EL9 initial templates

Author: jouvin

config/core/base.pan

@@ -9,24 +9,31 @@ values = true or false
 default = true
 required = no
 }
-variable OS_BASE_CONFIGURE_NETWORK ?= true;
-variable SITE_ADDITIONAL_PACKAGES ?= undef;
+final variable OS_BASE_CONFIGURE_NETWORK ?= true;
+
+@{
+desc = list of site-specific additional packages
+values = list of strings
+default = empty list
+required = no
+} 
+final variable SITE_ADDITIONAL_PACKAGES ?= undef;
 
 # Default if not properly defined elsewhere, using the standard mechanism
-variable OS_VERSION_PARAMS ?= nlist(
+final variable OS_VERSION_PARAMS ?= dict(
     "distribution", "el",
-    "family",       "el",
-    "major",        "el8",
-    "majorversion", "8",
-    "minor",        "x",
-    "flavour",      "x",
-    "version",      "el8x",
-    "arch",         "x86_64"
+    "family", "el",
+    "major", "el9",
+    "majorversion", "9",
+    "minor", "x",
+    "flavour", "x",
+    "version", "el9x",
+    "arch", "x86_64",
 );
 
-variable RPM_BASE_FLAVOUR = '8';
-variable RPM_BASE_FLAVOUR_VERSIONID = 8;
-variable RPM_BASE_FLAVOUR_NAME = format('el%s',RPM_BASE_FLAVOUR_VERSIONID);
+final variable RPM_BASE_FLAVOUR = '9';
+final variable RPM_BASE_FLAVOUR_VERSIONID = 9;
+final variable RPM_BASE_FLAVOUR_NAME = format('el%s', RPM_BASE_FLAVOUR_VERSIONID);
 
 
 @{
@@ -35,18 +42,43 @@ values = string
 default = yumdnf
 required = no
 }
-variable SPMA_BACKEND ?= 'yumdnf';
-variable DEBUG = debug(format('%s: SPMA_BACKEND=%s', OBJECT, to_string(SPMA_BACKEND)));
+final variable SPMA_BACKEND ?= 'yumdnf';
+variable DEBUG = debug('%s: SPMA_BACKEND=%s', OBJECT, to_string(SPMA_BACKEND));
+
+@{
+desc = if true remove packages that are no longer part of the profile
+values = boolean
+default = true
+required = no
+}
+final variable SPMA_REMOVE_OBSOLETE_PACKAGES ?= false;
+
+
+# Use NetworkManager/nmstate to configure the network
+final variable OS_NETWORK_USE_NETWORK_MANAGER ?= true;
+# If not using NetworkManager, let tQUATTOR_TYPES_NETWORK_BACKEND undefined to use default
+final variable QUATTOR_TYPES_NETWORK_BACKEND ?= if ( OS_NETWORK_USE_NETWORK_MANAGER ) {
+    'nmstate';
+};
+
+
+@{
+desc = variants of glibc langpack to use
+values = list of strings matching a RPM variant or null to disable explicit installation of langpack
+default = 'langpack-en'
+required = no
+}
+variable OS_GLIBC_LANGPACKS ?= list('langpack-en');
 
 
 @{
 desc = Define the base name used for OS-related YUM repositories.
-values = dict of string, each entry being either a host name or a OS major version (e.g. el8). \
+values = dict of string, each entry being either a host name or a OS major version (e.g. el9). \
  The value is used as the name part of the YUM repository name (before the first '-').
 default = none
 required = yes
 }
-variable YUM_OS_DISTRIBUTION ?= dict();
+final variable YUM_OS_DISTRIBUTION ?= dict();
 
