From f0bf1edb75d61c68f1f9673fb85be76ac5245931 Mon Sep 17 00:00:00 2001
From: Adam Henry Lewenberg <adamhl@stanford.edu>
Date: Thu, 20 Jul 2017 09:30:48 -0700
Subject: [PATCH] some work on Puppet 4 compatibility

---
 NEWS                             | 10 +++++++---
 manifests/ipmi.pp                | 14 +++++++++++---
 manifests/iptables/fragment.pp   |  4 ++--
 manifests/os.pp                  |  8 ++++----
 manifests/out_of_date/client.pp  |  2 +-
 manifests/pam.pp                 |  8 ++++----
 manifests/pam/debian.pp          |  8 +++++++-
 manifests/postfix/map.pp         |  2 +-
 manifests/puppetclient/config.pp |  2 +-
 manifests/ssh.pp                 |  4 ++--
 10 files changed, 40 insertions(+), 22 deletions(-)

diff --git a/NEWS b/NEWS
index 6192ab3..fa8cdaa 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,12 @@
-release/005.009 (2017-07-07) 
+unreleased (2017-??-??)
 
-    [ntp] Push "tinker-panic 0" to the top of the ntp.conf file to help 
+    Starting the work to make the code Puppet 4 compatible. [adamhl]
+
+release/005.009 (2017-07-07)
+
+    [ntp] Push "tinker-panic 0" to the top of the ntp.conf file to help
     address the timekeeping problem with vmware. This means always reset
-    the clock, even if the new time is more than 1000s away from the 
+    the clock, even if the new time is more than 1000s away from the
     current system time. [ljlgeek]
 
 release/005.008 (2017-06-25)
diff --git a/manifests/ipmi.pp b/manifests/ipmi.pp
index ef89459..96a3ca3 100644
--- a/manifests/ipmi.pp
+++ b/manifests/ipmi.pp
@@ -13,8 +13,8 @@
 #   ensure => absent,
 # }
 #
-# WARNING: On a running system, changing base::ipmi::ensure from present to 
-# absent may not work properly, depending on what user-space stuff is using 
+# WARNING: On a running system, changing base::ipmi::ensure from present to
+# absent may not work properly, depending on what user-space stuff is using
 # IPMI functionality.  If you get errors, restart.
 
 class base::ipmi (
@@ -50,7 +50,15 @@ class base::ipmi (
           # For Debian 8+, the package brings in everything it needs by
           # default.  But, if we are re-enabling we need to recover a file that
           # we deleted.  We then have to trigger systemd to load modules.
-          if $::operatingsystem == 'Debian' and $::lsbmajdistrelease >= 8 {
+          if ($::puppetversion =~ /^3/) {
+            $operatingsystem    = $::operatingsystem
+            $lsdbmajdistrelease = $::lsdbmajdistrelease
+          } else {
+            $operatingsystem    = $facts['os']['name']
+            $lsdbmajdistrelease = Integer($facts['os']['release']['major'])
+          }
+
+          if (($operatingsystem == 'Debian') and ($lsdbmajdistrelease >= 8)) {
             exec { 'Re-create /usr/lib/modules-load.d/ipmievd.conf':
               command => '/usr/bin/apt-get install --reinstall ipmitool',
               creates => '/usr/lib/modules-load.d/ipmievd.conf',
diff --git a/manifests/iptables/fragment.pp b/manifests/iptables/fragment.pp
index 03379ae..cb83772 100644
--- a/manifests/iptables/fragment.pp
+++ b/manifests/iptables/fragment.pp
@@ -55,7 +55,7 @@ define base::iptables::fragment($ensure,
         }
 
         default: {
-            crit "Invalid ensure value: $ensure"
+            fail "Invalid ensure value: $ensure"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/manifests/os.pp b/manifests/os.pp
index 5158717..ad0d79a 100644
--- a/manifests/os.pp
+++ b/manifests/os.pp
@@ -2,7 +2,7 @@
 # here is specific to the version of Linux we're running and is handled by
 # the appropriate separate class.
 class base::os {
-  
+
   case $::operatingsystem {
     'Debian':      { include base::os::debian }
     'Ubuntu':      { include base::os::ubuntu }
@@ -11,7 +11,7 @@ class base::os {
     'OracleLinux': { include base::os::oraclelinux }
     default:       { include base::os::debian }
   }
-  
+
   base::os::motd { '/etc/motd':
     ensure   => present,
     template => 'base/os/motd.erb',
@@ -33,8 +33,8 @@ class base::os {
   # Generate an iptables fact for the firewall team to query.
   file { '/var/lib/puppet/sufact/su_iptables':
     ensure => $::osfamily ? {
-        RedHat  => '/etc/sysconfig/iptables',
-        default => '/etc/iptables/general',
+        'RedHat' => '/etc/sysconfig/iptables',
+        default  => '/etc/iptables/general',
     }
   }
 
