CHANGELOG.md

@@ -1,6 +1,20 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
+## [2.2.3] - 2019-12-10
+
+### Summary
+Support for Fedora 31, Windows FIPS. WaitForExit can be parameterized. Fix for downgrades using apt.
+
+### Features
+- Fedora 31 support ([MODULES-10238](https://tickets.puppetlabs.com/browse/MODULES-10238) 
+- Windows FIPS support ([MODULES-10043](https://tickets.puppetlabs.com/browse/MODULES-10043))
+- WaitForExit for PXP agent can now be parameterized ([MODULES-10052](https://tickets.puppetlabs.com/browse/MODULES-10052)
+
+### Bug fixes
+- Improve error message when install task could not download puppet-agent package ([MODULES-10067](https://tickets.puppetlabs.com/browse/MODULES-10067)
+- Fixed lint warnings ([MODULES-10055](https://tickets.puppetlabs.com/browse/MODULES-10055)
+
 ## [2.2.2] - 2019-11-7
 
 ### Summary

README.markdown

@@ -40,6 +40,7 @@
         - [`install_dir`](#install_dir)
         - [`install_options`](#install_options)
         - [`msi_move_locked_files`](#msi_move_locked_files)
+        - [`wait_for_pxp_agent_exit`](#wait_for_pxp_agent_exit)
     - [Tasks](#tasks)
       - [`puppet_agent::version`](#puppet_agentversion)
       - [`puppet_agent::install`](#puppet_agentinstall)
@@ -290,6 +291,14 @@ This is only applicable for Windows operating systems. There may be instances wh
   msi_move_locked_files => true
 ```
 
+#### `wait_for_pxp_agent_exit`
+
+This is only applicable for Windows operating systems and pertains to /files/install_puppet.ps1 script. This parameterizes the module to define the wait time for the PXP agent to end successfully. The default value is 2 minutes and the timeout value must be defined in milliseconds. Example below, 8 minutes is equal to 480000.
+
+``` puppet
+  wait_for_pxp_agent_exit => 480000
+```
+
 ### Tasks
 
 #### `puppet_agent::version`

files/install_puppet.ps1

@@ -23,6 +23,8 @@
   Provide any extra argmuments to the MSI installation
 .Parameter UseLockedFilesWorkaround
   Set to $true to enable execution of the puppetres.dll move workaround. See https://tickets.puppetlabs.com/browse/MODULES-4207
+.Parameter WaitForPXPAgentExit
+  Time in milliseconds wait for PXP agent process to exit. Default time is 2 minutes (120000) 
 #>
 [CmdletBinding()]
 param(
@@ -40,7 +42,8 @@ param(
   [String] $PuppetStartType,
   [AllowEmptyString()]
   [String] $InstallArgs,
-  [switch] $UseLockedFilesWorkaround
+  [switch] $UseLockedFilesWorkaround,
+  [Int32] $WaitForPXPAgentExit=120000
 )
 # Find-InstallDir, Move-PuppetresDLL and Reset-PuppetresDLL serve as a workaround for older
 # installations of puppet: we used to need to move puppetres.dll out of the way during puppet
@@ -303,8 +306,8 @@ try {
   Write-Log "Waiting for pxp-agent processes to stop"
   Get-Process -Name "pxp-agent" -ErrorAction SilentlyContinue | ForEach-Object {
     if ($_) {
-      # wait on each process for 2 minutes (120000 milliseconds)
-      if (!$_.WaitForExit(120000)){
+      # Wait for each PXP agent process default wait time is 2 minutes.
+      if (!$_.WaitForExit($WaitForPXPAgentExit)){
         Write-Log "ERROR: Timed out waiting for pxp-agent!"
         throw
       }

manifests/init.pp

@@ -85,7 +85,10 @@
 #   This is only applicable for Windows operating systems. There may be instances where
 #   file locks cause unncessary service restarts.  By setting to true, the module
 #   will move files prior to installation that are known to cause file locks.
-#
+# [wait_for_pxp_agent_exit]
+#   This parameter is only applicable for Windows operating systems and pertains to the 
+#   /files/install_agent.ps1 script. This parameterizes the module to define the wait time
+#   for the PXP agent to end successfully. The default value is set 2 minutes.
 class puppet_agent (
   $arch                    = $::architecture,
   $collection              = $::puppet_agent::params::collection,
@@ -110,6 +113,7 @@
   $install_options         = [],
   $skip_if_unavailable     = 'absent',
   $msi_move_locked_files   = false,
+  $wait_for_pxp_agent_exit = undef,
 ) inherits ::puppet_agent::params {
 
   if (getvar('::aio_agent_version') == undef) {
@@ -162,7 +166,7 @@
       $_expected_package_version = $master_or_package_version
     }
 
-    $aio_upgrade_required = versioncmp("${::aio_agent_version}", "${_expected_package_version}") < 0
+    $aio_upgrade_required = versioncmp($::aio_agent_version, $_expected_package_version) < 0
 
