Install puppetcore* rpms from yum-puppetcore.puppet.com

joshcooper · joshcooper · commit e6f817cba505 · 2025-02-25T18:51:41.000-08:00
Adds support for puppetcore* collections to the install task.

Adds optional username and password parameters. The username defaults to
'forge-key' and the password must be specified as a forge API key.

When installing the puppetcore* collection, the task will download a release
package from yum-puppetcore.puppet.com/public and add the credentials to the
repo. For most RPM platforms, this is done by adding credentials to the baseurl.

For SLES, the credentials are added to /etc/zypp/credentials.d/PuppetcoreCreds.

Create dnf and sles Dockerfiles for testing the install task.

Create install.sh script to build docker image and run it:

    docker/bin/install.sh [image] [version]

By default install 8.11.0 on rocky8.

The `PUPPET_FORGE_TOKEN` environment variable must be set, which will be passed
as the `password` to the task.
diff --git a/docker/bin/helpers/run-install.sh b/docker/bin/helpers/run-install.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+set -e
+
+to_version="${1}"
+if [[ -z "${to_version}" ]]; then
+    echo "$0: The version to install must be passed as an argument"
+    exit 1
+fi
+puppet_version=( ${to_version//./ } )
+puppet_major=${puppet_version[0]}
+case $puppet_major in
+    7)
+        to_collection=puppetcore7
+        ;;
+    8)
+        to_collection=puppetcore8
+        ;;
+    *)
+        echo "$0: Invalid version supplied" 1>&2
+        exit 1
+esac
+
+export PT__installdir=../
+export PT_version=${to_version}
+export PT_collection=${to_collection}
+export PT_password=${PUPPET_FORGE_TOKEN}
+chmod u+x tasks/install_shell.sh
+tasks/install_shell.sh
+
+echo "puppet $(/opt/puppetlabs/puppet/bin/puppet --version)"
+echo "facter $(/opt/puppetlabs/puppet/bin/facter --version)"
+/opt/puppetlabs/puppet/bin/puppet apply -e 'notice("puppet apply")'
+
+# Make e.g. `puppet --version` work out of the box.
+PATH=/opt/puppetlabs/bin:$PATH \
+    read -p "Explore the container? [y/N]: " choice && \
+    choice=${choice:-N} && \
+    if [ "${choice}" = "y" ]; then \
+        bash; \
+    else \
+        echo "Moving on..."; \
+    fi
diff --git a/docker/bin/install.sh b/docker/bin/install.sh
@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+# Usage: `./install.sh [<PLATFORM>] [<VERSION>]`
+#
+# Builds an upgrade process for the puppet-agent module and tags as
+# "pa-dev:<PLATFORM>".
+#
+# Parameters:
+# - PLATFORM: The platform on which the upgrade should occur. This also
+#             supports comma-separated lists. Available:
+#             - `amazon`
+#             - `fedora`
+#             - `rocky`
+#             - `sles`
+#             - `ubuntu`
+#             Default: `ubuntu`
+# - BEFORE: The puppet-agent package version that is installed prior to upgrade.
+#           Default: 7.34.0
+# - AFTER: The puppet-agent package version that should exist after upgrade.
+#          Default: 8.1.0
+set -e
+
+if [[ -z "${PUPPET_FORGE_TOKEN}" ]]; then
+    echo "$0: Environment variable PUPPET_FORGE_TOKEN must be set"
+    exit 1
+fi
+
+cd "$(dirname "$0")/../.."
+platforms=${1:-rocky}
+version=${2:-8.11.0}
+for platform in ${platforms//,/ }
+do
+    dockerfile='docker/install/dnf/Dockerfile'
+
+    case $platform in
+        amazon*)
+            base_image='amazonlinux:2023'
+            ;;
+
+        fedora40)
+            base_image='fedora:40'
+            ;;
+
+        fedora36)
+            base_image='fedora:36'
+            ;;
+
+        fedora*)
+            base_image='fedora:41'
+            ;;
+
+        rocky8)
+            base_image='rockylinux/rockylinux:8'
+            ;;
+
+        rocky*)
+            base_image='rockylinux/rockylinux:9'
+            ;;
+
+        sles*)
