From b99473c3fd2eb1e0c5b045b0ea02531f3b5fe5f2 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Tue, 2 Sep 2025 09:21:59 +0100 Subject: [PATCH 01/12] (CAT-2383) PDK update for puppetcore changes Puppetcore changes were implemented about three weeks ago. However, recently our pdk templates changed to accomodate for a new Puppetcore feature. This commit updates the codebase to be in line with templates. --- .puppet-lint.rc | 8 ++++++ .rubocop.yml | 2 +- Gemfile | 75 ++++++++++++++++++++++++++++--------------------- Rakefile | 9 ++++++ metadata.json | 4 +-- 5 files changed, 63 insertions(+), 35 deletions(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index cc96ece05..9e15c6e01 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,9 @@ +--fail-on-warnings --relative +--no-80chars-check +--no-140chars-check +--no-class_inherits_from_params_class-check +--no-autoloader_layout-check +--no-documentation-check +--no-single_quote_string_with_variables-check +--ignore-paths=.vendor/**/*.pp,.bundle/**/*.pp,pkg/**/*.pp,spec/**/*.pp,tests/**/*.pp,types/**/*.pp,vendor/**/*.pp diff --git a/.rubocop.yml b/.rubocop.yml index 439ea84ee..47b1aadbe 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -5,7 +5,7 @@ require: AllCops: NewCops: enable DisplayCopNames: true - TargetRubyVersion: '2.6' + TargetRubyVersion: 3.1 Include: - "**/*.rb" Exclude: diff --git a/Gemfile b/Gemfile index d097a4c42..f0fd67096 100644 --- a/Gemfile +++ b/Gemfile @@ -1,22 +1,41 @@ -source ENV['GEM_SOURCE'] || 'https://rubygems.org' +# frozen_string_literal: true -def location_for(place_or_version, fake_version = nil) - git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} - file_url_regex = %r{\Afile:\/\/(?.*)} +# For puppetcore, set GEM_SOURCE_PUPPETCORE = 'https://rubygems-puppetcore.puppet.com' +gemsource_default = ENV['GEM_SOURCE'] || 'https://rubygems.org' +gemsource_puppetcore = if ENV['PUPPET_FORGE_TOKEN'] + 'https://rubygems-puppetcore.puppet.com' +else + ENV['GEM_SOURCE_PUPPETCORE'] || gemsource_default +end +source gemsource_default + +def location_for(place_or_constraint, fake_constraint = nil, opts = {}) + git_url_regex = /\A(?(?:https?|git)[:@][^#]*)(?:#(?.*))?/ + file_url_regex = %r{\Afile://(?.*)} + + if place_or_constraint && (git_url = place_or_constraint.match(git_url_regex)) + # Git source → ignore :source, keep fake_constraint + [fake_constraint, { git: git_url[:url], branch: git_url[:branch], require: false }].compact + + elsif place_or_constraint && (file_url = place_or_constraint.match(file_url_regex)) + # File source → ignore :source, keep fake_constraint or default >= 0 + [fake_constraint || '>= 0', { path: File.expand_path(file_url[:path]), require: false }] - if place_or_version && (git_url = place_or_version.match(git_url_regex)) - [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact - elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) - ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] else - [place_or_version, { require: false }] + # Plain version constraint → merge opts (including :source if provided) + [place_or_constraint, { require: false }.merge(opts)] + end +end + +# Print debug information if DEBUG_GEMS or VERBOSE is set +def print_gem_statement_for(gems) + puts 'DEBUG: Gem definitions that will be generated:' + gems.each do |gem_name, gem_params| + puts "DEBUG: gem #{([gem_name.inspect] + gem_params.map(&:inspect)).join(', ')}" end end group :development do - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) @@ -43,6 +62,7 @@ end group :development, :release_prep do gem "puppet-strings", '~> 4.0', require: false gem "puppetlabs_spec_helper", '~> 8.0', require: false + gem "puppet-blacksmith", '~> 7.0', require: false end group :system_tests do gem "puppet_litmus", '~> 2.0', require: false, platforms: [:ruby, :x64_mingw] if !ENV['PUPPET_FORGE_TOKEN'].to_s.empty? @@ -51,28 +71,17 @@ group :system_tests do gem "serverspec", '~> 2.41', require: false end -puppet_version = ENV['PUPPET_GEM_VERSION'] -facter_version = ENV['FACTER_GEM_VERSION'] -hiera_version = ENV['HIERA_GEM_VERSION'] - gems = {} - puppet_version = ENV.fetch('PUPPET_GEM_VERSION', nil) facter_version = ENV.fetch('FACTER_GEM_VERSION', nil) hiera_version = ENV.fetch('HIERA_GEM_VERSION', nil) -# If PUPPET_FORGE_TOKEN is set then use authenticated source for both puppet and facter, since facter is a transitive dependency of puppet -# Otherwise, do as before and use location_for to fetch gems from the default source -if !ENV['PUPPET_FORGE_TOKEN'].to_s.empty? - gems['puppet'] = ['~> 8.11', { require: false, source: 'https://rubygems-puppetcore.puppet.com' }] - gems['facter'] = ['~> 4.11', { require: false, source: 'https://rubygems-puppetcore.puppet.com' }] -else - gems['puppet'] = location_for(puppet_version) - gems['facter'] = location_for(facter_version) if facter_version -end - -gems['hiera'] = location_for(hiera_version) if hiera_version +gems['puppet'] = location_for(puppet_version, nil, { source: gemsource_puppetcore }) +gems['facter'] = location_for(facter_version, nil, { source: gemsource_puppetcore }) +gems['hiera'] = location_for(hiera_version, nil, {}) if hiera_version +# Generate the gem definitions +print_gem_statement_for(gems) if ENV['DEBUG'] gems.each do |gem_name, gem_params| gem gem_name, *gem_params end @@ -80,12 +89,14 @@ end # Evaluate Gemfile.local and ~/.gemfile if they exist extra_gemfiles = [ "#{__FILE__}.local", - File.join(Dir.home, '.gemfile'), + File.join(Dir.home, '.gemfile') ] extra_gemfiles.each do |gemfile| - if File.file?(gemfile) && File.readable?(gemfile) - eval(File.read(gemfile), binding) - end + next unless File.file?(gemfile) && File.readable?(gemfile) + + # rubocop:disable Security/Eval + eval(File.read(gemfile), binding) + # rubocop:enable Security/Eval end # vim: syntax=ruby diff --git a/Rakefile b/Rakefile index f011e6981..34f6965b4 100644 --- a/Rakefile +++ b/Rakefile @@ -7,6 +7,14 @@ require 'puppet-syntax/tasks/puppet-syntax' require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_140chars') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_autoloader_layout') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.ignore_paths = [".vendor/**/*.pp", ".bundle/**/*.pp", "pkg/**/*.pp", "spec/**/*.pp", "tests/**/*.pp", "types/**/*.pp", "vendor/**/*.pp"] require 'rspec/core/rake_task' namespace :ntp do @@ -15,3 +23,4 @@ namespace :ntp do t.rspec_opts = "--tag integration" end end + diff --git a/metadata.json b/metadata.json index 908d2fbd3..ec209fa7f 100644 --- a/metadata.json +++ b/metadata.json @@ -83,6 +83,6 @@ ], "description": "NTP Module for Debian, Ubuntu, CentOS, RHEL, OEL, Fedora, FreeBSD, ArchLinux, Amazon Linux and Gentoo.", "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", - "template-ref": "tags/3.2.0.4-0-g5d17ec1", - "pdk-version": "3.2.0" + "template-ref": "heads/main-0-g9d5b193", + "pdk-version": "3.5.0" } From 0de12f5b8ba12743dcdd4dc9c53563ece3ccd5c5 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Tue, 2 Sep 2025 09:27:13 +0100 Subject: [PATCH 02/12] Unit and integration consume nightlies --- .github/workflows/ci.yml | 1 + .github/workflows/nightly.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 22742aea6..9e60b3a06 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,6 +11,7 @@ jobs: uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" with: runs_on: "ubuntu-24.04" + flags: "--nightly" secrets: "inherit" Acceptance: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index b08ff3ad3..b76117e86 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -10,6 +10,7 @@ jobs: uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" with: runs_on: "ubuntu-24.04" + flags: "--nightly" secrets: "inherit" Acceptance: From 7fe585d7200ef14391f7d287175231757e443c8a Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Tue, 2 Sep 2025 10:04:21 +0100 Subject: [PATCH 03/12] Removing unnecesary pin --- .fixtures.