system-config/install_puppet.sh
James E. Blair ee62c99b9c Revert "centos7: don't install EPEL"
This reverts commit 37c26280bf.

This was originally removed so that EPEL would not be installed in
our nodepool images.  We no longer run this script when creating
those images, so it can be safely restored.  It should be restored
because without this, we are unable to spin up a cgit server
(which requires epel).

Change-Id: I93e6487ab9a2eae5f927abf43aea7e3e19c5ac9e
2018-03-23 17:31:33 -07:00

366 lines
12 KiB
Bash
Executable File

#!/bin/bash -x
# Copyright 2013 OpenStack Foundation.
# Copyright 2013 Hewlett-Packard Development Company, L.P.
# Copyright 2013 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# NOTE(pabelanger): We now use the pip-and-virtualenv element from
# diskimage-builder to do this. Default to true for backwards compatibility.
SETUP_PIP=${SETUP_PIP:-true}
#
# Distro identification functions
# note, can't rely on lsb_release for these as we're bare-bones and
# it may not be installed yet)
PUPPET_VERSION=${PUPPET_VERSION:-3}
function is_fedora {
[ -f /usr/bin/yum ] && cat /etc/*release | grep -q -e "Fedora"
}
function is_rhel7 {
[ -f /usr/bin/yum ] && \
cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \
cat /etc/*release | grep -q 'release 7'
}
function is_ubuntu {
[ -f /usr/bin/apt-get ]
}
function is_opensuse {
[ -f /usr/bin/zypper ] && \
cat /etc/os-release | grep -q -e "openSUSE"
}
function is_gentoo {
[ -f /usr/bin/emerge ]
}
# dnf is a drop-in replacement for yum on Fedora>=22
YUM=yum
if is_fedora && [[ $(lsb_release -rs) -ge 22 ]]; then
YUM=dnf
fi
#
# Distro specific puppet installs
#
function _systemd_update {
# there is a bug (rhbz#1261747) where systemd can fail to enable
# services due to selinux errors after upgrade. A work-around is
# to install the latest version of selinux and systemd here and
# restart the daemon for good measure after it is upgraded.
$YUM install -y selinux-policy
$YUM install -y systemd
systemctl daemon-reload
}
function setup_puppet_fedora {
_systemd_update
$YUM update -y
# NOTE: we preinstall lsb_release here to ensure facter sets
# lsbdistcodename
#
# Fedora declares some global hardening flags, which distutils
# pick up when building python modules. redhat-rpm-config
# provides the required config options. Really this should be a
# dependency of python-devel (fix in the works, see
# https://bugzilla.redhat.com/show_bug.cgi?id=1217376) and can be
# removed when that is sorted out.
$YUM install -y redhat-lsb-core git puppet \
redhat-rpm-config
mkdir -p /etc/puppet/modules/
if $SETUP_PIP; then
# Puppet expects the pip command named as pip-python on
# Fedora, as per the packaged command name. However, we're
# installing from get-pip.py so it's just 'pip'. An easy
# work-around is to just symlink pip-python to "fool" it.
# See upstream issue:
# https://tickets.puppetlabs.com/browse/PUP-1082
ln -fs /usr/bin/pip /usr/bin/pip-python
fi
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppet/puppet.conf
# upstream is currently looking for /run/systemd files to check
# for systemd. This fails in a chroot where /run isn't mounted
# (like when using dib). Comment out this confine as fedora
# always has systemd
# see
# https://github.com/puppetlabs/puppet/pull/4481
# https://bugzilla.redhat.com/show_bug.cgi?id=1254616
sudo sed -i.bak '/^[^#].*/ s|\(^.*confine :exists => \"/run/systemd/system\".*$\)|#\ \1|' \
/usr/share/ruby/vendor_ruby/puppet/provider/service/systemd.rb
# upstream "requests" pip package vendors urllib3 and chardet
# packages. The fedora packages un-vendor this, and symlink those
# sub-packages back to packaged versions. We get into a real mess
# of if some of the puppet ends up pulling in "requests" from pip,
# and then something like devstack does a "yum install
# python-requests" which does a very bad job at overwriting the
# pip-installed version (symlinks and existing directories don't
# mix). A solution is to pre-install the python-requests
# package; clear it out and re-install from pip. This way, the
# package is installed for dependencies, and we have a pip-managed
# requests with correctly vendored sub-packages.
sudo ${YUM} install -y python2-requests
sudo rm -rf /usr/lib/python2.7/site-packages/requests/*
sudo rm -rf /usr/lib/python2.7/site-packages/requests-*.{egg,dist}-info
sudo pip install requests
}
function setup_puppet_rhel7 {
# install a bootstrap epel repo to install latest epel-release
# package (which provides correct gpg keys, etc); then remove
# boostrap
cat > /etc/yum.repos.d/epel-bootstrap.repo <<EOF
[epel-bootstrap]
name=Bootstrap EPEL
mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgcheck=0
EOF
yum --enablerepo=epel-bootstrap -y install epel-release
rm -f /etc/yum.repos.d/epel-bootstrap.repo
_systemd_update
yum update -y
if [ "$PUPPET_VERSION" == "3" ] ; then
puppetpkg=puppet
local puppet_repo="https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm"
