feat: add ovirt roles

- add repositories for ovirt - add role/profile for ovirt/engine and ovirt/node - add deep-merge for managed_repos - change repos to allow filesource (URL or file://) - change reposync to use curl instead of wget
2024-03-11 18:51:14 +11:00 · 2024-03-11 18:51:14 +11:00 · 8f5e9e40a1
commit 8f5e9e40a1
parent 4e25a1867e
11 changed files with 164 additions and 2 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -18,6 +18,9 @@ lookup_options:
  profiles::pki::vault::ip_sans:
    merge:
      strategy: deep
+  profiles::yum::managed_repos:
+    merge:
+      strategy: deep

 facts_path: '/opt/puppetlabs/facter/facts.d'

--- a/hieradata/os/AlmaLinux/all_releases.yaml
+++ b/hieradata/os/AlmaLinux/all_releases.yaml
@ -3,6 +3,7 @@
 profiles::yum::base::baseurl: https://repos.main.unkin.net/almalinux
 profiles::yum::epel::baseurl: https://repos.main.unkin.net/epel
 profiles::yum::unkin::baseurl: https://repos.main.unkin.net/unkin
+profiles::yum::ovirt::baseurl: https://repos.main.unkin.net/centos
 profiles::firewall::firewalld::ensure_package: 'absent'
 profiles::firewall::firewalld::ensure_service: 'stopped'
 profiles::firewall::firewalld::enable_service: false
--- a/hieradata/roles/infra/ovirt/engine.yaml
+++ b/hieradata/roles/infra/ovirt/engine.yaml
@ -0,0 +1,10 @@
+---
+profiles::yum::managed_repos:
+  - 'virt-advanced-virtualization'
+  - 'storage-ceph-pacific'
+  - 'cloud-openstack-xena'
+  - 'messaging-rabbitmq-38'
+  - 'nfv-openvswitch-2'
+  - 'opstools-collectd-5'
+  - 'storage-gluster-10'
+  - 'virt-ovirt-45'
--- a/hieradata/roles/infra/ovirt/node.yaml
+++ b/hieradata/roles/infra/ovirt/node.yaml
@ -0,0 +1,17 @@
+---
+profiles::firewall::firewalld::ensure_package: 'installed'
+profiles::firewall::firewalld::ensure_service: 'running'
+profiles::yum::managed_repos:
+  - 'virt-advanced-virtualization'
+  - 'storage-ceph-pacific'
+  - 'cloud-openstack-xena'
+  - 'messaging-rabbitmq-38'
+  - 'nfv-openvswitch-2'
+  - 'opstools-collectd-5'
+  - 'storage-gluster-10'
+  - 'virt-ovirt-45'
+
+sudo::purge_ignore:
+  - '50_vdsm'
+  - '50_vdsm_hook_ovirt_provider_ovn_hook'
+  - '60_ovirt-ha'
--- a/hieradata/roles/infra/reposync/syncer.yaml
+++ b/hieradata/roles/infra/reposync/syncer.yaml
@ -43,6 +43,62 @@ profiles::reposync::repos_list:
    release: '8.9'
    mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/extras
    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
+  centos_8_advanced_virtualization:
+    repository: 'virt-advanced-virtualization'
+    description: 'CentOS Advanced Virtualization'
+    osname: 'centos'
+    release: '8' # Assumed static value for demonstration
+    mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=virt-advanced-virtualization' # Assuming 'stream' and 'x86_64'
+    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
+  centos_8_ceph_pacific:
+    repository: 'storage-ceph-pacific'
+    description: 'CentOS Ceph Pacific'
+    osname: 'centos'
+    release: '8' # Assumed static value for demonstration
+    mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=storage-ceph-pacific' # Assuming '8' and 'x86_64'
+    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
+  centos_8_rabbitmq_38:
+    repository: 'messaging-rabbitmq-38'
+    description: 'CentOS RabbitMQ 38'
+    osname: 'centos'
+    release: '8-stream' # Specified based on the repository name
+    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=messaging-rabbitmq-38' # Assuming '8' and 'x86_64'
+    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
+  centos_8_nfv_openvswitch:
+    repository: 'nfv-openvswitch-2'
+    description: 'CentOS NFV OpenvSwitch'
+    osname: 'centos'
+    release: '8-stream' # Assumed static value for demonstration
+    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=nfv-openvswitch-2' # Assuming 'stream' and 'x86_64'
+    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
+  centos_8_openstack_xena:
+    repository: 'cloud-openstack-xena'
+    description: 'CentOS OpenStack Xena'
+    osname: 'centos'
+    release: '8-stream' # Directly taken from the provided mirrorlist
+    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=cloud-openstack-xena' # Assuming 'x86_64'
+    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
+  centos_8_opstools:
+    repository: 'opstools-collectd-5'
+    description: 'CentOS OpsTools - collectd'
+    osname: 'centos'
+    release: '8-stream' # Assumed static value for demonstration
+    mirrorlist: 'http://mirrorlist.centos.org/?arch=x86_64&release=8-stream&repo=opstools-collectd-5' # Assuming 'stream' and 'x86_64'
+    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
+  centos_8_ovirt45:
+    repository: 'virt-ovirt-45'
+    description: 'CentOS oVirt 4.5'
+    osname: 'centos'
+    release: '8-stream' # Assumed static value for demonstration
+    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=virt-ovirt-45' # Assuming 'stream' and 'x86_64'
+    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
+  centos_8_stream_gluster10:
+    repository: 'storage-gluster-10'
+    description: 'CentOS oVirt 4.5 - Glusterfs 10'
+    osname: 'centos'
+    release: '8-stream' # Assumed static value for demonstration
+    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=storage-gluster-10' # Assuming 'stream' and 'x86_64'
+    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
  epel_8_everything:
    repository: 'Everything'
    description: 'EPEL 8 Everything'
--- a/site/profiles/manifests/ovirt/node.pp
+++ b/site/profiles/manifests/ovirt/node.pp
@ -0,0 +1,20 @@
+# profiles::ovirt::node
+class profiles::ovirt::node {
+  # Define the DNF modules to be enabled
+  $dnf_modules_to_enable = {
+    'javapackages-tools'  => { 'ensure' => 'latest' },
+    'pki-deps'            => { 'ensure' => 'latest' },
+    'postgresql'          => { 'ensure' => '12' },
+    'mod_auth_openidc'    => { 'ensure' => '2.3' },
+    'nodejs'              => { 'ensure' => '14' },
+  }
+
+  # Enable the DNF modules
+  create_resources(
+    'package',
+    $dnf_modules_to_enable, {
+      provider => dnfmodule,
+      enable_only => true
+    }
+  )
+}
--- a/site/profiles/manifests/reposync/repos.pp
+++ b/site/profiles/manifests/reposync/repos.pp
@ -4,7 +4,7 @@ define profiles::reposync::repos (
  String          $description,
  String          $osname,
  String          $release,
-  Stdlib::HTTPUrl $gpgkey,
+  Stdlib::Filesource $gpgkey,
  String          $arch = 'x86_64',
  String          $repo_owner = 'root',
  String          $repo_group = 'root',
--- a/site/profiles/manifests/yum/global.pp
+++ b/site/profiles/manifests/yum/global.pp
@ -96,6 +96,12 @@ class profiles::yum::global (
    require       => Class['profiles::pki::vaultca'],
  }

