CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## [16.4.0](https://github.com/theforeman/puppet-puppet/tree/16.4.0) (2023-02-02)
+
+[Full Changelog](https://github.com/theforeman/puppet-puppet/compare/16.3.0...16.4.0)
+
+**Implemented enhancements:**
+
+- bump puppet/systemd to \< 5.0.0 [\#863](https://github.com/theforeman/puppet-puppet/pull/863) ([jhoblitt](https://github.com/jhoblitt))
+- Refs [\#35985](https://projects.theforeman.org/issues/35985) - Implement optional Katello integration [\#862](https://github.com/theforeman/puppet-puppet/pull/862) ([ekohl](https://github.com/ekohl))
+- Fixes [\#35983](https://projects.theforeman.org/issues/35983) - Permit recursive ownership/permissions for environments [\#861](https://github.com/theforeman/puppet-puppet/pull/861) ([jcpunk](https://github.com/jcpunk))
+- Avoid using global variables [\#858](https://github.com/theforeman/puppet-puppet/pull/858) ([ekohl](https://github.com/ekohl))
+- Default to TLS1.3 or TLS1.2 by default since puppet supports both [\#854](https://github.com/theforeman/puppet-puppet/pull/854) ([jcpunk](https://github.com/jcpunk))
+- Permit setting `default_schedules` to `true` [\#852](https://github.com/theforeman/puppet-puppet/pull/852) ([jcpunk](https://github.com/jcpunk))
+- Allow permissions change of puppet.conf [\#847](https://github.com/theforeman/puppet-puppet/pull/847) ([teluq-pbrideau](https://github.com/teluq-pbrideau))
+- Update to voxpupuli-test 5 [\#841](https://github.com/theforeman/puppet-puppet/pull/841) ([ekohl](https://github.com/ekohl))
+
 ## [16.3.0](https://github.com/theforeman/puppet-puppet/tree/16.3.0) (2022-06-20)
 
 [Full Changelog](https://github.com/theforeman/puppet-puppet/compare/16.2.0...16.3.0)

Gemfile

@@ -13,7 +13,7 @@ gem 'puppet-lint-param-docs', '>= 1.3.0', {"groups"=>["test"]}
 gem 'puppet-lint-spaceship_operator_without_tag-check', {"groups"=>["test"]}
 gem 'puppet-lint-strict_indent-check', {"groups"=>["test"]}
 gem 'puppet-lint-undef_in_function-check', {"groups"=>["test"]}
-gem 'voxpupuli-test', '~> 1.4', {"groups"=>["test"]}
+gem 'voxpupuli-test', '~> 5.0', {"groups"=>["test"]}
 gem 'github_changelog_generator', '>= 1.15.0', {"groups"=>["development"]}
 gem 'puppet_metadata', '~> 1.3'
 gem 'puppet-blacksmith', '>= 6.0.0', {"groups"=>["development"]}

README.md

@@ -53,6 +53,15 @@ Since version 15.0.0 the integration bits depend on the standalone module where
 previously it depended on
 [theforeman/foreman](https://forge.puppetlabs.com/theforeman/foreman)
 
+There is also optional integration for [katello/certs](https://forge.puppetlabs.com/katello/certs).
+This can be enabled via Hiera:
+
+```yaml
+puppet::server::foreman::katello: true
+```
+
+Then the `foreman_ssl_{ca,cert,key}` parameters are ignored and `certs::puppet` is used as a source.
+
 ## PuppetDB integration
 
 The Puppet master can be configured to export catalogs and reports to a

manifests/agent/config.pp

@@ -1,10 +1,10 @@
 # Puppet agent configuration
 # @api private
 class puppet::agent::config inherits puppet::config {
-  puppet::config::agent{
+  puppet::config::agent {
     'classfile':         value => $puppet::classfile;
-    'localconfig':       value => '$vardir/localconfig';
-    'default_schedules': value => false;
+    'localconfig':       value => $puppet::localconfig;
+    'default_schedules': value => $puppet::agent_default_schedules;
     'report':            value => $puppet::report;
     'masterport':        value => $puppet::port;
     'environment':       value => $puppet::environment;

