Install rpm packages from yum-puppetcore.puppet.com

Change the default yum_source to https://yum-puppetcore.puppet.com. Note the
change to HTTPS.

Add optional username and password to install task. If installing from the
default yum_source, then the username defaults to forge-key and a password
must be specified.

For SLES, add the credentials to /etc/zypp/credentials.d/PuppetcoreCreds

For other rpm platforms, add the credentials to the baseurl.

Create dnf and sles Dockerfiles for testing the install task.

Create install.sh script to build docker image and run it:

    docker/bin/install.sh [image] [version]

By default install 8.11.0 on rocky8.

The `PUPPET_FORGE_TOKEN` environment variable must be set, which will be passed
as the `password` to the task.

Author: joshcooper

docker/bin/helpers/run-install.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+set -e
+
+to_version="${1}"
+if [[ -z "${to_version}" ]]; then
+    echo "$0: The version to install must be passed as an argument"
+    exit 1
+fi
+puppet_version=( ${to_version//./ } )
+puppet_major=${puppet_version[0]}
+case $puppet_major in
+    7)
+        to_collection=puppetcore7
+        ;;
+    8)
+        to_collection=puppetcore8
+        ;;
+    *)
+        echo "$0: Invalid version supplied" 1>&2
+        exit 1
+esac
+
+export PT__installdir=../
+export PT_version=${to_version}
+export PT_collection=${to_collection}
+export PT_password=${PUPPET_FORGE_TOKEN}
+chmod u+x tasks/install_shell.sh
+tasks/install_shell.sh
+
+echo "puppet $(/opt/puppetlabs/puppet/bin/puppet --version)"
+echo "facter $(/opt/puppetlabs/puppet/bin/facter --version)"
+/opt/puppetlabs/puppet/bin/puppet apply -e 'notice("puppet apply")'
+
+# Make e.g. `puppet --version` work out of the box.
+PATH=/opt/puppetlabs/bin:$PATH \
+    read -p "Explore the container? [y/N]: " choice && \
+    choice=${choice:-N} && \
+    if [ "${choice}" = "y" ]; then \
+        bash; \
+    else \
+        echo "Moving on..."; \
+    fi

docker/bin/install.sh

@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+# Usage: `./install.sh [<PLATFORM>] [<VERSION>]`
+#
+# Builds an upgrade process for the puppet-agent module and tags as
+# "pa-dev:<PLATFORM>".
+#
+# Parameters:
+# - PLATFORM: The platform on which the upgrade should occur. This also
+#             supports comma-separated lists. Available:
+#             - `amazon`
+#             - `fedora`
+#             - `rocky`
+#             - `sles`
+#             - `ubuntu`
+#             Default: `ubuntu`
+# - BEFORE: The puppet-agent package version that is installed prior to upgrade.
+#           Default: 7.34.0
+# - AFTER: The puppet-agent package version that should exist after upgrade.
+#          Default: 8.1.0
+set -e
+
+if [[ -z "${PUPPET_FORGE_TOKEN}" ]]; then
+    echo "$0: Environment variable PUPPET_FORGE_TOKEN must be set"
+    exit 1
+fi
+
+cd "$(dirname "$0")/../.."
+platforms=${1:-rocky}
+version=${2:-8.11.0}
+for platform in ${platforms//,/ }
+do
+    dockerfile='docker/install/dnf/Dockerfile'
+
+    case $platform in
+        amazon*)
+            base_image='amazonlinux:2023'
+            ;;
+
+        fedora40)
+            base_image='fedora:40'
+            ;;
+
+        fedora36)
+            base_image='fedora:36'
+            ;;
+
+        fedora*)
+            base_image='fedora:41'
+            ;;
+
+        rocky8)
+            base_image='rockylinux/rockylinux:8'
+            ;;
+
+        rocky*)
+            base_image='rockylinux/rockylinux:9'
+            ;;
+
+        sles*)
+            base_image='registry.suse.com/suse/sle15:15.6'
+            dockerfile='docker/install/sles/Dockerfile'
+            ;;
+
+        *)
+            echo "$0: Usage install.sh [amazon|fedora|rocky|sles]"
+            exit 1
+            ;;
+    esac
+
+    docker build --rm -f "${dockerfile}" . -t pa-dev:$platform.install \
+           --build-arg BASE_IMAGE="${base_image}"
+    docker run -e PUPPET_FORGE_TOKEN --rm -ti pa-dev:$platform.install "${version}"
+done
+echo Complete

