diff --git a/hieradata/common.yaml b/hieradata/common.yaml index e8395ca..f2785d0 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -18,6 +18,9 @@ lookup_options: profiles::pki::vault::ip_sans: merge: strategy: deep + profiles::yum::managed_repos: + merge: + strategy: deep facts_path: '/opt/puppetlabs/facter/facts.d' diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml index 7e78309..e883c29 100644 --- a/hieradata/os/AlmaLinux/all_releases.yaml +++ b/hieradata/os/AlmaLinux/all_releases.yaml @@ -3,6 +3,7 @@ profiles::yum::base::baseurl: https://repos.main.unkin.net/almalinux profiles::yum::epel::baseurl: https://repos.main.unkin.net/epel profiles::yum::unkin::baseurl: https://repos.main.unkin.net/unkin +profiles::yum::ovirt::baseurl: https://repos.main.unkin.net/centos profiles::firewall::firewalld::ensure_package: 'absent' profiles::firewall::firewalld::ensure_service: 'stopped' profiles::firewall::firewalld::enable_service: false diff --git a/hieradata/roles/infra/ovirt/engine.yaml b/hieradata/roles/infra/ovirt/engine.yaml new file mode 100644 index 0000000..94fcdbd --- /dev/null +++ b/hieradata/roles/infra/ovirt/engine.yaml @@ -0,0 +1,10 @@ +--- +profiles::yum::managed_repos: + - 'virt-advanced-virtualization' + - 'storage-ceph-pacific' + - 'cloud-openstack-xena' + - 'messaging-rabbitmq-38' + - 'nfv-openvswitch-2' + - 'opstools-collectd-5' + - 'storage-gluster-10' + - 'virt-ovirt-45' diff --git a/hieradata/roles/infra/ovirt/node.yaml b/hieradata/roles/infra/ovirt/node.yaml new file mode 100644 index 0000000..e02910a --- /dev/null +++ b/hieradata/roles/infra/ovirt/node.yaml @@ -0,0 +1,17 @@ +--- +profiles::firewall::firewalld::ensure_package: 'installed' +profiles::firewall::firewalld::ensure_service: 'running' +profiles::yum::managed_repos: + - 'virt-advanced-virtualization' + - 'storage-ceph-pacific' + - 'cloud-openstack-xena' + - 'messaging-rabbitmq-38' + - 'nfv-openvswitch-2' + - 'opstools-collectd-5' + - 'storage-gluster-10' + - 'virt-ovirt-45' + +sudo::purge_ignore: + - '50_vdsm' + - '50_vdsm_hook_ovirt_provider_ovn_hook' + - '60_ovirt-ha' diff --git a/hieradata/roles/infra/reposync/syncer.yaml b/hieradata/roles/infra/reposync/syncer.yaml index 39991b8..7455441 100644 --- a/hieradata/roles/infra/reposync/syncer.yaml +++ b/hieradata/roles/infra/reposync/syncer.yaml @@ -43,6 +43,62 @@ profiles::reposync::repos_list: release: '8.9' mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/extras gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' + centos_8_advanced_virtualization: + repository: 'virt-advanced-virtualization' + description: 'CentOS Advanced Virtualization' + osname: 'centos' + release: '8' # Assumed static value for demonstration + mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=virt-advanced-virtualization' # Assuming 'stream' and 'x86_64' + gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization' + centos_8_ceph_pacific: + repository: 'storage-ceph-pacific' + description: 'CentOS Ceph Pacific' + osname: 'centos' + release: '8' # Assumed static value for demonstration + mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=storage-ceph-pacific' # Assuming '8' and 'x86_64' + gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage' + centos_8_rabbitmq_38: + repository: 'messaging-rabbitmq-38' + description: 'CentOS RabbitMQ 38' + osname: 'centos' + release: '8-stream' # Specified based on the repository name + mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=messaging-rabbitmq-38' # Assuming '8' and 'x86_64' + gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging' + centos_8_nfv_openvswitch: + repository: 'nfv-openvswitch-2' + description: 'CentOS NFV OpenvSwitch' + osname: 'centos' + release: '8-stream' # Assumed static value for demonstration + mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=nfv-openvswitch-2' # Assuming 'stream' and 'x86_64' + gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV' + centos_8_openstack_xena: + repository: 'cloud-openstack-xena' + description: 'CentOS OpenStack Xena' + osname: 'centos' + release: '8-stream' # Directly taken from the provided mirrorlist + mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=cloud-openstack-xena' # Assuming 'x86_64' + gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud' + centos_8_opstools: + repository: 'opstools-collectd-5' + description: 'CentOS OpsTools - collectd' + osname: 'centos' + release: '8-stream' # Assumed static value for demonstration + mirrorlist: 'http://mirrorlist.centos.org/?arch=x86_64&release=8-stream&repo=opstools-collectd-5' # Assuming 'stream' and 'x86_64' + gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools' + centos_8_ovirt45: + repository: 