1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
|
#!/bin/bash -x
# Copyright 2013 OpenStack Foundation.
# Copyright 2013 Hewlett-Packard Development Company, L.P.
# Copyright 2013 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Distro identification functions
# note, can't rely on lsb_release for these as we're bare-bones and
# it may not be installed yet)
function is_fedora {
[ -f /usr/bin/yum ] && cat /etc/*release | grep -q -e "Fedora"
}
function is_rhel7 {
[ -f /usr/bin/yum ] && \
cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \
cat /etc/*release | grep -q 'release 7'
}
function is_ubuntu {
[ -f /usr/bin/apt-get ]
}
function is_opensuse {
[ -f /usr/bin/zypper ] && \
cat /etc/os-release | grep -q -e "openSUSE"
}
function is_gentoo {
[ -f /usr/bin/emerge ]
}
# dnf is a drop-in replacement for yum on Fedora>=22
YUM=yum
if is_fedora && [[ $(lsb_release -rs) -ge 22 ]]; then
YUM=dnf
fi
#
# Distro specific puppet installs
#
function _systemd_update {
# there is a bug (rhbz#1261747) where systemd can fail to enable
# services due to selinux errors after upgrade. A work-around is
# to install the latest version of selinux and systemd here and
# restart the daemon for good measure after it is upgraded.
$YUM install -y selinux-policy
$YUM install -y systemd
systemctl daemon-reload
}
function setup_puppet_fedora {
_systemd_update
$YUM update -y
# NOTE: we preinstall lsb_release here to ensure facter sets
# lsbdistcodename
#
# Fedora declares some global hardening flags, which distutils
# pick up when building python modules. redhat-rpm-config
# provides the required config options. Really this should be a
# dependency of python-devel (fix in the works, see
# https://bugzilla.redhat.com/show_bug.cgi?id=1217376) and can be
# removed when that is sorted out.
$YUM install -y redhat-lsb-core git puppet \
redhat-rpm-config
mkdir -p /etc/puppet/modules/
# Puppet expects the pip command named as pip-python on
# Fedora, as per the packaged command name. However, we're
# installing from get-pip.py so it's just 'pip'. An easy
# work-around is to just symlink pip-python to "fool" it.
# See upstream issue:
# https://tickets.puppetlabs.com/browse/PUP-1082
ln -fs /usr/bin/pip /usr/bin/pip-python
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# upstream is currently looking for /run/systemd files to check
# for systemd. This fails in a chroot where /run isn't mounted
# (like when using dib). Comment out this confine as fedora
# always has systemd
# see
# https://github.com/puppetlabs/puppet/pull/4481
# https://bugzilla.redhat.com/show_bug.cgi?id=1254616
sudo sed -i.bak '/^[^#].*/ s|\(^.*confine :exists => \"/run/systemd/system\".*$\)|#\ \1|' \
