From 6ec6d55427090343b0dcd68689b68bbeb5e59205 Mon Sep 17 00:00:00 2001 From: Konrad Bucheli Date: Fri, 1 Jul 2022 15:44:02 +0200 Subject: [PATCH] document new package repository configuration in puppet --- admin-guide/puppet/modules.rst | 7 +- admin-guide/puppet/profiles/package_list.rst | 44 +++++++++++ admin-guide/puppet/profiles/repository.rst | 73 +++++++++++++++++++ .../puppet/profiles/repository_list.rst | 47 ++++++++++++ .../{yum_client.rst => rpm_repos.rst} | 40 +++++----- admin-guide/puppet/roles/base.rst | 44 ++++++++--- rhel8/packages.md | 6 +- 7 files changed, 224 insertions(+), 37 deletions(-) create mode 100644 admin-guide/puppet/profiles/package_list.rst create mode 100644 admin-guide/puppet/profiles/repository.rst create mode 100644 admin-guide/puppet/profiles/repository_list.rst rename admin-guide/puppet/profiles/{yum_client.rst => rpm_repos.rst} (56%) diff --git a/admin-guide/puppet/modules.rst b/admin-guide/puppet/modules.rst index 65eb2f00..1cc425ef 100644 --- a/admin-guide/puppet/modules.rst +++ b/admin-guide/puppet/modules.rst @@ -229,18 +229,21 @@ Profiles profiles/nfs_server profiles/ntp_client profiles/nvidia + profiles/package_list profiles/platform profiles/platform/hewlett_packard profiles/pmodules profiles/print_client profiles/puppet_client + profiles/repository + profiles/repository_list + profiles/rpm_repos profiles/serial_console profiles/ssh_client profiles/ssh_server.rst profiles/sysinfo profiles/telegraf profiles/web_server - profiles/yum_client Components @@ -249,7 +252,7 @@ Components .. toctree:: :maxdepth: 1 - components/grub2 + components/grub2 components/logrotate components/selinux components/sudo diff --git a/admin-guide/puppet/profiles/package_list.rst b/admin-guide/puppet/profiles/package_list.rst new file mode 100644 index 00000000..313a8df8 --- /dev/null +++ b/admin-guide/puppet/profiles/package_list.rst @@ -0,0 +1,44 @@ +``profile::package_list`` +============================ + +This module installs a list of packages on the node, with extra options inlcuding the filtering by OS. + +This profile is usually direcly used from Puppet:: + + profile::repository_list{'rpm_repos::influx':} + +Parameters +---------- + +=============================== ======== ============================================= +**Name** **Type** **Default** +------------------------------- -------- --------------------------------------------- +packages list [] +=============================== ======== ============================================= + + + +``packages`` +~~~~~~~~~~~~ + +This list contains the names of the packages to be installed. The names may be "extended" by tags, separated by ``:``. + +========== =============================== +Tag Function +---------- ------------------------------- +absent package will be removed +latest always latest version installed +os=redhat7 only install on given OS +os!redhat7 do not install on given OS +========== =============================== + + +Example definitions:: + + java-11-openjdk + @Java Platform + java-1.8.0-openjdk:os=redhat8:latest:os!redhat9 + java-1.8.0-openjdk:os=redhat7:absent + + + diff --git a/admin-guide/puppet/profiles/repository.rst b/admin-guide/puppet/profiles/repository.rst new file mode 100644 index 00000000..0b7d7701 --- /dev/null +++ b/admin-guide/puppet/profiles/repository.rst @@ -0,0 +1,73 @@ +``profile::repository_list`` +============================ + +This module configures adds a list of package repositories from hiera +and filters those according to OS version. + +Parameters +---------- + +=============================== =========== ============================================= +**Name** **Type** **Default** +------------------------------- ----------- --------------------------------------------- +descr string +baseurl string +gpgkey string undef +gpgcheck bool false +disable bool true +priority integer undef +exclude string/list '' +=============================== =========== ============================================= + + +``title`` +~~~~~~~~~ + +The repository definition will end up as ``/etc/yum.repos.d/${title}.repo`` on the node + + + +``descr`` +~~~~~~~~~ + +Description of the package repository. + + +``baseurl`` +~~~~~~~~~~~ + +URL where the repository is available from, e.g.:: + + https://repo01.psi.ch/el8/tags/$pli_repo_tag/epel/ + + +``gpgkey`` +~~~~~~~~~~ + +URL or file path where the signing GPG key is available from, e.g.:: + + https://repo01.psi.ch/el8/keys/RPM-GPG-KEY-EPEL-8 + + +``gpgcheck`` +~~~~~~~~~~~~ + +Check GPG signature of installed packages. + + +``disable`` +~~~~~~~~~~~ + +If the repository should be checked for package installation/updates or not. + + +``priority`` +~~~~~~~~~~~~ + +What priority do packages from this repositry have? + + +``exclude`` +~~~~~~~~~~~ + +List or comma separated string with packages to be ignored from this repositores. Wildcards are supported. diff --git a/admin-guide/puppet/profiles/repository_list.rst b/admin-guide/puppet/profiles/repository_list.rst new file mode 100644 index 00000000..a70c6498 --- /dev/null +++ b/admin-guide/puppet/profiles/repository_list.rst @@ -0,0 +1,47 @@ +``profile::repository_list`` +============================ + +This module configures adds a list of package repositories from hiera +and filters those according to OS version. + +Parameters +---------- + +=============================== ======== ============================================= +**Name** **Type** **Default** +------------------------------- -------- --------------------------------------------- +accept_empty bool false +=============================== ======== ============================================= + + +``title`` +~~~~~~~~~ + +Name of the list of software repositores to be installed. +It will lookup in Hiera for a list ``$title`` and look up the +repository definitons with ``hiera_hash("rpm_repos::repo::${name}")``. + +The repository definitions not suitable for this OS will be filtered away, +then with the rest a repository configuration is writen to the node +using ``profile::repository``. The ``osversion`` key in the repository definition +signals the major RHEL version for which this repository is for. + +Example definition:: + + rpm_repos::repo::epel_rhel8: + name: 'epel' + descr: "Extra Packages for Enterprise Linux 8" + baseurl: 'https://repo01.psi.ch/el8/tags/$pli_repo_tag/epel/' + gpgkey: 'https://repo01.psi.ch/el8/keys/RPM-GPG-KEY-EPEL-8' + disable: false + gpgcheck: true + osversion: 8 + exclude: + - "slurm*" + + + +``accept_empty`` +~~~~~~~~~~~~~~~~ + +Do not fail when the repository list is empty after diff --git a/admin-guide/puppet/profiles/yum_client.rst b/admin-guide/puppet/profiles/rpm_repos.rst similarity index 56% rename from admin-guide/puppet/profiles/yum_client.rst rename to admin-guide/puppet/profiles/rpm_repos.rst index a0b803b5..bb819b64 100644 --- a/admin-guide/puppet/profiles/yum_client.rst +++ b/admin-guide/puppet/profiles/rpm_repos.rst @@ -1,7 +1,7 @@ -``profile::yum_client`` +``profile::rpm_repos`` ======================= -This module configures :manpage:`yum(8)`. +This module configures :manpage:`dnf(8)` and sets up the default package repositores. Parameters @@ -10,32 +10,30 @@ Parameters =============================== ======== ============================================= **Name** **Type** **Default** ------------------------------- -------- --------------------------------------------- -exclude list hiera('yum_client::exclude', []) -package_groups list hiera_array('yum_client::package_groups', []) -purge_repositories bool hiera('yum_client::purge_repositories') -repos list hiera_array('yum_client::repositories') +repo_list string 'rpm_repos::default' +repo_tags hash hiera_hash('rpm_repos::tag') +exclude list hiera('base::package_exclude, []) +purge_repositories bool hiera('rpm_repos::purge_repositories') =============================== ======== ============================================= +``repo_list`` +~~~~~~~~~~~~~ + +Name of the list of default software repositores to be installed. + +``repo_tags`` +~~~~~~~~~~~~~ + +Hash containing the repository tag which should be used per OS. +The key for RHEL 7 is ``redhat7`` and points by default to ``prod``, +whereas for later versions is ``rhel-$MAJOR_VERSION`` (eg. for ``redhat8`` it is ``rhel-8``) + ``exclude`` ~~~~~~~~~~~ An array containing entries suitable for the ``exclude`` option in -:manpage:`yum.conf(5)`. - - -``package_group`` -~~~~~~~~~~~~~~~~~ - -A list containing the names of the package groups to be installed on the -systems. The package groups have to be defined through `pkg_group::$NAME`_ and -are completely independent of Yum (environment) groups. - - -``pkg_group::$NAME`` -~~~~~~~~~~~~~~~~~~~~ - -The