Update deprecated facts to modern facts

hiera.yaml

@@ -12,7 +12,7 @@ hierarchy:
     path: "private.yaml"
 
   - name: "Nodes"
-    path: "nodes/%{::hostname}.yaml"
+    path: "nodes/%{::trusted.hostname}.yaml"
 
   - name: "Type"
     path: "type/%{::type}.yaml"
@@ -21,16 +21,16 @@ hierarchy:
     path: "is_virtual/%{::is_virtual}.yaml"
 
   - name: "OS version"
-    path: "os/%{::lsbdistcodename}.yaml"
+    path: "os/%{::os.distro.codename}.yaml"
 
   - name: "Common defaults"
     path: "common.yaml"
 
   - name: "Kubernetes hosts"
-    path: "kubernetes/hosts/%{::hostname}.yaml"
+    path: "kubernetes/hosts/%{::trusted.hostname}.yaml"
 
   - name: "Kubernetes os"
-    path: "kubernetes/os/%{::osfamily}.yaml"
+    path: "kubernetes/os/%{::os.family}.yaml"
 
   - name: "Dummy secrets"
     path: "dummy_secrets.yaml"

manifests/site_ssl.pp

@@ -6,7 +6,7 @@
 # https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
 #
 # This should be updated from time-to-time.
-if $::lsbdistcodename == 'bullseye' {
+if $::os['distro']['codename'] == 'bullseye' {
   $ssl_ciphersuite = 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
   $ssl_protocols = 'TLSv1.2 TLSv1.3'
 } else {

modules/ocf/manifests/apt.pp

@@ -11,44 +11,44 @@
 
   $repos = 'main contrib non-free'
 
-  if $::lsbdistid == 'Debian' {
+  if $::os['distro']['id'] == 'Debian' {
       if $::operatingsystemmajrelease != '11' {
         apt::source {
         'debian':
             location => 'http://mirrors/debian/',
-            release  => $::lsbdistcodename,
+            release  => $::os['distro']['codename'],
             repos    => $repos,
             include  => {
             src => true
             };
 
         'debian-updates':
             location => 'http://mirrors/debian/',
-            release  => "${::lsbdistcodename}-updates",
+            release  => "${::os['distro']['codename']}-updates",
             repos    => $repos,
             include  => {
             src => true
             };
 
         'debian-security':
             location => 'http://mirrors/debian-security/',
-            release  => "${::lsbdistcodename}/updates",
+            release  => "${::os['distro']['codename']}/updates",
             repos    => $repos,
             include  => {
             src => true
             };
 
         'ocf':
             location => 'http://apt/',
-            release  => $::lsbdistcodename,
+            release  => $::os['distro']['codename'],
             repos    => 'main',
             include  => {
             src => true
             };
 
         'ocf-backports':
             location => 'http://apt/',
-            release  => "${::lsbdistcodename}-backports",
+            release  => "${::os['distro']['codename']}-backports",
             repos    => 'main',
             include  => {
             src => true
@@ -58,7 +58,7 @@
         # Pin anything coming from *-backports to be lower than normal priority
         apt::pin { 'ocf-backports':
         priority => 200,
-        codename => "${::lsbdistcodename}-backports",
+        codename => "${::os['distro']['codename']}-backports",
         }
 
         # TODO: Submit patch to puppetlabs-apt to enable having includes for
@@ -72,23 +72,23 @@
     apt::source {
         'debian':
             location => 'http://mirrors/debian/',
-            release  => $::lsbdistcodename,
+            release  => $::os['distro']['codename'],
             repos    => $repos,
             include  => {
             src => true
             };
 
         'debian-updates':
             location => 'http://mirrors/debian/',
-            release  => "${::lsbdistcodename}-updates",
+            release  => "${::os['distro']['codename']}-updates",
             repos    => $repos,
             include  => {
             src => true
             };
 
         'debian-security':
             location => 'http://mirrors/debian-security/',
-            release  => "${::lsbdistcodename}-security",
+            release  => "${::os['distro']['codename']}-security",
             repos    => $repos,
             include  => {
             src => true
@@ -114,7 +114,7 @@
         # Pin anything coming from *-backports to be lower than normal priority
         apt::pin { 'ocf-backports':
         priority => 200,
-        codename => "${::lsbdistcodename}-backports",
+        codename => "${::os['distro']['codename']}-backports",
         }
 
         # TODO: Submit patch to puppetlabs-apt to enable having includes for
@@ -124,19 +124,19 @@
         }
 }
 
-  } elsif $::lsbdistid == 'Raspbian' {
+  } elsif $::os['distro']['id'] == 'Raspbian' {
     apt::source {
       'raspbian':
         location => 'http://mirrors/raspbian/raspbian/',
-        release  => $::lsbdistcodename,
+        release  => $::os['distro']['codename'],
         repos    => 'main contrib non-free rpi',
         include  => {
           src => true
         };
 
