(#236) Enable python module stream on EL8

[yachub]

Pull Request (PR) description

My apologies on missing this. In testing #254 I had manually enable the python36 module stream at some point before hand, but after running on a fresh install I realized certbot requires this module stream to be enabled per:

Error: Execution of '/bin/dnf -d 0 -e 1 -y install certbot' returned 1: Error:
 Problem: package certbot-1.20.0-1.el8.noarch requires python3-certbot = 1.20.0-1.el8, but none of the providers can be installed
  - package python3-certbot-1.20.0-1.el8.noarch requires /usr/bin/python3.6, but none of the providers can be installed
  - conflicting requests
  - package python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 is filtered out by modular filtering
Error: /Stage[main]/Letsencrypt::Install/Package[letsencrypt]/ensure: change from 'purged' to 'present' failed: Execution of '/bin/dnf -d 0 -e 1 -y install certbot' returned 1: Error:
 Problem: package certbot-1.20.0-1.el8.noarch requires python3-certbot = 1.20.0-1.el8, but none of the providers can be installed
  - package python3-certbot-1.20.0-1.el8.noarch requires /usr/bin/python3.6, but none of the providers can be installed
  - conflicting requests
  - package python36-3.6.8-2.module_el8.3.0+6191+6b4b10ec.x86_64 is filtered out by modular filtering

This Pull Request (PR) fixes the following issues

Fixes #236

[bastelfreak]

I think we don't need to allow empty strings:

Suggested change

	String $dnfmodule_version = 'python36',
	String[1] $dnfmodule_version = 'python36',

[bastelfreak]

Suggested change

	String $dnfmodule_version = $letsencrypt::dnfmodule_version,
	String[1] $dnfmodule_version = $letsencrypt::dnfmodule_version,

[ekohl]

It surprises me this is needed since they are all default modules which AFAIK means they are automatically enabled if needed.

If this is needed, it needs a before => Package['letsencrypt'] for proper ordering.

[yachub]

Correct, I spun up a fresh AlmaLinux 8 vagrant box to test. Each of those streams are set to [d] (default), but not enabled [e] by default, however they do become automatically enabled if a package requires a dependency in that stream. Unless a user happens to disables it before using the module via dnf module disable python36, then that's what results in the failure above.

So this remediates errors in that scenario by ensuring that the stream is enabled first. To me it seems similar to ensuring that the epel repo (with configure_epel) is enabled before installing packages. Do you think there should be a parameter like configure_modulestream to control that behavior? Maybe I'm overthinking it.

[ekohl]

No, I think that's a fair point that I hadn't considered yet. I do think it can make sense to introduce a class parameter Boolean $manage_python_module_stream = $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] >= '8'.

I also wonder if this comparison works well. For example, you can break Fedora support where AFAIK certbot is not built modular. And I'm hesitant to compare strings as if they were versions. Is '10' >= '8'? Generally I always use versioncmp().

[ekohl]

There is now a merge conflict. Any plans to finish this?

[ekohl]

You can't set this to python36 since it's only valid for EL8 but it's invalid for anything else. It would be best to create an 8.yaml here with python36 and then set it to ~ in common.yaml. Then change it to

Suggested change

	String[1] $dnfmodule_version = 'python36',
	Optional[String[1]] $dnfmodule_version,

[yachub]

There is now a merge conflict. Any plans to finish this?

@ekohl You are really on top of it :) I rebased to see what had changed, but to be honest I'm not sure if this is really of value anymore. I'm currently using the module on a RHEL 9 host now, and I don't think that I remember having to manually enable any streams ¯_(ツ)_/¯