list of packages that comprise the package group ``$NAME``. +:manpage:`dnf.conf(5)`. ``purge_repositories`` diff --git a/admin-guide/puppet/roles/base.rst b/admin-guide/puppet/roles/base.rst index 3cd96460..61df7999 100644 --- a/admin-guide/puppet/roles/base.rst +++ b/admin-guide/puppet/roles/base.rst @@ -15,6 +15,7 @@ Parameters default_target string ``multi-user`` enable_afs bool hiera('base::enable_afs') enable_autofs bool hiera('base::enable_autofs') +enable_epics bool hiera('base::enable_epics') enable_filecopy bool hiera('base::enable_filecopy') enable_ganglia bool hiera('base::enable_ganglia') enable_icinga bool hiera('base::enable_icinga') @@ -31,9 +32,10 @@ enable_telegraf bool hiera('base::enable_telegraf') enable_updatedb bool hiera('base::enable_updatedb') include_aaa bool true include_log_client bool true -include_yum_client bool true -package_groups array [] -pkg_group::* array - +include_rpm_repos bool true +package_groups array hiera_array('base::package_groups', []) +package_excludes array hierra_array('base::package_exclude', []) +pkg_group::* array hierra_array('base::pkg_group::...', []) selinux_mode string hiera('base::selinux_mode', 'enforcing') ====================== ======== ================================================ @@ -62,6 +64,12 @@ needed to support the ``-hosts`` map as documented in :manpage:`auto.master`. The ``-hosts`` map is mounted on ``/net``. +``enable_epics`` +~~~~~~~~~~~~~~~~~ + +Enables the ``EPICS``. TODO: more details... + + ``enable_filecopy`` ~~~~~~~~~~~~~~~~~~~ @@ -177,25 +185,39 @@ meant to allow roles customization of the :doc:`log_client <../profiles/log_client>` profile. -``include_yum_client`` +``include_rpm_repos`` ~~~~~~~~~~~~~~~~~~~~~~ -Determines whether to include the :doc:`yum_client <../profiles/yum_client>` -profile. +Determines whether to install the default RPM package repositories. ``package_groups`` ~~~~~~~~~~~~~~~~~~ -The list of package groups to install. Package groups are defined using -`pkg_group::NAME`_. +The list of package groups to install. Package groups are defined in Hiera using +``base::pkg_group::NAME``. ``pkg_group::NAME`` ~~~~~~~~~~~~~~~~~~~ -An array defining the package group ``NAME``. Package groups are installed using -the `package_groups`_ parameter. +An array defining the package group ``NAME``. It contains the package name with optionally +one or more tags, separated by ``:``. Following tags are allowed: + +========== ===================================================== +Tag Description +---------- ----------------------------------------------------- +latest ensure the latest version of the package is installed +absent ensure the package is not installed +os=redhat7 install it only on this OS +os!redhat7 install on any OS except this one +========== ===================================================== + + +``package_excludes`` +~~~~~~~~~~~~~~~~~~~~ + +An array with packages which are not made available on the system. ``selinux_mode`` @@ -224,7 +246,7 @@ Examples The most basic usage is:: class role::some_role () { - + include role::base ... diff --git a/rhel8/packages.md b/rhel8/packages.md index 91d17324..8e7e65a3 100644 --- a/rhel8/packages.md +++ b/rhel8/packages.md @@ -55,7 +55,7 @@ base::pkg_group::java: ### Install Packages only on Given OS Version -**to be implemented** +**implemented only in rhel8_preprod branch** Certain packages are only used on a given OS Version, so a `os=` with the OS name and the major version selects a package only for given OS, where as a `os!` will filter away given package on hosts with given OS, so they are not installed there. @@ -207,7 +207,7 @@ A small list of packages managed by the Linux Team. - make v4.3 from [CentOS](https://rpmfind.net/linux/RPM/centos-stream/9/baseos/x86_64/make-4.3-7.el9.x86_64.html) as v4.2.1 has been reported to to make trouble - latest [Zoom client](https://zoom.us/download?os=linux) - latest [Webex client](https://www.webex.com/downloads.html) -- `pli-assets` containing the PSI and the Customer Self Service logo, any hints about the source rpm are welcome -- TODO: [mod_gearman](https://mod-gearman.org/download/v4.0.1/rhel8/x86_64/) +- `pli-assets` containing the PSI and the Customer Self Service logo, any hints about the source rpm are welcome +- [mod_gearman v4.0.1](https://mod-gearman.org/download/v4.0.1/rhel8/x86_64/)