From e82c7e51614069a31aeaead4df61f86e7a07d533 Mon Sep 17 00:00:00 2001
From: Jonathan Lent <jlent@stanford.edu>
Date: Tue, 24 Feb 2015 14:13:50 -0800
Subject: [PATCH] see NEWS for new additions (yumtools)
---
NEWS | 7 ++
manifests/yumtools.pp | 2 +
manifests/yumtools/CHANGELOG.md | 50 ++++++++++++++
manifests/yumtools/gpgkey.pp | 87 ++++++++++++++++++++++++
manifests/yumtools/group.pp | 46 +++++++++++++
manifests/yumtools/plugin.pp | 40 +++++++++++
manifests/yumtools/plugin/versionlock.pp | 21 ++++++
manifests/yumtools/versionlock.pp | 58 ++++++++++++++++
8 files changed, 311 insertions(+)
create mode 100644 manifests/yumtools.pp
create mode 100644 manifests/yumtools/CHANGELOG.md
create mode 100644 manifests/yumtools/gpgkey.pp
create mode 100644 manifests/yumtools/group.pp
create mode 100644 manifests/yumtools/plugin.pp
create mode 100644 manifests/yumtools/plugin/versionlock.pp
create mode 100644 manifests/yumtools/versionlock.pp
diff --git a/NEWS b/NEWS
index 0eaf651..894d66f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+release/004.026 (2015-02-24)
+
+ [yumtools] added new group of yum-related
+ commands that can be used to manage package
+ pins, groups, yum plugins and gpg keys
+ (jlent)
+
release/004.025 (2015-02-23)
[rpm] regression of the ensure of the
versionlock.list file. A blank version of this
diff --git a/manifests/yumtools.pp b/manifests/yumtools.pp
new file mode 100644
index 0000000..f38f9af
--- /dev/null
+++ b/manifests/yumtools.pp
@@ -0,0 +1,2 @@
+# This class exists only to provide base::yumtools::*.
+class base::yumtools { }
diff --git a/manifests/yumtools/CHANGELOG.md b/manifests/yumtools/CHANGELOG.md
new file mode 100644
index 0000000..0f13ce0
--- /dev/null
+++ b/manifests/yumtools/CHANGELOG.md
@@ -0,0 +1,50 @@
+## 2015-02-24 - Adoption into Stanford Puppet Shared Base
+
+#### Housekeeping
+
+-Pulled from rom GitHub with git clone https://github.com/CERIT-SC/puppet-yum.git
+-Renamed to yumtools from puppet-yum for clarity
+-Renamed nested classes as base::yumtools::*
+-Removed Git-related files and directories
+-Removed tests, other cruft
+
+## 2014-12-08 - Release 0.9.4
+
+Fix file/directory permissions.
+
+#### Bugfixes
+
+- Fix PF module archive file/directory permissions.
+
+## 2014-11-06 - Release 0.9.3
+
+Enable yum.conf plugins if disabled.
+
+#### Bugfixes
+
+- Enable yum.conf plugins (if disabled) when we
+ install plugin via yum::plugin.
+
+## 2014-09-02 - Release 0.9.2
+
+Fix metadata.json
+
+#### Bugfixes
+
+- Fix metadata.json module dependencies
+
+## 2014-08-20 - Release 0.9.1
+
+### Summary
+
+Fix GPG key import check when key is specified in $content.
+
+#### Bugfixes
+
+- Fix GPG key import check when key is specified in $content.
+
+## 2014-08-07 - Release 0.9.0
+
+### Summary
+
+Initial release.
diff --git a/manifests/yumtools/gpgkey.pp b/manifests/yumtools/gpgkey.pp
new file mode 100644
index 0000000..7d73eee
--- /dev/null
+++ b/manifests/yumtools/gpgkey.pp
@@ -0,0 +1,87 @@
+# Define: base:yumtools::gpgkey
+#
+# This definition saves and imports public GPG key for RPM. Key can
+# be stored on Puppet's fileserver or as inline content. Key can be
+# also removed from system.
