Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable source to support puppet file server #6

Open
bouktin opened this issue Mar 20, 2015 · 8 comments
Open

Enable source to support puppet file server #6

bouktin opened this issue Mar 20, 2015 · 8 comments

Comments

@bouktin
Copy link

bouktin commented Mar 20, 2015

Hello,

Not all servers that I manage have access to internet so it would be useful for the module to get the keys from the puppet file server, such as follow:

    rpmkey { "442DF0F8":
        ensure => present,
        source => 'puppet:///modules/rpmkey/RPM-GPG-KEY-PGDG-94',
    }
}

As a workaround, I store the keys in a temporary folder on the client, and source it locally:

$puppet_tmp=/somewhere/to/store/tmp/files
class rpmkey_postgresql_94 {
    file { "RPM-GPG-KEY-PGDG-94":
        ensure => file,
        path => "$puppet_tmp/rpm-gpg/RPM-GPG-KEY-PGDG-94",
        source => 'puppet:///modules/rpmkey/RPM-GPG-KEY-PGDG-94',
    }

    rpmkey { "442DF0F8":
        ensure => present,
        source => "$puppet_tmp/rpm-gpg/RPM-GPG-KEY-PGDG-94",
    }
}

And thank you for work.

Thank you
Thomas
stschulte added a commit that referenced this issue Mar 29, 2015
@stschulte
(#6) Always convert source to a URI
dbba368 
We always convert the source to a URI (even for local files) so we can
easily use the URI class to check the scheme. While this is not very
useful right now, it can be used to handle some URLs (like `puppet://`)
differently in the future.
stschulte added a commit that referenced this issue Mar 29, 2015
@stschulte
(#6) Support puppet:// links as source
71daafa 
In some situations it is desireable to use your puppet master as a
central resource for gpg keys. Since rpm does not support `puppet://`
URLs you'd have to make sure that you install the key with a seperate
`file` resource.

To solve this, check the `source` before runnig `rpm --import`:

* if source is an absolute path, use it directly for `rpm --import`
* if source is a file:// resource, convert the source to a local path
  and use this for `rpm --import`
* if source is a `puppet://` URL and puppet runs locally (via puppet
  apply), get the local path to the file and use that `rpm --import`
* if source is a `puppet://` URL and puppet runs as an agent,
  write the remote content to a temporary file and use the path to the
  temporary file for `rpm --import`
* if source is anything else (e.g. a `http://` link) pass it directly
  to `rpm --import` and hope `rpm` can handle it directly.
@stschulte
Copy link
Owner

I tried to implement that today and did a few successful tests. The code can be found here: https://github.com/stschulte/puppet-rpmkey/tree/source_puppet_fileserver
It would be great if you could do some tests and let me know if it works like you expected. Basically it works like this now:

  • if source is an absolute path, use it directly for rpm --import
  • if source is a file:// resource, convert the source to a local path and use this for rpm --import
  • if source is a puppet:// URL and puppet runs locally (via puppet apply), get the local path to the file and use that path for rpm --import
  • if source is a puppet:// URL and puppet runs as an agent, query the content from the fileserver and write the content to a temporary file and use the path to the temporary file for rpm --import
  • if source is anything else (e.g. a http:// link) pass it directly to rpm --import and hope rpm can handle it directly.

@propyless propyless mentioned this issue Aug 25, 2015
Closed
@propyless
Copy link

I'm not sure if its the changes for #6 which created these errors but it seems that with a Puppet Client agent version 3.3.1 (we tested with this version) we got errors with the RPMkey provider that was unable to use the ruby function "Puppet::Network::HTTP::API::V1.indirection2uri(req)"

I am not entirely sure when it is added to Puppet but the module works well with our nodes running 3.7.5.

@li-tblancha
Copy link

Hi Stefan,

I'm sorry for the delay, I finally got around to testing it, and it works great:

root@puppet-client ~# puppet agent --test
Warning: Local environment: "production" doesn't match server specified node environment "test", switching agent to "test".
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for puppet-client.example.net
Info: Applying configuration version '1442008291'
Notice: /Stage[main]/Rpmkey_test_gpg_key/Rpmkey[3CBXXXXX]/ensure: created
Notice: Finished catalog run in 2.33 seconds
root@puppet-client ~# puppet -V
3.8.1
root@puppet-client ~# cat /etc/redhat-release
CentOS release 6.7 (Final)
root@puppet-client ~# uname -a
Linux puppet-client.example.net 2.6.32-573.el6.x86_64 #1 SMP Thu Jul 23 15:44:03 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Puppet config:

# file: rpmkey.pp
class rpmkey_test_gpg_key {
    rpmkey { "3CBXXXXX":
        ensure => present,
        source => 'puppet:///modules/ldcconfig/rpm_gpg_keys/RPM-GPG-KEY-TEST',
    }
}

# include via site.pp, hiera, or ENC

Thanks
Thomas

@OrangeCrush
Copy link

@stschulte
Thanks for your work on this module!
Is there any appetite to merge these "source" changes into master and eventually upload to puppet forge?

@stschulte
Copy link
Owner

@OrangeCrush the problem here is that this is basically a rip-off the code I found for the file resource with two problems

  1. I am not exactly sure which utility functions count as "stable" and which are counted as "internal". I suspect it is the latter and as such it is hard to write code that works on all puppet versions I want to support (2.7, 3.x, 4.x)
  2. When I originally wrote the POC, I tried to find some spec tests I could adapt to be able to verify it works on all version. Unfortunately I did not find anything useable.

Since I want to ship a module that works on the versions I claim to support, and I consider the problem itself to be a minor one (you can resort to an additional file resource and place your keys on a server that is accessable via http) I do not plan to merge the code.

One possiblity though is to mark this feature explicitly as "experimental". But not breaking anyones code is really important for me.

@OrangeCrush
Copy link

@stschulte

I did end up implementing a solution using the file resource + http server approach. Thanks again for the module!

@bschonec
Copy link

Would you please put in a pull request so that this can be slipstreamed into the master branch? Also, an update a PuppetForge would be great! I use this functionality (source=>"puppet:///") and when I moved to a new puppet master the functionality was gone because it's not in MASTER.

@bschonec
Copy link

bschonec commented Oct 1, 2019

Would you please slipstream the source_puppet_fileserver into the master and update the Puppet forge?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@stschulte @bouktin @OrangeCrush @propyless @li-tblancha @bschonec