manifests/agent/install.pp

@@ -1,12 +1,12 @@
 # Install the puppet agent package
 # @api private
-class puppet::agent::install(
-  $manage_packages = $puppet::manage_packages,
-  $package_name = $puppet::client_package,
-  $package_version = $puppet::version,
-  $package_provider = $puppet::package_provider,
-  $package_install_options = $puppet::package_install_options,
-  $package_source = $puppet::package_source,
+class puppet::agent::install (
+  Variant[Boolean, Enum['server', 'agent']] $manage_packages = $puppet::manage_packages,
+  Variant[String, Array[String]] $package_name = $puppet::client_package,
+  String[1] $package_version = $puppet::version,
+  Optional[String[1]] $package_provider = $puppet::package_provider,
+  Variant[Undef, String, Hash, Array] $package_install_options = $puppet::package_install_options,
+  Variant[Undef, Stdlib::Absolutepath, Stdlib::HTTPUrl] $package_source = $puppet::package_source,
 ) {
   if $manage_packages == true or $manage_packages == 'agent' {
     package { $package_name:

manifests/agent/service.pp

@@ -1,7 +1,6 @@
 # Set up the puppet agent as a service
 # @api private
 class puppet::agent::service {
-
   case $puppet::runmode {
     'service': {
       $service_enabled = true
@@ -29,7 +28,7 @@
   }
 
   if $puppet::runmode in $puppet::unavailable_runmodes {
-    fail("Runmode of ${puppet::runmode} not supported on ${::kernel} operating systems!")
+    fail("Runmode of ${puppet::runmode} not supported on ${facts['kernel']} operating systems!")
   }
 
   class { 'puppet::agent::service::daemon':

manifests/agent/service/cron.pp

@@ -19,7 +19,7 @@
         hour    => $_hour,
         minute  => $_minute,
       }
-    } else{
+    } else {
       cron { 'puppet':
         ensure => absent,
       }

manifests/agent/service/daemon.pp

@@ -5,7 +5,7 @@
 ) {
   unless $puppet::runmode == 'unmanaged' or 'service' in $puppet::unavailable_runmodes {
     if $enabled {
-      service {'puppet':
+      service { 'puppet':
         ensure     => running,
         name       => $puppet::service_name,
         hasstatus  => true,
@@ -14,7 +14,7 @@
         restart    => $puppet::agent_restart_command,
       }
     } else {
-      service {'puppet':
+      service { 'puppet':
         ensure    => stopped,
         name      => $puppet::service_name,
         hasstatus => true,

manifests/config.pp

@@ -1,6 +1,7 @@
 # Set up the puppet config
 # @api private
-class puppet::config(
+class puppet::config (
+  # lint:ignore:parameter_types
   $allow_any_crl_auth  = $puppet::allow_any_crl_auth,
   $auth_allowed        = $puppet::auth_allowed,
   $auth_template       = $puppet::auth_template,
@@ -17,8 +18,9 @@
   $use_srv_records     = $puppet::use_srv_records,
   $additional_settings = $puppet::additional_settings,
   $client_certname     = $puppet::client_certname,
+  # lint:endignore
 ) {
-  puppet::config::main{
+  puppet::config::main {
     'vardir': value => $puppet::vardir;
     'logdir': value => $puppet::logdir;
     'rundir': value => $puppet::rundir;
@@ -30,22 +32,22 @@
   }
 
   if $module_repository and !empty($module_repository) {
-    puppet::config::main{'module_repository': value => $module_repository; }
+    puppet::config::main { 'module_repository': value => $module_repository; }
   }
   if $ca_server and !empty($ca_server) {
-    puppet::config::main{'ca_server': value => $ca_server; }
+    puppet::config::main { 'ca_server': value => $ca_server; }
   }
   if $ca_port {
-    puppet::config::main{'ca_port': value => $ca_port; }
+    puppet::config::main { 'ca_port': value => $ca_port; }
   }
   if $dns_alt_names and !empty($dns_alt_names) {
-    puppet::config::main{'dns_alt_names': value => $dns_alt_names; }
+    puppet::config::main { 'dns_alt_names': value => $dns_alt_names; }
   }
   if $use_srv_records {
     unless $srv_domain {
-      fail('$::domain fact found to be undefined and $srv_domain is undefined')
+      fail('domain fact found to be undefined and $srv_domain is undefined')
     }
-    puppet::config::main{
+    puppet::config::main {
       'use_srv_records': value => true;
       'srv_domain': value => $srv_domain;
     }
@@ -55,13 +57,13 @@
     }
   }
   if $pluginsource {
-    puppet::config::main{'pluginsource': value => $pluginsource; }
+    puppet::config::main { 'pluginsource': value => $pluginsource; }
   }
   if $pluginfactsource {
-    puppet::config::main{'pluginfactsource': value => $pluginfactsource; }
+    puppet::config::main { 'pluginfactsource': value => $pluginfactsource; }
   }
   if $syslogfacility and !empty($syslogfacility) {
-    puppet::config::main{'syslogfacility': value => $syslogfacility; }
+    puppet::config::main { 'syslogfacility': value => $syslogfacility; }
   }
   if $client_certname {
     puppet::config::main {
@@ -87,15 +89,15 @@
   -> case $facts['os']['family'] {
     'Windows': {
       concat { "${puppet_dir}/puppet.conf":
-        mode  => '0674',
+        mode  => $puppet::puppetconf_mode,
       }
     }
 
