Update rocky Dockerfiles

Add README describing how to run these Dockerfiles

* Dockerfile is used to verify upgrades, by default from 7.34.0 to 8.10.0.
* Dockerfile.versions is used to install multiple release packages and verify
  you can get a listing.

Update `Dockerfile` and `Dockerfile.versions` to allow credentials to be
specified, taking care not to save the credentials in the docker image.

Update `Dockerfile.versions` to download the puppet8 release package from
yum-support and after installation, configure the username and password in the
repo config.

Added `run-versions.shUpdate `Dockerfile` to copy `run-upgrade.sh` into the
docker image and run it using an externally provided password.

Update `run-upgrade.sh` to pass username and password as facts to `upgrade.pp`.
When the upgrade is performed, the module will create pc_repo with the provided
credentials and use that to upgrade to 8.10.0.

Author: joshcooper

docker/README.md

@@ -0,0 +1,50 @@
+# README
+
+These directories contain Dockerfiles that are useful for testing installation and upgrades.
+
+## Usage
+
+### Installation
+
+TBD
+
+### Upgrades
+
+This case installs a "before" version of puppet-agent 7.x and verifies you can
+use this module to upgrade to an "after" version of puppet-agent 8.x.
+
+#### Usage
+
+All examples assume the `PUPPET_FORGE_TOKEN` environment variable is set.
+
+##### Perform default upgrade
+
+```
+$ docker/bin/upgrade.sh
+...
+Notice: /Stage[main]/Puppet_agent::Install/Package[puppet-agent]/ensure: ensure changed '7.34.0-1.el8' to '8.10.0'
+```
+
+##### Upgrade a specific platform
+
+```
+$ docker/bin/upgrade.sh rocky
+...
+Notice: /Stage[main]/Puppet_agent::Install/Package[puppet-agent]/ensure: ensure changed '7.34.0-1.el8' to '8.10.0'
+```
+
+##### Upgrade from a specific version
+
+```
+$ docker/bin/upgrade.sh rocky 7.12.0
+...
+Notice: /Stage[main]/Puppet_agent::Install/Package[puppet-agent]/ensure: ensure changed '7.12.0-1.el8' to '8.10.0'
+```
+
+##### Upgrade from and to specific versions
+
+```
+$ docker/bin/upgrade.sh rocky 7.34.0 8.11.0
+...
+Error: /Stage[main]/Puppet_agent::Install/Package[puppet-agent]/ensure: change from '7.12.0-1.el8' to '8.11.0' failed: Could not update: Execution of '/usr/bin/yum -d 0 -e 0 -y update puppet-agent-8.11.0' returned 1
+```

docker/bin/helpers/run-upgrade.sh

@@ -20,7 +20,12 @@ case $puppet_major in
     echo "Invalid version supplied" 1>&2
     exit 1
 esac
-FACTER_to_version=${1:-8.10.0} FACTER_to_collection=${to_collection} /opt/puppetlabs/puppet/bin/puppet apply --debug --trace --modulepath /tmp/modules /tmp/upgrade.pp
+FACTER_to_version=${1:-8.10.0} \
+                 FACTER_to_collection=${to_collection} \
+                 FACTER_forge_username=forge-key \
+                 FACTER_forge_password="${PUPPET_FORGE_TOKEN}" \
+                 /opt/puppetlabs/puppet/bin/puppet apply --debug --trace --modulepath /tmp/modules /tmp/upgrade.pp
+
 # Make e.g. `puppet --version` work out of the box.
 PATH=/opt/puppetlabs/bin:$PATH \
     read -p "Explore the upgraded container? [y/N]: " choice && \

docker/bin/helpers/run-versions.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+# Install several repos: puppet 7 and 8
+wget -O puppet7.rpm http://yum.puppet.com/puppet7-release-el-8.noarch.rpm
+rpm -i puppet7.rpm --force --replacefiles --nodeps
+wget -O puppet8.rpm https://yum-puppetcore.puppet.com/public/puppet8-release-el-8.noarch.rpm
+rpm -i puppet8.rpm --force --replacefiles --nodeps
+
+sed -i 's/^#\?username=.*/username=forge-key/' /etc/yum.repos.d/puppet8-dev-release.repo
+sed -i "s/^#\\?password=.*/password=${PUPPET_FORGE_TOKEN}/" /etc/yum.repos.d/puppet8-dev-release.repo
+
+dnf list puppet-agent --showduplicates

docker/bin/upgrade.sh

@@ -8,23 +8,27 @@
 # - PLATFORM: The platform on which the upgrade should occur. This also
 #             supports comma-separated lists. Available:
 #             - `ubuntu`
-#             - `centos`
 #             - `rocky`
 #             Default: `ubuntu`
 # - BEFORE: The puppet-agent package version that is installed prior to upgrade.
-#           Default: 1.10.14
+#           Default: 7.34.0
 # - AFTER: The puppet-agent package version that should exist after upgrade.
-#          Default: 6.2.0
+#          Default: 8.1.0
 set -e
 
