Merge pull request #764 from joshcooper/private_apt

joshcooper · web-flow · commit 14b1844f60a2 · 2025-03-13T15:30:57.000-07:00
Update module to support apt-puppetcore.puppet.com
diff --git a/docker/bin/helpers/run-install.sh b/docker/bin/helpers/run-install.sh
@@ -7,19 +7,22 @@ if [[ -z "${to_version}" ]]; then
     echo "$0: The version to install must be passed as an argument"
     exit 1
 fi
+to_collection="$2"
 puppet_version=( ${to_version//./ } )
 puppet_major=${puppet_version[0]}
-case $puppet_major in
-    7)
-        to_collection=puppetcore7
-        ;;
-    8)
-        to_collection=puppetcore8
-        ;;
-    *)
-        echo "$0: Invalid version supplied" 1>&2
-        exit 1
-esac
+if [[ -z "$to_collection" ]]; then
+    case $puppet_major in
+        7)
+            to_collection=puppetcore7
+            ;;
+        8)
+            to_collection=puppetcore8
+            ;;
+        *)
+            echo "$0: Invalid version supplied" 1>&2
+            exit 1
+    esac
+fi
 
 export PT__installdir=../
 export PT_version=${to_version}
diff --git a/docker/bin/install.sh b/docker/bin/install.sh
@@ -27,48 +27,50 @@ fi
 cd "$(dirname "$0")/../.."
 platforms=${1:-rocky}
 version=${2:-8.11.0}
+collection=${3:-puppetcore8}
 for platform in ${platforms//,/ }
 do
-    dockerfile='docker/install/dnf/Dockerfile'
-
     case $platform in
-        amazon*)
-            base_image='amazonlinux:2023'
-            ;;
-
-        fedora40)
-            base_image='fedora:40'
-            ;;
-
-        fedora36)
-            base_image='fedora:36'
-            ;;
-
-        fedora*)
-            base_image='fedora:41'
-            ;;
-
-        rocky8)
-            base_image='rockylinux/rockylinux:8'
+        amazon*|fedora*|rocky*)
+            dockerfile='docker/install/dnf/Dockerfile'
             ;;
-
-        rocky*)
-            base_image='rockylinux/rockylinux:9'
-            ;;
-
         sles*)
-            base_image='registry.suse.com/suse/sle15:15.6'
             dockerfile='docker/install/sles/Dockerfile'
             ;;
+        debian*|ubuntu*)
+            dockerfile='docker/install/apt/Dockerfile'
+            ;;
+        *)
+            echo "$0: platform ${platform} is not supported"
+            exit 1
+            ;;
+    esac
 
+    # Default to the latest OS version for each distro
+    case $platform in
+        amazon*)    base_image='amazonlinux:2023';;
+        fedora36)   base_image='fedora:36';;
+        fedora40)   base_image='fedora:40';;
+        fedora*)    base_image='fedora:41';;
+        rocky8)     base_image='rockylinux/rockylinux:8';;
+        rocky*)     base_image='rockylinux/rockylinux:9';;
+        sles*)      base_image='registry.suse.com/suse/sle15:15.6';;
+        debian10)   base_image='debian:buster';;
+        debian11)   base_image='debian:bullseye';;
+        debian*)    base_image='debian:bookworm';;
+        ubuntu1804) base_image='ubuntu:bionic';;
+        ubuntu2004) base_image='ubuntu:focal';;
+        ubuntu2204) base_image='ubuntu:jammy';;
+        ubuntu*)    base_image='ubuntu:noble';;
         *)
-            echo "$0: Usage install.sh [amazon|fedora|rocky|sles]"
+            echo "$0: Usage install.sh [amazon|debian|fedora|rocky|sles|ubuntu]"
             exit 1
             ;;
     esac
 
+    # Add "--progress plain" for complete build output
     docker build --rm -f "${dockerfile}" . -t pa-dev:$platform.install \
            --build-arg BASE_IMAGE="${base_image}"
-    docker run -e PUPPET_FORGE_TOKEN --rm -ti pa-dev:$platform.install "${version}"
+    docker run -e PUPPET_FORGE_TOKEN --rm -ti pa-dev:$platform.install "${version}" "${collection}"
 done
 echo Complete
diff --git a/docker/bin/upgrade.sh b/docker/bin/upgrade.sh
@@ -56,12 +56,25 @@ do
             dockerfile='docker/upgrade/sles/Dockerfile'
             ;;
 
