see NEWS for new additions (yumtools)

e82c7e51 · Jonathan Lent · 2b0f879e · e82c7e51 · e82c7e51 · e82c7e51
Commit e82c7e51 authored 10 years ago by Jonathan Lent
--- a/NEWS
+++ b/NEWS
+release/004.026 (2015-02-24)
+
+    [yumtools] added new group of yum-related
+    commands that can be used to manage package
+    pins, groups, yum plugins and gpg keys
+    (jlent) 
+
 release/004.025 (2015-02-23)
    [rpm] regression of the ensure of the 
    versionlock.list file. A blank version of this

--- a/manifests/yumtools.pp
+++ b/manifests/yumtools.pp
+# This class exists only to provide base::yumtools::*.
+class base::yumtools { }
--- a/manifests/yumtools/CHANGELOG.md
+++ b/manifests/yumtools/CHANGELOG.md
+## 2015-02-24 - Adoption into Stanford Puppet Shared Base
+
+#### Housekeeping
+
+-Pulled from rom GitHub with git clone https://github.com/CERIT-SC/puppet-yum.git
+-Renamed to yumtools from puppet-yum for clarity
+-Renamed nested classes as base::yumtools::*
+-Removed Git-related files and directories
+-Removed tests, other cruft
+
+## 2014-12-08 - Release 0.9.4
+
+Fix file/directory permissions.
+
+#### Bugfixes
+
+- Fix PF module archive file/directory permissions.
+
+## 2014-11-06 - Release 0.9.3
+
+Enable yum.conf plugins if disabled.
+
+#### Bugfixes
+
+- Enable yum.conf plugins (if disabled) when we
+  install plugin via yum::plugin.
+
+## 2014-09-02 - Release 0.9.2
+
+Fix metadata.json
+
+#### Bugfixes
+
+- Fix metadata.json module dependencies
+
+## 2014-08-20 - Release 0.9.1
+
+### Summary
+
+Fix GPG key import check when key is specified in $content.
+
+#### Bugfixes
+
+- Fix GPG key import check when key is specified in $content.
+
+## 2014-08-07 - Release 0.9.0
+
+### Summary
+
+Initial release.
--- a/manifests/yumtools/gpgkey.pp
+++ b/manifests/yumtools/gpgkey.pp
+# Define: base:yumtools::gpgkey
+#
+# This definition saves and imports public GPG key for RPM. Key can
+# be stored on Puppet's fileserver or as inline content. Key can be
+# also removed from system.
+#
+# Parameters:
+#   [*path*]     - alternative file location (defaults to name)
+#   [*ensure*]   - specifies if key should be present or absent
+#   [*content*]  - content
+#   [*source*]   - source (e.g.: puppet:///)
+#   [*owner*]    - file owner
+#   [*group*]    - file group
+#   [*mode*]     - file mode
+#
+# Actions:
+#
+# Requires:
+#   RPM based system
+#
+# Sample usage:
+#   base::yumtools::gpgkey { '/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-smoketest1':
+#     ensure  => present,
+#     content => '-----BEGIN PGP PUBLIC KEY BLOCK-----
+#   ...
+#   -----END PGP PUBLIC KEY BLOCK-----';
+#   }
+#
+define base::yumtools::gpgkey (
+  $path    = $name,
+  $ensure  = present,
+  $content = '',
+  $source  = '',
+  $owner   = 'root',
+  $group   = 'root',
+  $mode    = '0644'
+) {
+  validate_absolute_path($path)
+  validate_string($owner, $group, $mode)
+
+  file { $path:
+    ensure => $ensure,
+    owner  => $owner,
+    group  => $group,
+    mode   => $mode,
+  }
+
+  if ($content == '') and ($source == '') {
+    fail('Missing params: $content or $source must be specified')
+  } elsif $content {
+    File[$path] {
+      content => $content
+    }
+  } else {
+    File[$path] {
+      source => $source
+    }
+  }
+
+  $rpmname = "gpg-pubkey-$( \
+gpg --quiet --with-colon --homedir=/root --throw-keyids <${path} | \
+cut -d: -f5 | cut -c9- | tr '[A-Z]' '[a-z]' | head -1)"
+
+  case $ensure {
+    present: {
+      exec { "rpm-import-${name}":
+        path    => '/bin:/usr/bin:/sbin/:/usr/sbin',
+        command => "rpm --import ${path}",
+        unless  => "rpm -q ${rpmname}",
+        require => File[$path],
+      }
+    }
+
+    absent: {
+      exec { "rpm-delete-${name}":
+        path    => '/bin:/usr/bin:/sbin/:/usr/sbin',
+        command => "rpm -e ${rpmname}",
+        onlyif  => ["test -f ${path}", "rpm -q ${rpmname}"],
+        before  => File[$path],
+      }
+    }
+
+    default: {
+      fail("Invalid ensure state: ${ensure}")
+    }
+  }
+}
--- a/manifests/yumtools/group.pp
+++ b/manifests/yumtools/group.pp
+# Define: base::yumtools::group
+#
+# This definition installs or removes yum package group.
