Merge pull request #670 from lsst-it/IT-3057/el8-dnscache-int-names

generic preparations for EL8
lsst-it · Oct 19, 2022 · f8ed4f9 · f8ed4f9
2 parents a6d81c3 + 78c22f6
commit f8ed4f9
Show file tree

Hide file tree

Showing 46 changed files with 283 additions and 137 deletions.
diff --git a/hiera.yaml b/hiera.yaml
@@ -5,25 +5,19 @@ defaults:
 hierarchy:
   - name: "private hiera"
     datadir: "/etc/puppetlabs/code/hieradata/private/%{environment}"
-    paths:
+    paths: &paths
       - "node/%{fqdn}.yaml"
       - "site/%{site}/cluster/%{cluster}/role/%{role}.yaml"
       - "site/%{site}/cluster/%{cluster}.yaml"
       - "cluster/%{cluster}/role/%{role}.yaml"
+      - "cluster/%{cluster}/osfamily/%{os.family}/major/%{os.release.major}.yaml"
       - "cluster/%{cluster}.yaml"
       - "site/%{site}/role/%{role}.yaml"
       - "site/%{site}.yaml"
+      - "role/%{role}/osfamily/%{os.family}/major/%{os.release.major}.yaml"
       - "role/%{role}.yaml"
+      - "common/osfamily/%{os.family}/major/%{os.release.major}.yaml"
       - "common.yaml"
   - name: "public hiera"
     datadir: "/etc/puppetlabs/code/environments/%{environment}/hieradata"
-    paths:
-      - "node/%{fqdn}.yaml"
-      - "site/%{site}/cluster/%{cluster}/role/%{role}.yaml"
-      - "site/%{site}/cluster/%{cluster}.yaml"
-      - "cluster/%{cluster}/role/%{role}.yaml"
-      - "cluster/%{cluster}.yaml"
-      - "site/%{site}/role/%{role}.yaml"
-      - "site/%{site}.yaml"
-      - "role/%{role}.yaml"
-      - "common.yaml"
+    paths: *paths
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
@@ -221,12 +221,6 @@ puppet_agent::package_version: "7.18.0"
 puppet_agent::collection: "puppet7"
 puppet_agent::config:
   - {section: "agent", setting: "environment", ensure: "absent"}
-profile::core::yum::versionlock:
-  puppet-agent:
-    ensure: "present"
-    version: "7.18.0"
-    release: "1.el7"
-    before: "Package[puppet-agent]"
 
 # Rsyslog configuration is based on the default rsyslog.conf shipping with CentOS 7.7
 rsyslog::config::global_config:
@@ -397,37 +391,6 @@ resolv_conf::options:
   - "rotate"
   - "timeout:2"
   - "retries:1"
-scl::repos:
-  centos-sclo-sclo:
-    baseurl: "http://mirror.centos.org/centos/%{facts.os.release.major}/sclo/$basearch/sclo/"
-    descr: "CentOS-%{facts.os.release.major} - SCLo sclo"
-    enabled: true
-    ensure: "present"
-    gpgcheck: true
-    gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo"
-  centos-sclo-sclo-debuginfo:
-    baseurl: "http://debuginfo.centos.org/centos/%{facts.os.release.major}/sclo/$basearch/"
-    descr: "CentOS-%{facts.os.release.major} - SCLo sclo Debuginfo"
-    enabled: false
-    ensure: "present"
-    gpgcheck: true
-    gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo"
-  centos-sclo-rh:
-    baseurl: "http://mirror.centos.org/centos/%{facts.os.release.major}/sclo/$basearch/rh/"
-    descr: "CentOS-%{facts.os.release.major} - SCLo rh"
-    enabled: true
-    ensure: "present"
-    gpgcheck: true
-    gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo"
-  centos-sclo-rh-debuginfo:
-    baseurl: "http://debuginfo.centos.org/centos/%{facts.os.release.major}/sclo/$basearch/"
-    descr: "CentOS-%{facts.os.release.major} - SCLo rh Debuginfo"
-    enabled: false
-    ensure: "present"
-    gpgcheck: true
-    gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo"
-
-profile::ts::opensplicedds::ensure: "6.10.4-6.el7"
 
