Add puppetcore macos support #769
Conversation
| @@ -20,12 +20,20 @@ | |||
| } else { | |||
| $source = "puppet:///pe_packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" | |||
| } | |||
| } else { | |||
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ { | |||
| if $puppet_agent::prepare::package_version =~ /^\d+\.\d+\.\d+\.\d+\.g([a-f0-9]+)+$/ { | |||
There was a problem hiding this comment.
Is there a better way to determine if we need to set dev=true parameter?
There was a problem hiding this comment.
This worked for me, splitting the version and checking for strictly more than 3 components:
$dev = count(split($puppet_agent::prepare::package_version, '\.')) > 3
| onlyif => "test -f '${response_file}'", | ||
| logoutput => true, | ||
| require => Exec['Download Puppet Agent for Darwin'], | ||
| } |
There was a problem hiding this comment.
This is what the output looks like for setting up the netrc file, reading the output file and then executing the install script:
Started on jovial-duck.delivery.puppetlabs.net...
Finished on jovial-duck.delivery.puppetlabs.net:
Notice: /Stage[main]/Puppet_agent::Prepare::Package/File[/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.netrc]/ensure: defined content as '{sha256}4f3d0ec5c7fa14041867e7009e7924c13c15c54cc2fbfc52362708a88964bf86'
Notice: /Stage[main]/Puppet_agent::Prepare::Package/Exec[Remove .netrc file]/returns: executed successfully
Notice: /Stage[main]/Puppet_agent::Prepare::Package/Exec[Read HTTP Response Code]/returns: 200
Notice: /Stage[main]/Puppet_agent::Prepare::Package/Exec[Read HTTP Response Code]/returns: executed successfully
Notice: /Stage[main]/Puppet_agent::Install::Darwin/Exec[osx_install script]/returns: executed successfully
changed: 4, failed: 0, unchanged: 26 skipped: 0, noop: 0
Finished: apply catalog with 0 failures in 15.54 sec
For now while working on this I'm mainly looking to get quick feedback on the curl HTTP response. But this is only a work in progress, and I do plan on spending time to improve this.
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
from
191a2cc to
4a3c3e5
Compare
| mode => '0600', | ||
| } | ||
|
|
||
| $curl_command = "curl -1 -sL --netrc-file '${netrc_file}' -w '%{http_code}' -o '${local_package_file_path}' '${source}' > '${response_file}'" |
There was a problem hiding this comment.
suggest adding --fail so it returns non-zero exit on HTTP error
| path => ['/usr/bin', '/bin'], | ||
| onlyif => "test -f '${netrc_file}'", | ||
| require => Exec['Download Puppet Agent for Darwin'], | ||
| } |
There was a problem hiding this comment.
may produce a "changed" event each time the agent runs?
There was a problem hiding this comment.
Isn't that the kind of issue https://forge.puppet.com/modules/puppetlabs/transition/readme exists for?
manifests/prepare/package.pp
Outdated
| file { $netrc_file: | ||
| ensure => file, | ||
| content => "machine artifacts-puppetcore.puppet.com\nlogin ${download_username}\npassword ${download_password}\n", | ||
| mode => '0600', |
There was a problem hiding this comment.
please add show_diff => false,, to ensure password won't be leaked
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
from
4a3c3e5 to
2e64a41
Compare
When using the puppetcore collection on Windows, if we detect the installed version does not match, then upgrade the MSI. Due to a puppet bug, we cannot pass credentials in the `source` parameter. And `curl.exe` is not present in our puppet-agent packages. So use powershell to download. Co-authored-by: Kevin <[email protected]>
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
2 times, most recently
from
bcaf7d6 to
195c5e9
Compare
manifests/osfamily/darwin.pp
Outdated
| @@ -8,7 +8,7 @@ | |||
| $productversion_array = split($facts['os']['macosx']['version']['major'], '[.]') | |||
| $productversion_major = $productversion_array[0] | |||
| } | |||
|
|
|||
| $destination_name = undef | |||
There was a problem hiding this comment.
Why do you set the variable here?
There was a problem hiding this comment.
The variable needs to get set for the scenario if puppetcore isn't being used. The way I had it set here is a work in progress, I'm about to push up changes that reflect how Josh fixed this with his Windows commit. I think it will be a bit cleaner in what is going on. Thanks for the comment I had forgotten to update this.
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
from
195c5e9 to
96e3677
Compare
manifests/osfamily/darwin.pp
Outdated
| @@ -20,12 +19,25 @@ | |||
| } else { | |||
| $source = "puppet:///pe_packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" | |||
| } | |||
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ { | |||
There was a problem hiding this comment.