+        debian)
+            base_image='debian:bookworm'
+            release_package='https://apt.puppet.com/puppet7-release-bookworm.deb'
+            dockerfile='docker/upgrade/apt/Dockerfile'
+            ;;
+
+        ubuntu)
+            base_image='ubuntu:jammy'
+            release_package='https://apt.puppet.com/puppet7-release-jammy.deb'
+            dockerfile='docker/upgrade/apt/Dockerfile'
+            ;;
+
         *)
-            echo "$0: Usage upgrade.sh [amazon|fedora|rocky|sles] [before] [after]"
+            echo "$0: Usage upgrade.sh [amazon|debian|fedora|rocky|sles|ubuntu] [before] [after]"
             exit 1
             ;;
     esac
 
+    # Add "--progress plain" for complete build output
     docker build --rm -f ${dockerfile} . -t pa-dev:$platform \
            --build-arg before=${before} \
            --build-arg BASE_IMAGE=${base_image} \
diff --git a/docker/install/apt/Dockerfile b/docker/install/apt/Dockerfile
@@ -0,0 +1,57 @@
+# This Dockerfile enables an iterative development workflow where you can make
+# a change and test it out quickly. The majority of commands in this file will
+# be cached, making the feedback loop typically quite short. The workflow is
+# as follows:
+#   1. Set up pre-conditions for the system in puppet code using `deploy.pp`.
+#   2. Make a change to the module.
+#   3. Run `./docker/bin/install.sh ubuntu` from the project directory.
+#   4. Review the output. Repeat steps 2-3 as needed.
+#
+# At the end of execution, you will see a line like:
+#
+# REMIND
+
+ARG BASE_IMAGE=ubuntu:noble
+FROM ${BASE_IMAGE}
+
+# Use this to force a cache reset (e.g. for output purposes)
+#COPY $0 /tmp/Dockerfile
+
+# Install some other dependencies for ease of life.
+RUN  apt-get update \
+  && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y wget git lsb-release apt-utils systemd \
+  && rm -rf /var/lib/apt/lists/*
+
+
+# This is also duplicated in docker/bin/helpers/run-upgrade.sh.
+ENV module_path=/tmp/modules
+WORKDIR "${module_path}/puppet_agent"
+COPY metadata.json ./
+
+# Installing dependencies from source. These versions should be within the range
+# of `dependencies` in metadata.json.
+RUN git clone --tags https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib && \
+    $(cd ../stdlib && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)))
+RUN git clone --tags https://github.com/puppetlabs/puppetlabs-inifile ../inifile && \
+    $(cd ../inifile && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)))
+RUN git clone --tags https://github.com/puppetlabs/puppetlabs-apt ../apt && \
+    $(cd ../apt && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)))
+RUN git clone --tags https://github.com/puppetlabs/puppetlabs-facts ../facts && \
+    $(cd ../facts && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)))
+
+# Now move the project directory's files into the image. That way, if these
+# files change, caching will skip everything before this.
+COPY docker/bin/helpers/run-install.sh /tmp/bin/run-install.sh
+COPY files/ ./files/
+COPY locales/ ./locales/
+COPY spec/ ./spec/
+COPY task_spec/  ./task_spec/
+COPY tasks/ ./tasks/
+COPY templates/ ./templates
+COPY types/ ./types/
+COPY Gemfile Gemfile.lock Rakefile ./
+COPY lib/ ./lib/
+COPY manifests/ ./manifests/
+
+# Perform the install.
+ENTRYPOINT ["/tmp/bin/run-install.sh"]
diff --git a/docker/upgrade/apt/Dockerfile b/docker/upgrade/apt/Dockerfile
@@ -0,0 +1,101 @@
+# This Dockerfile enables an iterative development workflow where you can make
+# a change and test it out quickly. The majority of commands in this file will
+# be cached, making the feedback loop typically quite short. The workflow is
+# as follows:
+#   1. Set up pre-conditions for the system in puppet code using `deploy.pp`.
+#   2. Make a change to the module.
+#   3. Run `docker build -f docker/Dockerfile .` or
+#      `./docker/bin/upgrade.sh rocky` from the project directory. If you would
