Install rpm packages from yum-puppetcore.puppet.com

joshcooper · joshcooper · commit 1c6ff838a78b · 2025-02-19T21:50:54.000-08:00
Change the default yum_source to https://yum-puppetcore.puppet.com. Note the change to HTTPS. Add optional username and password to install task. If installing from the default yum_source, then the username defaults to forge-key and a password must be specified. For SLES, add the credentials to /etc/zypp/credentials.d/PuppetcoreCreds For other rpm platforms, add the credentials to the baseurl. Create dnf and sles Dockerfiles for testing the install task. Create install.sh script to build docker image and run it: docker/bin/install.sh [image] [version] By default install 8.11.0 on rocky8. The `PUPPET_FORGE_TOKEN` environment variable must be set, which will be passed as the `password` to the task.
diff --git a/docker/bin/helpers/run-install.sh b/docker/bin/helpers/run-install.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+set -e
+
+to_version="${1}"
+if [[ -z "${to_version}" ]]; then
+    echo "$0: The version to install must be passed as an argument"
+    exit 1
+fi
+puppet_version=( ${to_version//./ } )
+puppet_major=${puppet_version[0]}
+case $puppet_major in
+    7)
+        to_collection=puppet7
+        ;;
+    8)
+        to_collection=puppet8
+        ;;
+    *)
+        echo "$0: Invalid version supplied" 1>&2
+        exit 1
+esac
+
+export PT__installdir=../
+export PT_version=${to_version}
+export PT_collection=${to_collection}
+export PT_password=${PUPPET_FORGE_TOKEN}
+chmod u+x tasks/install_shell.sh
+tasks/install_shell.sh
+
+echo "puppet $(/opt/puppetlabs/puppet/bin/puppet --version)"
+echo "facter $(/opt/puppetlabs/puppet/bin/facter --version)"
+/opt/puppetlabs/puppet/bin/puppet apply -e 'notice("puppet apply")'
+
+# Make e.g. `puppet --version` work out of the box.
+PATH=/opt/puppetlabs/bin:$PATH \
+    read -p "Explore the container? [y/N]: " choice && \
+    choice=${choice:-N} && \
+    if [ "${choice}" = "y" ]; then \
+        bash; \
+    else \
+        echo "Moving on..."; \
+    fi
diff --git a/docker/bin/install.sh b/docker/bin/install.sh
@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+# Usage: `./install.sh [<PLATFORM>] [<VERSION>]`
+#
+# Builds an upgrade process for the puppet-agent module and tags as
+# "pa-dev:<PLATFORM>".
+#
+# Parameters:
+# - PLATFORM: The platform on which the upgrade should occur. This also
+#             supports comma-separated lists. Available:
+#             - `amazon`
+#             - `fedora`
+#             - `rocky`
+#             - `sles`
+#             - `ubuntu`
+#             Default: `ubuntu`
+# - BEFORE: The puppet-agent package version that is installed prior to upgrade.
+#           Default: 7.34.0
+# - AFTER: The puppet-agent package version that should exist after upgrade.
+#          Default: 8.1.0
+set -e
+
+if [[ -z "${PUPPET_FORGE_TOKEN}" ]]; then
+    echo "$0: Environment variable PUPPET_FORGE_TOKEN must be set"
+    exit 1
+fi
+
+cd "$(dirname "$0")/../.."
+platforms=${1:-rocky}
+version=${2:-8.11.0}
+for platform in ${platforms//,/ }
+do
+    dockerfile='docker/install/dnf/Dockerfile'
+
+    case $platform in
+        amazon*)
+            base_image='amazonlinux:2023'
+            ;;
+
+        fedora40)
+            base_image='fedora:40'
+            ;;
+
+        fedora36)
+            base_image='fedora:36'
+            ;;
+
+        fedora*)
+            base_image='fedora:41'
+            ;;
+
+        rocky8)
+            base_image='rockylinux/rockylinux:8'
+            ;;
+
+        rocky*)
+            base_image='rockylinux/rockylinux:9'
+            ;;
+
+        sles*)
+            base_image='registry.suse.com/suse/sle15:15.6'
+            dockerfile='docker/install/sles/Dockerfile'
+            ;;
+
+        *)
+            echo "$0: Usage install.sh [amazon|fedora|rocky|sles]"
+            exit 1
+            ;;
+    esac
+
+    docker build --rm -f "${dockerfile}" . -t pa-dev:$platform.install \
+           --build-arg BASE_IMAGE="${base_image}"
+    docker run -e PUPPET_FORGE_TOKEN --rm -ti pa-dev:$platform.install "${version}"
+done
+echo Complete
diff --git a/docker/install/dnf/Dockerfile b/docker/install/dnf/Dockerfile
@@ -0,0 +1,56 @@
+# This Dockerfile enables an iterative development workflow where you can make
+# a change and test it out quickly. The majority of commands in this file will
+# be cached, making the feedback loop typically quite short. The workflow is
+# as follows:
+#   1. Set up pre-conditions for the system in puppet code using `deploy.pp`.
+#   2. Make a change to the module.
+#   3. Run `./docker/bin/install.sh rocky` from the project directory.
+#   4. Review the output. Repeat steps 2-3 as needed.
+#
+# At the end of execution, you will see a line like:
+# Dependencies resolved.
+# ========================================================================================================================================
+#  Package                          Architecture               Version                                  Repository                   Size
