v0.7.4 dependencies still fighting, module will still not install

[canihavethisone]

Unfortunately the module will still not install with puppet module install tomkrieger-cis_security_hardening due to dependency clashes.

I suggest you package the module and perform a test install prior to next release.

On a side note, I am concerned about including a default (and weak) grub2 password. Passwords should never be defaulted and the module should fail to apply unless the implementer provides one in their hiera or wrapping class.

Thanks.

puppet module install tomkrieger-cis_security_hardening --version 0.7.4 --environment production --vardir /etc/puppetlabs/code/environments/production/tmp/
  Last 100 lines of output were:
        Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
        Notice: Downloading from https://forgeapi.puppet.com ...
        Error: Could not install module 'tomkrieger-cis_security_hardening' (v0.7.4)
          The requested version cannot satisfy one or more of the following installed modules:
            herculesteam-augeasproviders_sysctl, expects 'tomkrieger-cis_security_hardening': >= 2.3.1 < 4.0.0

          Use `puppet module install 'tomkrieger-cis_security_hardening' --ignore-dependencies` to install only this module

[tom-krieger]

I'm testing the module in my Puppet environment and there dependency issues don't occur. I will see what I can do to get an acceptance test running avoiding these issues.

Regarding the gub password. It's default yes but the rules to enforce the grub password are all set to 'false', so no password get's set. I think it's better to have a working example in the configs than having just 'xxx' there.

[canihavethisone]

Thanks Tom. Have you tried building then installing the module to a clean module path?

[tom-krieger]

Yes I changed augeasproviders_sysctl to thias-sysctl. I'm fighting with acceptance tests now as applying this huge module in a docker container does not make sense. I tend to only do a module install for acceptance for the moment. You can just use the main branch to test the new version. There you find the acceptance test installing the module without issues in a CentOS 7 docker container. Please let me know if all works for you before I release a new version.

[canihavethisone]

I'll try it in the next few days, and try to improve the dependencies a bit more. I test using beaker-openstack to create a master and agent. Have you considered joining the puppet slack channel so we can chat there? A lot of the puppet community are on there.

[tom-krieger]

I am in the Puppet Community Slack. Please search for a user called Tom with my GitHub account in the profile. Or please let me know how to contact you on slack.

Btw. I've found a problem with switching the sysctl module. I will investigate this the next days.

[canihavethisone]

I have cloned the repo and built the module. It does now install however with stdlib v6.6.0. To get it to install with stdlib v8.4.0 the puppet-rsyslog version needs to be increased to ">= 3.3.0 < 7.0.0".

I can see the issue when previously using augeasproviders_sysctl, I suspect it is in transition to puppet publishing as its sole dependency has recently been marked as deprecated in favour of a puppet (voxpopuli) one.

Also, note that the AlexCline-fstab is 10 years old and an old construct without metadata (and unconventional caps in the publisher name), though it does install. As this module only appears to be invoked once in manifests/rules/dev_shm.pp, I would look at replacing its function with augeas as done in manifests/set_mount_options.pp, or another method.

Lastly, final metadata changes should be reflected in fixtures also. In my opinion, sub-dependencies don't need to be specified in metadata but should in fixtures. Other people may have a different view on that.

puppet module install tomkrieger-cis_security_hardening-0.7.5.tar.gz --target-dir /tmp/test
Notice: Preparing to install into /tmp/test ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/tmp/test
└─┬ tomkrieger-cis_security_hardening (v0.7.5)
  ├── AlexCline-fstab (v0.5.4)
  ├─┬ camptocamp-augeas (v1.9.0)
  │ └── puppetlabs-augeas_core (v1.2.0)
  ├── fiddyspence-sysctl (v1.1.0)
  ├── ipcrm-echo (v0.1.7)
  ├── puppet-augeasproviders_grub (v4.0.0)
  ├─┬ puppet-augeasproviders_pam (v3.0.1)
  │ └── puppet-augeasproviders_core (v3.2.0)
  ├── puppet-chrony (v2.5.0)
  ├── puppet-kmod (v3.2.0)
  ├── puppet-logrotate (v6.1.0)
  ├─┬ puppet-rsyslog (v6.0.0)
  │ └── puppetlabs-apt (v8.5.0)
  ├── puppetlabs-concat (v7.3.0)
  ├── puppetlabs-firewall (v3.6.0)
  ├── puppetlabs-inifile (v5.4.0)
  ├── puppetlabs-ntp (v9.2.0)
  ├── puppetlabs-reboot (v4.3.0)
  └── puppetlabs-stdlib (v8.4.0)

[canihavethisone]

Confirming that the current main branch installs ok (also now with stdlib v8.5.0), and also verified all unit tests pass. However CentOS8 is missing from metadata as a supported OS.

Notice: Preparing to install into /tmp/test ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/tmp/test
└─┬ tomkrieger-cis_security_hardening (v0.7.5)
  ├── fiddyspence-sysctl (v1.1.0)
  ├── ipcrm-echo (v0.1.7)
  ├── puppet-augeasproviders_grub (v4.0.0)
  ├─┬ puppet-augeasproviders_pam (v3.0.1)
  │ └── puppet-augeasproviders_core (v3.2.0)
  ├── puppet-chrony (v2.5.0)
  ├── puppet-kmod (v3.2.0)
  ├── puppet-logrotate (v6.1.0)
  ├── puppetlabs-augeas_core (v1.2.0)
  ├── puppetlabs-concat (v7.3.0)
  ├── puppetlabs-firewall (v3.6.0)
  ├── puppetlabs-inifile (v5.4.0)
  ├── puppetlabs-ntp (v9.2.0)
  ├── puppetlabs-reboot (v4.3.0)
  └── puppetlabs-stdlib (v8.5.0)

[tom-krieger]

Released version 0.7.5