Skip to content

Add puppetcore support for macOS #784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 1, 2025
Merged

Add puppetcore support for macOS #784

merged 5 commits into from
Jul 1, 2025

Conversation

@joshcooper
Copy link
Contributor

@joshcooper joshcooper commented Jun 28, 2025
edited
Loading

Adds support for installing puppetcore packages on macOS via bolt task:

/opt/puppetlabs/bolt/bin/bolt task run puppet_agent::install \
  collection=puppetcore8 \
  version=8.13.1 \
  username=forge-key \
  password=${PUPPET_FORGE_TOKEN} \
  --targets 'www.example.com'

And upgrading installed packages to puppetcore over time:

class { 'puppet_agent':
  package_version => '8.13.1',
  collection      => 'puppetcore8',
  username        => 'forge-key',
  password        => Sensitive(...)
}
include 'puppet_agent'

@joshcooper joshcooper requested review from a team and bastelfreak as code owners June 28, 2025 05:10
@joshcooper joshcooper marked this pull request as draft June 28, 2025 05:11
joshcooper added 5 commits July 1, 2025 15:43
@joshcooper
(PA-7586) Add puppetcore support for macOS
798731f 
Install puppetcore packages on macOS via SSH:

```
/opt/puppetlabs/bolt/bin/bolt task run puppet_agent::install \
  collection=puppetcore8 \
  version=8.13.1 \
  username=forge-key \
  password=${PUPPET_FORGE_TOKEN} \
  --targets www.example.com
```
@joshcooper
(PA-7586) Move puppetcore password check
224bb06 
If yum_source wasn't specified, such as when installing puppetcore on apt or
mac, and a password wasn't specified, the error message incorrectly referenced
yum:

    A password parameter is required to install from https://yum-puppetcore.puppet.com/public

Move the password check prior to handling yum, apt, etc sources. If installing
puppetcore packages and password isn't specified, we now report:

    A password parameter is required to install from puppetcore
@joshcooper
(PA-7586) Handle failed authentication
061b172 
Since wget and curl may attempt to use credentials, report if authentication
fails.
@joshcooper
(PA-7586) Don't assume curl uses HTTP/1.1
f7cd3cd 
The script assumed curl was using HTTP/1.1 as it was tried to match:

    404 Not Found

When using 2.0, the HTTP status text is not included in the response:

    HTTP/2 404

Update the grep pattern so we handle both 1.1 and 2. If the credentials are
invalid, the task will report:

    21:49:40 -0700 CRIT: ERROR 401
    21:49:40 -0700 CRIT: Unable to retrieve a valid package!

If the requested package doesn't exist, the task will report:

    21:56:33 -0700 CRIT: ERROR 404
    21:56:33 -0700 CRIT: Unable to retrieve a valid package!
@joshcooper
(PA-7586) Upgrade puppetcore* dmg from artifacts-puppetcore.puppet.com
bd2787a 
When using the puppetcore collection on macOS, if we detect the version does not
match, then upgrade the DMG. Due to a puppet bug, we cannot pass credentials in
the `source` parameter, so curl using 'netrc' to pass credentials securely.

Note facter's `os.release.major` returns the Darwin kernel version (23), but our
packages are named after the OS version (14), so use `os.macosx.version.major`.

```
class { 'puppet_agent':
  package_version => '8.13.1',
  collection      => 'puppetcore8',
  username        => 'forge-key',
  password        => Sensitive(...)
}
include 'puppet_agent'
```
@joshcooper
Copy link
Contributor Author

joshcooper commented Jul 1, 2025
edited
Loading

Install

❯ /opt/puppetlabs/bolt/bin/bolt task run puppet_agent::install \                            
 collection=puppetcore8 \
 version=8.12.0 \
 username=forge-key \
 password=$PUPPET_FORGE_TOKEN \
 --targets pix-arm64-macos14-5.nspooler-prod.puppet.net \
 --modulepath ~/work/modules.install \
 --no-host-key-check

