Merge pull request 'Added Debian components' (#4) from fix/debian_components into develop

Reviewed-on: unkinben/puppet-prod#4
2023-07-01 22:09:26 +09:30 · 2023-07-01 22:09:26 +09:30 · 568da5883e
commit 568da5883e
parent 46a95d756a 87f174df33
7 changed files with 157 additions and 54 deletions
--- a/1
+++ b/1
@ -14,3 +14,4 @@ mod 'puppet-chrony', '2.6.0'
 mod 'puppetlabs-vcsrepo', '6.1.0'
 mod 'puppetlabs-yumrepo_core', '2.0.0'
 mod 'puppet-yum', '7.0.0'
+mod 'puppetlabs-apt', '9.1.0'
--- a/hieradata/os/Debian/Debian11.yaml
+++ b/hieradata/os/Debian/Debian11.yaml
@ -0,0 +1,12 @@
+# hieradata/os/Debian/Debian11.yaml
+---
+profiles::apt::managed_repos:
+  - 'base'
+  - 'security'
+  - 'updates'
+  - 'puppet7'
+
+profiles::apt::components:
+  - contrib
+  - main
+  - non-free
--- a/hieradata/os/Debian/Debian12.yaml
+++ b/hieradata/os/Debian/Debian12.yaml
@ -5,3 +5,9 @@ profiles::apt::managed_repos:
  - 'security'
  - 'updates'
  - 'puppet7'
+
+profiles::apt::components:
+  - contrib
+  - main
+  - non-free
+  - non-free-firmware
--- a/hieradata/os/Debian/all_releases.yaml
+++ b/hieradata/os/Debian/all_releases.yaml
@ -1,3 +1,7 @@
 # hieradata/os/debian/all_releases.yaml
 ---
-profiles::apt::base::baseurl: http://debian.mirror.digitalpacific.com.au/debian
+profiles::apt::base::mirrorurl: http://debian.mirror.digitalpacific.com.au/debian
+profiles::apt::base::secureurl: http://security.debian.org/debian-security
+profiles::apt::puppet7::mirror: http://apt.puppetlabs.com
+profiles::apt::puppet7::repo: puppet7
+profiles::apt::puppet7::dist: bullseye
--- a/site/profiles/manifests/apt/base.pp
+++ b/site/profiles/manifests/apt/base.pp
@ -1,36 +1,71 @@
+# This class manages the configuration of base APT repositories
+#
+# Parameters:
+# - $managed_repos: An array of repositories to manage, such as 'base', 'security',
+#   'updates', 'backports' (optional)
+# - $components: An array of components for the repositories (e.g., 'main', 'contrib')
+# - $mirrorurl: The base URL of the mirror for the base repository
+# - $secureurl: The base URL of the mirror for the security repository
+#
+# Dependencies:
+# - Puppet facts: The class relies on certain facts about the target system,
+#   including the OS architecture and distribution codename.
+#
+# Description:
+# This class manages the configuration of base APT repositories on the target system.
+# It supports the management of repositories specified in the $managed_repos parameter,
+# including 'base', 'security', 'updates', and 'backports'. The class retrieves necessary
+# information from Puppet facts, such as the OS architecture and distribution codename.
+# It creates apt::source resources for each repository, setting the appropriate location,
+# repos, and release values based on the provided parameters.
+#
+# Example usage:
+# class { 'profiles::apt::base':
+#   managed_repos => ['base', 'security'],
+#   components    => ['main', 'contrib'],
+#   mirrorurl     => 'http://mirror.example.com',
+#   secureurl     => 'http://security.example.com',
+# }
 class profiles::apt::base (
  Array[String] $managed_repos,
  Array[String] $components,
-  String        $baseurl,
+  String        $mirrorurl,
+  String        $secureurl,
 ) {
-  $releasever = $facts['os']['release']['major']
-  $basearch = $facts['os']['architecture']
  $codename = $facts['os']['distro']['codename']

  # Join the array into a space-separated string
  $repo_components = join($components, ' ')

-  apt::source { "deb.debian.org-${codename}":
-    location => $baseurl,
-    repos    => $repo_components,
-    release  => $codename,
+  if 'base' in $managed_repos {
+    apt::source { 'base':
+      location => $mirrorurl,
+      repos    => $repo_components,
+      release  => $codename,
+    }
  }

-  apt::source { "deb.debian.org-${codename}-security":
-    location => $baseurl,
-    repos    => $repo_components,
-    release  => "${codename}-security",
+  if 'security' in $managed_repos {
+    apt::source { 'security':
+      location => $secureurl,
+      repos    => $repo_components,
+      release  => "${codename}-security",
+    }
  }

-  apt::source { "deb.debian.org-${codename}-updates":
-    location => $baseurl,
-    repos    => $repo_components,
-    release  => "${codename}-updates",
+  if 'updates' in $managed_repos {
+    apt::source { 'updates':
+      location => $mirrorurl,
+      repos    => $repo_components,
+      release  => "${codename}-updates",
+    }
  }