     default: {
       concat { "${puppet_dir}/puppet.conf":
         owner => 'root',
         group => $puppet::params::root_group,
-        mode  => '0644',
+        mode  => $puppet::puppetconf_mode,
       }
     }
   }

manifests/config/agent.pp

@@ -11,7 +11,7 @@
   String $key    = $name,
   String $joiner = ','
 ) {
-  puppet::config::entry{"agent_${name}":
+  puppet::config::entry { "agent_${name}":
     key          => $key,
     value        => $value,
     joiner       => $joiner,

manifests/config/entry.pp

@@ -41,14 +41,14 @@
 
   # this adds the '$key =' for the first value,
   # otherwise it just appends it with the joiner to separate it from the previous value.
-  if (!defined(Concat::Fragment["puppet.conf_${section}_${key}"])){
-    concat::fragment{"puppet.conf_${section}_${key}":
+  if (!defined(Concat::Fragment["puppet.conf_${section}_${key}"])) {
+    concat::fragment { "puppet.conf_${section}_${key}":
       target  => "${puppet::dir}/puppet.conf",
       content => "\n    ${key} = ${_value}",
       order   => "${sectionorder}_${section}_${key} ",
     }
   } else {
-    concat::fragment{"puppet.conf_${section}_${key}_${name}":
+    concat::fragment { "puppet.conf_${section}_${key}_${name}":
       target  => "${puppet::dir}/puppet.conf",
       content => "${joiner}${_value}",
       order   => "${sectionorder}_${section}_${key}_${name} ",

manifests/config/main.pp

@@ -11,7 +11,7 @@
   String $key    = $name,
   String $joiner = ','
 ) {
-  puppet::config::entry{"main${name}":
+  puppet::config::entry { "main${name}":
     key          => $key,
     value        => $value,
     joiner       => $joiner,

manifests/config/master.pp

@@ -11,7 +11,7 @@
   String $key    = $name,
   String $joiner = ','
 ) {
-  puppet::config::entry{"master_${name}":
+  puppet::config::entry { "master_${name}":
     key          => $key,
     value        => $value,
     joiner       => $joiner,