+            base_image='registry.suse.com/suse/sle15:15.6'
+            dockerfile='docker/install/sles/Dockerfile'
+            ;;
+
+        *)
+            echo "$0: Usage install.sh [amazon|fedora|rocky|sles]"
+            exit 1
+            ;;
+    esac
+
+    docker build --rm -f "${dockerfile}" . -t pa-dev:$platform.install \
+           --build-arg BASE_IMAGE="${base_image}"
+    docker run -e PUPPET_FORGE_TOKEN --rm -ti pa-dev:$platform.install "${version}"
+done
+echo Complete
diff --git a/docker/install/dnf/Dockerfile b/docker/install/dnf/Dockerfile
@@ -0,0 +1,56 @@
+# This Dockerfile enables an iterative development workflow where you can make
+# a change and test it out quickly. The majority of commands in this file will
+# be cached, making the feedback loop typically quite short. The workflow is
+# as follows:
+#   1. Set up pre-conditions for the system in puppet code using `deploy.pp`.
+#   2. Make a change to the module.
+#   3. Run `./docker/bin/install.sh rocky` from the project directory.
+#   4. Review the output. Repeat steps 2-3 as needed.
+#
+# At the end of execution, you will see a line like:
+# Dependencies resolved.
+# ========================================================================================================================================
+#  Package                          Architecture               Version                                  Repository                   Size
+# ========================================================================================================================================
+# Installing:
+#  puppet-agent                     x86_64                     8.10.0-1.el8                             puppet8                      27 M
+
+ARG BASE_IMAGE=rocky:8
+FROM ${BASE_IMAGE}
+
+# Use this to force a cache reset (e.g. for output purposes)
+#COPY $0 /tmp/Dockerfile
+
+# Install some other dependencies for ease of life.
+RUN  dnf update -y \
+  && dnf install -y git \
+  && dnf clean all
+
+# This is also duplicated in the docker/bin/helpers/run-upgrade.sh.
+ENV module_path=/tmp/modules
+WORKDIR "${module_path}/puppet_agent"
+COPY metadata.json ./
+
+# Installing dependencies from source. These versions should be within the range
+# of `dependencies` in metadata.json.
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib --branch v9.7.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-inifile ../inifile --branch v6.2.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-apt ../apt --branch v10.0.1
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-facts ../facts --branch 1.7.0
+
+# Now move the project directory's files into the image. That way, if these
+# files change, caching will skip everything before this.
+COPY docker/bin/helpers/run-install.sh /tmp/bin/run-install.sh
+COPY files/ ./files/
+COPY locales/ ./locales/
+COPY spec/ ./spec/
+COPY task_spec/  ./task_spec/
+COPY tasks/ ./tasks/
+COPY templates/ ./templates
+COPY types/ ./types/
+COPY Gemfile Gemfile.lock Rakefile ./
+COPY lib/ ./lib/
+COPY manifests/ ./manifests/
+
+# Perform the install.
+ENTRYPOINT ["/tmp/bin/run-install.sh"]
diff --git a/docker/install/sles/Dockerfile b/docker/install/sles/Dockerfile
@@ -0,0 +1,50 @@
+# This Dockerfile enables an iterative development workflow where you can make
+# a change and test it out quickly. The majority of commands in this file will
+# be cached, making the feedback loop typically quite short. The workflow is
+# as follows:
+#   1. Set up pre-conditions for the system in puppet code using `deploy.pp`.
+#   2. Make a change to the module.
+#   3. Run `./docker/bin/install.sh rocky` from the project directory.
+#   4. Review the output. Repeat steps 2-3 as needed.
+#
+# At the end of execution, you will see a line like:
+#
