On Tue, Mar 23, 2010 at 5:03 PM, jsearles <[email protected]> wrote:
> Thanks for the suggestion Michael, but I am not able to control what > yum repos are in the directory. This is more of a check to make sure > if a repo is there and is enabled that the gpgcheck is also enabled. > > John > Ok, I don't know enough about augeas details to say whether it can wildcard multiple files like that. However, yum.conf does allow you to set the global default for gpgcheck in yum.conf, which while it doesn't prove someone didn't disable gpgcheck, is still a good idea. If you're allowing folks to install their own files in yum.repos.d, then it's still possible for them to install packages with gpgcheck=0 in between Puppet runs. I assume that's probably for a desktop user kind of case, in server land, I'd be worried if I didn't know what repos a machine was attached to, because I might be getting a newer/different version of a package. For instance, sometimes versions in a repo like freshrpms/dag/etc will sometimes override something in OS base with an incompatible version (and a higher package version). If you don't know which ones you are installing that sometimes can cause problems. More reason to manage them all by Puppet if you can, and locally mirror what content you want to roll out (use yumdownloader to do selective mirroring versus a full reposync, if pulling content from those repositories). Sorry for the tangent :) Probably a good question for augeas-devel. --Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