+if [ -z "${PUPPET_FORGE_TOKEN}" ]; then
+    echo "Environment variable PUPPET_FORGE_TOKEN must be set"
+    exit 1
+fi
+
 cd "$(dirname "$0")/../.."
-platforms=${1:-ubuntu}
+platforms=${1:-rocky}
 before=${2:-7.34.0}
 after=${3:-8.10.0}
 for platform in ${platforms//,/ }
 do
     docker build --rm -f docker/$platform/Dockerfile . -t pa-dev:$platform \
         --build-arg before=${before}
-    docker run --rm -ti pa-dev:$platform ${after}
+    docker run -e PUPPET_FORGE_TOKEN --rm -ti pa-dev:$platform ${after}
 done
-echo Complete
+echo Complete

docker/bin/versions.sh

@@ -11,7 +11,12 @@
 #             Default: `ubuntu`
 set -e
 
-platform=${1:-ubuntu}
+if [ -z "${PUPPET_FORGE_TOKEN}" ]; then
+    echo "Environment variable PUPPET_FORGE_TOKEN must be set"
+    exit 1
+fi
+
+platform=${1:-rocky}
 
 case "${platform}" in
     ubuntu|rocky)
@@ -21,5 +26,5 @@ case "${platform}" in
         ;;
 esac
 cd "$(dirname "$0")/../.."
-docker build -f docker/${platform}/Dockerfile.versions . -t pa-dev:${platform}-versions
-docker run -it --rm pa-dev:${platform}-versions
+docker build --rm -f docker/${platform}/Dockerfile.versions . -t pa-dev:${platform}-versions
+docker run -e PUPPET_FORGE_TOKEN --rm -it pa-dev:${platform}-versions

docker/rocky/Dockerfile

@@ -31,7 +31,7 @@ FROM rockylinux/rockylinux:8
 
 # Install some other dependencies for ease of life.
 RUN  dnf update -y \
-  && dnf install -y wget git \
+  && dnf install -y git \
   && dnf clean all
 
 ARG before=7.34.0
@@ -40,8 +40,7 @@ LABEL before=${before}
 # Install proper FROM repo pupet 7
 RUN if [[ ${before} == 7.* ]]; then \
         echo Installing puppet7 repo; \
-        wget -O puppet7.rpm http://yum.puppet.com/puppet7-release-el-8.noarch.rpm && \
-        rpm -i puppet7.rpm; \
+        rpm -Uvh http://yum.puppet.com/puppet7-release-el-8.noarch.rpm; \
     else echo no; \
     fi
 
@@ -50,7 +49,8 @@ RUN if [[ ${before} == 7.* ]]; then \
 
 # Install FROM version of puppet-agent.
 RUN dnf -y update && \
-    dnf install -y puppet-agent-${before}-1.el8
+    dnf install -y puppet-agent-${before} && \
+    dnf clean all
 
 # This is also duplicated in the docker/bin/helpers/run-upgrade.sh.
 ENV module_path=/tmp/modules

docker/rocky/Dockerfile.versions

@@ -5,12 +5,9 @@ RUN  dnf update -y \
   && dnf install -y wget git \
   && dnf clean all
 
-# Install several repos: puppet 7 and 8
-RUN wget -O puppet7.rpm http://yum.puppet.com/puppet7-release-el-8.noarch.rpm && \
-    rpm -i puppet7.rpm --force --replacefiles --nodeps && \
-    wget -O puppet8.rpm http://yum.puppet.com/puppet8-release-el-8.noarch.rpm && \
-    rpm -i puppet8.rpm --force --replacefiles --nodeps
+# Now move the project directory's files into the image. That way, if these
+# files change, caching will skip everything before this.
+COPY docker/bin/helpers/run-versions.sh /tmp/bin/run-versions.sh
 
-# Print out available package versions for puppet-agent. If a specific version
-# is desired, pass that in with e.g. `--build-arg before=1.1.1`
-ENTRYPOINT ["dnf", "list", "puppet-agent", "--showduplicates"]
+# Print out available package versions for puppet-agent.
+ENTRYPOINT ["/tmp/bin/run-versions.sh"]

docker/upgrade.pp

@@ -8,5 +8,7 @@
     # process.
     service_names   => [],
     collection      => $facts['to_collection'],
+    username        => $facts['forge_username'],
+    password        => Sensitive($facts['forge_password'])
   }
 }