+# (19/19) Installing: puppet-agent-8.11.0-1.sles15.x86_64 ..........................................................................[done]
+
+ARG BASE_IMAGE=registry.suse.com/suse/sle15:15.6
+FROM ${BASE_IMAGE}
+
+# Use this to force a cache reset (e.g. for output purposes)
+#COPY $0 /tmp/Dockerfile
+
+# Install some other dependencies for ease of life.
+RUN zypper install --no-confirm wget git-core
+
+# This is also duplicated in the docker/bin/helpers/run-upgrade.sh.
+ENV module_path=/tmp/modules
+WORKDIR "${module_path}/puppet_agent"
+COPY metadata.json ./
+
+# Installing dependencies from source. These versions should be within the range
+# of `dependencies` in metadata.json.
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib --branch v9.7.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-inifile ../inifile --branch v6.2.0
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-apt ../apt --branch v10.0.1
+RUN git clone --depth 1 https://github.com/puppetlabs/puppetlabs-facts ../facts --branch 1.7.0
+
+# Now move the project directory's files into the image. That way, if these
+# files change, caching will skip everything before this.
+COPY docker/bin/helpers/run-install.sh /tmp/bin/run-install.sh
+COPY files/ ./files/
+COPY locales/ ./locales/
+COPY spec/ ./spec/
+COPY task_spec/  ./task_spec/
+COPY tasks/ ./tasks/
+COPY templates/ ./templates
+COPY types/ ./types/
+COPY Gemfile Gemfile.lock Rakefile ./
+COPY lib/ ./lib/
+COPY manifests/ ./manifests/
+
+# Perform the install.
+ENTRYPOINT ["/tmp/bin/run-install.sh"]
diff --git a/tasks/install.json b/tasks/install.json
@@ -7,7 +7,7 @@
     },
     "collection": {
       "description": "The Puppet collection to install from (defaults to puppet, which maps to the latest collection released)",
-      "type": "Optional[Enum[puppet7, puppet8, puppet, puppet7-nightly, puppet8-nightly, puppet-nightly]]"
+      "type": "Optional[Enum[puppet7, puppet8, puppet, puppet7-nightly, puppet8-nightly, puppet-nightly, puppetcore7, puppetcore8]]"
     },
     "absolute_source": {
       "description": "The absolute source location to find the Puppet agent package",
@@ -41,6 +41,14 @@
       "description": "The number of retries in case of network connectivity failures",
       "type": "Optional[Integer]",
       "default": 5
+    },
+    "username": {
+      "description": "The username to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
+    },
+    "password": {
+      "description": "The password to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
     }
   },
   "implementations": [
diff --git a/tasks/install_shell.json b/tasks/install_shell.json
@@ -9,7 +9,7 @@
     },
     "collection": {
       "description": "The Puppet collection to install from (defaults to puppet, which maps to the latest collection released)",
-      "type": "Optional[Enum[puppet7, puppet8, puppet, puppet7-nightly, puppet8-nightly, puppet-nightly]]"
+      "type": "Optional[Enum[puppet7, puppet8, puppet, puppet7-nightly, puppet8-nightly, puppet-nightly, puppetcore7, puppetcore8]]"
     },
     "absolute_source": {
       "description": "The absolute source location to find the Puppet agent package",
@@ -43,6 +43,14 @@
       "description": "The number of retries in case of network connectivity failures",
       "type": "Optional[Integer]",
       "default": 5
+    },
+    "username": {
+      "description": "The username to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
+    },
+    "password": {
+      "description": "The password to use when downloading from a source location requiring authentication",
+      "type": "Optional[String]"
     }
   },
   "files": ["facts/tasks/bash.sh"],
diff --git a/tasks/install_shell.sh b/tasks/install_shell.sh
@@ -100,6 +100,16 @@ if [ -n "$PT_version" ]; then
   version=$PT_version
 fi
 
