document new package repository configuration in puppet

admin-guide/puppet/modules.rst

@@ -229,18 +229,21 @@ Profiles
    profiles/nfs_server
    profiles/ntp_client
    profiles/nvidia
+   profiles/package_list
    profiles/platform
    profiles/platform/hewlett_packard
    profiles/pmodules
    profiles/print_client
    profiles/puppet_client
+   profiles/repository
+   profiles/repository_list
+   profiles/rpm_repos
    profiles/serial_console
    profiles/ssh_client
    profiles/ssh_server.rst
    profiles/sysinfo
    profiles/telegraf
    profiles/web_server
-   profiles/yum_client
 
 
 Components
@@ -249,7 +252,7 @@ Components
 .. toctree::
    :maxdepth: 1
 
-   components/grub2              
+   components/grub2
    components/logrotate
    components/selinux
    components/sudo

admin-guide/puppet/profiles/package_list.rst

@@ -0,0 +1,44 @@
+``profile::package_list``
+============================
+
+This module installs a list of packages on the node, with extra options inlcuding the filtering by OS.
+
+This profile is usually direcly used from Puppet::
+
+  profile::repository_list{'rpm_repos::influx':}
+
+Parameters
+----------
+
+===============================  ========  =============================================
+**Name**                         **Type**  **Default**
+-------------------------------  --------  ---------------------------------------------
+packages                         list      []
+===============================  ========  =============================================
+
+
+
+``packages``
+~~~~~~~~~~~~
+
+This list contains the names of the packages to be installed. The names may be "extended" by tags, separated by ``:``.
+
+==========  ===============================
+Tag         Function
+----------  -------------------------------
+absent      package will be removed
+latest      always latest version installed
+os=redhat7  only install on given OS
+os!redhat7  do not install on given OS
+==========  ===============================
+
+
+Example definitions::
+
+  java-11-openjdk
+  @Java Platform
+  java-1.8.0-openjdk:os=redhat8:latest:os!redhat9
+  java-1.8.0-openjdk:os=redhat7:absent
+
+
+

admin-guide/puppet/profiles/repository.rst

@@ -0,0 +1,73 @@
+``profile::repository_list``
+============================
+
+This module configures adds a list of package repositories from hiera
+and filters those according to OS version.
+
+Parameters
+----------
+
+===============================  ===========  =============================================
+**Name**                         **Type**     **Default**
+-------------------------------  -----------  ---------------------------------------------
+descr                            string 
+baseurl                          string
+gpgkey                           string       undef
+gpgcheck                         bool         false
+disable                          bool         true
+priority                         integer      undef
+exclude                          string/list  ''
+===============================  ===========  =============================================
+
+
+``title``
+~~~~~~~~~
+
+The repository definition will end up as ``/etc/yum.repos.d/${title}.repo`` on the node
+
+
+
+``descr``
+~~~~~~~~~
+
+Description of the package repository.
+
+
+``baseurl``
+~~~~~~~~~~~
+
+URL where the repository is available from, e.g.::
+
+  https://repo01.psi.ch/el8/tags/$pli_repo_tag/epel/
+
+
+``gpgkey``
+~~~~~~~~~~
+
+URL or file path where the signing GPG key is available from, e.g.::
+
+  https://repo01.psi.ch/el8/keys/RPM-GPG-KEY-EPEL-8
+
+
+``gpgcheck``
+~~~~~~~~~~~~
+
+Check GPG signature of installed packages.
+
+
+``disable``
+~~~~~~~~~~~
+
+If the repository should be checked for package installation/updates or not.
+
+
+``priority``
+~~~~~~~~~~~~
+
+What priority do packages from this repositry have?
+
+
+``exclude``
+~~~~~~~~~~~
+
+List or comma separated string with packages to be ignored from this repositores. Wildcards are supported.

admin-guide/puppet/profiles/repository_list.rst

@@ -0,0 +1,47 @@
+``profile::repository_list``
+============================
+
+This module configures adds a list of package repositories from hiera
+and filters those according to OS version.
+
+Parameters
+----------
+
+===============================  ========  =============================================
+**Name**                         **Type**  **Default**
+-------------------------------  --------  ---------------------------------------------
+accept_empty                     bool      false
+===============================  ========  =============================================
+
+
+``title``
+~~~~~~~~~
+
+Name of the list of software repositores to be installed.
+It will lookup in Hiera for a list ``$title`` and look up the
+repository definitons with ``hiera_hash("rpm_repos::repo::${name}")``.
+
+The repository definitions not suitable for this OS will be filtered away,
+then with the rest a repository configuration is writen to the node 
+using ``profile::repository``. The ``osversion`` key in the repository definition
+signals the major RHEL version for which this repository is for.
+
+Example definition::
+
+  rpm_repos::repo::epel_rhel8:
+    name: 'epel'
+    descr: "Extra Packages for Enterprise Linux 8"
+    baseurl: 'https://repo01.psi.ch/el8/tags/$pli_repo_tag/epel/'
+    gpgkey: 'https://repo01.psi.ch/el8/keys/RPM-GPG-KEY-EPEL-8'
+    disable: false
+    gpgcheck: true
+    osversion: 8
+    exclude:
+        - "slurm*"
+
+
+
+``accept_empty``
+~~~~~~~~~~~~~~~~
+
+Do not fail when the repository list is empty after 

admin-guide/puppet/profiles/rpm_repos.rst

@@ -1,7 +1,7 @@
-``profile::yum_client``
+``profile::rpm_repos``
 =======================
 
-This module configures :manpage:`yum(8)`.
+This module configures :manpage:`dnf(8)` and sets up the default package repositores.
 
 
 Parameters
@@ -10,32 +10,30 @@ Parameters
 ===============================  ========  =============================================
 **Name**                         **Type**  **Default**
 -------------------------------  --------  ---------------------------------------------
-exclude                          list      hiera('yum_client::exclude', [])
-package_groups                   list      hiera_array('yum_client::package_groups', [])
-purge_repositories               bool      hiera('yum_client::purge_repositories')
-repos                            list      hiera_array('yum_client::repositories')
+repo_list                        string    'rpm_repos::default'
+repo_tags                        hash      hiera_hash('rpm_repos::tag')
+exclude                          list      hiera('base::package_exclude, [])
+purge_repositories               bool      hiera('rpm_repos::purge_repositories')
 ===============================  ========  =============================================
 
 
+``repo_list``
+~~~~~~~~~~~~~
+
+Name of the list of default software repositores to be installed.
+
+``repo_tags``
+~~~~~~~~~~~~~
+
+Hash containing the repository tag which should be used per OS. 
+The key for RHEL 7 is ``redhat7`` and points by default to ``prod``,
+whereas for later versions is ``rhel-$MAJOR_VERSION`` (eg. for ``redhat8`` it is ``rhel-8``)
+
 ``exclude``
 ~~~~~~~~~~~
 
 An array containing entries suitable for the ``exclude`` option in
-:manpage:`yum.conf(5)`.
-
-
-``package_group``
-~~~~~~~~~~~~~~~~~
-
-A list containing the names of the package groups to be installed on the
-systems. The package groups have to be defined through `pkg_group::$NAME`_ and
-are completely independent of Yum (environment) groups.
-
-
-``pkg_group::$NAME``
-~~~~~~~~~~~~~~~~~~~~
-
-The list of packages that comprise the package group ``$NAME``.
+:manpage:`dnf.conf(5)`.
 
 
 ``purge_repositories``

admin-guide/puppet/roles/base.rst

@@ -15,6 +15,7 @@ Parameters
 default_target          string    ``multi-user``
 enable_afs              bool      hiera('base::enable_afs')
 enable_autofs           bool      hiera('base::enable_autofs')
+enable_epics            bool      hiera('base::enable_epics')
 enable_filecopy         bool      hiera('base::enable_filecopy')
 enable_ganglia          bool      hiera('base::enable_ganglia')
 enable_icinga           bool      hiera('base::enable_icinga')
@@ -31,9 +32,10 @@ enable_telegraf         bool      hiera('base::enable_telegraf')
 enable_updatedb         bool      hiera('base::enable_updatedb')
 include_aaa             bool      true
 include_log_client      bool      true
-include_yum_client      bool      true
-package_groups          array     []
-pkg_group::*            array     -
+include_rpm_repos       bool      true
+package_groups          array     hiera_array('base::package_groups', [])
+package_excludes        array     hierra_array('base::package_exclude', [])
+pkg_group::*            array     hierra_array('base::pkg_group::...', [])
 selinux_mode            string    hiera('base::selinux_mode', 'enforcing')
 ======================  ========  ================================================
 
@@ -62,6 +64,12 @@ needed to support the ``-hosts`` map as documented in :manpage:`auto.master`.
 The ``-hosts`` map is mounted on ``/net``.
 
 
+``enable_epics``
+~~~~~~~~~~~~~~~~~
+
+Enables the ``EPICS``. TODO: more details...
+
+
 ``enable_filecopy``
 ~~~~~~~~~~~~~~~~~~~
 