       'archive-rpi':
         location => 'http://archive.raspberrypi.org/debian/',
-        release  => $::lsbdistcodename,
+        release  => $::os['distro']['codename'],
         repos    => 'main ui',
         include  => {
           src => true
@@ -147,7 +147,7 @@
   apt::source {
     'puppetlabs':
       location => 'http://mirrors/puppetlabs/apt/',
-      release  => $::lsbdistcodename,
+      release  => $::os['distro']['codename'],
       repos    => 'puppet',
   }
 

modules/ocf/manifests/auth.pp

@@ -171,7 +171,7 @@
   if str2bool($::puppetdb_running) {
     @@sshkey { $::hostname:
       host_aliases => $ssh_aliases,
-      key          => $::sshecdsakey,
+      key          => $::ssh['ecdsa']['key'],
       type         => ecdsa-sha2-nistp256,
     }
     Sshkey <<| |>>

modules/ocf/manifests/extrapackages.pp

@@ -196,7 +196,7 @@
     backport_on =>  ['buster', 'stretch'],
   }
 
-  if $::lsbdistcodename == 'stretch' {
+  if $::os['distro']['codename'] == 'stretch' {
     package {
       [
         # php-mcrypt is deprecated since PHP 7.1 in favor of using openssl
@@ -210,7 +210,7 @@
         'php7.0-dba',
       ]:;
     }
-  } elsif $::lsbdistcodename == 'buster' {
+  } elsif $::os['distro']['codename'] == 'buster' {
     # This isn't available as php-dba unfortunately (that's just a virtual
     # package for this), and with virtual packages puppet will try to install
     # them every run, leading to unnecessary noise

modules/ocf/manifests/networking.pp

@@ -51,7 +51,7 @@
     $logical_primary_interface = $first_active_iface
   }
 
-  if $::lsbdistid == 'Raspbian' {
+  if $::os['distro']['id'] == 'Raspbian' {
     # The raspberry pi has wifi, so we use that for networking
     $logical_primary_interface = 'wlan0'
   }

modules/ocf/manifests/node_exporter.pp

@@ -7,7 +7,7 @@
     content => template('ocf/environment.prom.erb'),
   }
 
-  if $::lsbdistid != 'Raspbian' {
+  if $::os['distro']['id'] != 'Raspbian' {
     # Attributes for this class are defined in hieradata
     include prometheus::node_exporter
   }

modules/ocf/manifests/packages.pp

@@ -25,7 +25,7 @@
   # kept short, since apt-dater should be used to update almost all packages.
   #
   # TODO: Fix with the Raspberry Pi?
-  if $::lsbdistid == 'Debian' {
+  if $::os['distro']['id'] == 'Debian' {
     package {
       # Ensure ocflib is the latest version to quickly push out changes in lab
       # hours, etc. We control releases on this, so this should be safe.
@@ -146,7 +146,7 @@
   }
   # only install the python3.7 packages on stretch
   # python3 is python3.7 on buster and python3.9 on bullseye
-  if $::lsbdistcodename == 'stretch' {
+  if $::os['distro']['codename'] == 'stretch' {
     package {
         [
         'python3.7',
@@ -156,7 +156,7 @@
       }
   }
   # Packages to only install on Debian (not on Raspbian for example)
-  if $::lsbdistid == 'Debian' {
+  if $::os['distro']['id'] == 'Debian' {
     package {
       [
         'aactivator',

modules/ocf/manifests/packages/docker/apt.pp

@@ -8,7 +8,7 @@
 
   apt::source { 'docker':
     location => '[arch=amd64] https://download.docker.com/linux/debian',
-    release  => $::lsbdistcodename,
+    release  => $::os['distro']['codename'],
     repos    => 'stable',
     require  => [Apt::Key['docker'], Package['apt-transport-https']],
   }

modules/ocf/manifests/packages/element/apt.pp

@@ -9,7 +9,7 @@
   apt::source { 'element':
     architecture => 'amd64',
     location     => 'https://packages.riot.im/debian',
-    release      => $::lsbdistcodename,
+    release      => $::os['distro']['codename'],
     repos        => 'main',
     require      => Apt::Key['element'],
   }

modules/ocf/manifests/packages/grub.pp

@@ -10,7 +10,7 @@
   # need os-prober anyway to detect other OSes since we don't have other OSes,
   # and we'd rather not have data corruption in the future:
   # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788062
-  if $::lsbdistid != 'Raspbian' {
+  if $::os['distro']['id'] != 'Raspbian' {
     # grub-pc or grub-efi aren't available on Raspbian.
     if str2bool($::is_efi_host) {
       ocf::repackage { 'grub-efi':

modules/ocf/manifests/packages/memtest.pp

@@ -1,5 +1,5 @@
 class ocf::packages::memtest {
-  if $::lsbdistid != 'Raspbian' {
+  if $::os['distro']['id'] != 'Raspbian' {
     package { 'memtest86+': }
   }
 }

modules/ocf/manifests/packages/microcode.pp

@@ -1,11 +1,11 @@
 class ocf::packages::microcode {
-  if $::processor0 {
-    if $::processor0 =~ /\bIntel\b/ {
+  if $::processors['models'][0] {
+    if $::processors['models'][0] =~ /\bIntel\b/ {
       package { 'intel-microcode':; }
-    } elsif $::processor0 =~ /\bAMD\b/ {
+    } elsif $::processors['models'][0] =~ /\bAMD\b/ {
       package { 'amd64-microcode':; }
     } else {
-      fail("Don't know how to interpret processor0: ${::processor0}")
+      fail("Don't know how to interpret processor model: ${::processors['models'][0]}")
     }
   }
 }