+#
+# Parameters:
+# [*path*] - alternative file location (defaults to name)
+# [*ensure*] - specifies if key should be present or absent
+# [*content*] - content
+# [*source*] - source (e.g.: puppet:///)
+# [*owner*] - file owner
+# [*group*] - file group
+# [*mode*] - file mode
+#
+# Actions:
+#
+# Requires:
+# RPM based system
+#
+# Sample usage:
+# base::yumtools::gpgkey { '/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-smoketest1':
+# ensure => present,
+# content => '-----BEGIN PGP PUBLIC KEY BLOCK-----
+# ...
+# -----END PGP PUBLIC KEY BLOCK-----';
+# }
+#
+define base::yumtools::gpgkey (
+ $path = $name,
+ $ensure = present,
+ $content = '',
+ $source = '',
+ $owner = 'root',
+ $group = 'root',
+ $mode = '0644'
+) {
+ validate_absolute_path($path)
+ validate_string($owner, $group, $mode)
+
+ file { $path:
+ ensure => $ensure,
+ owner => $owner,
+ group => $group,
+ mode => $mode,
+ }
+
+ if ($content == '') and ($source == '') {
+ fail('Missing params: $content or $source must be specified')
+ } elsif $content {
+ File[$path] {
+ content => $content
+ }
+ } else {
+ File[$path] {
+ source => $source
+ }
+ }
+
+ $rpmname = "gpg-pubkey-$( \
+gpg --quiet --with-colon --homedir=/root --throw-keyids <${path} | \
+cut -d: -f5 | cut -c9- | tr '[A-Z]' '[a-z]' | head -1)"
+
+ case $ensure {
+ present: {
+ exec { "rpm-import-${name}":
+ path => '/bin:/usr/bin:/sbin/:/usr/sbin',
+ command => "rpm --import ${path}",
+ unless => "rpm -q ${rpmname}",
+ require => File[$path],
+ }
+ }
+
+ absent: {
+ exec { "rpm-delete-${name}":
+ path => '/bin:/usr/bin:/sbin/:/usr/sbin',
+ command => "rpm -e ${rpmname}",
+ onlyif => ["test -f ${path}", "rpm -q ${rpmname}"],
+ before => File[$path],
+ }
+ }
+
+ default: {
+ fail("Invalid ensure state: ${ensure}")
+ }
+ }
+}
diff --git a/manifests/yumtools/group.pp b/manifests/yumtools/group.pp
new file mode 100644
index 0000000..5f06ba1
--- /dev/null
+++ b/manifests/yumtools/group.pp
@@ -0,0 +1,46 @@
+# Define: base::yumtools::group
+#
+# This definition installs or removes yum package group.
+#
+# Parameters:
+# [*ensure*] - specifies if package group should be
+# present (installed) or absent (purged)
+#
+# Actions:
+#
+# Requires:
+# RPM based system
+#
+# Sample usage:
+# base::yumtools::group { 'X Window System':
+# ensure => present,
+# }
+#
+define base::yumtools::group (
+ $ensure = present
+) {
+ Exec {
+ path => '/bin:/usr/bin:/sbin:/usr/sbin',
+ environment => 'LC_ALL=C'
+ }
+
+ case $ensure {
+ present,installed: {
+ exec { "yum-groupinstall-${name}":
+ command => "yum -y groupinstall '${name}'",
+ unless => "yum grouplist '${name}' | egrep '^Installed.+Groups:$'",
+ }
+ }
+
+ absent,purged: {
+ exec { "yum-groupremove-${name}":
+ command => "yum -y groupremove '${name}'",
+ onlyif => "yum grouplist '${name}' | egrep '^Installed.+Groups:$'",
+ }
+ }
+
+ default: {
+ fail("Invalid ensure state: ${ensure}")
+ }
+ }
+}
diff --git a/manifests/yumtools/plugin.pp b/manifests/yumtools/plugin.pp
new file mode 100644
index 0000000..6749270
--- /dev/null
+++ b/manifests/yumtools/plugin.pp
@@ -0,0 +1,40 @@
+# Define: base::yumtools::plugin
+#
+# This definition installs Yum plugin.