+#      like to test specific version upgrades, you can add run this like so:
+#        `docker build -f docker/rocky/Dockerfile . \
+#           -t pa-dev:rocky --build-arg before=1.10.14`
+#   4. Upgrade the container by running the image:
+#        `docker run -it pa-dev:rocky`
+#      Specify your upgrade TO version as an argument to the `docker run`
+#      command.
+#   5. Review the output. Repeat steps 2-5 as needed.
+#
+# At the end of execution, you will see a line like:
+#
+# Notice: /Stage[main]/Puppet_agent::Install/Package[puppet-agent]/ensure: ensure changed '1.10.14-1.el8' to '6.2.0'
+#
+# This specifies the versions that were used for upgrade.
+#
+# Arguments:
+# - before: The version to do upgrade FROM. Default: "7.34.0"
+
+ARG BASE_IMAGE=ubuntu:noble
+FROM ${BASE_IMAGE}
+
+# Use this to force a cache reset (e.g. for output purposes)
+#COPY $0 /tmp/Dockerfile
+
+# Install some other dependencies for ease of life.
+RUN  apt-get update \
+  && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y wget git lsb-release apt-utils systemd gnupg \
+  && rm -rf /var/lib/apt/lists/*
+
+ARG before=7.34.0
+LABEL before=${before}
+
+ARG RELEASE_PACKAGE
+
+RUN  apt-get update \
+  && apt install -y curl \
+  && rm -rf /var/lib/apt/lists/*
+
+# Install proper FROM repo pupet 7
+RUN  curl -L -o puppet7.deb ${RELEASE_PACKAGE} \
+  && dpkg -i puppet7.deb
+
+# Print out which versions of the puppet-agent package are available (for reference).
+#RUN dnf list puppet-agent --showduplicates
+
+# Install FROM version of puppet-agent.
+RUN  apt-get update \
+  && apt list -a puppet-agent \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -y puppet-agent \
+  && rm -rf /var/lib/apt/lists/*
+
+# This is also duplicated in the docker/bin/helpers/run-upgrade.sh.
+ENV module_path=/tmp/modules
+WORKDIR "${module_path}/puppet_agent"
+COPY metadata.json ./
+
+# Installing dependencies from source. These versions should be within the range
+# of `dependencies` in metadata.json.
+RUN git clone --tags https://github.com/puppetlabs/puppetlabs-stdlib ../stdlib && \
+    $(cd ../stdlib && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)))
+RUN git clone --tags https://github.com/puppetlabs/puppetlabs-inifile ../inifile && \
+    $(cd ../inifile && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)))
+RUN git clone --tags https://github.com/puppetlabs/puppetlabs-apt ../apt && \
+    $(cd ../apt && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)))
+RUN git clone --tags https://github.com/puppetlabs/puppetlabs-facts ../facts && \
+    $(cd ../facts && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)))
+
+# Check that all dependencies are installed.
+RUN /opt/puppetlabs/puppet/bin/puppet module --modulepath $module_path list --tree
+COPY docker/deploy.pp /tmp/deploy.pp
+RUN ["sh", "-c", "/opt/puppetlabs/puppet/bin/puppet apply --modulepath $module_path /tmp/deploy.pp"]
+
+# Now move the project directory's files into the image. That way, if these
+# files change, caching will skip everything before this.
+COPY docker/bin/helpers/run-upgrade.sh /tmp/bin/run-upgrade.sh
+COPY files/ ./files/
+COPY locales/ ./locales/
+COPY spec/ ./spec/
+COPY task_spec/  ./task_spec/
+COPY tasks/ ./tasks/
+COPY templates/ ./templates
+COPY types/ ./types/
+COPY Gemfile Gemfile.lock Rakefile ./
+COPY lib/ ./lib/
+COPY manifests/ ./manifests/
+
+COPY docker/upgrade.pp /tmp/upgrade.pp
+
+# Print out which versions of the puppet-agent package are available (for reference).
+#RUN yum list puppet-agent --showduplicates
+
+# Perform the upgrade.
+ENTRYPOINT ["/tmp/bin/run-upgrade.sh"]
diff --git a/files/puppet-keyring.gpg b/files/puppet-keyring.gpg
diff --git a/manifests/osfamily/debian.pp b/manifests/osfamily/debian.pp
@@ -66,18 +66,39 @@
           ensure   => absent,
           priority => '90',
         }
+      } elsif $puppet_agent::collection =~ /core/ {
+        $source = 'https://apt-puppetcore.puppet.com'
       } else {
         $source = $puppet_agent::apt_source
       }
 