+# ========================================================================================================================================
+# Installing:
+#  puppet-agent                     x86_64                     8.10.0-1.el8                             puppet8                      27 M
+
+ARG BASE_IMAGE=rocky:8
+FROM ${BASE_IMAGE}
+
+# Use this to force a cache reset (e.g. for output purposes)
+#COPY $0 /tmp/Dockerfile
+
+# Install some other dependencies for ease of life.
+RUN  dnf update -y \
+  && dnf install -y git \
+  && dnf clean all
+
+# This is also duplicated in the docker/bin/helpers/run-upgrade.sh.
+ENV module_path=/tmp/modules
+WORKDIR "${module_path}/puppet_agent"
+COPY metadata.json ./
+
+# Installing dependencies from source. These versions should be within the range
+# of `dependencies` in metadata.json.
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib --branch v9.7.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-inifile ../inifile --branch v6.2.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-apt ../apt --branch v10.0.1
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-facts ../facts --branch 1.7.0
+
+# Now move the project directory's files into the image. That way, if these
+# files change, caching will skip everything before this.
+COPY docker/bin/helpers/run-install.sh /tmp/bin/run-install.sh
+COPY files/ ./files/
+COPY locales/ ./locales/
+COPY spec/ ./spec/
+COPY task_spec/  ./task_spec/
+COPY tasks/ ./tasks/
+COPY templates/ ./templates
+COPY types/ ./types/
+COPY Gemfile Gemfile.lock Rakefile ./
+COPY lib/ ./lib/
+COPY manifests/ ./manifests/
+
+# Perform the install.
+ENTRYPOINT ["/tmp/bin/run-install.sh"]
diff --git a/docker/install/sles/Dockerfile b/docker/install/sles/Dockerfile
@@ -0,0 +1,50 @@
+# This Dockerfile enables an iterative development workflow where you can make
+# a change and test it out quickly. The majority of commands in this file will
+# be cached, making the feedback loop typically quite short. The workflow is
+# as follows:
+#   1. Set up pre-conditions for the system in puppet code using `deploy.pp`.
+#   2. Make a change to the module.
+#   3. Run `./docker/bin/install.sh rocky` from the project directory.
+#   4. Review the output. Repeat steps 2-3 as needed.
+#
+# At the end of execution, you will see a line like:
+#
+# (19/19) Installing: puppet-agent-8.11.0-1.sles15.x86_64 ..........................................................................[done]
+
+ARG BASE_IMAGE=registry.suse.com/suse/sle15:15.6
+FROM ${BASE_IMAGE}
+
+# Use this to force a cache reset (e.g. for output purposes)
+#COPY $0 /tmp/Dockerfile
+
+# Install some other dependencies for ease of life.
+RUN zypper install --no-confirm wget git-core
+
+# This is also duplicated in the docker/bin/helpers/run-upgrade.sh.
+ENV module_path=/tmp/modules
+WORKDIR "${module_path}/puppet_agent"
+COPY metadata.json ./
+
+# Installing dependencies from source. These versions should be within the range
+# of `dependencies` in metadata.json.
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib --branch v9.7.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-inifile ../inifile --branch v6.2.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-apt ../apt --branch v10.0.1
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-facts ../facts --branch 1.7.0
+
+# Now move the project directory's files into the image. That way, if these
+# files change, caching will skip everything before this.
+COPY docker/bin/helpers/run-install.sh /tmp/bin/run-install.sh
+COPY files/ ./files/
+COPY locales/ ./locales/
+COPY spec/ ./spec/
+COPY task_spec/  ./task_spec/
+COPY tasks/ ./tasks/
+COPY templates/ ./templates
+COPY types/ ./types/
+COPY Gemfile Gemfile.lock Rakefile ./
+COPY lib/ ./lib/
+COPY manifests/ ./manifests/
+
+# Perform the install.
+ENTRYPOINT ["/tmp/bin/run-install.sh"]
diff --git a/tasks/install.json b/tasks/install.json
@@ -41,6 +41,14 @@
       "description": "The number of retries in case of network connectivity failures",
       "type": "Optional[Integer]",
       "default": 5
+    },
+    "username": {
+      "description": "The username to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
+    },
+    "password": {
+      "description": "The password to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
     }
   },
   "implementations": [
diff --git a/tasks/install_shell.json b/tasks/install_shell.json
@@ -43,6 +43,14 @@
       "description": "The number of retries in case of network connectivity failures",
       "type": "Optional[Integer]",
       "default": 5
+    },
+    "username": {
+      "description": "The username to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
+    },
+    "password": {
+      "description": "The password to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
     }
   },
   "files": ["facts/tasks/bash.sh"],
diff --git a/tasks/install_shell.sh b/tasks/install_shell.sh
@@ -100,6 +100,16 @@ if [ -n "$PT_version" ]; then
   version=$PT_version
 fi
 
