forked from CERIT-SC/puppet-yum
-
-
Notifications
You must be signed in to change notification settings - Fork 99
/
init.pp
228 lines (211 loc) · 8.45 KB
/
init.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# A class to install and manage Yum configuration.
#
# @param clean_old_kernels
# Whether or not to purge old kernel version beyond the `keeponly_limit`.
#
# @param keep_kernel_devel
# Whether or not to keep kernel devel packages on old kernel purge.
#
# @param config_options
# A Hash where keys are the names of `Yum::Config` resources and the values
# are either the direct `ensure` value, or a Hash of the resource's attributes.
#
# @note Boolean parameter values will be converted to either a `1` or `0`; use a quoted string to
# get a literal `true` or `false`. Sensitive value will disable the `show_diff`.
#
#
# @param repos
# A hash where keys are the names of `Yumrepo` resources and each value represents its respective
# Yumrepo's resource parameters. This is used in conjunction with the `managed_repos` parameter
# to create `Yumrepo` resources en masse. Some default data is provided for this using module
# data. It is configured to deep merge with a `knockout_prefix` of `--` by default, so individual
# parameters may be overriden or removed via global or environment Hiera data.
#
# @note Boolean parameter values will be converted to either a `1` or `0`; use a quoted string to
# get a literal `true` or `false`.
#
# @param managed_repos
# An array of first-level keys from the `repos` hash to include in the catalog. The module uses
# this list to select `Yumrepo` resources from the `repos` hash for instantiation. Defaults are
# set in the module's Hiera data.
#
# @note This only indicates the *managed* state of the repos, the `ensure` state must be managed
# in the `repos` data.
#
# @param manage_os_default_repos
# Whether or not to add an operating system's default repos to the `managed_repos` array.
#
# @note This only works for operating systems with data in the module's data directory. Currently
# the module only contains data for for CentOS 6 & 7.
#
# @param os_default_repos
# A list of default repos to add to `managed_repos` if `manage_os_default_repos` is enabled.
# Normally this should not be modified.
#
# @param repo_exclusions
# An array of first-level keys from the `repos` hash to exclude from management via this module.
# Values in this array will be subtracted from the `managed_repos` array as a last step before
# instantiation.
#
# @param gpgkeys
# A hash of yum::gpgkey types, which will be automatically included if they
# are referenced by a managed_repo. This will use the same merging behavior
# as repos.
#
# @param utils_package_name
# Name of the utils package, e.g. 'yum-utils', or 'dnf-utils'.
#
# @example Enable management of the default repos for a supported OS:
# ---
# yum::manage_os_default_repos: true
#
# @example Add Hiera data to disable *management* of the CentOS Base repo:
# ---
# yum::manage_os_default_repos: true
# yum::repo_exclusions:
# - 'base'
#
# @example Ensure the CentOS base repo is removed from the agent system(s):
# ---
# yum::manage_os_default_repos: true
# yum::repos:
# base:
# ensure: 'absent'
#
# @example Add a custom repo:
# ---
# yum::managed_repos:
# - 'example_repo'
# yum::repos:
# example_repo:
# ensure: 'present'
# enabled: true
# descr: 'Example Repo'
# baseurl: 'https://repos.example.com/example/'
# gpgcheck: true
# gpgkey: 'file:///etc/pki/gpm-gpg/RPM-GPG-KEY-Example'
# target: '/etc/yum.repos.d/example.repo'
#
# @example Use a custom `baseurl` for the CentOS Base repo:
# ---
# yum::manage_os_default_repos: true
# yum::repos:
# base:
# baseurl: 'https://repos.example.com/CentOS/base/'
# mirrorlist: '--'
#
class yum (
Boolean $clean_old_kernels = true,
Boolean $keep_kernel_devel = false,
Hash[String, Variant[String, Integer, Boolean, Sensitive[String], Hash[String, Variant[String, Integer, Boolean, Sensitive[String]]]]] $config_options = {},