 
 @{
@@ -55,14 +87,14 @@ values = string whose value is used as the name part of the YUM repository name
 default = based on YUM_OS_DISTRIBUTION contents
 required = no
 }
-variable YUM_OS_DISTRIBUTION_NAME ?= {
-  if ( is_defined(YUM_OS_DISTRIBUTION[OBJECT]) ) {
-    YUM_OS_DISTRIBUTION[OBJECT];
-  } else if ( is_defined(YUM_OS_DISTRIBUTION[OS_VERSION_PARAMS['major']]) ) {
-    YUM_OS_DISTRIBUTION[OS_VERSION_PARAMS['major']];
-  } else {
-    error("YUM_OS_DISTRIBUTION not defined: cannot determine OS distribution (YUM repository) to use");
-  };
+final variable YUM_OS_DISTRIBUTION_NAME ?= {
+    if ( is_defined(YUM_OS_DISTRIBUTION[OBJECT]) ) {
+        YUM_OS_DISTRIBUTION[OBJECT];
+    } else if ( is_defined(YUM_OS_DISTRIBUTION[OS_VERSION_PARAMS['major']]) ) {
+        YUM_OS_DISTRIBUTION[OS_VERSION_PARAMS['major']];
+    } else {
+        error("YUM_OS_DISTRIBUTION not defined: cannot determine OS distribution (YUM repository) to use");
+    };
 };
 
 @{
@@ -71,24 +103,26 @@ value = pan namespace
 default = repository/snapshot
 required = no
 }
-variable YUM_SNAPSHOT_NS ?= 'repository/snapshot';
-variable YUM_OS_SNAPSHOT_NS ?= YUM_SNAPSHOT_NS;
+final variable YUM_SNAPSHOT_NS ?= 'repository/snapshot';
+final variable YUM_OS_SNAPSHOT_NS ?= YUM_SNAPSHOT_NS;
 
 @{
 desc = name of the template used to configure the base OS repository
 value = template name
 default = OS_VERSION_PARAMS['major'] + '_baseos'
 required = non
 }
-variable BASE_OS_REPOSITORY_TEMPLATE ?= if ( !is_null(BASE_OS_REPOSITORY_TEMPLATE) ) format('%s_baseos', OS_VERSION_PARAMS['major']);
+final variable BASE_OS_REPOSITORY_TEMPLATE ?= if ( !is_null(BASE_OS_REPOSITORY_TEMPLATE) ) {
+    format('%s_baseos', OS_VERSION_PARAMS['major']);
+};
 
 @{
 desc = use iptables and ip6tables services instead of firewalld
 value = true or false
-default = false (EL8 default is to use firewalld)
+default = false (EL9 default is to use firewalld)
 required = no
 }
-variable OS_USE_IPTABLES_SERVICES ?= false;
+final variable OS_USE_IPTABLES_SERVICES ?= false;
 
 
 @{
@@ -97,21 +131,54 @@ value = true, false or null to install/configure none of those
 default = false if OS_USE_IPTABLES_SERVICES=true, true otherwise
 required = no
 }
-variable OS_ENABLE_FIREWALLD ?= if ( OS_USE_IPTABLES_SERVICES ) {
-                                   false;
-                                } else if ( !exists(OS_ENABLE_FIREWALLD) || !is_null(OS_ENABLE_FIREWALLD) ) {
-                                   true;
-                                } else {
-                                   SELF;
-                                };
+final variable OS_ENABLE_FIREWALLD ?= if ( OS_USE_IPTABLES_SERVICES ) {
+    false;
+} else if ( !exists(OS_ENABLE_FIREWALLD) || !is_null(OS_ENABLE_FIREWALLD) ) {
+    true;
+} else {
+    SELF;
+};
 variable ERROR = if ( OS_USE_IPTABLES_SERVICES && is_defined(OS_ENABLE_FIREWALLD) && OS_ENABLE_FIREWALLD ) {
-                   error('OS_ENABLE_FIREWALLD should not be set to true when OS_USE_IPTABLES_SERVICES is true');
-                 };
+    error('OS_ENABLE_FIREWALLD should not be set to true when OS_USE_IPTABLES_SERVICES is true');
+};
 