Started on pix-arm64-macos14-5.nspooler-prod.puppet.net...
Finished on pix-arm64-macos14-5.nspooler-prod.puppet.net:
  15:55:23 -0700 INFO: Version parameter defined: 8.12.0
  15:55:23 -0700 INFO: Downloading Puppet 8.12.0 for mac_os_x...
  15:55:23 -0700 INFO: Mac platform! Lets get you a DMG...
  15:55:23 -0700 INFO: Downloading https://artifacts-puppetcore.puppet.com/v1/download?version=8.12.0&os_name=osx&os_version=14&os_arch=arm64
  15:55:23 -0700 INFO:   to file /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/install.sh.2235.48246/puppet-agent-8.12.0-1.osx14.dmg
  15:55:23 -0700 INFO: Trying curl...
  15:55:25 -0700 INFO: installing puppetlabs dmg with hdiutil and installer
  Checksumming Protective Master Boot Record (MBR : 0)…
  Protective Master Boot Record (MBR :: verified   CRC32 $A63E199D
  Checksumming GPT Header (Primary GPT Header : 1)…
   GPT Header (Primary GPT Header : 1): verified   CRC32 $EAA7539C
  Checksumming GPT Partition Data (Primary GPT Table : 2)…
  GPT Partition Data (Primary GPT Tabl: verified   CRC32 $44BDA912
  Checksumming  (Apple_Free : 3)…
                      (Apple_Free : 3): verified   CRC32 $00000000
  Checksumming disk image (Apple_APFS : 4)…
           disk image (Apple_APFS : 4): verified   CRC32 $55289681
  Checksumming  (Apple_Free : 5)…
                      (Apple_Free : 5): verified   CRC32 $00000000
  Checksumming GPT Partition Data (Backup GPT Table : 6)…
  GPT Partition Data (Backup GPT Table: verified   CRC32 $44BDA912
  Checksumming GPT Header (Backup GPT Header : 7)…
    GPT Header (Backup GPT Header : 7): verified   CRC32 $756A0C32
  verified   CRC32 $46A097E3
  /dev/disk6          	GUID_partition_scheme          	
  /dev/disk6s1        	Apple_APFS                     	
  /dev/disk7          	EF57347C-0000-11AA-AA11-0030654	
  /dev/disk7s1        	41504653-0000-11AA-AA11-0030654	/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/38448.hZz5TdvtXe
  installer: Package name is puppet-agent
  installer: Upgrading at base path /
  installer: The upgrade was successful.
  "disk6" ejected.
Successful on 1 target: pix-arm64-macos14-5.nspooler-prod.puppet.net
Ran on 1 target in 17.06 sec

Upgrade

# puppet apply upgrade.pp 
Notice: Scope(Class[Puppet_agent::Install::Darwin]): Puppet install log file at /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/osx_install.log
Notice: Compiled catalog for pix-arm64-macos14-5.nspooler-prod.puppet.net in environment production in 0.43 seconds
Notice: /Stage[main]/Puppet_agent::Prepare::Package/File[/opt/puppetlabs/packages]/ensure: created
Notice: /Stage[main]/Puppet_agent::Prepare::Package/File[/opt/puppetlabs/packages/download_puppet.sh]/ensure: changed [redacted] to [redacted]
Notice: /Stage[main]/Puppet_agent::Prepare::Package/Exec[Download Puppet Agent]/returns: executed successfully
Notice: /Stage[main]/Puppet_agent::Install::Darwin/File[/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/osx_install.sh]/ensure: defined content as '{sha256}3907d6c93d9eeb854219100bab1f2923d95eedb77489bc9f24d5a78cdd240a9f'
Notice: /Stage[main]/Puppet_agent::Install::Darwin/Exec[osx_install script]/returns: executed successfully
Notice: /Stage[main]/Puppet_agent::Service/Service[puppet]/ensure: ensure changed 'stopped' to 'running'
# puppet --version
8.13.1
# puppet apply upgrade.pp 
Notice: Compiled catalog for pix-arm64-macos14-5.nspooler-prod.puppet.net in environment production in 0.41 seconds
Notice: Applied catalog in 0.69 seconds

@joshcooper joshcooper marked this pull request as ready for review July 1, 2025 23:04
@joshcooper joshcooper requested a review from a team as a code owner July 1, 2025 23:04
@joshcooper joshcooper merged commit 5db87f4 into puppetlabs:main Jul 1, 2025
16 checks passed
@joshcooper joshcooper deleted the macos_puppetcore branch July 1, 2025 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cthorn42 cthorn42 cthorn42 approved these changes

@bastelfreak bastelfreak Awaiting requested review from bastelfreak bastelfreak is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joshcooper @cthorn42