-  apt::source { "deb.debian.org-${codename}-backports":
-    location => $baseurl,
-    repos    => $repo_components,
-    release  => "${codename}-backports",
+  if 'backports' in $managed_repos {
+    apt::source { 'backports':
+      location => $mirrorurl,
+      repos    => $repo_components,
+      release  => "${codename}-backports",
+    }
  }
 }
--- a/site/profiles/manifests/apt/global.pp
+++ b/site/profiles/manifests/apt/global.pp
@ -22,9 +22,7 @@
 # Manages all .list files under /etc/apt/sources.list.d. All the repositories listed
 # in $managed_repos will have their corresponding .list files preserved. Any
 # .list file that is not listed in $managed_repos will be removed.
-# Creates and maintains a /etc/apt/sources.list.d/.managed file that lists all the
-# .list files that should be managed by Puppet.
-# Manages /etc/apt/sources.list file to include the .list files in /etc/apt/sources.list.d.
+# Manages /etc/apt/sources.list file to be empty.
 #
 # Example usage:
 # --------------
@ -41,7 +39,12 @@ class profiles::apt::global (
  Array[String] $components    = lookup('profiles::apt::components'),
 ){
  class { 'apt':
-    update => {
+    sources_list_force => true,
+    purge              => {
+      'sources.list'   => true,
+      'sources.list.d' => true,
+    },
+    update             => {
      frequency => 'daily',
      loglevel  => 'debug',
    },
@ -54,35 +57,6 @@ class profiles::apt::global (
    },
  }

-  # Generate the content for the .managed file
-  $managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n")
-
-  # Create the .managed file
-  file { '/etc/apt/sources.list.d/.managed':
-    ensure  => file,
-    content => $managed_file_content,
-  }
-
-  # Define exec resource to remove .list files not listed in .managed
-  exec { 'cleanup_apt_repos':
-    command => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort)
-                <(sort /etc/apt/sources.list.d/.managed) | 
-                xargs -n1 rm -f /etc/apt/sources.list.d/{}"',
-    path    => ['/bin', '/usr/bin'],
-    onlyif  => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort)
-                <(sort /etc/apt/sources.list.d/.managed) | grep .list"',
-  }
-
-  file { '/etc/apt/sources.list':
-    ensure  => 'file',
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => @(END)
-      ## Apt is managed by Puppet, do not edit this file
-      END
-  }
-
  # Setup base repos
  class { 'profiles::apt::base':
    managed_repos => $managed_repos,
@ -92,6 +66,5 @@ class profiles::apt::global (
  # Setup puppet7 if included in managed_repos
  class { 'profiles::apt::puppet7':
    managed_repos => $managed_repos,
-    components    => $components,
  }
 }
--- a/site/profiles/manifests/apt/puppet7.pp
+++ b/site/profiles/manifests/apt/puppet7.pp
@ -0,0 +1,72 @@
+# This class manages the installation and configuration of Puppet 7
+#
+# Parameters:
+# - $managed_repos: An array of additional repositories to manage (optional)
+# - $mirror: The base URL of the repository mirror
+# - $repo: The repository name
+# - $release: The release name
+#
+# Dependencies:
+# - Puppet facts: The class relies on certain facts about the target system,
+#   including the OS release, architecture, and distribution codename.
+#
+# Description:
+# This class installs Puppet 7 on the target system by managing the repository
+# configuration and installing the appropriate package. It also supports the
+# management of additional repositories specified in the $managed_repos parameter.
+# The class retrieves necessary information from Puppet facts, such as the OS
+# release version, architecture, and distribution codename. It downloads the
+# Puppet release deb file from the specified mirror and installs it using dpkg.
+# Additionally, it configures the main Puppet repository using the apt::source resource.
+#
+# Example usage:
+# class { 'profiles::apt::puppet7':
+#   managed_repos => ['extra-repo'],
+#   mirror        => 'http://mirror.example.com',
+#   release       => 'puppet7',
+#   repo          => 'bullseye',
+# }
+class profiles::apt::puppet7 (
+  Array[String] $managed_repos,
+  String        $mirror,
+  String        $repo,
+  String        $dist,
+) {
+
+  $codename = $facts['os']['distro']['codename']
+
+  if 'puppet7' in $managed_repos {
+    # Path to store the downloaded deb file
+    $puppet_release = "/root/${repo}-${dist}.deb"
+    $puppet_source = "${mirror}/${repo}-release-${dist}.deb"
+
+    # Check if the deb file exists
+    if !defined(File[$puppet_release]) {
+      # Download the deb file
+      file { $puppet_release:
+        ensure => present,
+        source => $puppet_source,
+        mode   => '0644',
+      }
+    }
+
+    # Install the puppet release using dpkg
+    package { "${repo}-${dist}":
+      ensure   => installed,
+      provider => dpkg,
+      source   => $puppet_release,
+      require  => File[$puppet_release],
+    }
+
+    # deb http://apt.puppet.com bullseye puppet7
+    apt::source { 'puppet7':
+      location => $mirror,
+      repos    => $repo,
+      release  => $dist,
+      include  => {
+        'src' => false,
+        'deb' => true,
+      },
+    }
+  }
+}