Add script to properly install puppet

This will be needed specially on jumphost,
when deploying puppet from scratch.

Change-Id: Ife7d3fff98826ee53edb74585b7cbfc7cad2e0a8
Signed-Off-By: Yolanda Robla <yroblamo@redhat.com>

1 files changed, 297 insertions, 0 deletions

diff --git a/puppet-infracloud/install_puppet.sh b/puppet-infracloud/install_puppet.sh
new file mode 100755
index 00000000..ae259448
--- /dev/null
+++ b/puppet-infracloud/install_puppet.sh
@@ -0,0 +1,297 @@
+#!/bin/bash -x
+
+# Copyright 2013 OpenStack Foundation.
+# Copyright 2013 Hewlett-Packard Development Company, L.P.
+# Copyright 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+#
+# Distro identification functions
+#  note, can't rely on lsb_release for these as we're bare-bones and
+#  it may not be installed yet)
+
+
+function is_fedora {
+    [ -f /usr/bin/yum ] && cat /etc/*release | grep -q -e "Fedora"
+}
+
+function is_rhel7 {
+    [ -f /usr/bin/yum ] && \
+        cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \
+        cat /etc/*release | grep -q 'release 7'
+}
+
+function is_ubuntu {
+    [ -f /usr/bin/apt-get ]
+}
+
+function is_opensuse {
+    [ -f /usr/bin/zypper ] && \
+        cat /etc/os-release | grep -q -e "openSUSE"
+}
+
+function is_gentoo {
+    [ -f /usr/bin/emerge ]
+}
+
+# dnf is a drop-in replacement for yum on Fedora>=22
+YUM=yum
+if is_fedora && [[ $(lsb_release -rs) -ge 22 ]]; then
+    YUM=dnf
+fi
+
+
+#
+# Distro specific puppet installs
+#
+
+function _systemd_update {
+    # there is a bug (rhbz#1261747) where systemd can fail to enable
+    # services due to selinux errors after upgrade.  A work-around is
+    # to install the latest version of selinux and systemd here and
+    # restart the daemon for good measure after it is upgraded.
+    $YUM install -y selinux-policy
+    $YUM install -y systemd
+    systemctl daemon-reload
+}
+
+function setup_puppet_fedora {
+    _systemd_update
+
+    $YUM update -y
+
+    # NOTE: we preinstall lsb_release here to ensure facter sets
+    # lsbdistcodename
+    #
+    # Fedora declares some global hardening flags, which distutils
+    # pick up when building python modules.  redhat-rpm-config
+    # provides the required config options.  Really this should be a
+    # dependency of python-devel (fix in the works, see
+    # https://bugzilla.redhat.com/show_bug.cgi?id=1217376) and can be
+    # removed when that is sorted out.
+
+    $YUM install -y redhat-lsb-core git puppet \
+        redhat-rpm-config
+
+    mkdir -p /etc/puppet/modules/
+
+    # Puppet expects the pip command named as pip-python on
+    # Fedora, as per the packaged command name.  However, we're
+    # installing from get-pip.py so it's just 'pip'.  An easy
+    # work-around is to just symlink pip-python to "fool" it.
+    # See upstream issue:
+    #  https://tickets.puppetlabs.com/browse/PUP-1082
+    ln -fs /usr/bin/pip /usr/bin/pip-python
+    # Wipe out templatedir so we don't get warnings about it
+    sed -i '/templatedir/d' /etc/puppet/puppet.conf
+
+    # upstream is currently looking for /run/systemd files to check
+    # for systemd.  This fails in a chroot where /run isn't mounted
+    # (like when using dib).  Comment out this confine as fedora
+    # always has systemd
+    #  see
+    #   https://github.com/puppetlabs/puppet/pull/4481
+    #   https://bugzilla.redhat.com/show_bug.cgi?id=1254616
+    sudo sed -i.bak  '/^[^#].*/ s|\(^.*confine :exists => \"/run/systemd/system\".*$\)|#\ \1|' \
+        /usr/share/ruby/vendor_ruby/puppet/provider/service/systemd.rb
+
+    # upstream "requests" pip package vendors urllib3 and chardet
+    # packages.  The fedora packages un-vendor this, and symlink those
+    # sub-packages back to packaged versions.  We get into a real mess
+    # of if some of the puppet ends up pulling in "requests" from pip,
+    # and then something like devstack does a "yum install
+    # python-requests" which does a very bad job at overwriting the
+    # pip-installed version (symlinks and existing directories don't
+    # mix).  A solution is to pre-install the python-requests
+    # package; clear it out and re-install from pip.  This way, the
+    # package is installed for dependencies, and we have a pip-managed
+    # requests with correctly vendored sub-packages.
+    sudo ${YUM} install -y python2-requests
+    sudo rm -rf /usr/lib/python2.7/site-packages/requests/*
+    sudo rm -rf /usr/lib/python2.7/site-packages/requests-*.{egg,dist}-info
+    sudo pip install requests
+}
+
+function setup_puppet_rhel7 {
+    local puppet_pkg="https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm"
+
+    # install a bootstrap epel repo to install latest epel-release
+    # package (which provides correct gpg keys, etc); then remove
+    # boostrap
+    cat > /etc/yum.repos.d/epel-bootstrap.repo <<EOF
+[epel-bootstrap]
+name=Bootstrap EPEL
+mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=\$basearch
