Add puppetcore macos support #769
Conversation
manifests/osfamily/darwin.pp
Outdated
| @@ -20,12 +20,20 @@ | |||
| } else { | |||
| $source = "puppet:///pe_packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" | |||
| } | |||
| } else { | |||
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ { | |||
| if $puppet_agent::prepare::package_version =~ /^\d+\.\d+\.\d+\.\d+\.g([a-f0-9]+)+$/ { | |||
There was a problem hiding this comment.
Is there a better way to determine if we need to set dev=true parameter?
There was a problem hiding this comment.
This worked for me, splitting the version and checking for strictly more than 3 components:
$dev = count(split($puppet_agent::prepare::package_version, '\.')) > 3
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
from
191a2cc to
4a3c3e5
Compare
manifests/prepare/package.pp
Outdated
| mode => '0600', | ||
| } | ||
|
|
||
| $curl_command = "curl -1 -sL --netrc-file '${netrc_file}' -w '%{http_code}' -o '${local_package_file_path}' '${source}' > '${response_file}'" |
There was a problem hiding this comment.
suggest adding --fail so it returns non-zero exit on HTTP error
| path => ['/usr/bin', '/bin'], | ||
| onlyif => "test -f '${netrc_file}'", | ||
| require => Exec['Download Puppet Agent for Darwin'], | ||
| } |
There was a problem hiding this comment.
may produce a "changed" event each time the agent runs?
There was a problem hiding this comment.
Isn't that the kind of issue https://forge.puppet.com/modules/puppetlabs/transition/readme exists for?
manifests/prepare/package.pp
Outdated
| file { $netrc_file: | ||
| ensure => file, | ||
| content => "machine artifacts-puppetcore.puppet.com\nlogin ${download_username}\npassword ${download_password}\n", | ||
| mode => '0600', |
There was a problem hiding this comment.
please add show_diff => false,, to ensure password won't be leaked
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
from
4a3c3e5 to
2e64a41
Compare
When using the puppetcore collection on Windows, if we detect the installed version does not match, then upgrade the MSI. Due to a puppet bug, we cannot pass credentials in the `source` parameter. And `curl.exe` is not present in our puppet-agent packages. So use powershell to download. Co-authored-by: Kevin <114269618+klab-systems@users.noreply.github.com>
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
2 times, most recently
from
bcaf7d6 to
195c5e9
Compare
manifests/osfamily/darwin.pp
Outdated
| @@ -8,7 +8,7 @@ | |||
| $productversion_array = split($facts['os']['macosx']['version']['major'], '[.]') | |||
| $productversion_major = $productversion_array[0] | |||
| } | |||
|
|
|||
| $destination_name = undef | |||
There was a problem hiding this comment.
Why do you set the variable here?
There was a problem hiding this comment.
The variable needs to get set for the scenario if puppetcore isn't being used. The way I had it set here is a work in progress, I'm about to push up changes that reflect how Josh fixed this with his Windows commit. I think it will be a bit cleaner in what is going on. Thanks for the comment I had forgotten to update this.
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
from
195c5e9 to
96e3677
Compare
manifests/osfamily/darwin.pp
Outdated
| @@ -20,12 +19,25 @@ | |||
| } else { | |||
| $source = "puppet:///pe_packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" | |||
| } | |||
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ { | |||
There was a problem hiding this comment.
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ { | |
| } elsif $puppet_agent::collection =~ /core/ { |
There was a problem hiding this comment.
$puppet_agent::collection cannot be undef, so we don't need to check if it's undef
manifests/osfamily/darwin.pp
Outdated
| @@ -8,7 +8,6 @@ | |||
| $productversion_array = split($facts['os']['macosx']['version']['major'], '[.]') | |||
| $productversion_major = $productversion_array[0] | |||
| } | |||
|
|
|||
| if $puppet_agent::absolute_source { | |||
There was a problem hiding this comment.
I think this whole block becomes a bit more readable and shorter, if you do something like:
$source = if $puppet_agent::absolute_source {
...Which enables you to get rid of all the following $source = in the logic block.
manifests/prepare/package.pp
Outdated
| @@ -56,6 +56,45 @@ | |||
| creates => $local_package_file_path, | |||
| require => File[$puppet_agent::params::local_packages_dir], | |||
| } | |||
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ and $facts['os']['family'] =~ /Darwin/ { | |||
There was a problem hiding this comment.
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ and $facts['os']['family'] =~ /Darwin/ { | |
| } elsif $puppet_agent::collection =~ /core/ and $facts['os']['family'] =~ /Darwin/ { |
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
from
96e3677 to
4c2832f
Compare
| } else { | ||
| $source = "puppet:///pe_packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" |
There was a problem hiding this comment.
I think we want to keep puppet:///pe_packages/${pe_server_version}/.... as a valid source.
tasks/install_shell.sh
Outdated
| if [[ "$collection" =~ core ]]; then | ||
| if [ -z "$password" ]; then | ||
| echo "A password parameter is required to install" | ||
| exit 1 |
There was a problem hiding this comment.
Since we check for an empty password earlier, is the if [ -z "$password ] check needed?
tasks/install_shell.sh
Outdated
| @@ -431,6 +451,12 @@ do_curl() { | |||
| unable_to_retrieve_package | |||
| fi | |||
|
|
|||
| grep "HTTP/2 401" $tmp_stderr 2>&1 >/dev/null | |||
There was a problem hiding this comment.
I don't know that we can safely assume the server replied with HTTP 2. Probably better to just check for:
| grep "HTTP/2 401" $tmp_stderr 2>&1 >/dev/null | |
| grep "401 Unauthorized" $tmp_stderr 2>&1 >/dev/null |
This updates the download of puppet-agent when puppetcore packages are used. The new 'puppetcore7' and 'puppetcore8' collections when used for MacOS will now download puppetcore packages. Due to a bug in Puppet for now we're going to depend on Curl to download the package.
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
from
4c2832f to
e6359ea
Compare
This is a work in progress, currently based on Josh's WIP: #766