Hash[String, Optional[Hash[String, Variant[String, Integer, Boolean]]]] $repos = {},
Array[String] $managed_repos = [],
Boolean $manage_os_default_repos = false,
Array[String] $os_default_repos = [],
Array[String] $repo_exclusions = [],
Hash[String, Hash[String, String]] $gpgkeys = {},
String $utils_package_name = 'yum-utils',
) {
$module_metadata = load_module_metadata($module_name)
$supported_operatingsystems = $module_metadata['operatingsystem_support']
$supported_os_names = $supported_operatingsystems.map |$os| {
$os['operatingsystem']
}
unless member($supported_os_names, $facts['os']['name']) {
fail("${facts['os']['name']} not supported")
}
$_managed_repos = $manage_os_default_repos ? {
true => $managed_repos + $os_default_repos,
default => $managed_repos,
}
unless empty($_managed_repos) or empty($repos) {
$_managed_repos_minus_exclusions = $_managed_repos - $repo_exclusions
$normalized_repos = yum::bool2num_hash_recursive($repos)
$normalized_repos.each |$yumrepo, $attributes| {
if member($_managed_repos_minus_exclusions, $yumrepo) {
yumrepo { $yumrepo:
* => $attributes,
}
# Handle GPG Key
if ('gpgkey' in $attributes) {
$matches = $attributes['gpgkey'].split(/\s/).match('^file://(.*)$')
$matches.each |$match| {
if $match {
$gpgkey = $match[1]
if $gpgkey =~ Stdlib::AbsolutePath and $gpgkey in $gpgkeys {
if !defined(Yum::Gpgkey[$gpgkey]) {
yum::gpgkey { $gpgkey:
* => $gpgkeys[$gpgkey],
before => Package[$utils_package_name],
# GPG Keys for any managed repository need to be installed before we attempt to install any packages.
}
} # end if Yum::Gpgkey[$gpgkey] is not defined
} # end if $gpgkey exists in gpgkeys
} # end if gpgkey is a file:// resource
} # end each matches
} # end if $attributes has a gpgkey
}
}
}
unless empty($config_options) {
if ('installonly_limit' in $config_options) {
assert_type(Variant[Integer, Hash[String, Integer]], $config_options['installonly_limit']) |$expected, $actual| {
fail("The value or ensure for `\$yum::config_options[installonly_limit]` must be an Integer, but it is not.")
}
}
$_normalized_config_options = $config_options.map |$key, $attrs| {
$_ensure = $attrs ? {
Hash => $attrs[ensure],
default => $attrs,
}
$_normalized_ensure = $_ensure ? {
Boolean => Hash({ 'ensure' => bool2num($_ensure) }),
default => Hash({ ensure => $_ensure }), # lint:ignore:unquoted_string_in_selector
}
$_normalized_attrs = $attrs ? {
Hash => merge($attrs, $_normalized_ensure),
default => $_normalized_ensure,
}
Hash({ $key => $_normalized_attrs })
}.reduce |$memo, $cfg_opt_hash| {
merge($memo, $cfg_opt_hash)
}
$_normalized_config_options.each |$config, $attributes| {
yum::config { $config:
* => $attributes,
}
}
}
unless defined(Yum::Config['installonly_limit']) {
yum::config { 'installonly_limit': ensure => '3' }
}
$_clean_old_kernels_subscribe = $clean_old_kernels ? {
true => Yum::Config['installonly_limit'],
default => undef,
}
# cleanup old kernels
ensure_packages([$utils_package_name])
$_real_installonly_limit = $config_options['installonly_limit'] ? {
Variant[String, Integer] => $config_options['installonly_limit'],
Hash => $config_options['installonly_limit']['ensure'],
default => '3',
}
$_keep_kernel_devel = $keep_kernel_devel ? {
true => $facts['package_provider'] ? {
'yum' => '--keepdevel ',
'dnf' => '--exclude kernel-release',
default => fail("Fact package_provider is not set to \'yum\' or \'dnf\' - giving up"),
},
default => '',
}
$_pc_cmd = $facts['package_provider'] ? {
'yum' => "/usr/bin/package-cleanup --oldkernels --count=${_real_installonly_limit} -y${$_keep_kernel_devel}",
default => "/usr/bin/dnf -y remove $(/usr/bin/dnf repoquery --installonly --latest-limit=-${_real_installonly_limit}${_keep_kernel_devel} | /usr/bin/grep -v ${facts['kernelrelease']})"
}
exec { 'package-cleanup_oldkernels':
command => $_pc_cmd,
refreshonly => true,
require => Package[$utils_package_name],
subscribe => $_clean_old_kernels_subscribe,
}
}