docker/install/dnf/Dockerfile

@@ -0,0 +1,56 @@
+# This Dockerfile enables an iterative development workflow where you can make
+# a change and test it out quickly. The majority of commands in this file will
+# be cached, making the feedback loop typically quite short. The workflow is
+# as follows:
+#   1. Set up pre-conditions for the system in puppet code using `deploy.pp`.
+#   2. Make a change to the module.
+#   3. Run `./docker/bin/install.sh rocky` from the project directory.
+#   4. Review the output. Repeat steps 2-3 as needed.
+#
+# At the end of execution, you will see a line like:
+# Dependencies resolved.
+# ========================================================================================================================================
+#  Package                          Architecture               Version                                  Repository                   Size
+# ========================================================================================================================================
+# Installing:
+#  puppet-agent                     x86_64                     8.10.0-1.el8                             puppet8                      27 M
+
+ARG BASE_IMAGE=rocky:8
+FROM ${BASE_IMAGE}
+
+# Use this to force a cache reset (e.g. for output purposes)
+#COPY $0 /tmp/Dockerfile
+
+# Install some other dependencies for ease of life.
+RUN  dnf update -y \
+  && dnf install -y git \
+  && dnf clean all
+
+# This is also duplicated in the docker/bin/helpers/run-upgrade.sh.
+ENV module_path=/tmp/modules
+WORKDIR "${module_path}/puppet_agent"
+COPY metadata.json ./
+
+# Installing dependencies from source. These versions should be within the range
+# of `dependencies` in metadata.json.
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib --branch v9.7.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-inifile ../inifile --branch v6.2.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-apt ../apt --branch v10.0.1
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-facts ../facts --branch 1.7.0
+
+# Now move the project directory's files into the image. That way, if these
+# files change, caching will skip everything before this.
+COPY docker/bin/helpers/run-install.sh /tmp/bin/run-install.sh
+COPY files/ ./files/
+COPY locales/ ./locales/
+COPY spec/ ./spec/
+COPY task_spec/  ./task_spec/
+COPY tasks/ ./tasks/
+COPY templates/ ./templates
+COPY types/ ./types/
+COPY Gemfile Gemfile.lock Rakefile ./
+COPY lib/ ./lib/
+COPY manifests/ ./manifests/
+
+# Perform the install.
+ENTRYPOINT ["/tmp/bin/run-install.sh"]

docker/install/sles/Dockerfile

@@ -0,0 +1,50 @@
+# This Dockerfile enables an iterative development workflow where you can make
+# a change and test it out quickly. The majority of commands in this file will
+# be cached, making the feedback loop typically quite short. The workflow is
+# as follows:
+#   1. Set up pre-conditions for the system in puppet code using `deploy.pp`.
+#   2. Make a change to the module.
+#   3. Run `./docker/bin/install.sh rocky` from the project directory.
+#   4. Review the output. Repeat steps 2-3 as needed.
+#
+# At the end of execution, you will see a line like:
+#
+# (19/19) Installing: puppet-agent-8.11.0-1.sles15.x86_64 ..........................................................................[done]
+
+ARG BASE_IMAGE=registry.suse.com/suse/sle15:15.6
+FROM ${BASE_IMAGE}
+
+# Use this to force a cache reset (e.g. for output purposes)
+#COPY $0 /tmp/Dockerfile
+
+# Install some other dependencies for ease of life.
+RUN zypper install --no-confirm wget git-core
+
+# This is also duplicated in the docker/bin/helpers/run-upgrade.sh.
+ENV module_path=/tmp/modules
+WORKDIR "${module_path}/puppet_agent"
+COPY metadata.json ./
+
+# Installing dependencies from source. These versions should be within the range
+# of `dependencies` in metadata.json.
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib --branch v9.7.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-inifile ../inifile --branch v6.2.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-apt ../apt --branch v10.0.1
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-facts ../facts --branch 1.7.0
+
+# Now move the project directory's files into the image. That way, if these
+# files change, caching will skip everything before this.
+COPY docker/bin/helpers/run-install.sh /tmp/bin/run-install.sh
+COPY files/ ./files/
+COPY locales/ ./locales/
+COPY spec/ ./spec/
+COPY task_spec/  ./task_spec/
+COPY tasks/ ./tasks/
+COPY templates/ ./templates
+COPY types/ ./types/
+COPY Gemfile Gemfile.lock Rakefile ./
+COPY lib/ ./lib/
+COPY manifests/ ./manifests/
+
+# Perform the install.
+ENTRYPOINT ["/tmp/bin/run-install.sh"]

