simp-beaker-helpers 1.18.9 → 1.20.0

data/.travis.yml

@@ -1,36 +1,42 @@
 ---
-language: ruby
-cache: bundler
-sudo: false
-before_install:
-  - rm Gemfile.lock || true
-bundler_args: "--without development --path .vendor"
+language: shell
 notifications:
   email: false
-rvm:
-  - 2.4.4
-env:
-  - SIMP_SKIP_NON_SIMPOS_TESTS=1
-script:
-  - bundle exec rake spec
-before_deploy:
-  - bundle exec rake clobber
-  - "export GEM_VERSION=`ruby -r ./lib/simp/beaker_helpers/version.rb -e 'puts Simp::BeakerHelpers::VERSION'`"
-  - '[[ $TRAVIS_TAG =~ ^${GEM_VERSION}$ ]]'
-deploy:
-  - provider: rubygems
-    gemspec: simp-beaker-helpers.gemspec
-    gem: simp-beaker-helpers
-    api_key:
-      secure: "AlnBx0dBSxn+S97n0h14ltKUOA+6v0bc7QZPIcwGJV9nnf1hKH3pf9La1TVknEx7XgpAcM9jusQJ7hBlqvSq8z8SFF0bZk1EgSRIKc1cuYPLiGyUM2O7+AFHyCy3iCnPvKeoQmE/BJb5O1dGnbmSbf4A0fqLxA7jiHG1j7z+cnmJB1i67wovDfl13TsOXyBfbespWBMMc0BKAw56FPs9XggAk2cNusS3hd5tqW1AZPT2/xwt+d8ngkmO96u8QcichYRFQ+w+XW4H0w935wNg/dWiskJlt7TIYVAh4Ko5s2DZKf52Tne8TugALSn0LhRatpp7sw1FTTpteCW8UqK8uwGC2hM4pZViAOv4P1YObz2IPOZPriBl+cCayJdMKnotkUJliAMnw5TLiSWKLou+S0Pdj2h3fJZWdOEwRPMzIVoJtsOHG3GdNcPL6f7iU0vP/wr6FeR3uWa+fA7NHRi2Du955O8JpogjdrW08ahcAEwhtI3A4mrA08wN09axsrwr093uDRm/5h4FHyAhExJ0YiA/6kcPpUvILcLStyHe0RQDICQMdsQo2DSbnL65w3QjFa2fML2Shf9cRwX06+ia2BxozWzFD/6p3RiRtPxphnbFiUdjYSGWcwCcUgbJx9SW04lSSxOhpyItuXgxZqiybkzstXd6riu5zwg1R8TWk34="
-    on:
-      tags: true
-      rvm: 2.4.4
-      condition: "($SKIP_PUBLISH != true)"
-  - provider: releases
-    api_key:
-      secure: "I41p4aqjkrNDHJhZ5gWC4gzn7BVwEYRm5Q3PAxQRSIUDB/QTVgNqZx8YptkuIvSGpw8kIywyZg3NKdzGUO8aJJ0NlXapL7e9qQIigkYhdaCZjZFG5zIxdOFs4sVoz/6vnQT9JIcGWy7uS5xiNOulGvfEWU78+e+I9yPdT74RApve5VAVT/km5lV5ldRnwwehLnTx+volUlnOD8rwfizoVLqFTrfRfr4cVMF605UYyaiVxHF50hywFRZoAdVcMEhlLQnQXfz/ZsLMJLJm9eCpjQ989N0oX6theSLCcv7QtHcWMXydjWMcpuTfBZSFrwUVbC23uMOKTJVEWq5LMG3m2L6hP3//2gvUzGhOVLvoGuC+erboB7QoXdcoOgXY+dTZPMcPBxpArdDLWVQSLTvPs05QzpaUdRLVMC/kD1d1EudlEicgkNgNDBhBn3089nVmvKndbKLvj+23a5AQVVbs+8C0x+SJvTc9N2N+bmuH7jIJPrEvWK4xwcQa+g2M/EBv05jaEdSErlVa6B6UKCH0Lea9rpy1se9vn5OzpaaMCCJIpcpQqHDjo0PMAQXBSbqjKcBei6lR5fIFl5UO9gWP1v8PGPuCzGTBivQ92XlgV1TWXmdbJHwIuSbJx3Ali7Wp19RR4E4uHC+TPFssvgkh9ZLkORnWWS35wzzU1LkwWx0="
-    on:
-      tags: true
-      rvm: 2.4.4
-      condition: "($SKIP_PUBLISH != true)"
+stages:
+  - name: deploy
+    if: 'tag IS present'
+
+###  Testing on Travis CI is indefinitely disabled