+if [ -n "$PT_username" ]; then
+    username=$PT_username
+else
+    username='forge-key'
+fi
+
+if [ -n "$PT_password" ]; then
+    password=$PT_password
+fi
+
 if [ -n "$PT_collection" ]; then
   # Check whether collection is nightly
   if [[ "$PT_collection" == *"nightly"* ]]; then
@@ -110,7 +120,7 @@ if [ -n "$PT_collection" ]; then
 
   collection=$PT_collection
 else
-  collection='puppet'
+  collection='puppet8'
 fi
 
 if [ -n "$PT_yum_source" ]; then
@@ -119,7 +129,11 @@ else
   if [ "$nightly" = true ]; then
     yum_source='https://artifactory.delivery.puppetlabs.net:443/artifactory/internal_nightly__local/yum'
   else
-    yum_source='http://yum.puppet.com'
+    yum_source='https://yum-puppetcore.puppet.com/public'
+    if [ -z "$password" ]; then
+      echo "A password parameter is required to install from ${yum_source}"
+      exit 1
+    fi
   fi
 fi
 
@@ -583,6 +597,12 @@ install_file() {
       fi
 
       rpm -Uvh --oldpackage --replacepkgs "$2"
+      if [[ -n $username ]]; then
+          sed -i "s/^#\?username=.*/username=${username}/" "/etc/yum.repos.d/${collection}-release.repo"
+      fi
+      if [[ -n $password ]]; then
+          sed -i "s/^#\?password=.*/password=${password}/" "/etc/yum.repos.d/${collection}-release.repo"
+      fi
       exists dnf && PKGCMD=dnf || PKGCMD=yum
       if test "$version" = 'latest'; then
         run_cmd "${PKGCMD} install -y puppet-agent && ${PKGCMD} upgrade -y puppet-agent"
@@ -607,6 +627,12 @@ install_file() {
       fi
 
       run_cmd "zypper install --no-confirm '$2'"
+      if [[ -n $username ]]; then
+          sed -i "s/^username=.*/username=${username}/" "/etc/zypp/credentials.d/PuppetcoreCreds"
+      fi
+      if [[ -n $password ]]; then
+          sed -i "s/^password=.*/password=${password}/" "/etc/zypp/credentials.d/PuppetcoreCreds"
+      fi
       if test "$version" = "latest"; then
         run_cmd "zypper install --no-confirm 'puppet-agent'"
       else
@@ -669,9 +695,9 @@ case $platform in
     info "SLES platform! Lets get you an RPM..."
 
     if [[ $PT__noop != true ]]; then
-      for key in "puppet" "puppet-20250406"; do
+      for key in "puppet-20250406"; do
         gpg_key="${tmp_dir}/RPM-GPG-KEY-${key}"
-        do_download "https://yum.puppet.com/RPM-GPG-KEY-${key}" "$gpg_key"
+        do_download "https://yum-puppetcore.puppet.com/public/RPM-GPG-KEY-${key}" "$gpg_key"
         rpm --import "$gpg_key"
         rm -f "$gpg_key"
       done
