Revert "upgrade puppet modules"

mlibrary · May 7, 2024 · 4061d98 · 4061d98
1 parent eef4298
commit 4061d98
Show file tree

Hide file tree

Showing 36 changed files with 118 additions and 221 deletions.
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -16,29 +16,30 @@ fixtures:
     apache:
       repo: "https://github.com/mlibrary/puppetlabs-apache"
   forge_modules:
-    rbenv:               {"repo": "jdowning/rbenv",             "ref": "3.0.0" }
-    archive:             {"repo": "puppet/archive",             "ref": "7.1.0" }
-    kmod:                {"repo": "puppet/kmod",                "ref": "4.0.1" }
-    letsencrypt:         {"repo": "puppet/letsencrypt",         "ref": "11.0.0"}
-    logrotate:           {"repo": "puppet/logrotate",           "ref": "7.0.2" }
-    nginx:               {"repo": "puppet/nginx",               "ref": "5.0.0" }
-    php:                 {"repo": "puppet/php",                 "ref": "10.1.0"}
-    unattended_upgrades: {"repo": "puppet/unattended_upgrades", "ref": "8.1.0" }
-    apt:                 {"repo": "puppetlabs/apt",             "ref": "9.4.0" }
-    augeas_core:         {"repo": "puppetlabs/augeas_core",     "ref": "1.5.0" }
-    concat:              {"repo": "puppetlabs/concat",          "ref": "9.0.2" }
-    cron_core:           {"repo": "puppetlabs/cron_core",       "ref": "1.3.0" }
-    docker:              {"repo": "puppetlabs/docker",          "ref": "9.1.0" }
-    firewall:            {"repo": "puppetlabs/firewall",        "ref": "8.0.1" }
-    host_core:           {"repo": "puppetlabs/host_core",       "ref": "1.3.0" }
-    inifile:             {"repo": "puppetlabs/inifile",         "ref": "6.1.1" }
-    lvm:                 {"repo": "puppetlabs/lvm",             "ref": "2.1.0" }
-    mount_core:          {"repo": "puppetlabs/mount_core",      "ref": "1.3.0" }
-    mysql:               {"repo": "puppetlabs/mysql",           "ref": "15.0.0"}
-    ntp:                 {"repo": "puppetlabs/ntp",             "ref": "10.1.0"}
-    postgresql:          {"repo": "puppetlabs/postgresql",      "ref": "10.2.0"}
-    puppetdb:            {"repo": "puppetlabs/puppetdb",        "ref": "8.0.1" }
-    reboot:              {"repo": "puppetlabs/reboot",          "ref": "5.0.0" }
-    sshkeys_core:        {"repo": "puppetlabs/sshkeys_core",    "ref": "2.5.0" }
-    stdlib:              {"repo": "puppetlabs/stdlib",          "ref": "9.6.0" }
-    debconf:             {"repo": "stm/debconf",                "ref": "6.0.0" }
+    rbenv:        {"repo": "jdowning/rbenv",          "ref": "3.0.0"}
+    archive:      {"repo": "puppet/archive",          "ref": "7.0.0"}
+    kmod:         {"repo": "puppet/kmod",             "ref": "4.0.0"}
+    letsencrypt:  {"repo": "puppet/letsencrypt",      "ref": "10.1.0"}
+    logrotate:    {"repo": "puppet/logrotate",        "ref": "7.0.1"} # 7.0.2 updates systemd, conflicts with postgres
+    nginx:        {"repo": "puppet/nginx",            "ref": "5.0.0"}
+    php:          {"repo": "puppet/php",              "ref": "9.0.0"}
+    apt:          {"repo": "puppetlabs/apt",          "ref": "9.0.0"} # 9.0.1+ breaks, needs updated stdlib
+    augeas_core:  {"repo": "puppetlabs/augeas_core",  "ref": "1.4.0"}
+    concat:       {"repo": "puppetlabs/concat",       "ref": "7.4.0"} # held back by postgres (and in turn by puppetdb v7.13)
+    cron_core:    {"repo": "puppetlabs/cron_core",    "ref": "1.2.0"}
+    docker:       {"repo": "puppetlabs/docker",       "ref": "7.0.0"} # 8.0.0 breaks
+    firewall:     {"repo": "puppetlabs/firewall",     "ref": "3.6.0"} # 5 breaks puppetdb v7.13, 6.0.0 needs stdlib 9, 7.0.0 breaks tests
+    host_core:    {"repo": "puppetlabs/host_core",    "ref": "1.2.0"}
+    inifile:      {"repo": "puppetlabs/inifile",      "ref": "5.4.1"} # held back by puppetdb v7.13
+    lvm:          {"repo": "puppetlabs/lvm",          "ref": "2.0.3"}
+    mount_core:   {"repo": "puppetlabs/mount_core",   "ref": "1.2.0"}
+    mysql:        {"repo": "puppetlabs/mysql",        "ref": "14.0.0"} # 15.0.0 breaks
+    ntp:          {"repo": "puppetlabs/ntp",          "ref": "10.1.0"}
+    postgresql:   {"repo": "puppetlabs/postgresql",   "ref": "8.3.0"} # 9.x blocked on puppetdb v7.13, blocks Puppet 8!?
+    puppetdb:     {"repo": "puppetlabs/puppetdb",     "ref": "7.13.0"}
+    reboot:       {"repo": "puppetlabs/reboot",       "ref": "5.0.0"}
+    sshkeys_core: {"repo": "puppetlabs/sshkeys_core", "ref": "2.4.0"}
+    stdlib:       {"repo": "puppetlabs/stdlib",       "ref": "8.6.0"} # ?! dragons...
+    resolv_conf:  {"repo": "saz/resolv_conf",         "ref": "5.1.0"}
+    debconf:      {"repo": "stm/debconf",             "ref": "6.0.0"}
+    unattended_upgrades: {"repo": "puppet/unattended_upgrades", "ref": "8.0.0"}
diff --git a/manifests/exposed_port.pp b/manifests/exposed_port.pp
@@ -66,7 +66,7 @@
       dport  => $port,
       source => $cidr['block'],
       state  => 'NEW',
-      jump   => 'accept',
+      action => 'accept',
     }
   }
 }
diff --git a/manifests/firewall_allow.pp b/manifests/firewall_allow.pp
@@ -76,7 +76,7 @@
       dport  => $port,
       source => $cidr,
       state  => 'NEW',
-      jump   => 'accept',
+      action => 'accept',
     }
   }
 }
diff --git a/manifests/profile/dns/smartconnect.pp b/manifests/profile/dns/smartconnect.pp
@@ -44,7 +44,7 @@
     $nameservers = $other_ns_ips
   }
 
