Update to puppet best practice package installation

Author: yakatz

data/os/Debian.yaml

@@ -0,0 +1,10 @@
+---
+
+csf::packages::required:
+  - perl
+  - iptables
+
+csf::packages::recommended:
+  - libwww-perl
+  - liblwp-protocol-https-perl
+  - libgd-graph-perl

data/os/RedHat.yaml

@@ -0,0 +1,10 @@
+---
+
+csf::packages::required:
+  - perl
+  - iptables
+
+csf::packages::recommended:
+  - perl-libwww-perl
+  - perl-LWP-Protocol-https
+  - perl-GDGraph

hiera.yaml

@@ -0,0 +1,21 @@
+---
+version: 5
+
+defaults:  # Used for any hierarchy level that omits these keys.
+  datadir: data         # This path is relative to hiera.yaml's directory.
+  data_hash: yaml_data  # Use the built-in YAML backend.
+
+hierarchy:
+  - name: "osfamily/major release"
+    paths:
+        # Used to distinguish between Debian and Ubuntu
+      - "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
+      - "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
+        # Used for Solaris
+      - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
+  - name: "osfamily"
+    paths:
+      - "os/%{facts.os.name}.yaml"
+      - "os/%{facts.os.family}.yaml"
+  - name: 'common'
+    path: 'common.yaml'

manifests/init.pp

@@ -1,9 +1,10 @@
 # csf
 class csf (
-  $download_location = $::csf::params::download_location,
-  $service_ensure = $::csf::params::service_ensure,
-  $service_enable = $::csf::params::service_enable,
-  $docker = $::csf::params::docker,
+  $download_location            = $::csf::params::download_location,
+  $service_ensure               = $::csf::params::service_ensure,
+  $service_enable               = $::csf::params::service_enable,
+  $docker                       = $::csf::params::docker,
+  $install_recommended_packages = $::csf::params::install_recommended_packages,
 ) inherits csf::params {
   # Install and configure CSF as required
   include ::csf::install

manifests/install.pp

@@ -1,28 +1,29 @@
 # csf::install
 class csf::install inherits csf {
   # this installs csf and reloads it
-  if $::operatingsystem == 'CentOS' and versioncmp($::operatingsystemmajrelease, '7') < 0 {
-    package { 'iptables-ipv6':
-      ensure => installed,
-      before => Exec['csf-install'],
-    }
-  }
 
-  package { 'iptables':
-    ensure => installed,
+  $required_packages = lookup('csf::packages::required', Array[String])
+
+  ensure_packages ($required_packages, {
+    ensure => 'present',
     before => Exec['csf-install'],
-  }
+  })
 
-  package { 'csf-perl':
-    ensure => installed,
-    name   => 'perl',
+  if $::csf::install_recommended_packages {
+    $recommended_packages = lookup('csf::packages::recommended', Array[String])
+
+    ensure_packages ($recommended_packages, {
+      ensure => 'present',
+      before => Exec['csf-install'],
+    })
   }
-  -> exec { 'csf-install':
+
+  exec { 'csf-install':
     cwd     => '/tmp',
     command => "/usr/bin/curl -o csf.tgz ${::csf::download_location} && tar -xzf csf.tgz && cd csf && sh install.sh",
     creates => '/usr/sbin/csf',
     notify  => Service['csf'],
-    require => Package['csf-perl'],
+    require => Package['perl'],
   }
 
   # make sure testing is disabled, we trust puppet enough

manifests/params.pp

@@ -4,4 +4,5 @@
   $docker = absent
   $service_ensure = 'running'
   $service_enable = true
+  $install_recommended_packages = true
 }

spec/classes/csf_install_spec.rb

@@ -16,18 +16,25 @@
           it { is_expected.to contain_class('csf::install') }
 
           # verify packages and installation
-          it { is_expected.to contain_package('csf-perl') }
+          it { is_expected.to contain_package('perl') }
           it { is_expected.to contain_exec('csf-install').with('cwd' => '/tmp') }
           it { is_expected.to contain_exec('csf-install').with('command' => '/usr/bin/curl -o csf.tgz https://download.configserver.com/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh') }
           it { is_expected.to contain_exec('csf-install').with('creates' => '/usr/sbin/csf') }
           it { is_expected.to contain_exec('csf-install').with('notify' => 'Service[csf]') }
-          it { is_expected.to contain_exec('csf-install').with('require' => 'Package[csf-perl]') }
+          it { is_expected.to contain_exec('csf-install').with('require' => 'Package[perl]') }
 
-          it { is_expected.to contain_package('iptables').with('ensure' => 'installed') }
+          it { is_expected.to contain_package('iptables').with('ensure' => 'present') }
 
-          if facts[:operatingsystem] == 'CentOS' && facts[:operatingsystemmajrelease].to_i < 7
-            it { is_expected.to contain_package('iptables-ipv6').with('ensure' => 'installed') }
-            it { is_expected.to contain_package('iptables-ipv6').with('before' => 'Exec[csf-install]') }
+          if facts[:operatingsystem] == 'CentOS'
+            it { is_expected.to contain_package('perl-libwww-perl').with('ensure' => 'present') }
+            it { is_expected.to contain_package('perl-LWP-Protocol-https').with('ensure' => 'present') }
+            it { is_expected.to contain_package('perl-GDGraph').with('ensure' => 'present') }
+          end
+
+          if facts[:operatingsystem] == 'Ubuntu'
+            it { is_expected.to contain_package('libwww-perl').with('ensure' => 'present') }
+            it { is_expected.to contain_package('liblwp-protocol-https-perl').with('ensure' => 'present') }
+            it { is_expected.to contain_package('libgd-graph-perl').with('ensure' => 'present') }
           end
 
           # check our configuration