Install netbase for /etc/services on Ubuntu 20.04

.github/workflows/ci.yml

@@ -4,6 +4,7 @@
 
 name: CI
 
+# yamllint disable-line rule:truthy
 on:
   pull_request: {}
   push:
@@ -18,4 +19,6 @@ concurrency:
 jobs:
   puppet:
     name: Puppet
-    uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v2
+    uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v3
+    with:
+      unit_runs_on: 'cern-self-hosted'

.github/workflows/labeler.yml

@@ -4,6 +4,7 @@
 
 name: "Pull Request Labeler"
 
+# yamllint disable-line rule:truthy
 on:
   pull_request_target: {}
 

.github/workflows/prepare_release.yml

@@ -0,0 +1,23 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+name: 'Prepare Release'
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Module version to be released. Must be a valid semver string without leading v. (1.2.3)'
+        required: false
+
+jobs:
+  release_prep:
+    uses: 'voxpupuli/gha-puppet/.github/workflows/prepare_release.yml@v3'
+    with:
+      version: ${{ github.event.inputs.version }}
+      allowed_owner: 'voxpupuli'
+    secrets:
+      # Configure secrets here:
+      #  https://docs.github.com/en/actions/security-guides/encrypted-secrets
+      github_pat: '${{ secrets.PCCI_PAT_RELEASE_PREP }}'

.github/workflows/release.yml

@@ -4,6 +4,7 @@
 
 name: Release
 
+# yamllint disable-line rule:truthy
 on:
   push:
     tags:
@@ -12,18 +13,11 @@ on:
 jobs:
   release:
     name: Release
-    uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v2
+    uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v3
     with:
       allowed_owner: 'voxpupuli'
     secrets:
       # Configure secrets here:
       #  https://docs.github.com/en/actions/security-guides/encrypted-secrets
       username: ${{ secrets.PUPPET_FORGE_USERNAME }}
       api_key: ${{ secrets.PUPPET_FORGE_API_KEY }}
-
-  create-github-release:
-    name: Create GitHub Release
-    runs-on: ubuntu-latest
-    steps:
-      - name: Create GitHub release
-        uses: voxpupuli/gha-create-a-github-release@v1

.msync.yml

@@ -2,4 +2,4 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-modulesync_config_version: '9.1.0'
+modulesync_config_version: '9.4.0'

.sync.yml

@@ -6,3 +6,7 @@ spec/spec_helper_acceptance.rb:
   enabled_lint_checks:
     - parameter_documentation
     - parameter_types
+
+.github/workflows/ci.yml:
+  with:
+    unit_runs_on: 'cern-self-hosted'

Gemfile

@@ -4,7 +4,7 @@
 source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
 group :test do
-  gem 'voxpupuli-test', '~> 8.0',   :require => false
+  gem 'voxpupuli-test', '~> 9.0',   :require => false
   gem 'coveralls',                  :require => false
   gem 'simplecov-console',          :require => false
   gem 'puppet_metadata', '~> 4.0',  :require => false
@@ -26,7 +26,7 @@ end
 gem 'rake', :require => false
 gem 'facter', ENV['FACTER_GEM_VERSION'], :require => false, :groups => [:test]
 
-puppetversion = ENV['PUPPET_GEM_VERSION'] || '~> 7.24'
+puppetversion = ENV['PUPPET_GEM_VERSION'] || [">= 7.24", "< 9"]
 gem 'puppet', puppetversion, :require => false, :groups => [:test]
 
 # vim: syntax=ruby

REFERENCE.md

@@ -1727,10 +1727,10 @@ Insert a file into the nftables configuration
 
 ```puppet
 nftables::file{'geoip':
-  content => @(EOT)
+  content => @(EOT),
     include "/var/local/geoipsets/dbip/nftset/ipv4/*.ipv4"
     include "/var/local/geoipsets/dbip/nftset/ipv6/*.ipv6"
-    |EOT,
+    |EOT
 }
 ```
 

manifests/init.pp

@@ -159,6 +159,13 @@
     ensure => installed,
   }
 
+  # /etc/services file is needed, on newer OSes this is a dependency on nftables
+  if $facts['os']['name'] == 'Ubuntu' and $facts['os']['release']['major'] == '20.04' {
+    package { 'netbase':
+      ensure => present,
+    }
+  }
+
   if $clobber_default_config {
     file { $configuration_path:
       ensure  => file,
@@ -242,7 +249,7 @@
       notify   => Service['nftables'],
     }
 
-    # Generate nftables hash upon changes to the nftables service 
+    # Generate nftables hash upon changes to the nftables service
     exec { 'nftables_generate_hash':
       command     => ["nft -s list ruleset | sha1sum > ${inmem_rules_hash_file}"],
       path        => $facts['path'],

metadata.json

@@ -83,7 +83,7 @@
   "requirements": [
     {
       "name": "puppet",
-      "version_requirement": ">= 7.0.0 < 9.0.0"
+      "version_requirement": ">= 8.0.0 < 9.0.0"
     }
   ]
 }

spec/classes/nftables_spec.rb

@@ -33,6 +33,13 @@
 
       it { is_expected.to contain_package('nftables') }
 
+      case [os_facts[:os]['name'], os_facts[:os]['release']['major']]
+      when ['Ubuntu', '20.04']
+        it { is_expected.to contain_package('netbase') }
+      else
+        it { is_expected.not_to contain_package('netbase') }
+      end
+
       context 'with clobber_default_config false' do
         let(:params) do
           { clobber_default_config: false }

spec/support/spec/mock.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+RSpec.configure do |c|
+  c.before do
+    # select the systemd service provider even when on docker
+    # https://tickets.puppetlabs.com/browse/PUP-11167
+    allow(Puppet::FileSystem).to receive(:exist?).and_call_original
+    allow(Puppet::FileSystem).to receive(:exist?).with('/proc/1/comm').and_return(true)
+    allow(Puppet::FileSystem).to receive(:read).and_call_original
+    allow(Puppet::FileSystem).to receive(:read).with('/proc/1/comm').and_return(['systemd'])
+  end
+end