/usr/share/ruby/vendor_ruby/puppet/provider/service/systemd.rb
# upstream "requests" pip package vendors urllib3 and chardet
# packages. The fedora packages un-vendor this, and symlink those
# sub-packages back to packaged versions. We get into a real mess
# of if some of the puppet ends up pulling in "requests" from pip,
# and then something like devstack does a "yum install
# python-requests" which does a very bad job at overwriting the
# pip-installed version (symlinks and existing directories don't
# mix). A solution is to pre-install the python-requests
# package; clear it out and re-install from pip. This way, the
# package is installed for dependencies, and we have a pip-managed
# requests with correctly vendored sub-packages.
sudo ${YUM} install -y python2-requests
sudo rm -rf /usr/lib/python2.7/site-packages/requests/*
sudo rm -rf /usr/lib/python2.7/site-packages/requests-*.{egg,dist}-info
sudo pip install requests
}
function setup_puppet_rhel7 {
local puppet_pkg="https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm"
# install a bootstrap epel repo to install latest epel-release
# package (which provides correct gpg keys, etc); then remove
# boostrap
cat > /etc/yum.repos.d/epel-bootstrap.repo <<EOF
[epel-bootstrap]
name=Bootstrap EPEL
mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgcheck=0
EOF
yum --enablerepo=epel-bootstrap -y install epel-release
rm -f /etc/yum.repos.d/epel-bootstrap.repo
_systemd_update
yum update -y
# NOTE: we preinstall lsb_release to ensure facter sets lsbdistcodename
yum install -y redhat-lsb-core git puppet
rpm -ivh $puppet_pkg
# see comments in setup_puppet_fedora
ln -s /usr/bin/pip /usr/bin/pip-python
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# install RDO repo as well; this covers a few things like
# openvswitch that aren't available for EPEL
yum install -y https://rdoproject.org/repos/rdo-release.rpm
}
function setup_puppet_ubuntu {
if ! which lsb_release > /dev/null 2<&1 ; then
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes lsb-release
fi
lsbdistcodename=`lsb_release -c -s`
if [ $lsbdistcodename != 'trusty' ] ; then
rubypkg=rubygems
else
rubypkg=ruby
fi
PUPPET_VERSION=3.*
PUPPETDB_VERSION=2.*
FACTER_VERSION=2.*
cat > /etc/apt/preferences.d/00-puppet.pref <<EOF
Package: puppet puppet-common puppetmaster puppetmaster-common puppetmaster-passenger
Pin: version $PUPPET_VERSION
Pin-Priority: 501
Package: puppetdb puppetdb-terminus
Pin: version $PUPPETDB_VERSION
Pin-Priority: 501
Package: facter
Pin: version $FACTER_VERSION
Pin-Priority: 501
EOF
# NOTE(pabelanger): Puppetlabs does not support ubuntu xenial. Instead use
# the version of puppet ship by xenial.
if [ $lsbdistcodename != 'xenial' ]; then
puppet_deb=puppetlabs-release-${lsbdistcodename}.deb
if type curl >/dev/null 2>&1; then
curl -O http://apt.puppetlabs.com/$puppet_deb
else
wget http://apt.puppetlabs.com/$puppet_deb -O $puppet_deb
fi
dpkg -i $puppet_deb
rm $puppet_deb
fi;
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes dist-upgrade
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes puppet git $rubypkg
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
}
function setup_puppet_opensuse {
local version=`grep -e "VERSION_ID" /etc/os-release | tr -d "\"" | cut -d "=" -f2`
zypper ar http://download.opensuse.org/repositories/systemsmanagement:/puppet/openSUSE_${version}/systemsmanagement:puppet.repo
zypper -v --gpg-auto-import-keys --no-gpg-checks -n ref
zypper --non-interactive in --force-resolution puppet
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
}
function setup_puppet_gentoo {
echo yes | emaint sync -a
emerge -q --jobs=4 puppet-agent
sed -i '/templatedir/d' /etc/puppetlabs/puppet/puppet.conf
}
#
# pip setup
#
function setup_pip {
# Install pip using get-pip
local get_pip_url=https://bootstrap.pypa.io/get-pip.py
local ret=1
if [ -f ./get-pip.py ]; then
ret=0
elif type curl >/dev/null 2>&1; then
curl -O $get_pip_url
ret=$?
elif type wget >/dev/null 2>&1; then
wget $get_pip_url
ret=$?
fi
if [ $ret -ne 0 ]; then
echo "Failed to get get-pip.py"
exit 1
fi
if is_opensuse; then
zypper --non-interactive in --force-resolution python python-xml
fi
python get-pip.py
rm get-pip.py
# we are about to overwrite setuptools, but some packages we
# install later might depend on the python-setuptools package. To
# avoid later conflicts, and because distro packages don't include
# enough info for pip to certain it can fully uninstall the old
# package, for safety we clear it out by hand (this seems to have
# been a problem with very old to new updates, e.g. centos6 to
# current-era, but less so for smaller jumps). There is a bit of
# chicken-and-egg problem with pip in that it requires setuptools
# for some operations, such as wheel creation. But just
# installing setuptools shouldn't require setuptools itself, so we
# are safe for this small section.
if is_rhel7 || is_fedora; then
yum install -y python-setuptools
rm -rf /usr/lib/python2.7/site-packages/setuptools*
fi
pip install -U setuptools
}
setup_pip
if is_fedora; then
setup_puppet_fedora
elif is_rhel7; then
setup_puppet_rhel7
elif is_ubuntu; then
setup_puppet_ubuntu
elif is_opensuse; then
setup_puppet_opensuse
elif is_gentoo; then
setup_puppet_gentoo
else
echo "*** Can not setup puppet: distribution not recognized"
exit 1
fi
|