-  class { 'nebula::resolv_conf':
+  class { 'resolv_conf':
     nameservers => concat(['127.0.0.1'], $nameservers),
     searchpath  => lookup('nebula::resolv_conf::searchpath'),
     require     => Service['bind9']

diff --git a/manifests/profile/dns/standard.pp b/manifests/profile/dns/standard.pp
@@ -9,5 +9,8 @@
 # @example
 #   include nebula::profile::dns::standard
 class nebula::profile::dns::standard {
-  include nebula::resolv_conf
+  class { 'resolv_conf':
+    nameservers => lookup('nebula::resolv_conf::nameservers'),
+    searchpath  => lookup('nebula::resolv_conf::searchpath'),
+  }
 }
diff --git a/manifests/profile/fulcrum/nginx.pp b/manifests/profile/fulcrum/nginx.pp
@@ -197,6 +197,6 @@
     proto  => 'tcp',
     dport  => 443,
     state  => 'NEW',
-    jump   => 'accept',
+    action => 'accept',
   }
 }
diff --git a/manifests/profile/haproxy.pp b/manifests/profile/haproxy.pp
@@ -43,7 +43,7 @@
   }
 
   $services.filter |$service, $params| {
-    'floating_ip' in $params
+    $params.has_key('floating_ip')
   }.each |$service, $params| {
     @nebula::haproxy::service { $service :
       cert_source => $cert_source,
@@ -133,7 +133,7 @@
     dport  => [80, 443],
     source => $::ipaddress,
     state  => 'NEW',
-    jump   => 'accept',
+    action => 'accept',
     tag    => 'haproxy'
   }
 

diff --git a/manifests/profile/hathitrust/rsync.pp b/manifests/profile/hathitrust/rsync.pp
@@ -48,7 +48,7 @@
         dport  => 873,
         source => $user['ip'],
         state  => 'NEW',
-        jump   => 'accept'
+        action => 'accept'
       }
     }
   }

diff --git a/manifests/profile/hathitrust/secure_rsync.pp b/manifests/profile/hathitrust/secure_rsync.pp
@@ -69,7 +69,7 @@
       source    => $network['block'],
       src_range => $network['range'],
       state     => 'NEW',
-      jump      => 'accept',
+      action    => 'accept',
     }
   }
 }
diff --git a/manifests/profile/kubernetes/dns_server.pp b/manifests/profile/kubernetes/dns_server.pp
@@ -76,7 +76,7 @@
       dport  => 53,
       source => $node_cidr,
       state  => 'NEW',
-      jump   => 'accept',
+      action => 'accept',
     ;
 
     '200 Nameserver (TCP)':

diff --git a/manifests/profile/kubernetes/haproxy.pp b/manifests/profile/kubernetes/haproxy.pp
@@ -52,7 +52,7 @@
     default:
       proto  => 'tcp',
       state  => 'NEW',
-      jump   => 'accept',
+      action => 'accept',
     ;
 
     '200 private api':

diff --git a/manifests/profile/kubernetes/kubelet.pp b/manifests/profile/kubernetes/kubelet.pp
@@ -49,7 +49,7 @@
       proto  => 'tcp',
       source => $node_cidr,
       state  => 'NEW',
-      jump   => 'accept',
+      action => 'accept',
     ;
 