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ { | |
| } elsif $puppet_agent::collection =~ /core/ { |
There was a problem hiding this comment.
$puppet_agent::collection cannot be undef, so we don't need to check if it's undef
manifests/osfamily/darwin.pp
Outdated
| @@ -8,7 +8,6 @@ | |||
| $productversion_array = split($facts['os']['macosx']['version']['major'], '[.]') | |||
| $productversion_major = $productversion_array[0] | |||
| } | |||
|
|
|||
| if $puppet_agent::absolute_source { | |||
There was a problem hiding this comment.
I think this whole block becomes a bit more readable and shorter, if you do something like:
$source = if $puppet_agent::absolute_source {
...Which enables you to get rid of all the following $source = in the logic block.
manifests/prepare/package.pp
Outdated
| @@ -56,6 +56,45 @@ | |||
| creates => $local_package_file_path, | |||
| require => File[$puppet_agent::params::local_packages_dir], | |||
| } | |||
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ and $facts['os']['family'] =~ /Darwin/ { | |||
There was a problem hiding this comment.
| } elsif $puppet_agent::collection and $puppet_agent::collection =~ /core/ and $facts['os']['family'] =~ /Darwin/ { | |
| } elsif $puppet_agent::collection =~ /core/ and $facts['os']['family'] =~ /Darwin/ { |
This updates the download of puppet-agent when puppetcore packages are used. The new 'puppetcore7' and 'puppetcore8' collections when used for MacOS will now download puppetcore packages. Due to a bug in Puppet for now we're going to depend on Curl to download the package.
cthorn42
force-pushed
the
add_puppetcore_macos_support
branch
from
96e3677 to
4c2832f
Compare
| } elsif ($puppet_agent::is_pe and (!$puppet_agent::use_alternate_sources)) { | ||
| $pe_server_version = pe_build_version() | ||
| if $puppet_agent::alternate_pe_source { | ||
| $source = "${puppet_agent::alternate_pe_source}/packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" | ||
| "${puppet_agent::alternate_pe_source}/packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${productversion_major}.dmg" |
There was a problem hiding this comment.
We lost the inner '$'
| "${puppet_agent::alternate_pe_source}/packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${productversion_major}.dmg" | |
| "${puppet_agent::alternate_pe_source}/packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" |
There was a problem hiding this comment.
But that's not required, is it? We already have $ before the {
| } elsif $puppet_agent::source { | ||
| $source = "${puppet_agent::source}/packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" | ||
| "${puppet_agent::source}/packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${productversion_major}.dmg" |
There was a problem hiding this comment.
Same
| "${puppet_agent::source}/packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${productversion_major}.dmg" | |
| "${puppet_agent::source}/packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" |
| } | ||
| } else { | ||
| $source = "${puppet_agent::mac_source}/mac/${puppet_agent::collection}/${productversion_major}/${puppet_agent::arch}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" | ||
| "${puppet_agent::mac_source}/mac/${puppet_agent::collection}/${productversion_major}/${puppet_agent::arch}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${productversion_major}.dmg" |
There was a problem hiding this comment.
Same here, also indentation is off
| "${puppet_agent::mac_source}/mac/${puppet_agent::collection}/${productversion_major}/${puppet_agent::arch}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${productversion_major}.dmg" | |
| "${puppet_agent::mac_source}/mac/${puppet_agent::collection}/${productversion_major}/${puppet_agent::arch}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" |
| } else { | ||
| $source = "puppet:///pe_packages/${pe_server_version}/${facts['platform_tag']}/${puppet_agent::package_name}-${puppet_agent::prepare::package_version}-1.osx${$productversion_major}.dmg" |
There was a problem hiding this comment.
I think we want to keep puppet:///pe_packages/${pe_server_version}/.... as a valid source.
| if [[ "$collection" =~ core ]]; then | ||
| if [ -z "$password" ]; then | ||
| echo "A password parameter is required to install" | ||
| exit 1 |
There was a problem hiding this comment.
Since we check for an empty password earlier, is the if [ -z "$password ] check needed?
| @@ -431,6 +451,12 @@ do_curl() { | |||
| unable_to_retrieve_package | |||
| fi | |||
|
|
|||
| grep "HTTP/2 401" $tmp_stderr 2>&1 >/dev/null | |||
There was a problem hiding this comment.
I don't know that we can safely assume the server replied with HTTP 2. Probably better to just check for:
| grep "HTTP/2 401" $tmp_stderr 2>&1 >/dev/null | |
| grep "401 Unauthorized" $tmp_stderr 2>&1 >/dev/null |
This is a work in progress, currently based on Josh's WIP: #766