+###
+###  See:
+###    * https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
+###    * https://simp-project.atlassian.net/browse/SIMP-8703
+jobs:
+  include:
+    - stage: deploy
+      script: skip
+      cache: bundler
+      before_install:
+        - rm Gemfile.lock || true
+      bundler_args: "--without development --path .vendor"
+      language: ruby
+      rvm: 2.4.5
+      before_deploy:
+        - bundle exec rake clobber
+        - "export GEM_VERSION=`ruby -r ./lib/simp/beaker_helpers/version.rb -e 'puts Simp::BeakerHelpers::VERSION'`"
+        - '[[ $TRAVIS_TAG =~ ^${GEM_VERSION}$ ]]'
+      deploy:
+        - provider: rubygems
+          gemspec: simp-beaker-helpers.gemspec
+          gem: simp-beaker-helpers
+          token:
+            secure: "AlnBx0dBSxn+S97n0h14ltKUOA+6v0bc7QZPIcwGJV9nnf1hKH3pf9La1TVknEx7XgpAcM9jusQJ7hBlqvSq8z8SFF0bZk1EgSRIKc1cuYPLiGyUM2O7+AFHyCy3iCnPvKeoQmE/BJb5O1dGnbmSbf4A0fqLxA7jiHG1j7z+cnmJB1i67wovDfl13TsOXyBfbespWBMMc0BKAw56FPs9XggAk2cNusS3hd5tqW1AZPT2/xwt+d8ngkmO96u8QcichYRFQ+w+XW4H0w935wNg/dWiskJlt7TIYVAh4Ko5s2DZKf52Tne8TugALSn0LhRatpp7sw1FTTpteCW8UqK8uwGC2hM4pZViAOv4P1YObz2IPOZPriBl+cCayJdMKnotkUJliAMnw5TLiSWKLou+S0Pdj2h3fJZWdOEwRPMzIVoJtsOHG3GdNcPL6f7iU0vP/wr6FeR3uWa+fA7NHRi2Du955O8JpogjdrW08ahcAEwhtI3A4mrA08wN09axsrwr093uDRm/5h4FHyAhExJ0YiA/6kcPpUvILcLStyHe0RQDICQMdsQo2DSbnL65w3QjFa2fML2Shf9cRwX06+ia2BxozWzFD/6p3RiRtPxphnbFiUdjYSGWcwCcUgbJx9SW04lSSxOhpyItuXgxZqiybkzstXd6riu5zwg1R8TWk34="
+          on:
+            tags: true
+            condition: "($SKIP_PUBLISH != true)"
+        - provider: releases
+          token:
+            secure: "I41p4aqjkrNDHJhZ5gWC4gzn7BVwEYRm5Q3PAxQRSIUDB/QTVgNqZx8YptkuIvSGpw8kIywyZg3NKdzGUO8aJJ0NlXapL7e9qQIigkYhdaCZjZFG5zIxdOFs4sVoz/6vnQT9JIcGWy7uS5xiNOulGvfEWU78+e+I9yPdT74RApve5VAVT/km5lV5ldRnwwehLnTx+volUlnOD8rwfizoVLqFTrfRfr4cVMF605UYyaiVxHF50hywFRZoAdVcMEhlLQnQXfz/ZsLMJLJm9eCpjQ989N0oX6theSLCcv7QtHcWMXydjWMcpuTfBZSFrwUVbC23uMOKTJVEWq5LMG3m2L6hP3//2gvUzGhOVLvoGuC+erboB7QoXdcoOgXY+dTZPMcPBxpArdDLWVQSLTvPs05QzpaUdRLVMC/kD1d1EudlEicgkNgNDBhBn3089nVmvKndbKLvj+23a5AQVVbs+8C0x+SJvTc9N2N+bmuH7jIJPrEvWK4xwcQa+g2M/EBv05jaEdSErlVa6B6UKCH0Lea9rpy1se9vn5OzpaaMCCJIpcpQqHDjo0PMAQXBSbqjKcBei6lR5fIFl5UO9gWP1v8PGPuCzGTBivQ92XlgV1TWXmdbJHwIuSbJx3Ali7Wp19RR4E4uHC+TPFssvgkh9ZLkORnWWS35wzzU1LkwWx0="
+          on:
+            tags: true
+            condition: "($SKIP_PUBLISH != true)"