     if $::operatingsystem == 'Solaris' and $::operatingsystemmajrelease == '11' {
       # Strip letters from development builds. Unique to Solaris 11 packaging.

manifests/install/darwin.pp

@@ -15,7 +15,7 @@
   notice("Puppet install log file at ${_logfile}")
 
   $_installsh = "${::env_temp_variable}/osx_install.sh"
-  file { "${_installsh}":
+  file { $_installsh:
     ensure  => file,
     mode    => '0755',
     content => template('puppet_agent/do_install.sh.erb')

manifests/install/solaris.pp

@@ -35,7 +35,7 @@
       notice ("Puppet install log file at ${_logfile}")
 
       $_installsh = "${::env_temp_variable}/solaris_install.sh"
-      file { "${_installsh}":
+      file { $_installsh:
         ensure  => file,
         mode    => '0755',
         content => template('puppet_agent/do_install.sh.erb')

manifests/install/windows.pp

@@ -31,6 +31,12 @@
     $_move_dll_workaround = undef
   }
 
+  if $::puppet_agent::wait_for_pxp_agent_exit {
+    $_pxp_agent_wait = "-WaitForPXPAgentExit ${puppet_agent::wait_for_pxp_agent_exit}"
+  } else {
+    $_pxp_agent_wait = undef
+  }
+
   $_timestamp = strftime('%Y_%m_%d-%H_%M')
   $_logfile = windows_native_path("${::env_temp_variable}/puppet-${_timestamp}-installer.log")
 
@@ -39,7 +45,7 @@
 
   $_installps1 = windows_native_path("${::env_temp_variable}/install_puppet.ps1")
   puppet_agent_upgrade_error { 'puppet_agent_upgrade_failure.log': }
-  file { "${_installps1}":
+  file { $_installps1:
     ensure  => file,
     content => file('puppet_agent/install_puppet.ps1')
   }
@@ -60,21 +66,22 @@
                           -PuppetMaster '${::puppet_master_server}' \
                           -PuppetStartType '${_agent_startup_mode}' \
                           -InstallArgs '${_install_options}' \
-                          ${_move_dll_workaround}",
+                          ${_move_dll_workaround} \
+                          ${_pxp_agent_wait}",
     unless  => "${::system32}\\WindowsPowerShell\\v1.0\\powershell.exe \
                   -ExecutionPolicy Bypass \
                   -NoProfile \
                   -NoLogo \
                   -NonInteractive \
                   -Command {\$CurrentVersion = [string](facter.bat -p aio_agent_version); \
-                            if (\$CurrentVersion -eq '${puppet_agent::_expected_package_version}') { \
+                            if (\$CurrentVersion -eq '${::puppet_agent::_expected_package_version}') { \
                               exit 0; \
                             } \
                             exit 1; }.Invoke()",
     path    => $::path,
     require => [
       Puppet_agent_upgrade_error['puppet_agent_upgrade_failure.log'],
-      File["${_installps1}"]
+      File[$_installps1]
     ]
   }
 

manifests/osfamily/redhat.pp

@@ -137,7 +137,7 @@
         descr               => "Puppet Labs ${::puppet_agent::collection} Repository",
         enabled             => true,
         gpgcheck            => '1',
-        gpgkey              => "${gpg_keys}",
+        gpgkey              => $gpg_keys,
         proxy               => $_proxy,
         sslcacert           => $_sslcacert_path,
         sslclientcert       => $_sslclientcert_path,

manifests/osfamily/windows.pp

@@ -8,8 +8,10 @@
   } elsif  ($::puppet_agent::is_pe and (!$::puppet_agent::use_alternate_sources)) {
     $pe_server_version = pe_build_version()
     $tag = $::puppet_agent::arch ? {
-      'x64' => 'windows-x86_64',
-      'x86' => 'windows-i386',
+      'x64' => $::fips_enabled ? {
+          true => 'windowsfips-x64',
+          default => 'windows-x86_64' },
+      'x86' => 'windows-i386'
     }
     if $::puppet_agent::alternate_pe_source {
       $source = "${::puppet_agent::alternate_pe_source}/packages/${pe_server_version}/${tag}/${::puppet_agent::package_name}-${::puppet_agent::arch}.msi"

manifests/params.pp

@@ -3,7 +3,7 @@
 # This class is meant to be called from puppet_agent
 # It sets variables according to platform.
 #
-class puppet_agent::params {
+class puppet_agent::params{
   # Which services should be started after the upgrade process?
   if ($::osfamily == 'Solaris' and $::operatingsystemmajrelease == '11') {
     # Solaris 11 is a special case; it uses a custom script.
@@ -51,11 +51,11 @@
     # Calculate the default collection
     $_pe_version = pe_build_version()
     # Not PE or pe_version < 2018.1.3, use PC1
-    if ($_pe_version == undef or versioncmp("${_pe_version}", '2018.1.3') < 0) {
+    if ($_pe_version == undef or versioncmp($_pe_version, '2018.1.3') < 0) {
       $collection = 'PC1'
     }
     # 2018.1.3 <= pe_version < 2018.2, use puppet5
-    elsif versioncmp("${_pe_version}", '2018.2') < 0 {
+    elsif versioncmp($_pe_version, '2018.2') < 0 {
       $collection = 'puppet5'
     }
     # pe_version >= 2018.2, use puppet6

manifests/prepare.pp