-      $keyname = 'GPG-KEY-puppet-20250406'
+      $repo_username = getvar('puppet_agent::username')
+      $repo_password = unwrap(getvar('puppet_agent::password'))
+
+      if $repo_username and $repo_password {
+        # lint:ignore:strict_indent
+        file { "/etc/apt/auth.conf.d/apt-${puppet_agent::collection}-puppet.conf":
+          ensure  => file,
+          owner   => 0,
+          group   => 0,
+          mode    => '0600',
+          content => Sensitive(@("EOT"))
+            machine ${source}
+            login ${repo_username}
+            password ${repo_password}
+            | EOT
+        }
+        # lint:endignore
+      }
+
+      $keyname = 'puppet-keyring.gpg'
 
       apt::source { 'pc_repo':
         location => $source,
-        repos    => $puppet_agent::collection,
+        repos    => regsubst($puppet_agent::collection, /core/, ''),
         key      => {
-          'name'    => "${keyname}.asc",
-          'content' => file("${module_name}/${keyname}"),
+          'name'   => $keyname,
+          'source' => "puppet:///modules/${module_name}/${keyname}",
         },
         notify   => Exec['pc_repo_force'],
       }
diff --git a/spec/classes/puppet_agent_osfamily_debian_spec.rb b/spec/classes/puppet_agent_osfamily_debian_spec.rb
@@ -155,8 +155,8 @@
                   'location' => 'https://master.example.vm:8140/packages/2000.0.0/debian-7-x86_64',
                   'repos'    => 'PC1',
                   'key'      => {
-                    'name'    => 'GPG-KEY-puppet-20250406.asc',
-                    'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'),
+                    'name'    => 'puppet-keyring.gpg',
+                    'source'  => 'puppet:///modules/puppet_agent/puppet-keyring.gpg',
                   },
                 })
       }
@@ -177,8 +177,8 @@
                   'location' => 'https://fake-apt-mirror.com/packages/2000.0.0/debian-7-x86_64',
                   'repos'    => 'PC1',
                   'key'      => {
-                    'name'    => 'GPG-KEY-puppet-20250406.asc',
-                    'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'),
+                    'name'    => 'puppet-keyring.gpg',
+                    'source'  => 'puppet:///modules/puppet_agent/puppet-keyring.gpg',
                   },
                 })
       }
@@ -218,8 +218,8 @@
                   'location' => 'https://apt.puppet.com',
                   'repos'    => 'puppet5',
                   'key'      => {
-                    'name'    => 'GPG-KEY-puppet-20250406.asc',
-                    'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'),
+                    'name'    => 'puppet-keyring.gpg',
+                    'source'  => 'puppet:///modules/puppet_agent/puppet-keyring.gpg',
                   },
                 })
       }
@@ -241,8 +241,8 @@
                   'location' => 'https://fake-apt-mirror.com/',
                   'repos'    => 'puppet5',
                   'key'      => {
-                    'name'    => 'GPG-KEY-puppet-20250406.asc',
-                    'content' => Puppet::FileSystem.read_preserve_line_endings('files/GPG-KEY-puppet-20250406'),
+                    'name'    => 'puppet-keyring.gpg',
+                    'source'  => 'puppet:///modules/puppet_agent/puppet-keyring.gpg',
                   },
                 })
       }
diff --git a/tasks/install_shell.sh b/tasks/install_shell.sh