modules/ocf/manifests/packages/powershell/apt.pp

@@ -4,7 +4,7 @@
     id     => 'BC528686B50D79E339D3721CEB3E94ADBE1229CF',
     source => 'https://packages.microsoft.com/keys/microsoft.asc';
   }
-  if $::lsbdistcodename == 'stretch' {
+  if $::os['distro']['codename'] == 'stretch' {
     apt::source { 'powershell':
         architecture => 'amd64',
         location     => 'https://packages.microsoft.com/repos/microsoft-debian-stretch-prod',
@@ -16,7 +16,7 @@
     apt::source { 'powershell':
       architecture => 'amd64',
       location     => "https://packages.microsoft.com/debian/${::operatingsystemmajrelease}/prod",
-      release      => $::lsbdistcodename,
+      release      => $::os['distro']['codename'],
       repos        => 'main',
       require      => Apt::Key['powershell repo key'],
     }

modules/ocf/manifests/packages/restic.pp

@@ -1,6 +1,6 @@
 class ocf::packages::restic {
 
-  if $::lsbdistcodename == 'buster' {
+  if $::os['distro']['codename'] == 'buster' {
     package { 'restic':
       ensure => 'purged',
     }

modules/ocf/manifests/repackage.pp

@@ -2,14 +2,14 @@
     $package     = $title,
     $recommends  = true,
     $backport_on = [],
-    $dist        = "${::lsbdistcodename}-backports",
+    $dist        = "${::os['distro']['codename']}-backports",
   ) {
   $install_options = $recommends ? {
     false   => ['--no-install-recommends'],
     default => []
   }
 
-  if member(any2array($backport_on), $::lsbdistcodename) {
+  if member(any2array($backport_on), $::os['distro']['codename']) {
     # We can't pin packages, because it won't install required dependencies that
     # way, so we instead upgrade the package once (as long as it isn't a
     # backport version already), and then future upgrades are done the normal

modules/ocf/templates/networking/interface_normal.erb

@@ -9,7 +9,7 @@ iface <%= @logical_primary_interface %> inet6 static
   netmask <%= @netmask6 %>
   gateway <%= @gateway6 %>
 
-<%- if @lsbdistid == 'Raspbian' -%>
+<%- if @os['distro']['id'] == 'Raspbian' -%>
 pre-up wpa_supplicant -B -Dnl80211 -i<%= @logical_primary_interface %> -c /etc/wpa_supplicant/wpa_supplicant.conf -f /var/log/wpa_supplicant.log
 post-down killall wpa_supplicant
 <%- end -%>

modules/ocf_desktop/manifests/packages.pp

@@ -47,7 +47,7 @@
     ['xclip', 'xdotool', 'xsel', 'xserver-xorg', 'xscreensaver', 'freerdp2-x11']:;
   }
 
-  if $::lsbdistcodename == 'stretch' {
+  if $::os['distro']['codename'] == 'stretch' {
     package {
       [
         # preload hasn't been updated since 2009, and I'm not sure we really
@@ -69,7 +69,7 @@
       ]:;
     }
   }
-  if $::lsbdistcodename == 'buster' {
+  if $::os['distro']['codename'] == 'buster' {
     package {
       [
         # Zenmap depends on Python 2 and is therefore no longer in bullseye
@@ -86,7 +86,7 @@
       ]:;
     }
   }
-  if $::lsbdistcodename == 'bullseye' {
+  if $::os['distro']['codename'] == 'bullseye' {
     package {
       [
         # OpenJDK 17 (LTS) is in bullseye

modules/ocf_desktop/manifests/xsession.pp

@@ -129,7 +129,7 @@
   }
 
   # use ocf logo on login screen
-  if $::lsbdistcodename == 'bullseye' {
+  if $::os['distro']['codename'] == 'bullseye' {
     file {
       ['/usr/share/icons/Adwaita', '/usr/share/icons/Adwaita/512x512', '/usr/share/icons/Adwaita/512x512/status']:
         ensure => directory;

modules/ocf_irc/manifests/ircd.pp

@@ -19,7 +19,7 @@
 
   $irc_creds = lookup('irc_creds')
 
-  if $::lsbdistcodename == 'buster' {
+  if $::os['distro']['codename'] == 'buster' {
     # Disable the AppArmor profile for inspircd, since it prevents us from
     # accessing the necessary TLS certs
     file { '/etc/apparmor.d/disable/usr.sbin.inspircd':

modules/ocf_www/manifests/mod/php.pp

@@ -1,7 +1,7 @@
 class ocf_www::mod::php {
   package { ['php-cgi', 'php-apcu']:; }
 
-  $php_version = $::lsbdistcodename ? {
+  $php_version = $::os['distro']['codename'] ? {
     'stretch' => '7.0',
     'buster'  => '7.3',
   }