+#
+# Parameters:
+#   [*ensure*]   - specifies if package group should be
+#                  present (installed) or absent (purged)
+#
+# Actions:
+#
+# Requires:
+#   RPM based system
+#
+# Sample usage:
+#   base::yumtools::group { 'X Window System':
+#     ensure  => present,
+#   }
+#
+define base::yumtools::group (
+  $ensure = present
+) {
+  Exec {
+    path        => '/bin:/usr/bin:/sbin:/usr/sbin',
+    environment => 'LC_ALL=C'
+  }
+
+  case $ensure {
+    present,installed: {
+      exec { "yum-groupinstall-${name}":
+        command => "yum -y groupinstall '${name}'",
+        unless  => "yum grouplist '${name}' | egrep '^Installed.+Groups:$'",
+      }
+    }
+
+    absent,purged: {
+      exec { "yum-groupremove-${name}":
+        command => "yum -y groupremove '${name}'",
+        onlyif  => "yum grouplist '${name}' | egrep '^Installed.+Groups:$'",
+      }
+    }
+
+    default: {
+      fail("Invalid ensure state: ${ensure}")
+    }
+  }
+}
--- a/manifests/yumtools/plugin.pp
+++ b/manifests/yumtools/plugin.pp
+# Define: base::yumtools::plugin
+#
+# This definition installs Yum plugin.
+#
+# Parameters:
+#   [*ensure*]   - specifies if plugin should be present or absent
+#
+# Actions:
+#
+# Requires:
+#   RPM based system
+#
+# Sample usage:
+#   yum::plugin { 'versionlock':
+#     ensure  => present,
+#   }
+#
+define base::yumtools::plugin (
+  $ensure     = present,
+  $pkg_prefix = 'yum-plugin',
+  $pkg_name   = ''
+) {
+  $_pkg_name = $pkg_name ? {
+    ''      => "${pkg_prefix}-${name}",
+    default => "${pkg_prefix}-${pkg_name}"
+  }
+
+  package { $_pkg_name:
+    ensure  => $ensure,
+  }
+
+  if ! defined(Augeas['yum.conf_plugins_enable']) {
+    augeas { 'yum.conf_plugins_enable':
+      lens    => 'Yum.lns',
+      incl    => '/etc/yum.conf',
+      context => '/files/etc/yum.conf',
+      changes => 'set main/plugins 1',
+    }
+  }
+}
--- a/manifests/yumtools/plugin/versionlock.pp
+++ b/manifests/yumtools/plugin/versionlock.pp
+# Class: base::yumtools::plugin::versionlock
+#
+# This class installs versionlock plugin
+#
+# Parameters:
+#   [*ensure*] - specifies if versionlock should be present or absent
+#
+# Actions:
+#
+# Requires:
+#
+# Sample usage:
+#   include base::yumtools::plugin::versionlock
+#
+class base::yumtools::plugin::versionlock (
+  $ensure = present
+) {
+  base::yumtools::plugin { 'versionlock':
+    ensure  => $ensure,
+  }
+}
--- a/manifests/yumtools/versionlock.pp
+++ b/manifests/yumtools/versionlock.pp
+# Define: base::yumtools::versionlock
+#
+# This definition locks package from updates.
+#
+# Parameters:
+#   [*ensure*] - specifies if versionlock should be present, absent or exclude
+#   [*path*]   - configuration of Yum plugin versionlock
+#
+# Actions:
+#
+# Requires:
+#   RPM based system, Yum versionlock plugin
+#
+# Sample usage:
+#   base::yumtools::versionlock { '0:bash-4.1.2-9.el6_2.*':
+#     ensure  => present,
+#   }
+#
+define base::yumtools::versionlock (
+  #include base::rpm
+  $ensure = present,
+  $path   = '/etc/yum/pluginconf.d/versionlock.list'
+) {
+  require base::yumtools::plugin::versionlock
+  #require => Package[ $redhatPackages ]
+
+  if ($name =~ /^[0-9]+:.+\*$/) {
+    $_name = $name
+  } elsif ($name =~ /^[0-9]+:.+-.+-.+\./) {
+    $_name= "${name}*"
+  } else {
+    fail('Package name must be formated as \'EPOCH:NAME-VERSION-RELEASE.ARCH\'')
+  }
+
+  case $ensure {
+    present,absent,exclude: {
+      if ($ensure == present) or ($ensure == absent) {
+        file_line { "versionlock.list-${name}":
+          ensure => $ensure,
+          line   => $_name,
+          path   => $path,
+        }
+      }
+
+      if ($ensure == exclude) or ($ensure == absent) {
+        file_line { "versionlock.list-!${name}":
+          ensure => $ensure,
+          line   => "!${_name}",
+          path   => $path,
+        }
+      }
+    }
+
+    default: {
+      fail("Invalid ensure state: ${ensure}")
+    }
+  }
+}