|
In this module you will learn about
|
In the last few versions, a new section packages has been added to the input language, which lets us interface to native package managers. The syntax is flexible enough that we can specify certain criteria about the package, and as you'd expect, we can also define some classes. Policies for these items are specified in the "package" stanza.
control:
DefaultPkgMgr = ( rpm|dpkg|sun|portage|freebsd )
RPM|DPKG|Sun|Portage|FreeBSDInstallCommand = ( "$(OS_SCRIPTS)/install_pkg %s" )
RPM|DPKG|Sun|Portage|FreeBSDRemoveCommand = ( "$(OS_SCRIPTS)/remove_pkg %s" )
packages:
package_name version=number cmp=gt|ge|lt|le|eq|ne action=install|remove
The setting in the control section specifies the package
management software that is in use, as well as the preferred command
used to install a software package as this is not unique. These
directives illustrate the use of operating system-based classes within
policies for defining a different installation command for different
Linux distributions. Here are some examples:
control:
actionsequence = ( shellcommands packages )
redhat::
DefaultPkgMgr = ( rpm )
RPMInstallCommand = ( "/usr/bin/yum -y install %s" )
RPMRemoveCommand = ( "/bin/rpm -e %s" )
# DefaultPkgMgr = ( rpm )
# RPMInstallCommand = ( "/usr/bin/yum -d 0 -e 0 -y install %s" )
# RPMRemoveCommand = ( "/usr/bin/yum -d 0 -e 0 -y remove %s" )
debian::
DefaultPkgMgr = ( dpkg )
DPKGInstallCommand = ( "/usr/bin/apt-get -y install %s" )
DPKGRemoveCommand = ( "/usr/bin/dpkg -r %s" )
# DPKGInstallCommand = ( "/usr/bin/aptitude -y -o quiet=1 -o APT::Get::AllowUnauthenticated=true -o aptitude::Cmdline::ignore-trust-violations=yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold install %s" )
suse::
DefaultPkgMgr = ( rpm )
RPMInstallCommand = ( "/usr/bin/yast2 -i %s" )
RPMRemoveCommand = ( "/bin/rpm -e --nodeps %s" )
solaris::
DefaultPkgMgr = ( sun )
SunInstallCommand = ( "/usr/sbin/pkgadd -n -d %s" )
SunRemoveCommand = ( "/usr/sbin/pkgrm -n %s" )
gentoo::
DefaultPkgMgr = ( portage )
PortageInstallCommand = ( "/usr/bin/emerge %s" )
PortageRemoveCommand = ( "/usr/bin/emerge -C --nodeps %s" )
freebsd::
DefaultPkgMgr = ( freebsd )
FreeBSDInstallCommand = ( "/usr/sbin/pkg_add %s" )
FreeBSDRemoveCommand = ( "/usr/sbin/pkg_delete %s" )
shellcommands:
debian::
"/usr/bin/apt-get update" ifelapsed=240
packages:
redhat.centos.192_168_1_100::
nagios2 version=2.4 cmp=ge
sysklogd version=0:0.0 cmp=ge action=remove
redhat.fedora.192_168_1_200::
apache2 version=0.0 cmp=ge action=install
debian.ubuntu::
libdb-dev action=install
libssl-dev action=install
flex action=remove
bison action=remove
In the packages stanza from example 2, the first rule checks
whether Nagios is installed. A warning will be generated if the
package is not present or if the installed version is earlier than
version 2.4. The second rule checks for the sysklogd package. If the
package is installed, then removes it. The third, the forth and the
fifth rules check for the apache2, libdb-dev and
libssl-dev package and installs them if they are not present on
the system. Similarly, the sixth and the seventh rules check for the
flex and bison package and remove them if they are installed on the
system.
We should note that be aware and careful when using automated package
management tools such as yum, apt-get, yast2, etc
to remove package with non-interactive option which is necessary
within cfengine to avoid interactive prompts, will also remove
everything that depends on that package, which can come as quite a
tragedy.
Best practice is to alway test using non-interactive option before using as your RemoveCommand to see what you are getting into or another approach is to use another commands that let you explicit about removing dependent packages, for instace: ‘rpm -e’ or ‘dpkg -r"’.
Upgrade takes a match against what's already installed.
Basically, install will take any machine and `converge' it to having
the newer version of the package, even if the package was not
installed before. Thus, think of install as `install or upgrade'.
(Very important: this is the way that rpm, dpkg, and
portage support work. Install for freebsd/sun doesn't do
upgrades too, just installs.)
Upgrade, on the other hand, means `upgrade only if the package has been installed before'. The version and comparison are used to specify version numbers you want upgraded.
That leaves us with two options: e.g.
htop action=install version=0.7-1.el4.rf cmp=eq
Any host that does not have htop 0.7 installed will install the most recent version of the repository. This means if the version upstream is .8, it's going to keep reinstalling .8 every time because its not .7! Use ‘cmp=ge’ to prevent these re-installations.
htop action=install version=0.7-1.el4.rf cmp=lt
Any host that is found with a version less-than 0.7 will have it upgraded to whatever version is available in the repository
In summary: most of the time you want install. Upgrading is
usually for security fixes to dependencies that are only installed on
some hosts. For instance, if libpng has a security
vulnerability and you don't want to do make class based on ORing any
package that has libpng as a dependency, then just perform an
‘upgrade’ to the any class and it will only be applied on hosts that
already have libpng installed due to the semantics.