Puppet users - Mar 2010 - Changing multiple files

Hello,

I am trying to check for each enabled repo in /etc/yum.repos.d/ that
the gpgcheck  is set to 1.  I wanted to do this with Augeas, but I
cant seem to get it to work.  I tried something like the following but
it does not work.

       augeas{ "/etc/yum.repos.d-gpgcheck" :
                context => "match /files/etc/yum.repos.d//*[enabled
=''1'']",
                changes => "set gpgcheck 1",
        }


Anyone have any ideas on how to accomplish this?

Thank you
John Searles

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Mar 23, 2010 at 10:21 AM, jsearles <jsearles@gmail.com> wrote:
> Hello,
>
> I am trying to check for each enabled repo in /etc/yum.repos.d/ that
> the gpgcheck  is set to 1.  I wanted to do this with Augeas, but I
> cant seem to get it to work.  I tried something like the following but
> it does not work.
>
>       augeas{ "/etc/yum.repos.d-gpgcheck" :
>                context => "match /files/etc/yum.repos.d//*[enabled
> =''1'']",
>                changes => "set gpgcheck 1",
>        }
>
>
> Anyone have any ideas on how to accomplish this?
>
Hi John,

Have you seen this...
http://docs.reductivelabs.com/references/stable/type.html#yumrepo ?

You may want to manage all yum repos with puppet and use
''purge'' to remove
repos that aren''t puppet managed (that are user created outside of
Puppet),
making sure you include the repos you need from the distribution.


--Michael

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thanks for the suggestion Michael, but I am not able to control what
yum repos are in the directory.  This is more of a check to make sure
if a repo is there and is enabled that the gpgcheck is also enabled.

John

On Mar 23, 4:08 pm, Michael DeHaan <mich...@reductivelabs.com>
wrote:
> On Tue, Mar 23, 2010 at 10:21 AM, jsearles <jsear...@gmail.com>
wrote:
> > Hello,
>
> > I am trying to check for each enabled repo in /etc/yum.repos.d/ that
> > the gpgcheck  is set to 1.  I wanted to do this with Augeas, but I
> > cant seem to get it to work.  I tried something like the following but
> > it does not work.
>
> >       augeas{ "/etc/yum.repos.d-gpgcheck" :
> >                context => "match
/files/etc/yum.repos.d//*[enabled
> > =''1'']",
> >                changes => "set gpgcheck 1",
> >        }
>
> > Anyone have any ideas on how to accomplish this?
>
> Hi John,
>
> Have you seen
this...http://docs.reductivelabs.com/references/stable/type.html#yumrepo?
>
> You may want to manage all yum repos with puppet and use
''purge'' to remove
> repos that aren''t puppet managed (that are user created outside of
Puppet),
> making sure you include the repos you need from the distribution.
>
> --Michael
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Mar 23, 2010 at 5:03 PM, jsearles <jsearles@gmail.com> wrote:
> Thanks for the suggestion Michael, but I am not able to control what
> yum repos are in the directory.  This is more of a check to make sure
> if a repo is there and is enabled that the gpgcheck is also enabled.
>
> John
>

Ok, I don''t know enough about augeas details to say whether it can
wildcard
multiple files like that.

However, yum.conf does allow you to set the global default for gpgcheck in
yum.conf, which while it doesn''t prove someone didn''t disable
gpgcheck, is
still a good idea.

If you''re allowing folks to install their own files in yum.repos.d,
then
it''s still possible for them to install packages with gpgcheck=0 in
between
Puppet runs.    I assume that''s probably for a desktop user kind of
case, in
server land, I''d be worried if I didn''t know what repos a
machine was
attached to, because I might be getting a newer/different version of a
package.  For instance, sometimes versions in a repo like freshrpms/dag/etc
will sometimes override something in OS base with an incompatible version
(and a higher package version).   If you don''t know which ones you are
installing that sometimes can cause problems.    More reason to manage them
all by Puppet if you can, and locally mirror what content you want to roll
out (use yumdownloader to do selective mirroring versus a full reposync, if
pulling content from those repositories).   Sorry for the tangent :)

Probably a good question for augeas-devel.

--Michael

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.