rm -rf /var/lib/apt/lists/* + +# This is also duplicated in the docker/bin/helpers/run-upgrade.sh. +ENV module_path=/tmp/modules +WORKDIR "${module_path}/puppet_agent" +COPY metadata.json ./ + +# Installing dependencies from source. These versions should be within the range +# of `dependencies` in metadata.json. +RUN git clone --tags https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib && \ + $(cd ../stdlib && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))) +RUN git clone --tags https://github.com/puppetlabs/puppetlabs-inifile ../inifile && \ + $(cd ../inifile && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))) +RUN git clone --tags https://github.com/puppetlabs/puppetlabs-apt ../apt && \ + $(cd ../apt && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))) +RUN git clone --tags https://github.com/puppetlabs/puppetlabs-facts ../facts && \ + $(cd ../facts && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))) + +# Check that all dependencies are installed. +RUN /opt/puppetlabs/puppet/bin/puppet module --modulepath $module_path list --tree +COPY docker/deploy.pp /tmp/deploy.pp +RUN ["sh", "-c", "/opt/puppetlabs/puppet/bin/puppet apply --modulepath $module_path /tmp/deploy.pp"] + +# Now move the project directory's files into the image. That way, if these +# files change, caching will skip everything before this. +COPY docker/bin/helpers/run-upgrade.sh /tmp/bin/run-upgrade.sh +COPY files/ ./files/ +COPY locales/ ./locales/ +COPY spec/ ./spec/ +COPY task_spec/ ./task_spec/ +COPY tasks/ ./tasks/ +COPY templates/ ./templates +COPY types/ ./types/ +COPY Gemfile Gemfile.lock Rakefile ./ +COPY lib/ ./lib/ +COPY manifests/ ./manifests/ + +COPY docker/upgrade.pp /tmp/upgrade.pp + +# Print out which versions of the puppet-agent package are available (for reference). +#RUN yum list puppet-agent --showduplicates + +# Perform the upgrade. +ENTRYPOINT ["/tmp/bin/run-upgrade.sh"] diff --git a/files/puppet-keyring.gpg b/files/puppet-keyring.gpg new file mode 100644 index 00000000..ef16ec38 Binary files /dev/null and b/files/puppet-keyring.gpg differ diff --git a/manifests/osfamily/debian.pp b/manifests/osfamily/debian.pp index c9382001..80092479 100644 --- a/manifests/osfamily/debian.pp +++ b/manifests/osfamily/debian.pp @@ -66,18 +66,39 @@ ensure => absent, priority => '90', } + } elsif $puppet_agent::collection =~ /core/ { + $source = 'https://apt-puppetcore.puppet.com' } else { $source = $puppet_agent::apt_source } - $keyname = 'GPG-KEY-puppet-20250406' + $repo_username = getvar('puppet_agent::username') + $repo_password = unwrap(getvar('puppet_agent::password')) + + if $repo_username and $repo_password { + # lint:ignore:strict_indent + file { "/etc/apt/auth.conf.d/apt-${puppet_agent::collection}-puppet.conf": + ensure => file, + owner => 0, + group => 0, + mode => '0600', + content => Sensitive(@("EOT")) + machine ${source} + login ${repo_username} + password ${repo_password} + | EOT + } + # lint:endignore + } + + $keyname = 'puppet-keyring.gpg' apt::source { 'pc_repo': location => $source, - repos => $puppet_agent::collection, + repos => regsubst($puppet_agent::collection, /core/, ''), key => { - 'name' => "${keyname}.asc", - 'content' => file("${module_name}/${keyname}"), + 'name' => $keyname, + 'source' => "puppet:///modules/${module_name}/${keyname}", }, notify => Exec['pc_repo_force'], } diff --git a/spec/classes/puppet_agent_osfamily_debian_spec.rb b/spec/classes/puppet_agent_osfamily_debian_spec.rb index bf42425c..bef70c0f 100644 --- a/spec/classes/puppet_agent_osfamily_debian_spec.rb +++ b/spec/classes/puppet_agent_osfamily_debian_spec.rb @@ -155,8 +155,8 @@ 'location' => 'https://master.example.vm:8140/packages/2000.0.0/debian-7-x86_64', 