diff --git a/manifests/out_of_date/client.pp b/manifests/out_of_date/client.pp
index a33c501..4d9917a 100644
--- a/manifests/out_of_date/client.pp
+++ b/manifests/out_of_date/client.pp
@@ -32,7 +32,7 @@ class base::out_of_date::client::disabled inherits base::out_of_date::client {
 }
 
 class base::out_of_date::client::dev inherits base::out_of_date::client {
-    File ['/etc/out-of-date/client.conf'] {
+    File['/etc/out-of-date/client.conf'] {
         source  => 'puppet:///modules/base/out-of-date/etc/out-of-date/client-dev.conf'
     }
 }
diff --git a/manifests/pam.pp b/manifests/pam.pp
index 6d10f4f..dddb294 100644
--- a/manifests/pam.pp
+++ b/manifests/pam.pp
@@ -5,15 +5,15 @@
 # Basic class, for most systems.
 class base::pam {
     case $osfamily {
-        RedHat: { include base::pam::redhat }
-        Debian: { include base::pam::debian }
+        'RedHat': { include base::pam::redhat }
+        'Debian': { include base::pam::debian }
     }
 }
 
 # Allows access to all users with a SUNet ID.  Mostly for timeshares and such.
 class base::pam::ldap inherits base::pam {
     case $osfamily {
-        RedHat: { include base::pam::redhat::ldap }
-        Debian: { include base::pam::debian::ldap }
+        'RedHat': { include base::pam::redhat::ldap }
+        'Debian': { include base::pam::debian::ldap }
     }
 }
diff --git a/manifests/pam/debian.pp b/manifests/pam/debian.pp
index 7d96a8a..9266e8c 100644
--- a/manifests/pam/debian.pp
+++ b/manifests/pam/debian.pp
@@ -6,8 +6,14 @@ class base::pam::debian {
   package { 'libpam-krb5': ensure => present }
   package { 'libpam-afs-session': ensure => present }
 
+  if ($::puppetversion =~ /^3/) {
+    $lsdbmajdistrelease = $::lsdbmajdistrelease
+  } else {
+    $lsdbmajdistrelease = Integer($facts['os']['release']['major'])
+  }
+
   # Starting with Debian jessie, pam-auth-update manages the common PAM files.
-  if ($::lsdbmajdistrelease < 8) {
+  if ($lsdbmajdistrelease < 8) {
     file {
       '/etc/pam.d/common-auth':
         source  => 'puppet:///modules/base/pam/etc/pam.d/common-auth',
diff --git a/manifests/postfix/map.pp b/manifests/postfix/map.pp
index a67d850..41b983c 100644
--- a/manifests/postfix/map.pp
+++ b/manifests/postfix/map.pp
@@ -28,7 +28,7 @@ define base::postfix::map(
   $source  = undef)
 {
   if ($type != 'hash') and ($type != 'btree') {
-    crit "unknown Postfix map type $type"
+    fail "unknown Postfix map type $type"
   }
 
   file { $name:
diff --git a/manifests/puppetclient/config.pp b/manifests/puppetclient/config.pp
index f249885..637f5bf 100644
--- a/manifests/puppetclient/config.pp
+++ b/manifests/puppetclient/config.pp
@@ -54,7 +54,7 @@ define base::puppetclient::config(
       }
     }
     absent:  { file { $name: ensure => absent } }
-    default: { crit "Invalid ensure value: ${ensure}" }
+    default: { fail "Invalid ensure value: ${ensure}" }
   }
 
   file { $defaultfile:
diff --git a/manifests/ssh.pp b/manifests/ssh.pp
index b459919..a6e9ff6 100644
--- a/manifests/ssh.pp
+++ b/manifests/ssh.pp
@@ -115,8 +115,8 @@ class base::ssh(
   service { 'ssh':
     ensure  => running,
     name    => $::osfamily ? {
-      Debian  => 'ssh',
-      RedHat  => 'sshd',
+      'Debian' => 'ssh',
+      'RedHat' => 'sshd',
     },
     require => Package['openssh-server'],
   }
-- 
GitLab