 # Use NFSv4 on NFS enabled hosts.
 nfs::nfs_v4: true

diff --git a/hieradata/common/osfamily/RedHat/major/7.yaml b/hieradata/common/osfamily/RedHat/major/7.yaml
@@ -0,0 +1,42 @@
+---
+profile::core::yum::versionlock:
+  puppet-agent:
+    ensure: "present"
+    version: "7.18.0"
+    release: "1.el7"
+    before: "Package[puppet-agent]"
+profile::ts::opensplicedds::ensure: "6.10.4-6.el7"
+scl::repos:
+  centos-sclo-sclo:
+    baseurl: "http://mirror.centos.org/centos/%{facts.os.release.major}/sclo/$basearch/sclo/"
+    descr: "CentOS-%{facts.os.release.major} - SCLo sclo"
+    enabled: true
+    ensure: "present"
+    gpgcheck: true
+    gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo"
+  centos-sclo-sclo-debuginfo:
+    baseurl: "http://debuginfo.centos.org/centos/%{facts.os.release.major}/sclo/$basearch/"
+    descr: "CentOS-%{facts.os.release.major} - SCLo sclo Debuginfo"
+    enabled: false
+    ensure: "present"
+    gpgcheck: true
+    gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo"
+  centos-sclo-rh:
+    baseurl: "http://mirror.centos.org/centos/%{facts.os.release.major}/sclo/$basearch/rh/"
+    descr: "CentOS-%{facts.os.release.major} - SCLo rh"
+    enabled: true
+    ensure: "present"
+    gpgcheck: true
+    gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo"
+  centos-sclo-rh-debuginfo:
+    baseurl: "http://debuginfo.centos.org/centos/%{facts.os.release.major}/sclo/$basearch/"
+    descr: "CentOS-%{facts.os.release.major} - SCLo rh Debuginfo"
+    enabled: false
+    ensure: "present"
+    gpgcheck: true
+    gpgkey: "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo"
+yum::managed_repos:
+  - "extras"
+yum::repos:
+  extras:  # provides container-selinux
+    enabled: true
diff --git a/hieradata/common/osfamily/RedHat/major/8.yaml b/hieradata/common/osfamily/RedHat/major/8.yaml
@@ -0,0 +1,7 @@
+---
+profile::core::yum::versionlock:
+  puppet-agent:
+    ensure: "present"
+    version: "7.18.0"
+    release: "1.el8"
+    before: "Package[puppet-agent]"
diff --git a/hieradata/role/hypervisor.yaml b/hieradata/role/hypervisor.yaml
@@ -5,8 +5,6 @@ classes:
   - "profile::core::debugutils"
   - "profile::core::libvirt"
 packages:
-  - "bash-completion"
-  - "bash-completion-extras"
   - "libguestfs"
   - "qemu-guest-agent"
   - "qemu-kvm-tools"

diff --git a/hieradata/role/icinga-master.yaml b/hieradata/role/icinga-master.yaml
@@ -7,8 +7,6 @@ classes:
   - "profile::icinga::plugins"
   - "profile::icinga::resources"
 packages:
-  - "bash-completion"
-  - "bash-completion-extras"
   - "vim"
 
 #LDAP Values

diff --git a/hieradata/role/ipareplica.yaml b/hieradata/role/ipareplica.yaml
@@ -4,9 +4,6 @@ classes:
   - "easy_ipa"
   - "profile::core::common"
   - "profile::core::ipa_pwd_reset"
-packages:
-  - "bash-completion"
-  - "bash-completion-extras"
 
 profile::core::common::disable_ipv6: true
 profile::core::common::manage_ipa: false

diff --git a/hieradata/role/rke.yaml b/hieradata/role/rke.yaml
@@ -13,8 +13,6 @@ classes:
   - "profile::core::velero"
 packages:
   - "ack"
-  - "bash-completion"
-  - "bash-completion-extras"
   - "gdisk"
   - "git"
   - "vim"