@@ -177,25 +185,39 @@ meant to allow roles customization of the :doc:`log_client
 <../profiles/log_client>` profile.
 
 
-``include_yum_client``
+``include_rpm_repos``
 ~~~~~~~~~~~~~~~~~~~~~~
 
-Determines whether to include the :doc:`yum_client <../profiles/yum_client>`
-profile.
+Determines whether to install the default RPM package repositories.
 
 
 ``package_groups``
 ~~~~~~~~~~~~~~~~~~
 
-The list of package groups to install. Package groups are defined using
-`pkg_group::NAME`_.
+The list of package groups to install. Package groups are defined in Hiera using
+``base::pkg_group::NAME``.
 
 
 ``pkg_group::NAME``
 ~~~~~~~~~~~~~~~~~~~
 
-An array defining the package group ``NAME``. Package groups are installed using
-the `package_groups`_ parameter.
+An array defining the package group ``NAME``. It contains the package name with optionally
+one or more tags, separated by ``:``. Following tags are allowed:
+
+========== =====================================================
+Tag        Description
+---------- -----------------------------------------------------
+latest     ensure the latest version of the package is installed
+absent     ensure the package is not installed
+os=redhat7 install it only on this OS
+os!redhat7 install on any OS except this one
+========== =====================================================
+
+
+``package_excludes``
+~~~~~~~~~~~~~~~~~~~~
+
+An array with packages which are not made available on the system.
 
 
 ``selinux_mode``
@@ -224,7 +246,7 @@ Examples
 The most basic usage is::
 
   class role::some_role () {
-    
+
     include role::base
 
     ...

rhel8/packages.md

@@ -55,7 +55,7 @@ base::pkg_group::java:
 
 ### Install Packages only on Given OS Version
 
-**to be implemented**
+**implemented only in rhel8_preprod branch**
  
  Certain packages are only used on a given OS Version, so a `os=` with the OS name and the major version selects a package only for given OS, where as a `os!` will filter away given package on hosts with given OS, so they are not installed there.
 
@@ -207,7 +207,7 @@ A small list of packages managed by the Linux Team.
 - make v4.3 from [CentOS](https://rpmfind.net/linux/RPM/centos-stream/9/baseos/x86_64/make-4.3-7.el9.x86_64.html) as v4.2.1 has been reported to to make trouble
 - latest [Zoom client](https://zoom.us/download?os=linux)
 - latest [Webex client](https://www.webex.com/downloads.html)
-- `pli-assets` containing the PSI and the Customer Self Service logo,  any hints about the source rpm are welcome
-- TODO: [mod_gearman](https://mod-gearman.org/download/v4.0.1/rhel8/x86_64/)
+- `pli-assets` containing the PSI and the Customer Self Service logo, any hints about the source rpm are welcome
+- [mod_gearman v4.0.1](https://mod-gearman.org/download/v4.0.1/rhel8/x86_64/)