+  # Setup ovirt repo if included in managed_repos
+  class { 'profiles::yum::ovirt':
+    managed_repos => $managed_repos,
+    require       => Class['profiles::pki::vaultca'],
+  }
+
  # setup dnf-autoupdate
  include profiles::yum::autoupdater

--- a/site/profiles/manifests/yum/ovirt.pp
+++ b/site/profiles/manifests/yum/ovirt.pp
@ -0,0 +1,48 @@
+# Class: profiles::yum::ovirt
+class profiles::yum::ovirt (
+  Array[String] $managed_repos,
+  String        $baseurl,
+  Enum[
+    'daily',
+    'weekly',
+    'monthly'
+  ]             $snapshot = 'daily',
+) {
+  $release = $facts['os']['release']['major']
+  $basearch = $facts['os']['architecture']
+
+  $centos_nonstream = [
+    'virt-advanced-virtualization',
+    'storage-ceph-pacific'
+  ]
+  $centos_stream = [
+    'cloud-openstack-xena',
+    'messaging-rabbitmq-38',
+    'nfv-openvswitch-2',
+    'opstools-collectd-5',
+    'storage-gluster-10',
+    'virt-ovirt-45'
+  ]
+  $centos_nonstream.each |$name| {
+    if $name in $managed_repos {
+      yumrepo { $name:
+        name     => $name,
+        descr    => $name,
+        target   => '/etc/yum.repos.d/ovirt.repo',
+        baseurl  => "${baseurl}/${release}/${name}-20240311/${basearch}/os/",
+        gpgcheck => false,
+      }
+    }
+  }
+  $centos_stream.each |$name| {
+    if $name in $managed_repos {
+      yumrepo { $name:
+        name     => $name,
+        descr    => $name,
+        target   => '/etc/yum.repos.d/ovirt.repo',
+        baseurl  => "${baseurl}/${release}-stream/${name}-20240311/${basearch}/os/",
+        gpgcheck => false,
+      }
+    }
+  }
+}
--- a/site/profiles/templates/reposync/autosyncer.erb
+++ b/site/profiles/templates/reposync/autosyncer.erb
@ -26,7 +26,7 @@ download_gpg_key() {
  local filename=$(basename "$gpgkeyurl")

  # Download GPG key to the specified path with the filename from the URL
-  wget -q -O "${basepath}/live/${reponame}/${filename}" "$gpgkeyurl" || {
+  curl -s --create-dirs -o "${basepath}/live/${reponame}/${filename}" "$gpgkeyurl" || {
    echo "Failed to download GPG key from $gpgkeyurl"
  }
 }
--- a/site/roles/manifests/infra/ovirt/node.pp
+++ b/site/roles/manifests/infra/ovirt/node.pp
@ -2,4 +2,5 @@
 class roles::infra::ovirt::node {
  include profiles::defaults
  include profiles::base
+  include profiles::ovirt::node
 }