data/CHANGELOG.md

@@ -1,3 +1,53 @@
+### 1.20.0 / 2021-01-05
+* Added:
+  * A `enable_epel_on` function that follows the instructions on the EPEL
+    website to properly enable EPEL on hosts. May be disabled using
+    `BEAKER_enable_epel=no`.
+  * An Ubuntu nodeset to make sure our default settings don't destroy other
+    Linux systems.
+  * Added has_crypto_policies method for determining if crypto policies are
+    present on the SUT
+  * Added munge_ssh_crypto_policies to allow vagrant to SSH back into systems
+    with restrictive crypto policies (usually FIPS)
+* Fixed:
+  * Modify all crypto-policy backend files to support ssh-rsa keys
+  * Try harder when doing yum installations
+
+### 1.19.4 / 2021-01-05
+* Fixed:
+  * Only return a default empty string when `pfact_on` finds a `nil` value
+    * Added an acceptance test to validate this
+  * Ensure that we start with `facter -p` for `facter` < 4.0 and continue to
+      `puppet facts` otherwise
+  * Updated the Rakefile to skip symlinks in chmods which fixes the ability to
+    build gems
+
+### 1.19.3 / 2021-01-01
+* Fixed:
+  * Ensure that `pfact_on` can handle fact dot notation
+* Changed:
+  * Silenced some of the noisy commands that didn't provide value-add output
+
+### 1.19.2 / 2020-12-19
+* Fixed:
+  * Fixed an issue with pfact_on
+
+### 1.19.1 / 2020-12-02
+* Fixed:
+  * Bumped the core puppet version to 6.X
+  * Fixed the file_content_on method
+  * Removed EL 6 support from the tests since the core repos are defunct
+  * Started removing some of the puppet 4 tests
+
+### 1.19.0 / 2020-09-30
+* Fixed:
+  * rsync handling has a better check to see if rsync actually works prior to
+    using it.  The old method had the potential to try and use rsync even if it
+    no longer worked (FIPS flipped for example).
+* Changed:
+  * Migrated from PackageCloud to the SIMP download server for updates moving
+    forward.
+
 ### 1.18.9 / 2020-08-04
 * Change windows 2012r2 VM to work around issues where the old image had
   duplicate ports trying to be opened

data/Gemfile

@@ -44,7 +44,7 @@ group :system_tests do
   gem 'beaker-rspec'
   gem 'beaker-windows'
   gem 'net-ssh'
-  gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 5.0')
+  gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 6.0')
   gem 'puppetlabs_spec_helper'
   gem 'rubocop'
   gem 'rubocop-rspec'

data/Rakefile

@@ -30,7 +30,7 @@ task :chmod do
   gemspec = File.expand_path( "#{@package}.gemspec", @rakefile_dir ).strip
   spec = Gem::Specification::load( gemspec )
   spec.files.each do |file|
-    FileUtils.chmod 'go=r', file
+    FileUtils.chmod 'go=r', file unless File.symlink?(file)
   end
 end
 

data/lib/simp/beaker_helpers.rb

@@ -30,20 +30,44 @@ module Simp::BeakerHelpers
              ).output.strip == '1'
   end
 
+  def rsync_functional_on?(sut)
+    # We have to check if rsync *still* works otherwise
+    return false if (@rsync_functional == false)
+
+    require 'facter'
+    unless Facter::Util::Resolution.which('rsync')
+      @rsync_functional = false
+      return @rsync_functional
+    end
+
+    require 'tempfile'
+
+    testfile = Tempfile.new('rsync_check')
+    testfile.puts('test')
+    testfile.close
+
+    begin
+      rsync_to(sut, testfile.path, sut.system_temp_path)
+    rescue Beaker::Host::CommandFailure
+      @rsync_functional = false
+      return false
+    ensure
+      testfile.unlink
+    end
+
+    return true
+  end
+
   # Figure out the best method to copy files to a host and use it
   #
   # Will create the directories leading up to the target if they don't exist
   def copy_to(sut, src, dest, opts={})
-    unless fips_enabled(sut) || @has_rsync
-      %x{which rsync 2>/dev/null}.strip
-
-      @has_rsync = !$?.nil? && $?.success?
-    end
-
     sut.mkdir_p(File.dirname(dest))
 