tasks/install.json

@@ -7,7 +7,7 @@
     },
     "collection": {
       "description": "The Puppet collection to install from (defaults to puppet, which maps to the latest collection released)",
-      "type": "Optional[Enum[puppet7, puppet8, puppet, puppet7-nightly, puppet8-nightly, puppet-nightly]]"
+      "type": "Optional[Enum[puppet7, puppet8, puppet, puppet7-nightly, puppet8-nightly, puppet-nightly, puppetcore7, puppetcore8]]"
     },
     "absolute_source": {
       "description": "The absolute source location to find the Puppet agent package",
@@ -41,6 +41,14 @@
       "description": "The number of retries in case of network connectivity failures",
       "type": "Optional[Integer]",
       "default": 5
+    },
+    "username": {
+      "description": "The username to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
+    },
+    "password": {
+      "description": "The password to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
     }
   },
   "implementations": [

tasks/install_shell.json

@@ -9,7 +9,7 @@
     },
     "collection": {
       "description": "The Puppet collection to install from (defaults to puppet, which maps to the latest collection released)",
-      "type": "Optional[Enum[puppet7, puppet8, puppet, puppet7-nightly, puppet8-nightly, puppet-nightly]]"
+      "type": "Optional[Enum[puppet7, puppet8, puppet, puppet7-nightly, puppet8-nightly, puppet-nightly, puppetcore7, puppetcore8]]"
     },
     "absolute_source": {
       "description": "The absolute source location to find the Puppet agent package",
@@ -43,6 +43,14 @@
       "description": "The number of retries in case of network connectivity failures",
       "type": "Optional[Integer]",
       "default": 5
+    },
+    "username": {
+      "description": "The username to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
+    },
+    "password": {
+      "description": "The password to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
     }
   },
   "files": ["facts/tasks/bash.sh"],

tasks/install_shell.sh

@@ -100,6 +100,16 @@ if [ -n "$PT_version" ]; then
   version=$PT_version
 fi
 
+if [ -n "$PT_username" ]; then
+    username=$PT_username
+else
+    username='forge-key'
+fi
+
+if [ -n "$PT_password" ]; then
+    password=$PT_password
+fi
+
 if [ -n "$PT_collection" ]; then
   # Check whether collection is nightly
   if [[ "$PT_collection" == *"nightly"* ]]; then
@@ -116,10 +126,18 @@ fi
 if [ -n "$PT_yum_source" ]; then
   yum_source=$PT_yum_source
 else
-  if [ "$nightly" = true ]; then
-    yum_source='http://nightlies.puppet.com/yum'
+  if [[ "$collection" == "puppetcore"* ]]; then
+    yum_source='https://yum-puppetcore.puppet.com/public'
+    if [ -z "$password" ]; then
+      echo "A password parameter is required to install from ${yum_source}"
+      exit 1
+    fi
   else
-    yum_source='http://yum.puppet.com'
+    if [ "$nightly" = true ]; then
+      yum_source='http://nightlies.puppet.com/yum'
+    else
+      yum_source='http://yum.puppet.com'
+    fi
   fi
 fi
 