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.fixtures.yml b/.fixtures.yml index 93feb0de3..978a80ab0 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -6,7 +6,6 @@ fixtures: provision: "https://github.com/puppetlabs/provision.git" puppet_agent: repo: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' - ref: v4.25.0 package: "https://github.com/puppetlabs/puppetlabs-package.git" deploy_pe: "https://github.com/jarretlavallee/puppet-deploy_pe" sign_cert: "https://github.com/m0dular/sign_cert" From 41302c6a561316d271d323442fd483d80058c30f Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Wed, 3 Sep 2025 13:40:23 +0100 Subject: [PATCH 04/12] exclude platforms unsupported by CI --- .github/workflows/ci.yml | 2 +- .github/workflows/nightly.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9e60b3a06..94f0ac6b8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,5 +19,5 @@ jobs: uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: runs_on: "ubuntu-24.04" - flags: "--nightly" + flags: "--nightly --platform-exclude centos-7 --platform-exclude oraclelinux-7 --platform-exclude scientific-7" secrets: "inherit" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index b76117e86..eb4e6b3d6 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -18,7 +18,7 @@ jobs: uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: runs_on: "ubuntu-24.04" - flags: "--nightly" + flags: "--nightly --platform-exclude centos-7 --platform-exclude oraclelinux-7 --platform-exclude scientific-7" secrets: "inherit" Integration: From af79f68570469273a05496ea7b512d2086ca8c8f Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Wed, 3 Sep 2025 14:01:53 +0100 Subject: [PATCH 05/12] Point integration testing to consume puppetcore --- .github/workflows/integration_test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml index 3a32443ea..7898feae7 100644 --- a/.github/workflows/integration_test.yml +++ b/.github/workflows/integration_test.yml @@ -37,7 +37,7 @@ jobs: id: get-matrix run: | if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then - echo "matrix={'platform':['ubuntu-2204-lts'],'collection':['puppet7-nightly', 'puppet8-nightly']}" >> $GITHUB_OUTPUT + echo "matrix={'platform':['ubuntu-2204-lts'],'collection':['puppetcore8-nightly']}" >> $GITHUB_OUTPUT else echo "matrix={}" >> $GITHUB_OUTPUT fi From 7c0b39ee545cf259e24e84eb15d1cf97eeaa84f5 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Wed, 3 Sep 2025 14:15:43 +0100 Subject: [PATCH 06/12] commenting unnecesary envs --- .github/workflows/integration_test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml index 7898feae7..5af39887d 100644 --- a/.github/workflows/integration_test.yml +++ b/.github/workflows/integration_test.yml @@ -52,9 +52,9 @@ jobs: fail-fast: false matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} - env: - PUPPET_GEM_VERSION: '~> 7.24' - FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? + # env: + # PUPPET_GEM_VERSION: '~> 7.24' + # FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? steps: From 272eb7f1e8df5b440441a7bdabf486f723e1ade5 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 09:29:28 +0100 Subject: [PATCH 07/12] Integration testing PE version update --- plans/acceptance/pe_server.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/acceptance/pe_server.pp b/plans/acceptance/pe_server.pp index ae53098c7..2859cf995 100644 --- a/plans/acceptance/pe_server.pp +++ b/plans/acceptance/pe_server.pp @@ -5,7 +5,7 @@ # @example # ntp::acceptance::pe_server plan ntp::acceptance::pe_server( - Optional[String] $version = '2021.7.9', + Optional[String] $version = '2023.8.1', Optional[Hash] $pe_settings = { password => 'puppetlabs' } ) { #identify pe server node From 9ed0e1071685e6f97baabeadd256180fa65c5c94 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 10:12:42 +0100 Subject: [PATCH 08/12] Address password validation --- plans/acceptance/pe_server.