elif [ "$PUPPET_VERSION" == "4" ] ; then
puppetpkg=puppet-agent
local puppet_repo="https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm"
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
# NOTE: we preinstall lsb_release to ensure facter sets lsbdistcodename
yum install -y redhat-lsb-core git
# Install puppetlabs repo & then puppet comes from there
rpm -ivh $puppet_repo
yum install -y $puppetpkg
if $SETUP_PIP; then
# see comments in setup_puppet_fedora
ln -s /usr/bin/pip /usr/bin/pip-python
fi
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppet/puppet.conf
}
function setup_puppet_ubuntu {
if ! which lsb_release > /dev/null 2<&1 ; then
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes lsb-release
fi
lsbdistcodename=`lsb_release -c -s`
if [ $lsbdistcodename != 'trusty' ] ; then
rubypkg=rubygems
else
rubypkg=ruby
fi
if [ "$PUPPET_VERSION" == "3" ] ; then
if [ $lsbdistcodename != 'xenial' ] ; then
puppet_deb=puppetlabs-release-${lsbdistcodename}.deb
else
puppet_deb=''
fi
PUPPET_VERSION=3.*
puppetpkg=puppet
FACTER_VERSION=2.*
elif [ "$PUPPET_VERSION" == "4" ] ; then
puppet_deb=puppetlabs-release-pc1-${lsbdistcodename}.deb
puppetpkg=puppet-agent
PUPPET_VERSION=4.*
FACTER_VERSION=3.*
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
cat > /etc/apt/preferences.d/00-puppet.pref <<EOF
Package: puppet puppet-common puppetmaster puppetmaster-common puppetmaster-passenger
Pin: version $PUPPET_VERSION
Pin-Priority: 501
Package: facter
Pin: version $FACTER_VERSION
Pin-Priority: 501
EOF
# NOTE(pabelanger): Puppetlabs does not support ubuntu xenial for puppet 3. Instead use
# the version of puppet ship by xenial.
if [ -n "$puppet_deb" ]; then
if type curl >/dev/null 2>&1; then
curl -O http://apt.puppetlabs.com/$puppet_deb
else
wget http://apt.puppetlabs.com/$puppet_deb -O $puppet_deb
fi
dpkg -i $puppet_deb
rm $puppet_deb
fi;
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes dist-upgrade
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes $puppetpkg git $rubypkg
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppet/puppet.conf
# ensure the agent is stopped and disabled
if [ -f /bin/systemctl ]; then
service puppet stop
systemctl disable puppet
else
/etc/init.d/puppet stop
update-rc.d -f puppet disable
fi
}
function setup_puppet_opensuse {
if [ "$PUPPET_VERSION" == "3" ] ; then
puppetpkg=puppet
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
zypper --non-interactive install --force-resolution $puppetpkg
# Wipe out templatedir so we don't get warnings about it
sed -i '/templatedir/d' /etc/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppet/puppet.conf
}
function setup_puppet_gentoo {
echo yes | emaint sync -a
if [ "$PUPPET_VERSION" == "3" ] ; then
puppetpkg=puppet-agent
else
echo "Unsupported puppet version ${PUPPET_VERSION}"
exit 1
fi
emerge -q --jobs=4 $puppetpkg
sed -i '/templatedir/d' /etc/puppetlabs/puppet/puppet.conf
# Wipe out server, as we don't have one.
sed -i '/server/d' /etc/puppetlabs/puppet/puppet.conf
}
#
# pip setup
#
function setup_pip {
# Install pip using get-pip
local get_pip_url=https://bootstrap.pypa.io/get-pip.py
local ret=1
if [ -f ./get-pip.py ]; then
ret=0
elif type curl >/dev/null 2>&1; then
curl -O $get_pip_url
ret=$?
elif type wget >/dev/null 2>&1; then
wget $get_pip_url
ret=$?
fi
if [ $ret -ne 0 ]; then
echo "Failed to get get-pip.py"
exit 1
fi
if is_opensuse; then
zypper --non-interactive install --force-resolution python python-xml
fi
python get-pip.py
rm get-pip.py
# we are about to overwrite setuptools, but some packages we
# install later might depend on the python-setuptools package. To
# avoid later conflicts, and because distro packages don't include
# enough info for pip to certain it can fully uninstall the old
# package, for safety we clear it out by hand (this seems to have
# been a problem with very old to new updates, e.g. centos6 to
# current-era, but less so for smaller jumps). There is a bit of
# chicken-and-egg problem with pip in that it requires setuptools
# for some operations, such as wheel creation. But just
# installing setuptools shouldn't require setuptools itself, so we
# are safe for this small section.
if is_rhel7 || is_fedora; then
yum install -y python-setuptools
rm -rf /usr/lib/python2.7/site-packages/setuptools*
fi
pip install -U setuptools
}
# Need to install python2 early as pip and ansible need it and it
# isn't necessarily previously installed on newer Ubuntu releases.
if is_ubuntu; then
if ! which python > /dev/null 2<&1 ; then
DEBIAN_FRONTEND=noninteractive apt-get update
DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
--assume-yes install -y --force-yes python-minimal
fi
fi
if $SETUP_PIP; then
setup_pip
fi
if is_fedora; then
setup_puppet_fedora
elif is_rhel7; then
setup_puppet_rhel7
elif is_ubuntu; then
setup_puppet_ubuntu
elif is_opensuse; then
setup_puppet_opensuse
elif is_gentoo; then
setup_puppet_gentoo
else
echo "*** Can not setup puppet: distribution not recognized"
exit 1
fi