diff --git a/site/profile/data/osfamily/RedHat/major/7.yaml b/site/profile/data/osfamily/RedHat/major/7.yaml
@@ -0,0 +1,4 @@
+---
+profile::core::bash_completion::packages:
+  - "bash-completion"
+  - "bash-completion-extras"
diff --git a/site/profile/data/osfamily/RedHat/major/8.yaml b/site/profile/data/osfamily/RedHat/major/8.yaml
@@ -0,0 +1,3 @@
+---
+profile::core::bash_completion::packages:
+  - "bash-completion"
diff --git a/site/profile/hiera.yaml b/site/profile/hiera.yaml
@@ -1,22 +1,11 @@
 ---
 version: 5
-
-defaults:  # Used for any hierarchy level that omits these keys.
-  datadir: "data"         # This path is relative to hiera.yaml's directory.
-  data_hash: "yaml_data"  # Use the built-in YAML backend.
-
+defaults:
+  datadir: "data"
+  data_hash: "yaml_data"
 hierarchy:
-  - name: "osfamily/major release"
-    paths:
-      - "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
-        # Used for Solaris
-      - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
-        # Used to distinguish between Debian and Ubuntu
-      - "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
-  - name: "osfamily"
-    paths:
-      - "os/%{facts.os.family}.yaml"
-      - "os/%{facts.os.name}.yaml"
   - name: "common"
     paths:
+      - "osfamily/%{os.family}/major/%{os.release.major}.yaml"
+      - "osfamily/%{os.family}.yaml"
       - "common.yaml"
diff --git a/site/profile/manifests/core/bash_completion.pp b/site/profile/manifests/core/bash_completion.pp
@@ -0,0 +1,11 @@
+# @summary
+#   Install bash completion packages.
+#
+# @param packages
+#   Array of packages to install
+#
+class profile::core::bash_completion (
+  Array[String[1]] $packages,
+) {
+  ensure_packages($packages)
+}
diff --git a/site/profile/manifests/core/common.pp b/site/profile/manifests/core/common.pp
@@ -70,9 +70,9 @@
   include accounts
   include augeas
   include easy_ipa
-  include epel
   include hosts
   include network
+  include profile::core::bash_completion
   include profile::core::ca
   include profile::core::dielibwrapdie
   include profile::core::ifdown
@@ -83,7 +83,6 @@
   include profile::core::nm_dispatch
   include profile::core::selinux
   include profile::core::systemd
-  include profile::core::yum
   include rsyslog
   include rsyslog::config
   include selinux
@@ -94,12 +93,34 @@
   include timezone
   include tuned
 
-  if $facts['os']['family'] == 'RedHat' {
+  if fact('os.family') == 'RedHat' {
+    include epel
+    include profile::core::yum
+
     if $manage_repos {
       resources { 'yumrepo':
         purge => true,
       }
     }
+
+    # on EL7 only
+    case fact('os.release.major') {
+      '7': {
+        if fact('os.architecture') == 'x86_64' {
+          # no scl repos for aarch64
+          if $manage_scl {
+            include scl
+          }
+        }
+      }
+      '8': {
+        # On EL8, the NetworkManager-initscripts-updown package provides the
+        # ifup/ifdown scripts which are needed by example42/network.
+        ensure_packages(['NetworkManager-initscripts-updown'])
+        Package['NetworkManager-initscripts-updown'] -> Class['network']
+      }
+      default: {}
+    }
   }
 
   if $manage_irqbalance {
@@ -158,13 +179,6 @@
     include profile::core::powertop
   }
 
-  if $facts['os']['architecture'] == 'x86_64' {
-    # no scl repos for aarch64
-    if $manage_scl {
-      include scl
-    }
-  }
-
   if $manage_resolv_conf {
     include resolv_conf
   }

diff --git a/site/profile/manifests/core/puppet_master.pp b/site/profile/manifests/core/puppet_master.pp
@@ -51,7 +51,6 @@
   include r10k
   include r10k::webhook
   include r10k::webhook::config
-  include scl
 
   if $enable_puppetdb {
     include puppet::server::puppetdb
@@ -129,14 +128,20 @@
     require => Class['foreman'],
   }
 