@@ -582,7 +600,14 @@ install_file() {
         fi
       fi
 
+      repo="/etc/yum.repos.d/${collection/core/}-release.repo"
       rpm -Uvh --oldpackage --replacepkgs "$2"
+      if [[ -n $username ]]; then
+          sed -i "s/^#\?username=.*/username=${username}/" "${repo}"
+      fi
+      if [[ -n $password ]]; then
+          sed -i "s/^#\?password=.*/password=${password}/" "${repo}"
+      fi
       exists dnf && PKGCMD=dnf || PKGCMD=yum
       if test "$version" = 'latest'; then
         run_cmd "${PKGCMD} install -y puppet-agent && ${PKGCMD} upgrade -y puppet-agent"
@@ -607,6 +632,12 @@ install_file() {
       fi
 
       run_cmd "zypper install --no-confirm '$2'"
+      if [[ -n $username ]]; then
+          sed -i "s/^username=.*/username=${username}/" "/etc/zypp/credentials.d/PuppetcoreCreds"
+      fi
+      if [[ -n $password ]]; then
+          sed -i "s/^password=.*/password=${password}/" "/etc/zypp/credentials.d/PuppetcoreCreds"
+      fi
       if test "$version" = "latest"; then
         run_cmd "zypper install --no-confirm 'puppet-agent'"
       else
@@ -669,22 +700,31 @@ case $platform in
     info "SLES platform! Lets get you an RPM..."
 
     if [[ $PT__noop != true ]]; then
-      for key in "puppet" "puppet-20250406"; do
-        gpg_key="${tmp_dir}/RPM-GPG-KEY-${key}"
-        do_download "https://yum.puppet.com/RPM-GPG-KEY-${key}" "$gpg_key"
-        rpm --import "$gpg_key"
-        rm -f "$gpg_key"
-      done
+      if [[ "$PT_collection" =~ core ]]; then
+        for key in "puppet"; do
+          gpg_key="${tmp_dir}/RPM-GPG-KEY-${key}"
+          do_download "https://yum-puppetcore.puppet.com/public/RPM-GPG-KEY-${key}" "$gpg_key"
+          rpm --import "$gpg_key"
+          rm -f "$gpg_key"
+        done
+      else
+        for key in "puppet" "puppet-20250406"; do
+          gpg_key="${tmp_dir}/RPM-GPG-KEY-${key}"
+          do_download "https://yum.puppet.com/public/RPM-GPG-KEY-${key}" "$gpg_key"
+          rpm --import "$gpg_key"
+          rm -f "$gpg_key"
+        done
+      fi
     fi
 
     filetype="noarch.rpm"
-    filename="${collection}-release-sles-${platform_version}.noarch.rpm"
+    filename="${collection/core/}-release-sles-${platform_version}.noarch.rpm"
     download_url="${yum_source}/${filename}"
     ;;
   "el")
     info "Red hat like platform! Lets get you an RPM..."
     filetype="rpm"
-    filename="${collection}-release-el-${platform_version}.noarch.rpm"
+    filename="${collection/core/}-release-el-${platform_version}.noarch.rpm"
     download_url="${yum_source}/${filename}"
     ;;
   "Amzn"|"Amazon Linux")
@@ -698,13 +738,13 @@ case $platform in
     elif (( platform_version == 2 || platform_version >= 2023 )); then
       platform_package="amazon"
     fi
-    filename="${collection}-release-${platform_package}-${platform_version}.noarch.rpm"
+    filename="${collection/core/}-release-${platform_package}-${platform_version}.noarch.rpm"
     download_url="${yum_source}/${filename}"
     ;;
   "Fedora")
     info "Fedora platform! Lets get the RPM..."
     filetype="rpm"
-    filename="${collection}-release-fedora-${platform_version}.noarch.rpm"
+    filename="${collection/core/}-release-fedora-${platform_version}.noarch.rpm"
     download_url="${yum_source}/${filename}"
     ;;
   "Debian")