'virt-ovirt-45' + description: 'CentOS oVirt 4.5' + osname: 'centos' + release: '8-stream' # Assumed static value for demonstration + mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=virt-ovirt-45' # Assuming 'stream' and 'x86_64' + gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization' + centos_8_stream_gluster10: + repository: 'storage-gluster-10' + description: 'CentOS oVirt 4.5 - Glusterfs 10' + osname: 'centos' + release: '8-stream' # Assumed static value for demonstration + mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=storage-gluster-10' # Assuming 'stream' and 'x86_64' + gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage' epel_8_everything: repository: 'Everything' description: 'EPEL 8 Everything' diff --git a/site/profiles/manifests/ovirt/node.pp b/site/profiles/manifests/ovirt/node.pp new file mode 100644 index 0000000..9979c95 --- /dev/null +++ b/site/profiles/manifests/ovirt/node.pp @@ -0,0 +1,20 @@ +# profiles::ovirt::node +class profiles::ovirt::node { + # Define the DNF modules to be enabled + $dnf_modules_to_enable = { + 'javapackages-tools' => { 'ensure' => 'latest' }, + 'pki-deps' => { 'ensure' => 'latest' }, + 'postgresql' => { 'ensure' => '12' }, + 'mod_auth_openidc' => { 'ensure' => '2.3' }, + 'nodejs' => { 'ensure' => '14' }, + } + + # Enable the DNF modules + create_resources( + 'package', + $dnf_modules_to_enable, { + provider => dnfmodule, + enable_only => true + } + ) +} diff --git a/site/profiles/manifests/reposync/repos.pp b/site/profiles/manifests/reposync/repos.pp index 046e404..0be17f7 100644 --- a/site/profiles/manifests/reposync/repos.pp +++ b/site/profiles/manifests/reposync/repos.pp @@ -4,7 +4,7 @@ define profiles::reposync::repos ( String $description, String $osname, String $release, - Stdlib::HTTPUrl $gpgkey, + Stdlib::Filesource $gpgkey, String $arch = 'x86_64', String $repo_owner = 'root', String $repo_group = 'root', diff --git a/site/profiles/manifests/yum/global.pp b/site/profiles/manifests/yum/global.pp index 18a0d88..755bd31 100644 --- a/site/profiles/manifests/yum/global.pp +++ b/site/profiles/manifests/yum/global.pp @@ -96,6 +96,12 @@ class profiles::yum::global ( require => Class['profiles::pki::vaultca'], } + # Setup ovirt repo if included in managed_repos + class { 'profiles::yum::ovirt': + managed_repos => $managed_repos, + require => Class['profiles::pki::vaultca'], + } + # setup dnf-autoupdate include profiles::yum::autoupdater diff --git a/site/profiles/manifests/yum/ovirt.pp b/site/profiles/manifests/yum/ovirt.pp new file mode 100644 index 0000000..d04b145 --- /dev/null +++ b/site/profiles/manifests/yum/ovirt.pp @@ -0,0 +1,48 @@ +# Class: profiles::yum::ovirt +class profiles::yum::ovirt ( + Array[String] $managed_repos, + String $baseurl, + Enum[ + 'daily', + 'weekly', + 'monthly' + ] $snapshot = 'daily', +) { + $release = $facts['os']['release']['major'] + $basearch = $facts['os']['architecture'] + + $centos_nonstream = [ + 'virt-advanced-virtualization', + 'storage-ceph-pacific' + ] + $centos_stream = [ + 'cloud-openstack-xena', + 'messaging-rabbitmq-38', + 'nfv-openvswitch-2', + 'opstools-collectd-5', + 'storage-gluster-10', + 'virt-ovirt-45' + ] + $centos_nonstream.each |$name| { + if $name in $managed_repos { + yumrepo { $name: + name => $name, + descr => $name, + target => '/etc/yum.repos.d/ovirt.repo', + baseurl => "${baseurl}/${release}/${name}-20240311/${basearch}/os/", + gpgcheck => false, + } + } + } + $centos_stream.each |$name| { + if $name in $managed_repos { + yumrepo { $name: + name => $name, + descr => $name, + target => '/etc/yum.repos.d/ovirt.repo', + baseurl => "${baseurl}/${release}-stream/${name}-20240311/${basearch}/os/", + gpgcheck => false, + } + } + } +} diff --git a/site/profiles/templates/reposync/autosyncer.erb b/site/profiles/templates/reposync/autosyncer.erb index 4f48e58..0cc2551 100644 --- a/site/profiles/templates/reposync/autosyncer.erb +++ b/site/profiles/templates/reposync/autosyncer.erb @@ -26,7 +26,7 @@ download_gpg_key() { local filename=$(basename "$gpgkeyurl") # Download GPG key to the specified path with the filename from the URL - wget -q -O "${basepath}/live/${reponame}/${filename}" "$gpgkeyurl" || { + curl -s --create-dirs -o "${basepath}/live/${reponame}/${filename}" "$gpgkeyurl" || { echo "Failed to download GPG key from $gpgkeyurl" } } diff --git a/site/roles/manifests/infra/ovirt/node.pp b/site/roles/manifests/infra/ovirt/node.pp index 0ecdc23..5182092 100644 --- a/site/roles/manifests/infra/ovirt/node.pp +++ b/site/roles/manifests/infra/ovirt/node.pp @@ -2,4 +2,5 @@ class roles::infra::ovirt::node { include profiles::defaults include profiles::base + include profiles::ovirt::node }