+if [ -n "$PT_username" ]; then
+    username=$PT_username
+else
+    username='forge-key'
+fi
+
+if [ -n "$PT_password" ]; then
+    password=$PT_password
+fi
+
 if [ -n "$PT_collection" ]; then
   # Check whether collection is nightly
   if [[ "$PT_collection" == *"nightly"* ]]; then
@@ -116,10 +126,18 @@ fi
 if [ -n "$PT_yum_source" ]; then
   yum_source=$PT_yum_source
 else
-  if [ "$nightly" = true ]; then
-    yum_source='http://nightlies.puppet.com/yum'
+  if [[ "$collection" == "puppetcore"* ]]; then
+    yum_source='https://yum-puppetcore.puppet.com/public'
+    if [ -z "$password" ]; then
+      echo "A password parameter is required to install from ${yum_source}"
+      exit 1
+    fi
   else
-    yum_source='http://yum.puppet.com'
+    if [ "$nightly" = true ]; then
+      yum_source='http://nightlies.puppet.com/yum'
+    else
+      yum_source='http://yum.puppet.com'
+    fi
   fi
 fi
 
@@ -582,7 +600,14 @@ install_file() {
         fi
       fi
 
+      repo="/etc/yum.repos.d/${collection/core/}-release.repo"
       rpm -Uvh --oldpackage --replacepkgs "$2"
+      if [[ -n $username ]]; then
+          sed -i "s/^#\?username=.*/username=${username}/" "${repo}"
+      fi
+      if [[ -n $password ]]; then
+          sed -i "s/^#\?password=.*/password=${password}/" "${repo}"
+      fi
       exists dnf && PKGCMD=dnf || PKGCMD=yum
       if test "$version" = 'latest'; then
         run_cmd "${PKGCMD} install -y puppet-agent && ${PKGCMD} upgrade -y puppet-agent"
@@ -607,6 +632,12 @@ install_file() {
       fi
 
       run_cmd "zypper install --no-confirm '$2'"
+      if [[ -n $username ]]; then
+          sed -i "s/^username=.*/username=${username}/" "/etc/zypp/credentials.d/PuppetcoreCreds"
+      fi
+      if [[ -n $password ]]; then
+          sed -i "s/^password=.*/password=${password}/" "/etc/zypp/credentials.d/PuppetcoreCreds"
+      fi
       if test "$version" = "latest"; then
         run_cmd "zypper install --no-confirm 'puppet-agent'"
       else
@@ -669,22 +700,31 @@ case $platform in
     info "SLES platform! Lets get you an RPM..."
 
     if [[ $PT__noop != true ]]; then
-      for key in "puppet" "puppet-20250406"; do
-        gpg_key="${tmp_dir}/RPM-GPG-KEY-${key}"
-        do_download "https://yum.puppet.com/RPM-GPG-KEY-${key}" "$gpg_key"
-        rpm --import "$gpg_key"
-        rm -f "$gpg_key"
-      done
+      if [[ "$PT_collection" =~ core ]]; then
+        for key in "puppet"; do
+          gpg_key="${tmp_dir}/RPM-GPG-KEY-${key}"
+          do_download "https://yum-puppetcore.puppet.com/public/RPM-GPG-KEY-${key}" "$gpg_key"
+          rpm --import "$gpg_key"
+          rm -f "$gpg_key"
+        done
+      else
+        for key in "puppet" "puppet-20250406"; do
+          gpg_key="${tmp_dir}/RPM-GPG-KEY-${key}"
+          do_download "https://yum.puppet.com/public/RPM-GPG-KEY-${key}" "$gpg_key"
+          rpm --import "$gpg_key"
+          rm -f "$gpg_key"
+        done
+      fi
     fi
 
     filetype="noarch.rpm"
-    filename="${collection}-release-sles-${platform_version}.noarch.rpm"
+    filename="${collection/core/}-release-sles-${platform_version}.noarch.rpm"
     download_url="${yum_source}/${filename}"
     ;;
   "el")
     info "Red hat like platform! Lets get you an RPM..."
     filetype="rpm"
-    filename="${collection}-release-el-${platform_version}.noarch.rpm"
+    filename="${collection/core/}-release-el-${platform_version}.noarch.rpm"
     download_url="${yum_source}/${filename}"
     ;;
   "Amzn"|"Amazon Linux")
@@ -698,13 +738,13 @@ case $platform in
     elif (( platform_version == 2 || platform_version >= 2023 )); then
       platform_package="amazon"
     fi
-    filename="${collection}-release-${platform_package}-${platform_version}.noarch.rpm"
+    filename="${collection/core/}-release-${platform_package}-${platform_version}.noarch.rpm"
     download_url="${yum_source}/${filename}"
     ;;
   "Fedora")
     info "Fedora platform! Lets get the RPM..."
     filetype="rpm"
-    filename="${collection}-release-fedora-${platform_version}.noarch.rpm"
+    filename="${collection/core/}-release-fedora-${platform_version}.noarch.rpm"
     download_url="${yum_source}/${filename}"
     ;;
   "Debian")
