Forum: Cfengine Help Subject: Advice on using package promises Author: jgreer Link to topic: https://cfengine.com/forum/read.php?3,22672,22672#msg-22672
I am under a deadline to get package management policy working in Cfengine 3 and would like some advice from the community and developers. Our most urgent business need is for installation, via Red Hat and in-house yum repos, of specific versions of RPMs. It's important that this policy is able to install (make a request of the package manager for!) a specific version, regardless of whether an earlier version of the package is installed. Ideally that could be contained within one promise rather than an "add" promise and an "update" promise (I believe that this is what package_policy "addupdate" aims to accomplish?). Version comparators appear to be broken in the version I'm using (3.1.2) - I think I'm running up against this bug: https://cfengine.com/bugtracker/view.php?id=562. "add" promises succeed in installing the explicit version of the packages I've requested but are effectively ignorant of the package version. An "add" promise for wireshark-1.0.15 will install 1.0.15 if wireshark is not installed; it's a no-op if 1.0.11 is installed. Promises against package_policy "update" fire on every agent run, regardless of whether the requested package+version are installed. So, I am considering using the following policy until the version comparison bug is fixed: bundle agent pkgmgttst { packages: "wireshark-1.0.15" package_policy => "add", package_method => yum_rpm_exact, package_select => "=="; "wireshark-1.0.15" package_policy => "update", package_method => yum_rpm_exact, package_select => "=="; } body package_method yum_rpm_exact { package_changes => "individual"; package_list_command => "/bin/rpm -qa --qf '%{name} %{version} %{arch}\n'"; package_list_name_regex => "^(\S+?)\s\S+?\s\S+$"; package_list_version_regex => "^\S+?\s(\S+?)\s\S+$"; package_list_arch_regex => "^\S+?\s\S+?\s(\S+)$"; package_installed_regex => ".*"; package_name_convention => "$(name)-$(version)"; package_version_regex => "[^-]+-(.*)"; package_name_regex => "([^-]+).*"; package_add_command => "/usr/bin/yum -y install"; package_update_command => "/usr/bin/yum -y update"; package_delete_command => "/bin/rpm -e --allmatches"; package_verify_command => "/bin/rpm -V"; } Does anyone have a better solution? I don't like the duplication of intent, nor that the update promise always fires, but it will meet our two most pressing needs (install wireshark-1.0.15 if wireshark isn't installed; attempt to update it to 1.0.15 if a different version is installed). Or is there a fix planned in the near future for comparators? If bugfixes are coming soon, I'd prefer not to put this workaround in place. Thanks, -Jessica _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
