Merge pull request 'feat: add ovirt roles' (#138) from neoloc/ovirt into develop

Reviewed-on: unkinben/puppet-prod#138
2024-03-16 15:13:44 +09:30 · 2024-03-16 15:13:44 +09:30 · ac5e76e2ca
commit ac5e76e2ca
parent 4e25a1867e 8f5e9e40a1
11 changed files with 164 additions and 2 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -18,6 +18,9 @@ lookup_options:
  profiles::pki::vault::ip_sans:
    merge:
      strategy: deep
  profiles::yum::managed_repos:
    merge:
      strategy: deep
 facts_path: '/opt/puppetlabs/facter/facts.d'
--- a/hieradata/os/AlmaLinux/all_releases.yaml
+++ b/hieradata/os/AlmaLinux/all_releases.yaml
@ -3,6 +3,7 @@
 profiles::yum::base::baseurl: https://repos.main.unkin.net/almalinux
 profiles::yum::epel::baseurl: https://repos.main.unkin.net/epel
 profiles::yum::unkin::baseurl: https://repos.main.unkin.net/unkin
 profiles::yum::ovirt::baseurl: https://repos.main.unkin.net/centos
 profiles::firewall::firewalld::ensure_package: 'absent'
 profiles::firewall::firewalld::ensure_service: 'stopped'
 profiles::firewall::firewalld::enable_service: false
--- a/hieradata/roles/infra/ovirt/engine.yaml
+++ b/hieradata/roles/infra/ovirt/engine.yaml
@ -0,0 +1,10 @@
 ---
 profiles::yum::managed_repos:
  - 'virt-advanced-virtualization'
  - 'storage-ceph-pacific'
  - 'cloud-openstack-xena'
  - 'messaging-rabbitmq-38'
  - 'nfv-openvswitch-2'
  - 'opstools-collectd-5'
  - 'storage-gluster-10'
  - 'virt-ovirt-45'
--- a/hieradata/roles/infra/ovirt/node.yaml
+++ b/hieradata/roles/infra/ovirt/node.yaml
@ -0,0 +1,17 @@
 ---
 profiles::firewall::firewalld::ensure_package: 'installed'
 profiles::firewall::firewalld::ensure_service: 'running'
 profiles::yum::managed_repos:
  - 'virt-advanced-virtualization'
  - 'storage-ceph-pacific'
  - 'cloud-openstack-xena'
  - 'messaging-rabbitmq-38'
  - 'nfv-openvswitch-2'
  - 'opstools-collectd-5'
  - 'storage-gluster-10'
  - 'virt-ovirt-45'
 sudo::purge_ignore:
  - '50_vdsm'
  - '50_vdsm_hook_ovirt_provider_ovn_hook'
  - '60_ovirt-ha'
--- a/hieradata/roles/infra/reposync/syncer.yaml
+++ b/hieradata/roles/infra/reposync/syncer.yaml
@ -43,6 +43,62 @@ profiles::reposync::repos_list:
    release: '8.9'
    mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/extras
    gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux'
  centos_8_advanced_virtualization:
    repository: 'virt-advanced-virtualization'
    description: 'CentOS Advanced Virtualization'
    osname: 'centos'
    release: '8' # Assumed static value for demonstration
    mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=virt-advanced-virtualization' # Assuming 'stream' and 'x86_64'
    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
  centos_8_ceph_pacific:
    repository: 'storage-ceph-pacific'
    description: 'CentOS Ceph Pacific'
    osname: 'centos'
    release: '8' # Assumed static value for demonstration
    mirrorlist: 'http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=storage-ceph-pacific' # Assuming '8' and 'x86_64'
    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
  centos_8_rabbitmq_38:
    repository: 'messaging-rabbitmq-38'
    description: 'CentOS RabbitMQ 38'
    osname: 'centos'
    release: '8-stream' # Specified based on the repository name
    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=messaging-rabbitmq-38' # Assuming '8' and 'x86_64'
    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Messaging'
  centos_8_nfv_openvswitch:
    repository: 'nfv-openvswitch-2'
    description: 'CentOS NFV OpenvSwitch'
    osname: 'centos'
    release: '8-stream' # Assumed static value for demonstration
    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=nfv-openvswitch-2' # Assuming 'stream' and 'x86_64'
    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-NFV'
  centos_8_openstack_xena:
    repository: 'cloud-openstack-xena'
    description: 'CentOS OpenStack Xena'
    osname: 'centos'
    release: '8-stream' # Directly taken from the provided mirrorlist
    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=cloud-openstack-xena' # Assuming 'x86_64'
    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Cloud'
  centos_8_opstools:
    repository: 'opstools-collectd-5'
    description: 'CentOS OpsTools - collectd'
    osname: 'centos'
    release: '8-stream' # Assumed static value for demonstration
    mirrorlist: 'http://mirrorlist.centos.org/?arch=x86_64&release=8-stream&repo=opstools-collectd-5' # Assuming 'stream' and 'x86_64'