@@ -8,7 +8,7 @@
 #   The puppet-agent version to install.
 #
 class puppet_agent::prepare(
-  $package_version = undef,
+  $package_version = undef
 ){
   include puppet_agent::params
   $_windows_client = downcase($::osfamily) == 'windows'

manifests/prepare/puppet_config.pp

@@ -3,7 +3,7 @@
 # Private class called from puppet_agent::prepare class
 #
 class puppet_agent::prepare::puppet_config (
-  $package_version
+  $package_version,
 ) {
   assert_private()
   $puppetconf = $::puppet_agent::params::config
@@ -24,7 +24,7 @@
 
   # manage puppet.conf contents, using inifile module
   $_deprecations.each |$_min_version, $_setting_names| {
-    if (versioncmp("${_pkg_version}", "${_min_version}") >= 0) {
+    if (versioncmp($_pkg_version, $_min_version) >= 0) {
       $_setting_names.each |$_setting_name| {
         ['', 'master', 'agent', 'main'].each |$_section_name| {
           $_setting_key = "${_section_name}/${_setting_name}"

manifests/service.pp

@@ -3,7 +3,7 @@
 # This class is meant to be called from puppet_agent.
 # It ensures that managed services are running.
 #
-class puppet_agent::service {
+class puppet_agent::service{
   assert_private()
 
   # Starting with puppet6 collections we no longer carry the mcollective service

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-puppet_agent",
-  "version": "2.2.2",
+  "version": "2.2.3",
   "author": "puppetlabs",
   "summary": "Upgrades All-In-One Puppet Agents",
   "license": "Apache-2.0",
@@ -70,7 +70,8 @@
       "operatingsystemrelease": [
         "28",
         "29",
-        "30"
+        "30",
+        "31"
       ]
     },
     {
@@ -88,6 +89,7 @@
         "Server 2012",
         "Server 2012 R2",
         "Server 2016",
+        "Server 2019",
         "7",
         "8",
         "8.1",

spec/classes/puppet_agent_osfamily_redhat_spec.rb

@@ -18,7 +18,7 @@
     }
   end
 
-  [['Fedora', 'fedora/f30', 30], ['CentOS', 'el/7', 7], ['Amazon', 'el/6', 6]].each do |os, urlbit, osmajor|
+  [['Fedora', 'fedora/f31', 31], ['CentOS', 'el/7', 7], ['Amazon', 'el/6', 6]].each do |os, urlbit, osmajor|
     context "with #{os} and #{urlbit}" do
       let(:facts) do
         super().merge(:operatingsystem  => os, :operatingsystemmajrelease => osmajor)

spec/classes/puppet_agent_osfamily_windows_spec.rb

@@ -29,7 +29,7 @@
         :clientcert           => 'foo.example.vm',
         :puppet_confdir       => "#{appdata}\\Puppetlabs\\puppet\\etc",
         :puppet_agent_appdata => appdata,
-        :env_temp_variable => 'C:/tmp',
+        :env_temp_variable    => 'C:/tmp',
         :puppet_agent_pid     => 42,
         :aio_agent_version    => '1.0.0',
       }}
@@ -58,7 +58,7 @@
         :clientcert           => 'foo.example.vm',
         :puppet_confdir       => "#{appdata}\\Puppetlabs\\puppet\\etc",
         :puppet_agent_appdata => appdata,
-        :env_temp_variable => 'C:/tmp',
+        :env_temp_variable    => 'C:/tmp',
         :puppet_agent_pid     => 42,
         :aio_agent_version    => '1.0.0',
         :serverversion        => server_version
@@ -74,4 +74,36 @@
     end
   end
 
+  describe "supported Windows with fips mode enabled" do
+    server_version = '1.10.100'
+    let(:arch) { 'x64' }
+    let(:tag) { 'x64' }
+    let(:params)  { { package_version: 'auto' } }
+    let(:appdata) { 'C:\ProgramData' }
+    let(:facts) do
+      {
+        :is_pe                => true,
+        :osfamily             => 'windows',
+        :operatingsystem      => 'windows',
+        :architecture         => arch,
+        :servername           => 'master.example.vm',
+        :clientcert           => 'foo.example.vm',
+        :puppet_confdir       => "#{appdata}\\Puppetlabs\\puppet\\etc",
+        :puppet_agent_appdata => appdata,
+        :env_temp_variable    => 'C:/tmp',
+        :puppet_agent_pid     => 42,
+        :aio_agent_version    => '1.0.0',
+        :serverversion        => server_version,
+        :fips_enabled         => true
+      }
+    end
+
+    it { is_expected.to contain_file("#{appdata}\\Puppetlabs") }
+    it { is_expected.to contain_file("#{appdata}\\Puppetlabs\\packages") }
+    it do
+      is_expected.to contain_file("#{appdata}\\Puppetlabs\\packages\\puppet-agent-#{arch}.msi").with(
+        'source' => "puppet:///pe_packages/#{pe_version}/windowsfips-#{tag}/puppet-agent-#{arch}.msi"
+      )
+    end
+  end
 end