+#
+# Parameters:
+# [*ensure*] - specifies if plugin should be present or absent
+#
+# Actions:
+#
+# Requires:
+# RPM based system
+#
+# Sample usage:
+# yum::plugin { 'versionlock':
+# ensure => present,
+# }
+#
+define base::yumtools::plugin (
+ $ensure = present,
+ $pkg_prefix = 'yum-plugin',
+ $pkg_name = ''
+) {
+ $_pkg_name = $pkg_name ? {
+ '' => "${pkg_prefix}-${name}",
+ default => "${pkg_prefix}-${pkg_name}"
+ }
+
+ package { $_pkg_name:
+ ensure => $ensure,
+ }
+
+ if ! defined(Augeas['yum.conf_plugins_enable']) {
+ augeas { 'yum.conf_plugins_enable':
+ lens => 'Yum.lns',
+ incl => '/etc/yum.conf',
+ context => '/files/etc/yum.conf',
+ changes => 'set main/plugins 1',
+ }
+ }
+}
diff --git a/manifests/yumtools/plugin/versionlock.pp b/manifests/yumtools/plugin/versionlock.pp
new file mode 100644
index 0000000..1b6df3f
--- /dev/null
+++ b/manifests/yumtools/plugin/versionlock.pp
@@ -0,0 +1,21 @@
+# Class: base::yumtools::plugin::versionlock
+#
+# This class installs versionlock plugin
+#
+# Parameters:
+# [*ensure*] - specifies if versionlock should be present or absent
+#
+# Actions:
+#
+# Requires:
+#
+# Sample usage:
+# include base::yumtools::plugin::versionlock
+#
+class base::yumtools::plugin::versionlock (
+ $ensure = present
+) {
+ base::yumtools::plugin { 'versionlock':
+ ensure => $ensure,
+ }
+}
diff --git a/manifests/yumtools/versionlock.pp b/manifests/yumtools/versionlock.pp
new file mode 100644
index 0000000..623bfca
--- /dev/null
+++ b/manifests/yumtools/versionlock.pp
@@ -0,0 +1,58 @@
+# Define: base::yumtools::versionlock
+#
+# This definition locks package from updates.
+#
+# Parameters:
+# [*ensure*] - specifies if versionlock should be present, absent or exclude
+# [*path*] - configuration of Yum plugin versionlock
+#
+# Actions:
+#
+# Requires:
+# RPM based system, Yum versionlock plugin
+#
+# Sample usage:
+# base::yumtools::versionlock { '0:bash-4.1.2-9.el6_2.*':
+# ensure => present,
+# }
+#
+define base::yumtools::versionlock (
+ #include base::rpm
+ $ensure = present,
+ $path = '/etc/yum/pluginconf.d/versionlock.list'
+) {
+ require base::yumtools::plugin::versionlock
+ #require => Package[ $redhatPackages ]
+
+ if ($name =~ /^[0-9]+:.+\*$/) {
+ $_name = $name
+ } elsif ($name =~ /^[0-9]+:.+-.+-.+\./) {
+ $_name= "${name}*"
+ } else {
+ fail('Package name must be formated as \'EPOCH:NAME-VERSION-RELEASE.ARCH\'')
+ }
+
+ case $ensure {
+ present,absent,exclude: {
+ if ($ensure == present) or ($ensure == absent) {
+ file_line { "versionlock.list-${name}":
+ ensure => $ensure,
+ line => $_name,
+ path => $path,
+ }
+ }
+
+ if ($ensure == exclude) or ($ensure == absent) {
+ file_line { "versionlock.list-!${name}":
+ ensure => $ensure,
+ line => "!${_name}",
+ path => $path,
+ }
+ }
+ }
+
+ default: {
+ fail("Invalid ensure state: ${ensure}")
+ }
+ }
+}
--
GitLab