-  Class['scl'] -> Class['foreman']
+  if fact('os.family') == 'RedHat' and fact('os.release.major') == '7' {
+    include scl
+    Class['scl'] -> Class['foreman']
+  }
 
-  # XXX theforeman/puppet does not manage the yumrepo.  puppetlabs/puppet_agent is hardwired
-  # to manage the puppet package and conflicts with theforeman/puppet.  We should try to
-  # submit support to puppetlabs/puppet_agent for managing only the yumrepo.
+  # XXX theforeman/puppet does not manage the yumrepo.  puppetlabs/puppet_agent
+  # is hardwired to manage the puppet package and conflicts with
+  # theforeman/puppet.  We should try to submit support to
+  # puppetlabs/puppet_agent for managing only the yumrepo. The
+  # puppet_agent::prepare class can not be directly included as
+  # puppet_agent::osfamily::redhat uses puppet_agent::* variables.
   yumrepo { 'pc_repo':
     ensure   => 'present',
-    baseurl  => 'http://yum.puppet.com/puppet7/el/7/x86_64',
+    baseurl  => "http://yum.puppet.com/puppet7/el/${fact('os.release.major')}/x86_64",
     descr    => 'Puppet Labs puppet6 Repository',
     enabled  => true,
     gpgcheck => '1',

diff --git a/site/profile/manifests/core/puppetdb.pp b/site/profile/manifests/core/puppetdb.pp
@@ -2,8 +2,10 @@
 #   Install puppetdb
 #
 class profile::core::puppetdb {
-  include scl
   include puppetdb
 
-  Class['scl'] -> Class['puppetdb']
+  if fact('os.family') == 'RedHat' and fact('os.release.major') == '7' {
+    include scl
+    Class['scl'] -> Class['puppetdb']
+  }
 }
diff --git a/site/profile/manifests/ts/rpi.pp b/site/profile/manifests/ts/rpi.pp
@@ -80,8 +80,6 @@
     'xterm',
     'xorg-x11-fonts-misc',
     'vim',
-    'bash-completion',
-    'bash-completion-extras',
     'wget',
     'libjpeg-turbo-devel',
     'libusb-devel',

diff --git a/spec/classes/core/bash_completion_spec.rb b/spec/classes/core/bash_completion_spec.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'profile::core::bash_completion' do
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) { facts }
+
+      it { is_expected.to compile.with_all_deps }
+
+      include_examples 'bash_completion', facts: facts
+    end
+  end
+end
diff --git a/spec/fixtures/hiera.yaml b/spec/fixtures/hiera.yaml
@@ -3,6 +3,10 @@ version: 5
 defaults:
   data_hash: "yaml_data"
 hierarchy:
+  - name: "private hiera"
+    datadir: "./hieradata"
+    paths:
+      - "common.yaml"
   - name: "public hiera"
     datadir: "../../hieradata"
     paths:
@@ -13,9 +17,7 @@ hierarchy:
       - "cluster/%{cluster}.yaml"
       - "site/%{site}/role/%{role}.yaml"
       - "site/%{site}.yaml"
+      - "role/%{role}/osfamily/%{os.family}/major/%{os.release.major}.yaml"
       - "role/%{role}.yaml"
-      - "common.yaml"
-  - name: "private hiera"
-    datadir: "./hieradata"
-    paths:
+      - "common/osfamily/%{os.family}/major/%{os.release.major}.yaml"
       - "common.yaml"
diff --git a/spec/fixtures/hieradata/common.yaml b/spec/fixtures/hieradata/common.yaml
@@ -10,8 +10,6 @@ easy_ipa::domain_join_password: "foofoofoofoo"  # 8 char min
 foreman_proxy::plugin::dns::route53::aws_access_key: "foo"
 foreman_proxy::plugin::dns::route53::aws_secret_key: "foo"
 profile::ccs::krb5_token::keytab_base64: "foo"
-profile::ccs::krb5_token::uid: "foo"
-profile::ccs::krb5_token::user: "foo"
 profile::ccs::postfix::auth: "foo"
 profile::core::ipa_pwd_reset::keytab_base64: "foo"
 profile::core::ipa_pwd_reset::ldap_pwd: "foo"