system-config/install_puppet.sh
Colleen Murphy 2017041f9f Parameterize puppet version in install script
This patch adds a global PUPPET_VERSION variable to allow changing the
installed puppet version. The default version remains 3. CentOS and
Ubuntu support setting it to 4. Fedora already installs 4 by default
from the fedora repositories, and we defer worrying about opensuse and
gentoo for now since we do not use those operating systems in the
control plane and we no longer use puppet to build CI images.

The script adds the new "Puppet Collections" repository and changes the
name of the package to 'puppet-agent' when installing version 4. See the
install guide[1] for more details.

[1] https://docs.puppet.com/puppet/4.0/install_linux.html

Co-authored-by: Caleb Boylan <calebboylan@gmail.com>

Change-Id: Id829922875d495bca9ba11a3fe3428a7ebb2cd58
2017-07-13 15:58:25 +02:00

350 lines
11 KiB
Bash
Executable File

#!/bin/bash -x
# Copyright 2013 OpenStack Foundation.
# Copyright 2013 Hewlett-Packard Development Company, L.P.
# Copyright 2013 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# NOTE(pabelanger): We now use the pip-and-virtualenv element from
# diskimage-builder to do this. Default to true for backwards compatibility.
SETUP_PIP=${SETUP_PIP:-true}
#
# Distro identification functions
# note, can't rely on lsb_release for these as we're bare-bones and
# it may not be installed yet)
PUPPET_VERSION=${PUPPET_VERSION:-3}
function is_fedora {
[ -f /usr/bin/yum ] && cat /etc/*release | grep -q -e "Fedora"
}
function is_rhel7 {
[ -f /usr/bin/yum ] && \
cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \
cat /etc/*release | grep -q 'release 7'
}
function is_ubuntu {
[ -f /usr/bin/apt-get ]
}
function is_opensuse {
[ -f /usr/bin/zypper ] && \
cat /etc/os-release | grep -q -e "openSUSE"
}
function is_gentoo {
[ -f /usr/bin/emerge ]
}
# dnf is a drop-in replacement for yum on Fedora>=22
YUM=yum
if is_fedora && [[ $(lsb_release -rs) -ge 22 ]]; then
YUM=dnf
fi
#
# Distro specific puppet installs
#
function _systemd_update {
# there is a bug (rhbz#1261747) where systemd can fail to enable
# services due to selinux errors after upgrade. A work-around is
# to install the latest version of selinux and systemd here and
# restart the daemon for good measure after it is upgraded.
$YUM install -y selinux-policy
$YUM install -y systemd
systemctl daemon-reload
}
function setup_puppet_fedora {
_systemd_update
$YUM update -y
# NOTE: we preinstall lsb_release here to ensure facter sets
# lsbdistcodename
#
# Fedora declares some global hardening flags, which distutils
# pick up when building python modules. redhat-rpm-config
# provides the required config options. Really this should be a
# dependency of python-devel (fix in the works, see
# https://bugzilla.redhat.com/show_bug.cgi?id=1217376) and can be
# removed when that is sorted out.
$YUM install -y redhat-lsb-core git puppet \
redhat-rpm-config
mkdir -p /etc/puppet/modules/
if $SETUP_PIP; then
# Puppet expects the pip command named as pip-python on
# Fedora, as per the packaged command name. However, we're
# installing from get-pip.py so it's just 'pip'. An easy
# work-around is to just symlink pip-python to "fool" it.
# See upstream issue:
# https://tickets.puppetlabs.com/browse/PUP-1082
ln -fs /usr/bin/pip /usr/bin/pip-python
fi
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# upstream is currently looking for /run/systemd files to check
# for systemd. This fails in a chroot where /run isn't mounted
# (like when using dib). Comment out this confine as fedora
# always has systemd
# see
# https://github.com/puppetlabs/puppet/pull/4481
# https://bugzilla.redhat.com/show_bug.cgi?id=1254616
sudo sed -i.bak '/^[^#].*/ s|\(^.*confine :exists => \"/run/systemd/system\".*$\)|#\ \1|' \
/usr/share/ruby/vendor_ruby/puppet/provider/service/systemd.rb
# upstream "requests" pip package vendors urllib3 and chardet
# packages. The fedora packages un-vendor this, and symlink those
# sub-packages back to packaged versions. We get into a real mess
# of if some of the puppet ends up pulling in "requests" from pip,
# and then something like devstack does a "yum install
# python-requests" which does a very bad job at overwriting the
# pip-installed version (symlinks and existing directories don't
# mix). A solution is to pre-install the python-requests
# package; clear it out and re-install from pip. This way, the
# package is installed for dependencies, and we have a pip-managed
# requests with correctly vendored sub-packages.
sudo ${YUM} install -y python2-requests
sudo rm -rf /usr/lib/python2.7/site-packages/requests/*
sudo rm -rf /usr/lib/python2.7/site-packages/requests-*.{egg,dist}-info
sudo pip install requests
}
function setup_puppet_rhel7 {
_systemd_update
yum update -y
if [ "$PUPPET_VERSION" == "3" ] ; then
puppetpkg=puppet
local puppet_repo="https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm"
elif [ "$PUPPET_VERSION" == "4" ] ; then