 
-variable OS_BASE_CONFIG_SITE ?= null;
+@{
+desc = install  iscsi tools and start iscsi daemon if true
+values = boolean
+default = false
+required = no
+}
+final variable OS_CORE_ISCSI_ENABLED ?= false;
+
+@{
+desc = if true, install only the minimal set of RPM
+values = boolean
+default = false
+required = no
+}
+final variable OS_CORE_ONLY ?= false;
+
+@{
+desc = if true, install RDMA package
+values = boolean
+default = false
+required = no
+}
+final variable OS_CORE_RDMA_ENABLED ?= false;
 
-variable KERNEL_FIRMWARE_ARCH ?= "noarch";
+@{
+desc = if true, install smartmontools package and start smartd service
+values = boolean
+default = true
+required = no
+}
+final variable OS_CORE_SMARTD_ENABLED ?= true;
+
+
+final variable OS_BASE_CONFIG_SITE ?= null;
+
+final variable KERNEL_FIRMWARE_ARCH ?= "noarch";
 #
 # Kernel version and CPU architecture
 #
@@ -121,7 +188,15 @@ include 'os/kernel_version_arch';
 # supported for a service.
 # This variable can be overriden at a site level or in a profile to
 # force a specific architecture (e.g. i386 on 64-bit machine)
-variable PKG_ARCH_BASE ?= PKG_ARCH_DEFAULT;
+final variable PKG_ARCH_BASE ?= PKG_ARCH_DEFAULT;
+
+# Default should be appropriate: ncm-network initscripts backend unsupported on EL9
+final variable OS_NETWORK_USE_INITSCRIPTS ?= false;
+
+# Set to true if some parts of the configuration still depend on ncm-chkconfig
+# In 24.10.0, keep true as the default until ncm-named and ncm-systemd no longer require
+# chkconfig binary
+final variable OS_INSTALL_CHKCONFIG ?= true;
 
 # Minimum list of packages
 include 'rpms/base';
@@ -132,15 +207,15 @@ include 'config/core/daemons';
 include 'config/core/boot';
 
 # Configure network, except if disabled
-variable DEBUG = debug(format('%s: OS_BASE_CONFIGURE_NETWORK=%s',OBJECT,to_string(OS_BASE_CONFIGURE_NETWORK)));
+variable DEBUG = debug('%s: OS_BASE_CONFIGURE_NETWORK=%s', OBJECT, to_string(OS_BASE_CONFIGURE_NETWORK));
 include if ( OS_BASE_CONFIGURE_NETWORK ) 'os/network/config';
 
 # Install/enable iptables services if needed or enable/disable firewalld according to OS_DISABLE_FIREWALLD
 include if ( OS_USE_IPTABLES_SERVICES ) {
-          'config/core/iptables-services';
-        } else if ( is_defined(OS_ENABLE_FIREWALLD) ) {
-          'config/core/firewalld';
-        };
+    'config/core/iptables-services';
+} else if ( is_defined(OS_ENABLE_FIREWALLD) ) {
+    'config/core/firewalld';
+};
 
 
 @{
@@ -149,7 +224,7 @@ value = string
 default = python3
 required = no
 }
-variable PYTHON_RPM_DEFAULT_PREFIX ?= 'python3';
+final variable PYTHON_RPM_DEFAULT_PREFIX ?= 'python3';
 
 
 @{
@@ -158,11 +233,16 @@ value = boolean
 default = false
 required = no
 }
-variable OS_USE_MICROCODE_CTL ?= false;
+final variable OS_USE_MICROCODE_CTL ?= false;
 