     if sut[:hypervisor] == 'docker'
       exclude_list = []
+      opts[:silent] ||= true
+
       if opts.has_key?(:ignore) && !opts[:ignore].empty?
         opts[:ignore].each do |value|
           exclude_list << "--exclude '#{value}'"
@@ -57,7 +81,7 @@ module Simp::BeakerHelpers
         container_id = sut.host_hash[:docker_container_id]
       end
       %x(tar #{exclude_list.join(' ')} -hcf - -C "#{File.dirname(src)}" "#{File.basename(src)}" | docker exec -i "#{container_id}" tar -C "#{dest}" -xf -)
-    elsif @has_rsync && sut.check_for_command('rsync')
+    elsif rsync_functional_on?(sut)
       # This makes rsync_to work like beaker and scp usually do
       exclude_hack = %(__-__' -L --exclude '__-__)
 
@@ -92,9 +116,34 @@ module Simp::BeakerHelpers
 
   # use the `puppet fact` face to look up facts on an SUT
   def pfact_on(sut, fact_name)
-    facts_json = on(sut,'puppet facts find xxx').output
-    facts      = JSON.parse(facts_json).fetch( 'values' )
-    facts.fetch(fact_name)
+    require 'ostruct'
+
+    # If puppet is not installed, there are no puppet facts to fetch
+    if sut.which('puppet').empty?
+      fact_on(sut, fact_name, :silent => true)
+    else
+      facts_json = nil
+      begin
+        cmd_output = on(sut, 'facter -p --json', :silent => true)
+
+        # Facter 4+
+        raise('skip facter -p') if (cmd_output.stderr =~ /no longer supported/)
+
+        facts = JSON.parse(cmd_output.stdout, object_class: OpenStruct)
+      rescue StandardError
+        # If *anything* fails, we need to fall back to `puppet facts`
+
+        facts_json = on(sut, 'puppet facts find garbage_xxx', :silent => true).stdout
+        facts = JSON.parse(facts_json, object_class: OpenStruct).values
+      end
+
+      found_fact = facts.dig(*(fact_name.split('.')))
+
+      # Fall back to the behavior in fact_on
+      found_fact = '' if found_fact.nil?
+
+      return found_fact
+    end
   end
 
   # Returns the modulepath on the SUT, as an Array
@@ -272,6 +321,19 @@ module Simp::BeakerHelpers
     pluginsync_on(suts) if opts[:pluginsync]
   end
 
+  def has_crypto_policies(sut)
+    file_exists_on(sut, '/etc/crypto-policies/config')
+  end
+
+  def munge_ssh_crypto_policies(sut, key_types=['ssh-rsa'])
+    if has_crypto_policies(sut)
+      on(sut, "yum update -y crypto-policies", :accept_all_exit_codes => true)
+
+      # Since we may be doing this prior to having a box flip into FIPS mode, we
+      # need to find and modify *all* of the affected policies
+      on( sut, %{sed --follow-symlinks -i 's/PubkeyAcceptedKeyTypes\\(.\\)/PubkeyAcceptedKeyTypes\\1#{key_types.join(',')},/' $( grep -L ssh-rsa $( find /etc/crypto-policies /usr/share/crypto-policies -type f -a \\( -name '*.txt' -o -name '*.config' \\) -exec grep -l PubkeyAcceptedKeyTypes {} \\; ) ) })
+    end
+  end
 
   # Configure and reboot SUTs into FIPS mode
   def enable_fips_mode_on( suts = hosts )
@@ -325,17 +387,14 @@ module Simp::BeakerHelpers
         on(sut, module_install_cmd)
       end
 
-      # Enable FIPS and then reboot to finish.
-      on(sut, %(puppet apply --verbose #{fips_enable_modulepath} -e "class { 'fips': enabled => true }"))
-
       # Work around Vagrant and cipher restrictions in EL8+
       #
       # Hopefully, Vagrant will update the used ciphers at some point but who
       # knows when that will be
-      opensshserver_config = '/etc/crypto-policies/back-ends/opensshserver.config'
-      if file_exists_on(sut, opensshserver_config)
-        on(sut, "sed --follow-symlinks -i 's/PubkeyAcceptedKeyTypes=/PubkeyAcceptedKeyTypes=ssh-rsa,/' #{opensshserver_config}")
-      end
+      munge_ssh_crypto_policies(sut)
+
+      # Enable FIPS and then reboot to finish.
+      on(sut, %(puppet apply --verbose #{fips_enable_modulepath} -e "class { 'fips': enabled => true }"))
 
       sut.reboot
     end
@@ -428,6 +487,45 @@ module Simp::BeakerHelpers
       repo_manifest = repo_manifest + %(\n#{repo_manifest_opts.join(",\n")}) + "\n}\n"
   end
 
