system-config/install_puppet.sh
Colleen Murphy f10f116f60 Fix puppet config for puppet 4
There are some assumptions made about the puppet config paths that
aren't applicable for puppet 4. Configuration, including modules,
belongs under /etc/puppetlabs. It's also no longer necessary to fix up
the templatedir or server configs in puppet.conf.

Change-Id: I3b544b6ce4a96a7a2478522a78402f77ff86a5a5
2018-04-20 14:24:17 +02:00

370 lines
12 KiB
Bash
Executable File

#!/bin/bash -x
# Copyright 2013 OpenStack Foundation.
# Copyright 2013 Hewlett-Packard Development Company, L.P.
# Copyright 2013 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# NOTE(pabelanger): We now use the pip-and-virtualenv element from
# diskimage-builder to do this. Default to true for backwards compatibility.
SETUP_PIP=${SETUP_PIP:-true}
#
# Distro identification functions
# note, can't rely on lsb_release for these as we're bare-bones and
# it may not be installed yet)
PUPPET_VERSION=${PUPPET_VERSION:-3}
function is_fedora {
[ -f /usr/bin/yum ] && cat /etc/*release | grep -q -e "Fedora"
}
function is_rhel7 {
[ -f /usr/bin/yum ] && \
cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \
cat /etc/*release | grep -q 'release 7'
}
function is_ubuntu {
[ -f /usr/bin/apt-get ]
}
function is_opensuse {
[ -f /usr/bin/zypper ] && \
cat /etc/os-release | grep -q -e "openSUSE"
}
function is_gentoo {
[ -f /usr/bin/emerge ]
}
# dnf is a drop-in replacement for yum on Fedora>=22
YUM=yum
if is_fedora && [[ $(lsb_release -rs) -ge 22 ]]; then
YUM=dnf
fi
#
# Distro specific puppet installs
#
function _systemd_update {
# there is a bug (rhbz#1261747) where systemd can fail to enable
# services due to selinux errors after upgrade. A work-around is
# to install the latest version of selinux and systemd here and
# restart the daemon for good measure after it is upgraded.
$YUM install -y selinux-policy
$YUM install -y systemd
systemctl daemon-reload
}
function setup_puppet_fedora {
_systemd_update
$YUM update -y
# NOTE: we preinstall lsb_release here to ensure facter sets
# lsbdistcodename
#
# Fedora declares some global hardening flags, which distutils
# pick up when building python modules. redhat-rpm-config
# provides the required config options. Really this should be a
# dependency of python-devel (fix in the works, see
# https://bugzilla.redhat.com/show_bug.cgi?id=1217376) and can be
# removed when that is sorted out.
$YUM install -y redhat-lsb-core git puppet \
redhat-rpm-config
mkdir -p /etc/puppet/modules/
if $SETUP_PIP; then
# Puppet expects the pip command named as pip-python on
# Fedora, as per the packaged command name. However, we're
# installing from get-pip.py so it's just 'pip'. An easy
# work-around is to just symlink pip-python to "fool" it.
# See upstream issue:
# https://tickets.puppetlabs.com/browse/PUP-1082
ln -fs /usr/bin/pip /usr/bin/pip-python
fi
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppet/puppet.conf
# upstream is currently looking for /run/systemd files to check
# for systemd. This fails in a chroot where /run isn't mounted
# (like when using dib). Comment out this confine as fedora
# always has systemd
# see
# https://github.com/puppetlabs/puppet/pull/4481
# https://bugzilla.redhat.com/show_bug.cgi?id=1254616
sudo sed -i.bak '/^[^#].*/ s|\(^.*confine :exists => \"/run/systemd/system\".*$\)|#\ \1|' \
/usr/share/ruby/vendor_ruby/puppet/provider/service/systemd.rb
# upstream "requests" pip package vendors urllib3 and chardet
# packages. The fedora packages un-vendor this, and symlink those
# sub-packages back to packaged versions. We get into a real mess
# of if some of the puppet ends up pulling in "requests" from pip,
# and then something like devstack does a "yum install
# python-requests" which does a very bad job at overwriting the
# pip-installed version (symlinks and existing directories don't
# mix). A solution is to pre-install the python-requests
# package; clear it out and re-install from pip. This way, the
# package is installed for dependencies, and we have a pip-managed
# requests with correctly vendored sub-packages.
sudo ${YUM} install -y python2-requests
sudo rm -rf /usr/lib/python2.7/site-packages/requests/*
sudo rm -rf /usr/lib/python2.7/site-packages/requests-*.{egg,dist}-info
sudo pip install requests
}
function setup_puppet_rhel7 {
# install a bootstrap epel repo to install latest epel-release
# package (which provides correct gpg keys, etc); then remove
# boostrap
cat > /etc/yum.repos.d/epel-bootstrap.repo <<EOF
[epel-bootstrap]
name=Bootstrap EPEL
mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgcheck=0
EOF
yum --enablerepo=epel-bootstrap -y install epel-release
rm -f /etc/yum.repos.d/epel-bootstrap.repo
_systemd_update
yum update -y
if [ "$PUPPET_VERSION" == "3" ] ; then
puppetpkg=puppet
local puppet_repo="https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm"