 
 # Use ncm-systemd instead of ncm-chkconfig to process ncm-chkconfig configuration
-include 'components/systemd/legacy/chkconfig';
+# chconfig is requried if ncm-chkconfig is enabled, even with the legacy configuration
+include if ( OS_INSTALL_CHKCONFIG ) 'components/systemd/legacy/chkconfig';
+
+# Configure ncm-spma process_obsoletes
+include 'components/spma/config';
+'/software/components/spma/process_obsoletes' = SPMA_REMOVE_OBSOLETE_PACKAGES;
 
 # Install microcode_ctl package if needed
 '/software/packages' = {
@@ -191,5 +271,5 @@ prefix '/software/components/accounts';
 'kept_groups/wireshark' = '';
 
 # Local site OS configuration
-variable DEBUG = debug(format('%s: OS_BASE_CONFIG_SITE=%s',OBJECT,to_string(OS_BASE_CONFIG_SITE)));
+variable DEBUG = debug('%s: OS_BASE_CONFIG_SITE=%s', OBJECT, to_string(OS_BASE_CONFIG_SITE));
 include OS_BASE_CONFIG_SITE;

config/core/boot.pan

@@ -1,5 +1,5 @@
 @{
-    Template listing boot options for all EL8 hosts.
+    Template listing boot options for all EL9 hosts.
 }
 
 unique template config/core/boot;

config/core/daemons.pan

@@ -2,10 +2,11 @@
     Template listing daemons  that must be enabled or disabled in all SL6-based installations
 
 }
-
 unique template config/core/daemons;
 
 variable OS_CORE_POSTFIX ?= false;
+variable OS_CORE_ONLY ?= false;
+variable OS_CORE_ISCSI_ENABLED ?= false;
 
 variable OS_WANTED_DEFAULT_DAEMONS ?= {
     append('sshd');
@@ -17,7 +18,6 @@ variable OS_WANTED_DEFAULT_DAEMONS ?= {
 };
 
 variable OS_UNWANTED_DEFAULT_DAEMONS ?= {
-    append('abrt');
     append('avahi-daemon');
     append('bluetooth');
     append('cups');
@@ -38,22 +38,21 @@ variable OS_UNWANTED_DEFAULT_DAEMONS ?= {
     append('stap-server');
     append('tog-pegasus');
     append('wpa_supplicant');
-    append('yum');
-    append('yum-cron');
-    append('yum-updatesd');
     if ( OS_CORE_ONLY || ! OS_CORE_ISCSI_ENABLED ) {
         append('iscsi');
         append('iscsid');
     };
     SELF;
 };
 
-'/software/components/systemd/unit/' = {
+include 'components/systemd/config';
+
+'/software/components/systemd/unit' = {
     foreach(k; v; OS_WANTED_DEFAULT_DAEMONS) {
         SELF[v]['state'] = 'enabled';
-	SELF[v]['startstop'] = true;
+        SELF[v]['startstop'] = true;
     };
-    foreach(k;v;OS_UNWANTED_DEFAULT_DAEMONS) {
+    foreach(k; v; OS_UNWANTED_DEFAULT_DAEMONS) {
         SELF[v]['state'] = 'disabled';
         SELF[v]['startstop'] = true;
     };

config/core/firewalld.pan

@@ -1,14 +1,13 @@
 unique template config/core/firewalld;
 
+include 'components/systemd/config';
+
 # Add firewalld RPM
 '/software/packages' = {
     pkg_repl('firewalld');
-    # iptables is a dependency for firewalld but sometimes fails to be properly installed
-    pkg_repl('iptables');
     SELF;
 };
 
-
 # Enable or disable firewalld according to OS_ENABLE_FIREWALLD and update its active state
 '/software/components/systemd/skip/service' = false;
 prefix '/software/components/systemd/unit/firewalld';

config/core/iptables-services.pan

@@ -1,8 +1,10 @@
 unique template config/core/iptables-services;
 
+include 'components/systemd/config';
+
 # Install package providing iptables and ip6tables services
 '/software/packages' = {
-    pkg_repl('iptables-services');
+    pkg_repl('iptables-nft-services');
     SELF;
 };