+failovermethod=priority
+enabled=0
+gpgcheck=0
+EOF
+    yum --enablerepo=epel-bootstrap -y install epel-release
+    rm -f /etc/yum.repos.d/epel-bootstrap.repo
+
+    _systemd_update
+    yum update -y
+
+    # NOTE: we preinstall lsb_release to ensure facter sets lsbdistcodename
+    yum install -y redhat-lsb-core git puppet
+
+    rpm -ivh $puppet_pkg
+
+    # see comments in setup_puppet_fedora
+    ln -s /usr/bin/pip /usr/bin/pip-python
+    # Wipe out templatedir so we don't get warnings about it
+    sed -i '/templatedir/d' /etc/puppet/puppet.conf
+
+    # install RDO repo as well; this covers a few things like
+    # openvswitch that aren't available for EPEL
+    yum install -y https://rdoproject.org/repos/rdo-release.rpm
+}
+
+function setup_puppet_ubuntu {
+    if ! which lsb_release > /dev/null 2<&1 ; then
+        DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
+            --assume-yes install -y --force-yes lsb-release
+    fi
+
+    lsbdistcodename=`lsb_release -c -s`
+    if [ $lsbdistcodename != 'trusty' ] ; then
+        rubypkg=rubygems
+    else
+        rubypkg=ruby
+    fi
+
+
+    PUPPET_VERSION=3.*
+    PUPPETDB_VERSION=2.*
+    FACTER_VERSION=2.*
+
+    cat > /etc/apt/preferences.d/00-puppet.pref <<EOF
+Package: puppet puppet-common puppetmaster puppetmaster-common puppetmaster-passenger
+Pin: version $PUPPET_VERSION
+Pin-Priority: 501
+
+Package: puppetdb puppetdb-terminus
+Pin: version $PUPPETDB_VERSION
+Pin-Priority: 501
+
+Package: facter
+Pin: version $FACTER_VERSION
+Pin-Priority: 501
+EOF
+
+    # NOTE(pabelanger): Puppetlabs does not support ubuntu xenial. Instead use
+    # the version of puppet ship by xenial.
+    if [ $lsbdistcodename != 'xenial' ]; then
+        puppet_deb=puppetlabs-release-${lsbdistcodename}.deb
+        if type curl >/dev/null 2>&1; then
+            curl -O http://apt.puppetlabs.com/$puppet_deb
+        else
+            wget http://apt.puppetlabs.com/$puppet_deb -O $puppet_deb
+        fi
+        dpkg -i $puppet_deb
+        rm $puppet_deb
+    fi;
+
+    apt-get update
+    DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
+        --assume-yes dist-upgrade
+    DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
+        --assume-yes install -y --force-yes puppet git $rubypkg
+    # Wipe out templatedir so we don't get warnings about it
+    sed -i '/templatedir/d' /etc/puppet/puppet.conf
+}
+
+function setup_puppet_opensuse {
+    local version=`grep -e "VERSION_ID" /etc/os-release | tr -d "\"" | cut -d "=" -f2`
+    zypper ar http://download.opensuse.org/repositories/systemsmanagement:/puppet/openSUSE_${version}/systemsmanagement:puppet.repo
+    zypper -v --gpg-auto-import-keys --no-gpg-checks -n ref
+    zypper --non-interactive in --force-resolution puppet
+    # Wipe out templatedir so we don't get warnings about it
+    sed -i '/templatedir/d' /etc/puppet/puppet.conf
+}
+
+function setup_puppet_gentoo {
+    echo yes | emaint sync -a
+    emerge -q --jobs=4 puppet-agent
+    sed -i '/templatedir/d' /etc/puppetlabs/puppet/puppet.conf
+}
+
+#
+# pip setup
+#
+
+function setup_pip {
+    # Install pip using get-pip
+    local get_pip_url=https://bootstrap.pypa.io/get-pip.py
+    local ret=1
+
+    if [ -f ./get-pip.py ]; then
+        ret=0
+    elif type curl >/dev/null 2>&1; then
+        curl -O $get_pip_url
+        ret=$?
+    elif type wget >/dev/null 2>&1; then
+        wget $get_pip_url
+        ret=$?
+    fi
+
+    if [ $ret -ne 0 ]; then
+        echo "Failed to get get-pip.py"
+        exit 1
+    fi
+
+    if is_opensuse; then
+        zypper --non-interactive in --force-resolution python python-xml
+    fi
+
+    python get-pip.py
+    rm get-pip.py
+
+    # we are about to overwrite setuptools, but some packages we
+    # install later might depend on the python-setuptools package.  To
+    # avoid later conflicts, and because distro packages don't include
+    # enough info for pip to certain it can fully uninstall the old
+    # package, for safety we clear it out by hand (this seems to have
+    # been a problem with very old to new updates, e.g. centos6 to
+    # current-era, but less so for smaller jumps).  There is a bit of
+    # chicken-and-egg problem with pip in that it requires setuptools
+    # for some operations, such as wheel creation.  But just
+    # installing setuptools shouldn't require setuptools itself, so we
+    # are safe for this small section.
+    if is_rhel7 || is_fedora; then
+        yum install -y python-setuptools
+        rm -rf /usr/lib/python2.7/site-packages/setuptools*
+    fi
+
+    pip install -U setuptools
+}
+
+setup_pip
+
+if is_fedora; then
+    setup_puppet_fedora
+elif is_rhel7; then
+    setup_puppet_rhel7
+elif is_ubuntu; then
+    setup_puppet_ubuntu
+elif is_opensuse; then
+    setup_puppet_opensuse
+elif is_gentoo; then
+    setup_puppet_gentoo
+else
+    echo "*** Can not setup puppet: distribution not recognized"
+    exit 1
+fi
+