elif [ "$PUPPET_VERSION" == "4" ] ; then
puppetpkg=puppet-agent
local puppet_repo="https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm"
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
# NOTE: we preinstall lsb_release to ensure facter sets lsbdistcodename
yum install -y redhat-lsb-core git
# Install puppetlabs repo & then puppet comes from there
rpm -ivh $puppet_repo
yum install -y $puppetpkg
if $SETUP_PIP; then
# see comments in setup_puppet_fedora
ln -s /usr/bin/pip /usr/bin/pip-python
fi
if [ "$PUPPET_VERSION" == "3" ] ; then
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppet/puppet.conf
fi
}
function setup_puppet_ubuntu {
if ! which lsb_release > /dev/null 2<&1 ; then
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes lsb-release
fi
lsbdistcodename=`lsb_release -c -s`
if [ $lsbdistcodename != 'trusty' ] ; then
rubypkg=rubygems
else
rubypkg=ruby
fi
if [ "$PUPPET_VERSION" == "3" ] ; then
if [ $lsbdistcodename != 'xenial' ] ; then
puppet_deb=puppetlabs-release-${lsbdistcodename}.deb
else
puppet_deb=''
fi
PUPPET_VERSION=3.*
puppetpkg=puppet
FACTER_VERSION=2.*
elif [ "$PUPPET_VERSION" == "4" ] ; then
puppet_deb=puppetlabs-release-pc1-${lsbdistcodename}.deb
puppetpkg=puppet-agent
PUPPET_VERSION=4.*
FACTER_VERSION=3.*
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
cat > /etc/apt/preferences.d/00-puppet.pref <<EOF
Package: puppet puppet-common puppetmaster puppetmaster-common puppetmaster-passenger
Pin: version $PUPPET_VERSION
Pin-Priority: 501
Package: facter
Pin: version $FACTER_VERSION
Pin-Priority: 501
EOF
# NOTE(pabelanger): Puppetlabs does not support ubuntu xenial for puppet 3. Instead use
# the version of puppet ship by xenial.
if [ -n "$puppet_deb" ]; then
if type curl >/dev/null 2>&1; then
curl -O http://apt.puppetlabs.com/$puppet_deb
else
wget http://apt.puppetlabs.com/$puppet_deb -O $puppet_deb
fi
dpkg -i $puppet_deb
rm $puppet_deb
fi;
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes dist-upgrade
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes $puppetpkg git $rubypkg
if [ "$PUPPET_VERSION" == "3" ] ; then
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppet/puppet.conf
fi
# ensure the agent is stopped and disabled
if [ -f /bin/systemctl ]; then
service puppet stop
systemctl disable puppet
else
/etc/init.d/puppet stop
update-rc.d -f puppet disable
fi
}
function setup_puppet_opensuse {
if [ "$PUPPET_VERSION" == "3" ] ; then
puppetpkg=puppet
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
zypper --non-interactive install --force-resolution $puppetpkg
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppet/puppet.conf
}
function setup_puppet_gentoo {
echo yes | emaint sync -a
if [ "$PUPPET_VERSION" == "3" ] ; then
puppetpkg=puppet-agent
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
emerge -q --jobs=4 $puppetpkg
sed -i '/templatedir/d' /etc/puppetlabs/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppetlabs/puppet/puppet.conf
}
#
# pip setup
#
function setup_pip {
# Install pip using get-pip
local get_pip_url=https://bootstrap.pypa.io/get-pip.py
local ret=1
if [ -f ./get-pip.py ]; then
ret=0
elif type curl >/dev/null 2>&1; then
curl -O $get_pip_url
ret=$?
elif type wget >/dev/null 2>&1; then
wget $get_pip_url
ret=$?
fi
if [ $ret -ne 0 ]; then
echo "Failed to get get-pip.py"
exit 1
fi
if is_opensuse; then
zypper --non-interactive install --force-resolution python python-xml
fi
python get-pip.py
rm get-pip.py
# we are about to overwrite setuptools, but some packages we
# install later might depend on the python-setuptools package. To
# avoid later conflicts, and because distro packages don't include
# enough info for pip to certain it can fully uninstall the old
# package, for safety we clear it out by hand (this seems to have
# been a problem with very old to new updates, e.g. centos6 to
# current-era, but less so for smaller jumps). There is a bit of
# chicken-and-egg problem with pip in that it requires setuptools
# for some operations, such as wheel creation. But just
# installing setuptools shouldn't require setuptools itself, so we
# are safe for this small section.
if is_rhel7 || is_fedora; then
yum install -y python-setuptools
rm -rf /usr/lib/python2.7/site-packages/setuptools*
fi
pip install -U setuptools
}
# Need to install python2 early as pip and ansible need it and it
# isn't necessarily previously installed on newer Ubuntu releases.
if is_ubuntu; then
if ! which python > /dev/null 2<&1 ; then
DEBIAN_FRONTEND=noninteractive apt-get update
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes python-minimal
fi
fi
if $SETUP_PIP; then
setup_pip
fi
if is_fedora; then
setup_puppet_fedora
elif is_rhel7; then
setup_puppet_rhel7
elif is_ubuntu; then
setup_puppet_ubuntu
elif is_opensuse; then
setup_puppet_opensuse
elif is_gentoo; then
setup_puppet_gentoo
else
echo "*** Can not setup puppet: distribution not recognized"
exit 1
fi