'repos' => 'PC1', 'key' => { - 'name' => 'GPG-KEY-puppet-20250406.asc', - 'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'), + 'name' => 'puppet-keyring.gpg', + 'source' => 'puppet:///modules/puppet_agent/puppet-keyring.gpg', }, }) } @@ -177,8 +177,8 @@ 'location' => 'https://fake-apt-mirror.com/packages/2000.0.0/debian-7-x86_64', 'repos' => 'PC1', 'key' => { - 'name' => 'GPG-KEY-puppet-20250406.asc', - 'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'), + 'name' => 'puppet-keyring.gpg', + 'source' => 'puppet:///modules/puppet_agent/puppet-keyring.gpg', }, }) } @@ -218,8 +218,8 @@ 'location' => 'https://apt.puppet.com', 'repos' => 'puppet5', 'key' => { - 'name' => 'GPG-KEY-puppet-20250406.asc', - 'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'), + 'name' => 'puppet-keyring.gpg', + 'source' => 'puppet:///modules/puppet_agent/puppet-keyring.gpg', }, }) } @@ -241,8 +241,8 @@ 'location' => 'https://fake-apt-mirror.com/', 'repos' => 'puppet5', 'key' => { - 'name' => 'GPG-KEY-puppet-20250406.asc', - 'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'), + 'name' => 'puppet-keyring.gpg', + 'source' => 'puppet:///modules/puppet_agent/puppet-keyring.gpg', }, }) } diff --git a/tasks/install_shell.sh b/tasks/install_shell.sh index cd625215..504d7409 100644 --- a/tasks/install_shell.sh +++ b/tasks/install_shell.sh @@ -144,10 +144,18 @@ fi if [ -n "$PT_apt_source" ]; then apt_source=$PT_apt_source else - if [ "$nightly" = true ]; then - apt_source='http://nightlies.puppet.com/apt' + if [[ "$collection" == "puppetcore"* ]]; then + apt_source='https://apt-puppetcore.puppet.com/public' + if [ -z "$password" ]; then + echo "A password parameter is required to install from ${apt_source}" + exit 1 + fi else - apt_source='http://apt.puppet.com' + if [ "$nightly" = true ]; then + apt_source='http://nightlies.puppet.com/apt' + else + apt_source='http://apt.puppet.com' + fi fi fi @@ -667,15 +675,23 @@ install_file() { assert_unmodified_apt_config dpkg -i --force-confmiss "$2" + if [[ "$collection" =~ core ]]; then + auth_conf="/etc/apt/auth.conf.d/apt-puppetcore-puppet.conf" + sed -i "/^#?login/d" "${auth_conf}" + echo "login ${username}" >> "${auth_conf}" + sed -i "/^#?password/d" "${auth_conf}" + echo "password ${password}" >> "${auth_conf}" + fi + frontend="DEBIAN_FRONTEND=noninteractive" run_cmd 'apt-get update -y' if test "$version" = 'latest'; then - run_cmd "apt-get install -y puppet-agent" + run_cmd "${frontend} apt-get install -y puppet-agent" else if test "x$deb_codename" != "x"; then - run_cmd "apt-get install -y 'puppet-agent=${puppet_agent_version}-1${deb_codename}'" + run_cmd "${frontend} apt-get install -y 'puppet-agent=${puppet_agent_version}-1${deb_codename}'" else - run_cmd "apt-get install -y 'puppet-agent=${puppet_agent_version}'" + run_cmd "${frontend} apt-get install -y 'puppet-agent=${puppet_agent_version}'" fi fi ;; @@ -759,7 +775,7 @@ case $platform in "12") deb_codename="bookworm";; esac filetype="deb" - filename="${collection}-release-${deb_codename}.deb" + filename="${collection/core/}-release-${deb_codename}.deb" download_url="${apt_source}/${filename}" ;; "Linuxmint"|"LinuxMint") @@ -776,7 +792,7 @@ case $platform in "17") deb_codename="trusty";; esac filetype="deb" - filename="${collection}-release-${deb_codename}.deb" + filename="${collection/core/}-release-${deb_codename}.deb" download_url="${apt_source}/${filename}" ;; "Ubuntu") @@ -790,7 +806,7 @@ case $platform in "24.04") deb_codename="noble";; esac filetype="deb" - filename="${collection}-release-${deb_codename}.deb" + filename="${collection/core/}-release-${deb_codename}.deb" download_url="${apt_source}/${filename}" ;; "mac_os_x")