+  # Enable EPEL if appropriate to do so and the system is online
+  #
+  # Can be disabled by setting BEAKER_enable_epel=no
+  def enable_epel_on(sut)
+    if ONLINE && (ENV['BEAKER_stringify_facts'] != 'no')
+      os_info = fact_on(sut, 'os')
+      os_maj_rel = os_info['release']['major']
+
+      # This is based on the official EPEL docs https://fedoraproject.org/wiki/EPEL
+      if ['RedHat', 'CentOS'].include?(os_info['name'])
+        on(
+          sut,
+          %{yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-#{os_maj_rel}.noarch.rpm},
+          :max_retries => 3,
+          :retry_interval => 10
+        )
+
+        if os_info['name'] == 'RedHat'
+          if os_maj_rel == '7'
+            on sut, %{subscription-manager repos --enable "rhel-*-optional-rpms"}
+            on sut, %{subscription-manager repos --enable "rhel-*-extras-rpms"}
+            on sut, %{subscription-manager repos --enable "rhel-ha-for-rhel-*-server-rpms"}
+          end
+
+          if os_maj_rel == '8'
+            on sut, %{subscription-manager repos --enable "codeready-builder-for-rhel-8-#{os_info['architecture']}-rpms"}
+          end
+        end
+
+        if os_info['name'] == 'CentOS'
+          if os_maj_rel == '8'
+            # 8.0 fallback
+            on sut, %{dnf config-manager --set-enabled powertools || dnf config-manager --set-enabled PowerTools}
+          end
+        end
+      end
+    end
+  end
+
   def linux_errata( sut )
     # We need to be able to flip between server and client without issue
     on sut, 'puppet resource group puppet gid=52'
@@ -513,6 +611,7 @@ module Simp::BeakerHelpers
       end
 
       enable_yum_repos_on(sut)
+      enable_epel_on(sut)
 
       # net-tools required for netstat utility being used by be_listening
       if fact_on(sut, 'operatingsystemmajrelease') == '7'
@@ -584,7 +683,7 @@ module Simp::BeakerHelpers
   end
 
   def sosreport(sut, dest='sosreports')
-    sut.install_package('sos')
+    on(sut, 'puppet resource package sos ensure=latest')
     on(sut, 'sosreport --batch')
 
     files = on(sut, 'ls /var/tmp/sosreport* /tmp/sosreport* 2>/dev/null', :accept_all_exit_codes => true).output.lines.map(&:strip)
@@ -864,10 +963,10 @@ done
     file_content = nil
 
     if file_exists_on(sut, path)
-      Dir.mktempdir do |dir|
-        scp_from(host, path, dir)
+      Dir.mktmpdir do |dir|
+        scp_from(sut, path, dir)
 
-        file_content = File.read(File.basename(path))
+        file_content = File.read(File.join(dir,File.basename(path)))
       end
     end
 
@@ -958,7 +1057,7 @@ done
   # @returns [String] Path to the Hieradata directory on the target system
   def hiera_datadir(sut)
     # This output lets us know where Hiera is configured to look on the system
-    puppet_lookup_info = on(sut, 'puppet lookup --explain test__simp__test').output.strip.lines
+    puppet_lookup_info = on(sut, 'puppet lookup --explain test__simp__test', :silent => true).output.strip.lines
 
     if sut.puppet_configprint['manifest'].nil? || sut.puppet_configprint['manifest'].empty?
       fail("No output returned from `puppet config print manifest` on #{sut}")
@@ -1170,62 +1269,83 @@ done
     run_puppet_install_helper(install_info[:puppet_install_type], install_info[:puppet_install_version])
   end
 
