Hi, I''m thinking about Package { ensure => "latest", } in my site.pp. However I''d like to be in control on when puppet actually updates packages. One option I see would be to mirror the package repository from my upstream distro (just managing debian at the moment but I guess RH and others also have an option of mirroring yum and then just update after testing the packages). So I could use reprepro to mirror the stable tree of debian make that my internal_testing and just propagate to internal_stable when I''m done with testing. Since that uses quite some storage I''d rather like to have some option of still using >>ensure => "latest",<< but only on triggered runs (puppetrun is configured). Any options you see besides mirroring upstream packages and doing internal propagation from testing to what I consider stable? thanks martin -- http://www.xing.com/profile/Martin_Marcher http://marcher.it You are not free to read this message, by doing so, you have violated my licence and are required to urinate publicly. Thank you. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
hello,> Hi Martin, we''re trying to achieve exactly the same thing here (see > previous posts in the last couple of weeks from me) and the answer > appears to be "maintain your own repo that has all the packages that > you want to install, then use ''ensure => latest''". > > I''m looking into writing my own plugin/module for puppet that will > allow fine-grained control over the package management however as I''m > only just learning ruby, it could take a while! :o)As an exercise in learning ruby and puppet I wrote a simple lookup method using CSV files after someone on IRC suggested something, the basic idea is: package{"zsh": ensure => hostlookup($name, "present") } this will lookup against a CSV file values for the host this gets executed against: your.box.com,zsh,latest or you.box.com,zsh,1.0 if nothing is present in the file, it simply returns "present" meaning it will install whats available but not do anything automagically when updating. This should give you the flexibility to at least manage updates going out a bit closer, you can keep current repos but decide when to push out a specific version to all your machines. I don''t use this in my environment - as I said I was more after learning how to write parser functions - but the code might at least give you a place to start from, shout if this sounds like something you might find useful and I can put the code up somewhere. -- R.I.Pienaar --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Am 29.07.2008 um 10:56 schrieb Martin:> I''m thinking about > > Package { > ensure => "latest", > } > > in my site.pp. However I''d like to be in control on when puppet > actually updates packages. One option I see would be to mirror the > package repository from my upstream distro (just managing debian at > the moment but I guess RH and others also have an option of mirroring > yum and then just update after testing the packages). > > So I could use reprepro to mirror the stable tree of debian make that > my internal_testing and just propagate to internal_stable when I''m > done with testing. Since that uses quite some storage I''d rather like > to have some option of still using >>ensure => "latest",<< but only on > triggered runs (puppetrun is configured). > > Any options you see besides mirroring upstream packages and doing > internal propagation from testing to what I consider stable?Wouldn''t that be possible with tags? Say you have: package { "somesoft": ensure => "present", tag => "production"; "somesoft": ensure => "latest", tag => "update-somesoft"; } I haven''t tested it and am aware that puppet would complain about somesoft being managed twice, so you''d need to tweak it with some ''name =>'' stuff. Second caveat: you can''t define that with a ''Package {}" in the site.pp, a define might work though. BR, Felix Schäfer --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
This may not be exactly what you''re trying to accomplish, but it might spark some ideas. We''re a Debian shop, and we do have an internal mirror that most machines pull from, but we still have machines that pull directly from the net, as I believe you desire. To manage this, I''ve setup weekly cron jobs (via puppet of course) that first updates the package list then does a dry run upgrade. The output is then emailed to me so I can decide when I might want to actually perform the upgrade. To perform the upgrade, the unattendedupgrade package has been installed and is run when the appropriate file (manged via puppet) is touched on the puppetmaster. The class file follows. Hope this helps. - Jeff class unattendedupgrade { file { "/etc/update_initiator": backup => false, source => $hardwarenode_name ? { openvz01 => "puppet:///unattendedupgrade/update_initiator.openvz01", openvz02 => "puppet:///unattendedupgrade/update_initiator.openvz02", default => "puppet:///unattendedupgrade/update_initiator.default", } } exec { unattendedupgrade_default: command => "aptitude -q=2 -y update && /usr/bin/unattended-upgrade && /usr/local/bin/apt_upgrade_status.sh", logoutput => false, refreshonly => true, subscribe => File["/etc/update_initiator"], require => Package["unattended-upgrades"], } package { "unattended-upgrades": provider => aptitude, ensure => present, } } Martin wrote:> Hi, > > I''m thinking about > > Package { > ensure => "latest", > } > > in my site.pp. However I''d like to be in control on when puppet > actually updates packages. One option I see would be to mirror the > package repository from my upstream distro (just managing debian at > the moment but I guess RH and others also have an option of mirroring > yum and then just update after testing the packages). > > So I could use reprepro to mirror the stable tree of debian make that > my internal_testing and just propagate to internal_stable when I''m > done with testing. Since that uses quite some storage I''d rather like > to have some option of still using >>ensure => "latest",<< but only on > triggered runs (puppetrun is configured). > > Any options you see besides mirroring upstream packages and doing > internal propagation from testing to what I consider stable? > > thanks > martin >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
2008/7/29 Martin <martin@marcher.name>:> > Hi, > > I''m thinking about > > Package { > ensure => "latest", > } >So one problem I see with this is that you will only be updating the packages that are directly included in your manifests and those they depend on. You might end up getting a false sense that your system is running the current software when infact there are some stray packages that haven''t been updated. I think a better approach is to control your own repository and just do system wide updates when it is appropiate to. .r'' --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Tue, Jul 29, 2008 at 10:55 AM, RijilV <rijilv@gmail.com> wrote:> > 2008/7/29 Martin <martin@marcher.name>: >> >> Hi, >> >> I''m thinking about >> >> Package { >> ensure => "latest", >> } >> > > So one problem I see with this is that you will only be updating the > packages that are directly included in your manifests and those they > depend on. You might end up getting a false sense that your system is > running the current software when infact there are some stray packages > that haven''t been updated. > > I think a better approach is to control your own repository and just > do system wide updates when it is appropiate to. > > .r''I tend to agree with this approach. It is basically the right tool for the right job thinking. Puppet is awesome at making sure your network and server infrastructure is setup and in place like you want it. It is not so hot on things that do rapid dynamic changes nor should it really be. Likewise puppet is a terrible backup/restore solution by itself, but is an excellent part of the toolset you need to have, to be able to quickly over haul or restore parts of your infrastructure. I use puppet to maintain my repos and tell the server/clients where to find the repos and to tell the distro supplied tools how often and when to do the updates. this has the add bonus of letting me use the distro built systems for things like pinning, or excluscions. Evan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---