puppetpkg=puppet-agent
local puppet_repo="https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm"
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
# NOTE: we preinstall lsb_release to ensure facter sets lsbdistcodename
yum install -y redhat-lsb-core git
# Install puppetlabs repo & then puppet comes from there
rpm -ivh $puppet_repo
yum install -y $puppetpkg
if $SETUP_PIP; then
# see comments in setup_puppet_fedora
ln -s /usr/bin/pip /usr/bin/pip-python
fi
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# install CentOS OpenStack repos as well (rebuilds of RDO
# packages). We don't use openstack project rpm files, but covers
# a few things like qemu-kvm-ev (the forward port of qemu with
# later features) that aren't available in base. We need this
# early for things like openvswitch (XXX: should be installed via
# dib before this?)
yum install -y centos-release-openstack-ocata
}
function setup_puppet_ubuntu {
if ! which lsb_release > /dev/null 2<&1 ; then
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes lsb-release
fi
lsbdistcodename=`lsb_release -c -s`
if [ $lsbdistcodename != 'trusty' ] ; then
rubypkg=rubygems
else
rubypkg=ruby
fi
if [ "$PUPPET_VERSION" == "3" ] ; then
if [ $lsbdistcodename != 'xenial' ] ; then
puppet_deb=puppetlabs-release-${lsbdistcodename}.deb
else
puppet_deb=''
fi
PUPPET_VERSION=3.*
puppetpkg=puppet
PUPPETDB_VERSION=2.*
FACTER_VERSION=2.*
elif [ "$PUPPET_VERSION" == "4" ] ; then
puppet_deb=puppetlabs-release-pc1-${lsbdistcodename}.deb
puppetpkg=puppet-agent
PUPPET_VERSION=4.*
PUPPETDB_VERSION=4.*
FACTER_VERSION=3.*
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
cat > /etc/apt/preferences.d/00-puppet.pref <<EOF
Package: puppet puppet-common puppetmaster puppetmaster-common puppetmaster-passenger
Pin: version $PUPPET_VERSION
Pin-Priority: 501
Package: puppetdb puppetdb-terminus
Pin: version $PUPPETDB_VERSION
Pin-Priority: 501
Package: facter
Pin: version $FACTER_VERSION
Pin-Priority: 501
EOF
# NOTE(pabelanger): Puppetlabs does not support ubuntu xenial for puppet 3. Instead use
# the version of puppet ship by xenial.
if [ -n "$puppet_deb" ]; then
if type curl >/dev/null 2>&1; then
curl -O http://apt.puppetlabs.com/$puppet_deb
else
wget http://apt.puppetlabs.com/$puppet_deb -O $puppet_deb
fi
dpkg -i $puppet_deb
rm $puppet_deb
# ansible also requires python2 on the host to run correctly.
# Make sure we have it, as some images come without it
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install python-minimal
fi;
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes dist-upgrade
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes $puppetpkg git $rubypkg
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
if [ -f /bin/systemctl ]; then
systemctl disable puppet
else
update-rc.d -f puppet disable
fi
}
function setup_puppet_opensuse {
if [ "$PUPPET_VERSION" == "3" ] ; then
puppetpkg=puppet
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
zypper --non-interactive install --force-resolution $puppetpkg
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
}
function setup_puppet_gentoo {
echo yes | emaint sync -a
if [ "$PUPPET_VERSION" == "3" ] ; then
puppetpkg=puppet-agent
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
emerge -q --jobs=4 $puppetpkg
sed -i '/templatedir/d' /etc/puppetlabs/puppet/puppet.conf
}
#
# pip setup
#
function setup_pip {
# Install pip using get-pip
local get_pip_url=https://bootstrap.pypa.io/get-pip.py
local ret=1
if [ -f ./get-pip.py ]; then
ret=0
elif type curl >/dev/null 2>&1; then
curl -O $get_pip_url
ret=$?
elif type wget >/dev/null 2>&1; then
wget $get_pip_url
ret=$?
fi
if [ $ret -ne 0 ]; then
echo "Failed to get get-pip.py"
exit 1
fi
if is_opensuse; then
zypper --non-interactive install --force-resolution python python-xml
fi
python get-pip.py
rm get-pip.py
# we are about to overwrite setuptools, but some packages we
# install later might depend on the python-setuptools package. To
# avoid later conflicts, and because distro packages don't include
# enough info for pip to certain it can fully uninstall the old
# package, for safety we clear it out by hand (this seems to have
# been a problem with very old to new updates, e.g. centos6 to
# current-era, but less so for smaller jumps). There is a bit of
# chicken-and-egg problem with pip in that it requires setuptools
# for some operations, such as wheel creation. But just
# installing setuptools shouldn't require setuptools itself, so we
# are safe for this small section.
if is_rhel7 || is_fedora; then
yum install -y python-setuptools
rm -rf /usr/lib/python2.7/site-packages/setuptools*
fi
pip install -U setuptools
}
if $SETUP_PIP; then
setup_pip
fi
if is_fedora; then
setup_puppet_fedora
elif is_rhel7; then
setup_puppet_rhel7
elif is_ubuntu; then
setup_puppet_ubuntu
elif is_opensuse; then
setup_puppet_opensuse
elif is_gentoo; then
setup_puppet_gentoo
else
echo "*** Can not setup puppet: distribution not recognized"
exit 1
fi