     '200 Cluster ssh':

diff --git a/manifests/profile/kubernetes/router.pp b/manifests/profile/kubernetes/router.pp
@@ -20,7 +20,7 @@
   firewall { '001 Do not NAT internal requests':
     table       => 'nat',
     chain       => 'POSTROUTING',
-    jump        => 'accept',
+    action      => 'accept',
     proto       => 'all',
     source      => $node_cidr,
     destination => $node_cidr,

diff --git a/manifests/profile/letsencrypt.pp b/manifests/profile/letsencrypt.pp
@@ -22,6 +22,6 @@
     proto  => 'tcp',
     dport  => 80,
     state  => 'NEW',
-    jump   => 'accept',
+    action => 'accept',
   }
 }
diff --git a/manifests/profile/networking/firewall.pp b/manifests/profile/networking/firewall.pp
@@ -138,7 +138,7 @@
   $firewall_defaults = {
     proto  => 'tcp',
     state  => 'NEW',
-    jump   => 'accept'
+    action => 'accept'
   }
 
   create_resources(firewall,$rules,$firewall_defaults)
@@ -148,41 +148,41 @@
   firewall { '001 accept related established rules':
     proto  => 'all',
     state  => ['RELATED', 'ESTABLISHED'],
-    jump   => 'accept',
+    action => 'accept',
   }
 
   firewall { '001 accept all to lo interface':
     proto   => 'all',
     iniface => 'lo',
-    jump    => 'accept',
+    action  => 'accept',
   }
 
   firewall { '999 drop all':
     proto  => 'all',
-    jump   => 'drop',
+    action => 'drop',
     before => undef,
   }
 
   # Default IPv6 items, sorted by title
   firewall { '001 accept related established rules (v6)':
     proto    => 'all',
     state    => ['RELATED', 'ESTABLISHED'],
-    jump     => 'accept',
-    protocol => 'ip6tables',
+    action   => 'accept',
+    provider => 'ip6tables',
   }
 
   firewall { '001 accept all to lo interface (v6)':
     proto    => 'all',
     iniface  => 'lo',
-    jump     => 'accept',
-    protocol => 'ip6tables',
+    action   => 'accept',
+    provider => 'ip6tables',
   }
 
   firewall { '999 drop all (v6)':
     proto    => 'all',
-    jump     => 'drop',
+    action   => 'drop',
     before   => undef,
-    protocol => 'ip6tables',
+    provider => 'ip6tables',
   }
 
 }
diff --git a/manifests/profile/networking/firewall/http_datacenters.pp b/manifests/profile/networking/firewall/http_datacenters.pp
@@ -16,7 +16,7 @@
     proto  => 'tcp',
     dport  => [80, 443],
     state  => 'NEW',
-    jump   => 'accept'
+    action => 'accept'
   }
 
   $networks.flatten.each |$network| {

diff --git a/manifests/profile/prometheus.pp b/manifests/profile/prometheus.pp
@@ -153,7 +153,7 @@
     dport  => 9100,
     source => $::ipaddress,
     state  => 'NEW',
-    jump   => 'accept',
+    action => 'accept',
   }
 
   case $facts["mlibrary_ip_addresses"] {
@@ -194,7 +194,7 @@
         proto  => 'tcp',
         source => $address,
         state  => 'NEW',
-        jump   => 'accept',
+        action => 'accept',
       ;
 
       "010 prometheus public node exporter ${::hostname} ${address}":
@@ -215,7 +215,7 @@
         proto  => 'tcp',
         source => $address,
         state  => 'NEW',
-        jump   => 'accept',
+        action => 'accept',
       ;
 
       "010 prometheus private node exporter ${::hostname} ${address}":
@@ -236,7 +236,7 @@
     dport  => 9101,
     source => $::ipaddress,
     state  => 'NEW',
-    jump   => 'accept',
+    action => 'accept',
   }
 
   @@firewall { "010 prometheus mysql exporter ${::hostname}":
@@ -245,7 +245,7 @@
     dport  => 9104,
     source => $::ipaddress,
     state  => 'NEW',
-    jump   => 'accept',
+    action => 'accept',
   }
 
   Firewall <<| tag == "${::datacenter}_pushgateway_node" |>>

diff --git a/manifests/profile/prometheus/exporter/node.pp b/manifests/profile/prometheus/exporter/node.pp
@@ -154,7 +154,7 @@
       dport  => 9091,
       source => $address,
       state  => 'NEW',
-      jump   => 'accept',
+      action => 'accept',
     }
   }
 

diff --git a/manifests/resolv_conf.pp b/manifests/resolv_conf.pp
diff --git a/manifests/role/webhost/htvm/test.pp b/manifests/role/webhost/htvm/test.pp
@@ -13,7 +13,7 @@
       dport  => [80,443],
       source => $network['block'],
       state  => 'NEW',
-      jump   => 'accept',
+      action => 'accept',
     }
   }
 

diff --git a/manifests/unison/client.pp b/manifests/unison/client.pp
@@ -39,7 +39,7 @@
     dport  => [$port],
     source => $::ipaddress,
     state  => 'NEW',
-    jump   => 'accept',
+    action => 'accept',
     tag    =>  "unison-client-${title}"
   }