manifests/init.pp

@@ -94,6 +94,8 @@
 #
 # $hiera_config::                           The hiera configuration file.
 #
+# $localconfig::                            The localconfig setting.
+#
 # $syslogfacility::                         Facility name to use when logging to syslog
 #
 # $use_srv_records::                        Whether DNS SRV records will be used to resolve
@@ -160,6 +162,9 @@
 #                                           of the classes associated with the retrieved
 #                                           configuration.
 #
+# $puppetconf_mode::                        The permissions for /etc/puppetlabs/puppet/puppet.conf
+#                                           default to '0644' and '0674' on windows
+#
 # == puppet::agent parameters
 #
 # $agent::                                  Should a puppet agent be installed
@@ -175,6 +180,8 @@
 #
 # $environment::                            Default environment of the Puppet agent
 #
+# $agent_default_schedules::                A boolean to enable/disable the default schedules
+#
 # $agent_additional_settings::              A hash of additional agent settings.
 #                                           Example: {stringify_facts => true}
 #
@@ -231,6 +238,8 @@
 #
 # $server_environments_mode::               Environments directory mode.
 #
+# $server_environments_recurse::            Should the environments directory be managed recursively
+#
 # $server_common_modules_path::             Common modules paths
 #
 # $server_git_repo_path::                   Git repository path
@@ -386,7 +395,7 @@
 # $server_connect_timeout::                 How long the server will wait for a response to a connection attempt
 #
 # $server_ssl_protocols::                   Array of SSL protocols to use.
-#                                           Defaults to [ 'TLSv1.2' ]
+#                                           Defaults to [ 'TLSv1.3', 'TLSv1.2' ]
 #
 # $server_ssl_chain_filepath::              Path to certificate chain for puppetserver
 #                                           Only used when $ca is true
@@ -582,7 +591,7 @@
   Optional[String] $package_provider = $puppet::params::package_provider,
   Optional[Variant[String,Hash,Array]] $package_install_options = $puppet::params::package_install_options,
   Optional[Variant[Stdlib::Absolutepath, Stdlib::HTTPUrl]] $package_source = $puppet::params::package_source,
-  Integer[0, 65535] $port = $puppet::params::port,
+  Stdlib::Port $port = $puppet::params::port,
   Boolean $splay = $puppet::params::splay,
   Variant[Integer[0],Pattern[/^\d+[smhdy]?$/]] $splaylimit = $puppet::params::splaylimit,
   Variant[Boolean, Stdlib::Absolutepath] $autosign = $puppet::params::autosign,
@@ -600,12 +609,13 @@
   Optional[String] $systemd_cmd = $puppet::params::systemd_cmd,
   Integer[0] $systemd_randomizeddelaysec = $puppet::params::systemd_randomizeddelaysec,
   Boolean $agent_noop = $puppet::params::agent_noop,
+  Boolean $agent_default_schedules = $puppet::params::agent_default_schedules,
   Boolean $show_diff = $puppet::params::show_diff,
   Optional[Stdlib::HTTPUrl] $module_repository = $puppet::params::module_repository,
   Optional[Integer[0]] $http_connect_timeout = $puppet::params::http_connect_timeout,
   Optional[Integer[0]] $http_read_timeout = $puppet::params::http_read_timeout,
   Optional[Variant[String, Boolean]] $ca_server = $puppet::params::ca_server,
-  Optional[Integer[0, 65535]] $ca_port = $puppet::params::ca_port,
+  Optional[Stdlib::Port] $ca_port = $puppet::params::ca_port,
   Optional[String] $ca_crl_filepath = $puppet::params::ca_crl_filepath,
   Optional[String] $prerun_command = $puppet::params::prerun_command,
   Optional[String] $postrun_command = $puppet::params::postrun_command,
@@ -619,6 +629,7 @@
   Optional[String] $agent_restart_command = $puppet::params::agent_restart_command,
   String $classfile = $puppet::params::classfile,
   String $hiera_config = $puppet::params::hiera_config,
+  String $localconfig = $puppet::params::localconfig,
   String $auth_template = $puppet::params::auth_template,
   Boolean $allow_any_crl_auth = $puppet::params::allow_any_crl_auth,
   Array[String] $auth_allowed = $puppet::params::auth_allowed,
@@ -638,7 +649,7 @@
   String $server_group = $puppet::params::group,
   String $server_dir = $puppet::params::dir,
   String $server_ip = $puppet::params::ip,
-  Integer $server_port = $puppet::params::port,
+  Stdlib::Port $server_port = $puppet::params::port,
   Boolean $server_ca = $puppet::params::server_ca,
   Boolean $server_ca_crl_sync = $puppet::params::server_ca_crl_sync,
   Optional[Boolean] $server_crl_enable = $puppet::params::server_crl_enable,
@@ -647,7 +658,7 @@
   Array[String] $server_ca_client_whitelist = $puppet::params::server_ca_client_whitelist,
   Optional[Puppet::Custom_trusted_oid_mapping] $server_custom_trusted_oid_mapping = $puppet::params::server_custom_trusted_oid_mapping,
   Boolean $server_http = $puppet::params::server_http,
-  Integer $server_http_port = $puppet::params::server_http_port,
+  Stdlib::Port $server_http_port = $puppet::params::server_http_port,
   String $server_reports = $puppet::params::server_reports,
   Optional[Stdlib::Absolutepath] $server_puppetserver_dir = $puppet::params::server_puppetserver_dir,
   Optional[Stdlib::Absolutepath] $server_puppetserver_vardir = $puppet::params::server_puppetserver_vardir,
@@ -665,6 +676,7 @@
   String $server_environments_owner = $puppet::params::server_environments_owner,
   Optional[String] $server_environments_group = $puppet::params::server_environments_group,
   Pattern[/^[0-9]{3,4}$/] $server_environments_mode = $puppet::params::server_environments_mode,
+  Boolean $server_environments_recurse = $puppet::params::server_environments_recurse,
   Array[Stdlib::Absolutepath, 1] $server_envs_dir = $puppet::params::server_envs_dir,
   Optional[Stdlib::Absolutepath] $server_envs_target = $puppet::params::server_envs_target,
   Variant[Undef, String[0], Array[Stdlib::Absolutepath]] $server_common_modules_path = $puppet::params::server_common_modules_path,
@@ -743,6 +755,7 @@
   Optional[Stdlib::Absolutepath] $server_versioned_code_id = undef,
   Optional[Stdlib::Absolutepath] $server_versioned_code_content = undef,
   Array[String[1]] $server_jolokia_metrics_whitelist = [],
+  Stdlib::Filemode $puppetconf_mode = $puppet::params::puppetconf_mode,
 ) inherits puppet::params {
   contain puppet::config