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plans/acceptance/pe_server.pp b/plans/acceptance/pe_server.pp index 2859cf995..f489ae866 100644 --- a/plans/acceptance/pe_server.pp +++ b/plans/acceptance/pe_server.pp @@ -6,7 +6,7 @@ # ntp::acceptance::pe_server plan ntp::acceptance::pe_server( Optional[String] $version = '2023.8.1', - Optional[Hash] $pe_settings = { password => 'puppetlabs' } + Optional[Hash] $pe_settings = { password => 'Puppetlabs123!' } ) { #identify pe server node $puppet_server = get_targets('*').filter |$n| { $n.vars['role'] == 'ntpserver' } From d448f8dfeb21584b9e00414d4cdaa6113b4ca720 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 10:37:23 +0100 Subject: [PATCH 09/12] Fix --- plans/acceptance/pe_agent.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/plans/acceptance/pe_agent.pp b/plans/acceptance/pe_agent.pp index 835301098..34c33bb84 100644 --- a/plans/acceptance/pe_agent.pp +++ b/plans/acceptance/pe_agent.pp @@ -9,6 +9,12 @@ $puppet_server = get_targets('*').filter |$n| { $n.vars['role'] == 'ntpserver' } $puppet_agent = get_targets('*').filter |$n| { $n.vars['role'] == 'ntpclient' } + # Ensure pe_repo class is applied on the master + run_command( + 'puppet apply -e "include pe_repo::platform::ubuntu_2204_amd64"', + $puppet_server, + ) + # install pe server run_plan( 'deploy_pe::provision_agent', From de8a251ad26794671d93f074cc83378ac30b0e7f Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 11:11:56 +0100 Subject: [PATCH 10/12] fix 2 --- plans/acceptance/pe_agent.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plans/acceptance/pe_agent.pp b/plans/acceptance/pe_agent.pp index 34c33bb84..0d9ad8b2e 100644 --- a/plans/acceptance/pe_agent.pp +++ b/plans/acceptance/pe_agent.pp @@ -9,9 +9,9 @@ $puppet_server = get_targets('*').filter |$n| { $n.vars['role'] == 'ntpserver' } $puppet_agent = get_targets('*').filter |$n| { $n.vars['role'] == 'ntpclient' } - # Ensure pe_repo class is applied on the master + # Stage agent packages for Ubuntu 22.04 on the master run_command( - 'puppet apply -e "include pe_repo::platform::ubuntu_2204_amd64"', + 'puppet infrastructure provision_agent --platform ubuntu-22.04-amd64', $puppet_server, ) From 7949f7250595224baad639f687e9bd3386a339d0 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 11:43:32 +0100 Subject: [PATCH 11/12] fix 3 --- plans/acceptance/pe_agent.pp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/plans/acceptance/pe_agent.pp b/plans/acceptance/pe_agent.pp index 0d9ad8b2e..c5e461894 100644 --- a/plans/acceptance/pe_agent.pp +++ b/plans/acceptance/pe_agent.pp @@ -9,9 +9,15 @@ $puppet_server = get_targets('*').filter |$n| { $n.vars['role'] == 'ntpserver' } $puppet_agent = get_targets('*').filter |$n| { $n.vars['role'] == 'ntpclient' } - # Stage agent packages for Ubuntu 22.04 on the master + # Trigger PE to configure the master and stage agent packages run_command( - 'puppet infrastructure provision_agent --platform ubuntu-22.04-amd64', + '/opt/puppetlabs/puppet/bin/puppet infrastructure configure', + $puppet_server, + ) + + # Apply the repo class for Ubuntu 22.04 + run_command( + 'puppet apply -e "include pe_repo::platform::ubuntu_2204_amd64"', $puppet_server, ) From c7e19572077bfc7a9c7c1850d594f090902c0b7c Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 12:16:05 +0100 Subject: [PATCH 12/12] update pe_server --- plans/acceptance/pe_server.pp | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/plans/acceptance/pe_server.pp b/plans/acceptance/pe_server.pp index f489ae866..5c68a5136 100644 --- a/plans/acceptance/pe_server.pp +++ b/plans/acceptance/pe_server.pp @@ -8,14 +8,26 @@ Optional[String] $version = '2023.8.1', Optional[Hash] $pe_settings = { password => 'Puppetlabs123!' } ) { - #identify pe server node - $puppet_server = get_targets('*').filter |$n| { $n.vars['role'] == 'ntpserver' } + # Identify PE server node + $puppet_server = get_targets('*').filter |$n| { $n.vars['role'] == 'ntpserver' } - # install pe server + # Install PE server run_plan( 'deploy_pe::provision_master', $puppet_server, 'version' => $version, 'pe_settings' => $pe_settings ) + + # Apply the correct pe_repo class for Ubuntu 22.04 + run_command( + 'puppet apply -e "include pe_repo::platform::ubuntu_2204_amd64"', + $puppet_server, + ) + + # Trigger agent package staging + run_command( + 'puppet agent -t', + $puppet_server, + ) }