    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-OpsTools'
  centos_8_ovirt45:
    repository: 'virt-ovirt-45'
    description: 'CentOS oVirt 4.5'
    osname: 'centos'
    release: '8-stream' # Assumed static value for demonstration
    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=virt-ovirt-45' # Assuming 'stream' and 'x86_64'
    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization'
  centos_8_stream_gluster10:
    repository: 'storage-gluster-10'
    description: 'CentOS oVirt 4.5 - Glusterfs 10'
    osname: 'centos'
    release: '8-stream' # Assumed static value for demonstration
    mirrorlist: 'http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=storage-gluster-10' # Assuming 'stream' and 'x86_64'
    gpgkey: 'https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Storage'
  epel_8_everything:
    repository: 'Everything'
    description: 'EPEL 8 Everything'
--- a/site/profiles/manifests/ovirt/node.pp
+++ b/site/profiles/manifests/ovirt/node.pp
@ -0,0 +1,20 @@
 # profiles::ovirt::node
 class profiles::ovirt::node {
  # Define the DNF modules to be enabled
  $dnf_modules_to_enable = {
    'javapackages-tools'  => { 'ensure' => 'latest' },
    'pki-deps'            => { 'ensure' => 'latest' },
    'postgresql'          => { 'ensure' => '12' },
    'mod_auth_openidc'    => { 'ensure' => '2.3' },
    'nodejs'              => { 'ensure' => '14' },
  }
  # Enable the DNF modules
  create_resources(
    'package',
    $dnf_modules_to_enable, {
      provider => dnfmodule,
      enable_only => true
    }
  )
 }
--- a/site/profiles/manifests/reposync/repos.pp
+++ b/site/profiles/manifests/reposync/repos.pp
@ -4,7 +4,7 @@ define profiles::reposync::repos (
  String          $description,
  String          $osname,
  String          $release,
-  Stdlib::HTTPUrl $gpgkey,
+  Stdlib::Filesource $gpgkey,
  String          $arch = 'x86_64',
  String          $repo_owner = 'root',
  String          $repo_group = 'root',
--- a/site/profiles/manifests/yum/global.pp
+++ b/site/profiles/manifests/yum/global.pp
@ -96,6 +96,12 @@ class profiles::yum::global (
    require       => Class['profiles::pki::vaultca'],
  }
  # Setup ovirt repo if included in managed_repos
  class { 'profiles::yum::ovirt':
    managed_repos => $managed_repos,
    require       => Class['profiles::pki::vaultca'],
  }
  # setup dnf-autoupdate
  include profiles::yum::autoupdater
--- a/site/profiles/manifests/yum/ovirt.pp
+++ b/site/profiles/manifests/yum/ovirt.pp
@ -0,0 +1,48 @@
 # Class: profiles::yum::ovirt
 class profiles::yum::ovirt (
  Array[String] $managed_repos,
  String        $baseurl,
  Enum[
    'daily',
    'weekly',
    'monthly'
  ]             $snapshot = 'daily',
 ) {
  $release = $facts['os']['release']['major']
  $basearch = $facts['os']['architecture']
  $centos_nonstream = [
    'virt-advanced-virtualization',
    'storage-ceph-pacific'
  ]
  $centos_stream = [
    'cloud-openstack-xena',
    'messaging-rabbitmq-38',
    'nfv-openvswitch-2',
    'opstools-collectd-5',
    'storage-gluster-10',
    'virt-ovirt-45'
  ]
  $centos_nonstream.each |$name| {
    if $name in $managed_repos {
      yumrepo { $name:
        name     => $name,
        descr    => $name,
        target   => '/etc/yum.repos.d/ovirt.repo',
        baseurl  => "${baseurl}/${release}/${name}-20240311/${basearch}/os/",
        gpgcheck => false,
      }
    }
  }
  $centos_stream.each |$name| {
    if $name in $managed_repos {
      yumrepo { $name:
        name     => $name,
        descr    => $name,
        target   => '/etc/yum.repos.d/ovirt.repo',
        baseurl  => "${baseurl}/${release}-stream/${name}-20240311/${basearch}/os/",
        gpgcheck => false,
      }
    }
  }
 }
--- a/site/profiles/templates/reposync/autosyncer.erb
+++ b/site/profiles/templates/reposync/autosyncer.erb
@ -26,7 +26,7 @@ download_gpg_key() {
  local filename=$(basename "$gpgkeyurl")
  # Download GPG key to the specified path with the filename from the URL
-  wget -q -O "${basepath}/live/${reponame}/${filename}" "$gpgkeyurl" || {
+  curl -s --create-dirs -o "${basepath}/live/${reponame}/${filename}" "$gpgkeyurl" || {
    echo "Failed to download GPG key from $gpgkeyurl"
  }
 }
--- a/site/roles/manifests/infra/ovirt/node.pp
+++ b/site/roles/manifests/infra/ovirt/node.pp
@ -2,4 +2,5 @@
 class roles::infra::ovirt::node {
  include profiles::defaults
  include profiles::base
  include profiles::ovirt::node
 }