-  # Configure all SIMP repos on a host and enable all but those listed in the disable list
+  # Configure all SIMP repos on a host and disable all repos in the disable Array
   #
-  # @param sut Host on which to configure SIMP repos
-  # @param disable List of SIMP repos to disable
-  # @raise if disable contains an invalid repo name.
+  # @param sut [Beaker::Host]  Host on which to configure SIMP repos
+  # @param disable [Array[String]] List of repos to disable
+  # @raise [StandardError] if disable contains an invalid repo name.
   #
   # Examples:
   #  install_simp_repos( myhost )           # install all the repos an enable them.
   #  install_simp_repos( myhost, ['simp'])  # install the repos but disable the simp repo.
   #
-  # Current set of valid SIMP repo names:
-  #  'simp'
-  #  'simp_deps'
+  # Valid repo names include any repository available on the system.
   #
-  def install_simp_repos(sut, disable = [] )
-    repos = {
-      'simp' => {
-        :baseurl   => 'https://packagecloud.io/simp-project/6_X/el/$releasever/$basearch',
-        :gpgkey    => ['https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP',
-                    'https://download.simp-project.com/simp/GPGKEYS/RPM-GPG-KEY-SIMP-6'
-                     ],
-        :gpgcheck  => 1,
-        :sslverify => 1,
-        :sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
-        :metadata_expire => 300
-      },
-      'simp_deps' => {
-        :baseurl   => 'https://packagecloud.io/simp-project/6_X_Dependencies/el/$releasever/$basearch',
-        :gpgkey    => ['https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP',
-                    'https://download.simp-project.com/simp/GPGKEYS/RPM-GPG-KEY-SIMP-6',
-                    'https://yum.puppet.com/RPM-GPG-KEY-puppetlabs',
-                    'https://yum.puppet.com/RPM-GPG-KEY-puppet',
-                    'https://apt.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-96',
-                    'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
-                    'https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana',
-                    'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever'
-                   ],
-        :gpgcheck  => 1,
-        :sslverify => 1,
-        :sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
-        :metadata_expire => 300
-      }
-    }
-    # Verify that the repos passed to disable are in the list of valid repos
-    disable.each { |d|
-      unless repos.has_key?(d)
-        raise("ERROR: install_simp_repo - disable contains invalid SIMP repo '#{d}'.")
+  # For backwards compatibility purposes, the following translations are
+  # automatically performed:
+  #
+  #  * 'simp'
+  #    * 'simp-community-simp'
+  #
+  #  * 'simp_deps'
+  #    * 'simp-community-epel'
+  #    * 'simp-community-postgres'
+  #    * 'simp-community-puppet'
+  #
+  def install_simp_repos(sut, disable = [])
+    # NOTE: Do *NOT* use puppet in this method since it may not be available yet
+
+    if on(sut, 'rpm -q yum-utils', :accept_all_exit_codes => true).exit_code != 0
+      on(
+        sut,
+        'yum -y install yum-utils',
+        :max_retries => 3,
+        :retry_interval => 10
+      )
+    end
+
+    if on(sut, 'rpm -q simp-release-community', :accept_all_exit_codes => true).exit_code != 0
+      on(
+        sut,
+        'yum -y install "https://download.simp-project.com/simp-release-community.rpm"',
+        :max_retries => 3,
+        :retry_interval => 10
+      )
+    end
+
+    to_disable = disable.dup
+
+    unless to_disable.empty?
+      if to_disable.include?('simp')
+        to_disable.delete('simp')
+        to_disable << 'simp-community-simp'
       end
-    }
-    repo_manifest = ''
-    repos.each { | repo, metadata|
-      metadata[:enabled] = disable.include?(repo) ? 0 : 1
-      repo_manifest << create_yum_resource(repo, metadata)
-    }
-    apply_manifest_on(sut, repo_manifest, :catch_failures => true)
-  end
-end
 
+      if to_disable.include?('simp_deps')
+        to_disable.delete('simp_deps')
+        to_disable << 'simp-community-epel'
+        to_disable << 'simp-community-postgres'
+        to_disable << 'simp-community-puppet'
+      end
 
+      # NOTE: This --enablerepo enables the repos for listing and is inherited
+      # from YUM. This does not actually "enable" the repos, that would require
+      # the "--enable" option (from yum-config-manager) :-D.
+      #
+      # Note: Certain versions of EL8 do not dump by default and EL7 does not
+      # have the '--dump' option.
+      available_repos = on(sut, %{yum-config-manager --enablerepo="*" || yum-config-manager --enablerepo="*" --dump}).stdout.lines.grep(/\A\[(.+)\]\Z/){|x| $1}
+
+      invalid_repos = (to_disable - available_repos)
+
+      # Verify that the repos passed to disable are in the list of valid repos
+      unless invalid_repos.empty?
+        logger.warn(%{WARN: install_simp_repo - requested repos to disable do not exist on the target system '#{invalid_repos.join("', '")}'.})
+      end
+
+      (to_disable - invalid_repos).each do |repo|
+        on(sut, %{yum-config-manager --disable "#{repo}"})
+      end
+    end
+  end
+end