Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2103

As a policy writer I would like the ability to select the specific module used by a package_module body

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 3.7.0, 3.7.4
    • Fix Version/s: None
    • Component/s: Promise type: packages
    • Labels:

      Description

      Currently package_module body names are required to exactly match a module found in $(sys.workdir)/modules/packages. This leads to overhead for either managing symlinks to modules or duplication of code.

      In order to avoid this management overhead I would like the ability to set a "module_name" or a "module_path" attribute in a package_module body so that different sets of attributes can be used with the same package_module without having to duplicate the module itself.

      The attribute could default to the name of the package_module body.

      Example:

      body package_module apt_get
      {
          query_installed_ifelapsed => "240";
      }
      
      body package_module apt_get_update
      {
          query_installed_ifelapsed => "1";
          module => "apt_get"; # The name of the implementation as found in $(sys.workdir)/modules/packages
      }
      
      body package_module yum_enable_all_repos
      {
        module => "$(sys.workdir)/modules/packages/yum"; # Might be nice to be able to specify full path to module
        default_options => { "enablerepos=.*" };
      }
      

      Example use case: Inventory package updates with some repository enabled that is not enabled by default for packages promises.

      OK, lets pretend that the yum package module supports the enablerepo and disablerepo options.

      I want Mission Portal to show me inventory for package updates with enablerepo=updates since the updates repo contains package updates. For example yum --enablerepo=updates --check-updates.

      I want any packages promise that uses the yum package module to NOT enable the updates repo. For example yum upgrade httpd (note that --enablerepo is not used).

      In order to set the default inventory to be reported with the repository enabled I believe I would do something like this:

      body common control
      {
            package_inventory => { "yum" };
      }
      body package_module yum
      {
        default_options => { "enablerepo=updates"};
      }
      

      However if I do that, all packages promises will have the updates repository enabled by default. In order to avoid installing from update repositories I would have to override the options on each individual packages promise. For example:

      bundle agent exmaple
      {
        packages:
            "httpd"
              policy => "latest",
              options => { "disablerepo=updates" };
      }
      

      I believe that in order to get inventory that includes data from the updates repository but not have that applied in the default case I will have to specify a separate package_module that can have different default_options. For example:

      body common control
      {
            package_inventory => { "yum_enable_updates" };
      }
      body package_module yum_enable_updates
      {
        default_options => { "enablerepo=updates"};
      }
      

      Since the package_module is expected to have an identical name to a module that exists in $(sys.workdir)/modules/packages I will have to at minimum make a symlink to the yum module (because there is no yum_enable_updates module).

      With that configuration I would expect that the inventory collected by Mission Portal would be only from yum_enable_updates. And the updates repository would not be enabled for my normal packages promises, for example:

      bundle agent exmaple
      {
        packages:
            "httpd"
              policy => "latest";
            # Safe, since it wont be using the updates repo,
            # host expected to point to some point release repo
            # like centos 6.5 so latest would only be whatever
            # version was released with centos 6.5
      }
      

      Note: For this use case, it may be preferable to set fairly low query timeouts for the inventory pacakge_method body so that there are not apparent sync issues between packages installed and package updates available. For example, when a package_method body is used only for inventory, it will only refresh the packages installed based on the expiration of the lock if no packages promise using that package_method makes a change to the system. Similarly after having a package updated by a different package_method the updates available may lag behind unless the query_updates_ifelapsed value is set to a low value.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vpodzime Vratislav Podzimek
                Reporter:
                a10042 Nick Anderson
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel