Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , , , , ,
Tasks:
- yum
Start using this module
Add this module to your Puppetfile:
mod 'puppet-yum', '7.2.0'
Learn more about managing modules with a PuppetfileDocumentation
Yum
Module description
This module provides helpful definitions for dealing with yum.
Requirements
Module has been tested on:
- Puppet 4.10.9 and newer
- CentOS 7,8
- Amazon Linux 2017
- RHEL 7
- Fedora 35,36
For the official list of all tested distributions, please take a look at the metadata.json.
Usage
Manage global Yum configuration via the primary class
class { 'yum':
keep_kernel_devel => false|true,
clean_old_kernels => false|true,
config_options => {
my_cachedir => {
ensure => '/home/waldo/.local/yum/cache',
key => 'cachedir',
},
gpgcheck => true,
debuglevel => 5,
assumeyes => {
ensure => 'absent',
},
},
},
}
NOTE: The config_options
parameter takes a Hash where keys are the names of
Yum::Config
resources and the values are either the direct ensure
value
(gpgcheck
or debuglevel
in the example above), or a Hash of the resource's
attributes (my_cachedir
or assumeyes
in the example above). Values may be
Strings, Integers, or Booleans. Booleans will be converted to either a 1
or
0
; use a quoted string to get a literal true
or false
.
If installonly_limit
is changed, purging of old kernel packages is triggered
if clean_old_kernels
is true
.
Manage yum.conf entries via defined types
yum::config { 'installonly_limit':
ensure => 2,
}
yum::config { 'debuglevel':
ensure => absent,
}
Manage COPR repositories
This module also supports managing
COPR (Cool Other Package Repo)
repositories via the yum::copr
resource. The resource title specifies
the COPR repository name, and ensure
accepts the values enabled
, disabled
or removed
. Example usage:
yum::copr { 'copart/restic':
ensure => enabled,
}
Please note that repositories added this way are not managed via yumrepo
resources, but enabled and disabled via native package manager commands. As such, they would be purged by a declaration such as:
resources { 'yumrepo':
purge => true,
}
However, you can use modules such as crayfishx-purge to exclude these resources from purging:
purge { 'yumrepo':
unless => [ 'name', '=~', 'copr:.*' ],
}
Manage a custom repo via Hiera data
Using Hiera and automatic parameter lookup (APL), this module can manage
Yumrepos. The repos
parameter takes a hash of hashes, where the first-level
keys are the Yumrepo
resource names and their value hashes contain parameters
and values to feed into the resource definition. On its own, the repos
parameter does nothing. The resource names from the hash must be selected via
the managed_repos
parameter. This example defines a custom repo.
First, include the class.
include 'yum'
In Hiera data, add the name of the repo to the yum::managed_repos
key (an
Array), and define the repo in the yum::repos
key:
---
yum::managed_repos:
- 'example_repo'
yum::repos:
example_repo:
ensure: 'present'
enabled: true
descr: 'Example Repo'
baseurl: 'https://repos.example.com/example/'
gpgcheck: true
gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Example'
You can include gpgkeys in yaml as well, and if the key filename matches a gpgkey from a mananged repo, it will be included. For example a gpg key for the repo above could look like:
---
yum::gpgkeys:
/etc/pki/rpm-gpg/RPM-GPG-KEY-Example:
content: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB
OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm
(SNIP SEVERAL LINES)
RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw==
=hdPa
-----END PGP PUBLIC KEY BLOCK-----
... or
---
yum::gpgkeys:
/etc/pki/rpm-gpg/RPM-GPG-KEY-Example:
source: puppet:///repos/RPM-GPG-KEY-Example
Enable management of one of the pre-defined repos
This module includes several pre-defined Yumrepos for easy management. This example enables management of the EPEL repository using its default settings.
NOTE: This only works if the data for the repository is included with the
module. Please see the /data
directory of this module for a list of available
repos.
include 'yum'
---
yum::managed_repos:
- 'epel'
Enable management of one of the pre-defined repos AND modify its settings
Here the Extras repository for CentOS is enabled and its settings are modified.
Because the repos
parameter uses a deep merge strategy when fed via automatic
parameter lookup (APL), only the values requiring modification need be defined.
To clear a value set below (from default repos, or lower in the hierarchy), pass
it the knockout prefix, --
. This will blank out the value.
---
yum::managed_repos:
- 'extras'
yum::repos:
extras:
enabled: true
baseurl: 'https://myrepo.example.com/extras'
gpgcheck: false
gpgkey: '--'
The built-in repos by default have data in mirrorlist
, but baseurl
is
undefined. Using the knockout prefix won't work with mirrorlist
, as it
requires a valid URL or the value absent
.
In case of Puppet 5, you can find more information in the Puppet docs. Since Puppet 6, this resource type has been moved to the puppetlabs/yumrepo_core module.
---
yum::managed_repos:
- 'extras'
yum::repos:
extras:
enabled: true
baseurl: 'https://mirror.example.com/extras'
mirrorlist: 'absent'
Enable managemnt of multiple repos
The managed_repos
parameter uses the unique
Hiera merge strategy, so it's
possible to define repos to be managed at multiple levels of the hierarchy. For
example, given the following hierarchy and the following two yaml files, the
module would receive the array ['base', 'extras', 'debug']
.
---
hierarchy:
- name: 'Common'
paths:
- "%{trusted.certname}"
- 'common.yaml'
---
# node01
yum::managed_repos:
- 'base'
- 'debug'
# common
yum::managed_repos:
- 'base'
- 'extras'
Negate previously enabled repos
The repo_exclusions
parameter is used to exclude repos from management. It
is mainly useful in complex Hiera hierarchies where repos need to be removed
from a baseline. Here we define a baseline set of repos in common.yaml
, but
disable one of them for a specific node.
---
hierarchy:
- name: 'Common'
paths:
- "%{trusted.certname}"
- 'common.yaml'
---
# node01
yum::repo_exclusions:
- 'updates' #yolo
---
# common
yum::managed_repos:
- 'base'
- 'updates'
- 'extras'
Enable management of the default OS Yumrepos
This module includes the boolean helper parameter manage_os_default_repos
easily select select OS repos. It uses module data to add the appropriate repos
to the managed_repos
parameter based on OS facts. Just like adding them
manually, they can be negated via the repo_exclusions
parameter.
NOTE: This only works for operating systems who's Yumrepos are defined in the module's data AND who's default repos are defined in the module's data.
On a CentOS 7 machine these two snippets are functionally equivalent.
class { 'yum':
manage_os_default_repos => true,
}
class { 'yum':
managed_repos => [
'base',
'updates',
'extras',
'centosplus',
'base-source',
'updates-source',
'extras-source',
'base-debuginfo',
'centos-media',
'cr',
]
}
Add/remove a GPG RPM signing key using an inline key block
yum::gpgkey { '/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-smoketest1':
ensure => present,
content => '-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----',
}
Add/remove a GPG RPM signing key using a key stored on a Puppet fileserver
yum::gpgkey { '/etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org':
ensure => present,
source => 'puppet:///modules/elrepo/RPM-GPG-KEY-elrepo.org',
}
Install or remove yum plugin
yum::plugin { 'versionlock':
ensure => present,
}
Lock a package with the versionlock plugin
The versionlock
type changed between CentOS 7 and CentOS 8.
CentOS 7 and older
Locks explicitly specified packages from updates. Package name must be precisely
specified in format EPOCH:NAME-VERSION-RELEASE.ARCH
. Wild card in package
name is allowed provided it does not span a field seperator.
yum::versionlock { '0:bash-4.1.2-9.el6_2.*':
ensure => present,
}
Use the following command to retrieve a properly-formated string:
PACKAGE_NAME='bash'
rpm -q "$PACKAGE_NAME" --qf '%|EPOCH?{%{EPOCH}}:{0}|:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n'
To run a yum clean all
after the versionlock file is updated.
class{'yum::plugin::versionlock':
clean => true,
}
yum::versionlock { '0:bash-4.1.2-9.el6_2.*':
ensure => present,
}
Note the CentOS 8 mechansim can be used if the parameter
version
is also set to anything other than the default undef
. This allows
common code to be used on CentOS 7 and 8 if the new style is used.
CentOS 8 and newer
Specify some of the version, release, epoch and arch values as parameters.
yum::versionlock{'bash':
ensure => present,
version => '4.1.2',
release => '9.el8.2.*',
epoch => 0,
arch => 'x86_64',
}
Run a post transaction command
Specify a command to run after transactions of packages.
yum::post_transaction_action{'touch_file':
key => 'openssh-*',
command => 'touch /tmp/openssh-package-updated',
}
Install or remove yum package group
Install yum package groups. To list groups: yum group list
. Then use
that name in your puppet manifest. With support for install_options (e.g. enable
repos if disabled by default).
yum::group { 'X Window System':
ensure => present,
timeout => 600,
install_options => ['--enablerepo=*'];
}
Install or remove packages via yum install
This is a workaround for PUP-3323. It enables the installation of packages
from non-repo sources while still providing dependency resolution. For example,
say there is a package foo that requires the package bar. bar is in a Yum
repository and foo is stored on a stand-alone HTTP server. Using the standard
providers for the Package
resource type, rpm
and yum
, the rpm
provider
would be required to install foo, because only it can install from a non-repo
source, i.e., a URL. However, since the rpm
provider cannot do dependency
resolution, it would fail on its own unless bar was already installed. This
workaround enables foo to be installed without having to define its
dependencies in Puppet.
From URL:
yum::install { 'package-name':
ensure => present,
source => 'http://example.com/path/to/package/filename.rpm',
}
From local filesystem:
yum::install { 'package-name':
ensure => present,
source => 'file:///path/to/package/filename.rpm',
}
Reinstall if rpm-verify fails:
yum::install { 'package-name':
ensure => present,
source => 'file:///path/to/package/filename.rpm',
require_verify => true,
}
Please note that resource name must be same as installed package name.
Manage DNF modules streams
When changing from one enabled stream to another one, the provider runs
dnf module switch-to <Stream>
, which replaces all installed profiles from the DNF module. Bear the consequences in mind.
Enable default stream
dnf_module_stream { '<Module>':
stream => default,
}
Keep current enabled stream - if there isn't, enable default one
dnf_module_stream { '<Module>':
stream => present,
}
Enable a specific stream
dnf_module_stream { '<Module>':
stream => <Stream name>,
}
Disable stream (reset module)
dnf_module_stream { '<Module>':
stream => absent,
}
dnf_module_stream
resource versus dnfmodule
provider
DNF modules is a feature from yum
successor, dnf
, which allows easier and more robust selections of software versions and collections.
As of Aug 22, 2023, core Puppet package
resource dnfmodule
provider has some support for managing streams and profiles, but it has some issues:
- Setting stream is mandatory when (un)installing profiles - No way of just keeping currently enabled stream
- It only supports installing a single profile, despite the fact
dnf
supports multi-profile installations and there are use cases for that - Managing two things - streams setting and profile (un)installation - in the same resource invocation is inherently messy
One can fix 1 and 2, and add good docs to deal with 3. A compelling reason not to keep 1 and 3 is that a stream is a setting, not something one (un)installs. This makes it unsuitable for the package
resource which, in principle, should only (un)install stuff.
So, while one fix 2, this custom resource aims to fully and better replace dnfmodule
provider stream support.
Puppet tasks
The module has a puppet task that allows to run yum update
or yum upgrade
.
This task needs puppet agent installed on the remote.
Please refer to the Bolt documentation on how to execute a task.
$ bolt task show yum
yum - Allows you to perform yum functions
USAGE:
bolt task run --nodes <node-name> yum action=<value> [quiet=<value>]
PARAMETERS:
- action: Enum['update', 'upgrade']
Action to perform
- quiet: Optional[Boolean]
Run without output
Fedora partial support
Support for fedora is minimal at this time. The yum class can be included
without error and resources such as yum::group
can be managed. No repositories
or GPG keys are managed by default. Old kernel cleanup is known not to work, and
plugins may not work due to different package naming. Pull requests for
additional support would be welcomed.
This module was donated by CERIT Scientific Cloud, support@cerit-sc.cz to Vox Pupuli
Reference
Table of Contents
Classes
yum
: A class to install and manage Yum configuration.yum::clean
: A $(yum clean all) Exec to be notified if desired.yum::plugin::post_transaction_actions
: Class to install post_transaction pluginyum::plugin::versionlock
: This class installs versionlock pluginyum::settings
: Simple settings to use
Defined types
yum::config
: This definition manages yum.confyum::copr
: This definition manages Copr (Cool Other Package Repo) repositories.yum::gpgkey
: imports/deleted public GPG key for RPM. Key can be stored on Puppet's fileserver or as inline content.yum::group
: This definition installs or removes yum package group.yum::install
: Installs/removes rpms from local file/URL via yum install command.yum::plugin
: This definition installs Yum plugin.yum::post_transaction_action
: Creates post transaction configuratons for dnf or yum.yum::versionlock
: Locks package from updates.
Resource types
dnf_module_stream
: Manage DNF module streams
Functions
yum::bool2num_hash_recursive
: This functions converts the Boolean values of a Hash to Integers, either '0' or '1'. It does this recursively, decending as far as the langu
Data types
Yum::RpmArch
: Valid rpm architectures.Yum::RpmName
: Valid rpm name.Yum::RpmNameGlob
: Valid rpm name with globs.Yum::RpmRelease
: Valid rpm release fields.Yum::RpmVersion
: Valid rpm version fields.Yum::VersionlockString
: This type matches strings appropriate for use with yum-versionlock. Its basic format, using therpm(8)
query string format, is `%{EPOCH}:%{
Tasks
init
: Allows you to perform yum functions
Classes
yum
A class to install and manage Yum configuration.
Examples
Enable management of the default repos for a supported OS:
---
yum::manage_os_default_repos: true
Add Hiera data to disable management of the CentOS Base repo:
---
yum::manage_os_default_repos: true
yum::repo_exclusions:
- 'base'
Ensure the CentOS base repo is removed from the agent system(s):
---
yum::manage_os_default_repos: true
yum::repos:
base:
ensure: 'absent'
Add a custom repo:
---
yum::managed_repos:
- 'example_repo'
yum::repos:
example_repo:
ensure: 'present'
enabled: true
descr: 'Example Repo'
baseurl: 'https://repos.example.com/example/'
gpgcheck: true
gpgkey: 'file:///etc/pki/gpm-gpg/RPM-GPG-KEY-Example'
target: '/etc/yum.repos.d/example.repo'
Use a custom baseurl
for the CentOS Base repo:
---
yum::manage_os_default_repos: true
yum::repos:
base:
baseurl: 'https://repos.example.com/CentOS/base/'
mirrorlist: '--'
Install a couple of yum::group
s.
---
yum::groups:
'Development Tools':
ensure: present
'System Tools':
ensure: present
Parameters
The following parameters are available in the yum
class:
clean_old_kernels
keep_kernel_devel
config_options
repos
managed_repos
manage_os_default_repos
os_default_repos
repo_exclusions
gpgkeys
utils_package_name
groups
clean_old_kernels
Data type: Boolean
Whether or not to purge old kernel version beyond the keeponly_limit
.
Default value: true
keep_kernel_devel
Data type: Boolean
Whether or not to keep kernel devel packages on old kernel purge.
Default value: false
config_options
Data type: Hash[String, Variant[String, Integer, Boolean, Sensitive[String], Hash[String, Variant[String, Integer, Boolean, Sensitive[String]]]]]
A Hash where keys are the names of Yum::Config
resources and the values
are either the direct ensure
value, or a Hash of the resource's attributes.
@note Boolean parameter values will be converted to either a 1
or 0
; use a quoted string to
get a literal true
or false
. Sensitive value will disable the show_diff
.
Default value: {}
repos
Data type: Hash[String, Optional[Hash[String, Variant[String, Integer, Boolean]]]]
A hash where keys are the names of Yumrepo
resources and each value represents its respective
Yumrepo's resource parameters. This is used in conjunction with the managed_repos
parameter
to create Yumrepo
resources en masse. Some default data is provided for this using module
data. It is configured to deep merge with a knockout_prefix
of --
by default, so individual
parameters may be overriden or removed via global or environment Hiera data.
@note Boolean parameter values will be converted to either a 1
or 0
; use a quoted string to
get a literal true
or false
.
Default value: {}
managed_repos
Data type: Array[String]
An array of first-level keys from the repos
hash to include in the catalog. The module uses
this list to select Yumrepo
resources from the repos
hash for instantiation. Defaults are
set in the module's Hiera data.
@note This only indicates the managed state of the repos, the ensure
state must be managed
in the repos
data.
Default value: []
manage_os_default_repos
Data type: Boolean
Whether or not to add an operating system's default repos to the managed_repos
array.
@note This only works for operating systems with data in the module's data directory. Currently the module only contains data for for CentOS 6 & 7.
Default value: false
os_default_repos
Data type: Array[String]
A list of default repos to add to managed_repos
if manage_os_default_repos
is enabled.
Normally this should not be modified.
Default value: []
repo_exclusions
Data type: Array[String]
An array of first-level keys from the repos
hash to exclude from management via this module.
Values in this array will be subtracted from the managed_repos
array as a last step before
instantiation.
Default value: []
gpgkeys
Data type: Hash[String, Hash[String, String]]
A hash of yum::gpgkey types, which will be automatically included if they are referenced by a managed_repo. This will use the same merging behavior as repos.
Default value: {}
utils_package_name
Data type: String
Name of the utils package, e.g. 'yum-utils', or 'dnf-utils'.
Default value: 'yum-utils'
groups
Data type: Stdlib::CreateResources
A hash of yum::group instances to manage.
Default value: {}
yum::clean
A $(yum clean all) Exec to be notified if desired.
yum::plugin::post_transaction_actions
Class to install post_transaction plugin
- See also
- https://dnf-plugins-core.readthedocs.io/en/latest/post-transaction-actions.html
- DNF Post Transaction Items
- https://dnf-plugins-core.readthedocs.io/en/latest/post-transaction-actions.html
Examples
Enable post_transaction_action plugin
class{'yum::plugin::post_transaction_actions':
ensure => present,
}
Parameters
The following parameters are available in the yum::plugin::post_transaction_actions
class:
ensure
Data type: Enum['present', 'absent']
Should the post_transaction actions plugin be installed
Default value: 'present'
yum::plugin::versionlock
This class installs versionlock plugin
Examples
Sample usage:
class { 'yum::plugin::versionlock':
ensure => present,
}
Parameters
The following parameters are available in the yum::plugin::versionlock
class:
ensure
Data type: Enum['present', 'absent']
specifies if versionlock should be present or absent
Default value: 'present'
clean
Data type: Boolean
specifies if yum clean all should be called after edits. Defaults false.
Default value: false
path
Data type: String
filepath for the versionlock.list, default based on your system.
yum::settings
Simple settings to use
Parameters
The following parameters are available in the yum::settings
class:
mainconf
Data type: Enum['/etc/yum.conf','/etc/dnf/dnf.conf']
Augeas location of the dnf or yum configuration file. The default is set into hiera according to the package_provider being yum or dnf.
Defined types
yum::config
This definition manages yum.conf
Examples
configure installonly limit
yum::config { 'installonly_limit':
ensure => 2,
}
remove a configuration
yum::config { 'debuglevel':
ensure => absent,
}
Parameters
The following parameters are available in the yum::config
defined type:
ensure
Data type: Variant[Boolean, Integer, Enum['absent'], String, Sensitive[String]]
specifies value or absent keyword
key
Data type: String
alternative conf. key (defaults to name)
Default value: $title
yum::copr
This definition manages Copr (Cool Other Package Repo) repositories.
Examples
add and enable COPR restic repository
yum::copr { 'copart/restic':
ensure => 'enabled',
}
Parameters
The following parameters are available in the yum::copr
defined type:
copr_repo
Data type: String
Name of repository, defaults to title.
Default value: $title
manage_prereq_plugin
Data type: Boolean
Wheter required plugin for dnf/yum should be installed by this resource.
Default value: true
ensure
Data type: Enum['enabled', 'disabled', 'removed']
Specifies if repo should be enabled, disabled or removed.
Default value: 'enabled'
yum::gpgkey
imports/deleted public GPG key for RPM. Key can be stored on Puppet's fileserver or as inline content.
Examples
Sample usage:
yum::gpgkey { '/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-smoketest1':
ensure => 'present',
content => '-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----';
}
Parameters
The following parameters are available in the yum::gpgkey
defined type:
path
Data type: String
alternative file location (defaults to name)
Default value: $name
ensure
Data type: Enum['present', 'absent']
specifies if key should be present or absent
Default value: 'present'
content
Data type: Optional[String]
the actual file content
Default value: undef
source
Data type: Optional[String]
source (e.g.: puppet:///)
Default value: undef
owner
Data type: String
file owner
Default value: 'root'
group
Data type: String
file group
Default value: 'root'
mode
Data type: String
file mode
Default value: '0644'
yum::group
This definition installs or removes yum package group.
Examples
Sample usage:
yum::group { 'X Window System':
ensure => 'present',
}
Parameters
The following parameters are available in the yum::group
defined type:
ensure
Data type: Enum['present', 'installed', 'latest', 'absent', 'purged']
specifies if package group should be present (installed) or absent (purged)
Default value: 'present'
timeout
Data type: Optional[Integer]
exec timeout for yum groupinstall command
Default value: undef
install_options
Data type: Array[String[1]]
options provided to yum groupinstall command
Default value: []
yum::install
Installs/removes rpms from local file/URL via yum install command.
- Note This can be better than using just the rpm provider because it will pull all the dependencies.
Examples
Sample usage:
yum::install { 'epel-release':
ensure => 'present',
source => 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm',
}
Parameters
The following parameters are available in the yum::install
defined type:
source
Data type: String
file or URL where RPM is available
ensure
Data type: Enum['present', 'installed', 'absent', 'purged']
the desired state of the package
Default value: 'present'
timeout
Data type: Optional[Integer]
optional timeout for the installation
Default value: undef
require_verify
Data type: Boolean
optional argument, will reinstall if rpm verify fails
Default value: false
yum::plugin
This definition installs Yum plugin.
Examples
Sample usage:
yum::plugin { 'versionlock':
ensure => 'present',
}
Parameters
The following parameters are available in the yum::plugin
defined type:
ensure
Data type: Enum['present', 'absent']
specifies if plugin should be present or absent
Default value: 'present'
pkg_prefix
Data type: Optional[String]
the package prefix for the plugins
Default value: undef
pkg_name
Data type: Optional[String]
the actual package name
Default value: undef
yum::post_transaction_action
Creates post transaction configuratons for dnf or yum.
- See also
- https://dnf-plugins-core.readthedocs.io/en/latest/post-transaction-actions.html
- DNF Post Transaction Items
- https://dnf-plugins-core.readthedocs.io/en/latest/post-transaction-actions.html
Examples
Touch a file when ssh is package is updated, installed or removed.
yum::post_transaction_action{'touch file on ssh package update':
key => 'openssh-*',
state => 'any',
command => 'touch /tmp/openssh-installed',
}
Parameters
The following parameters are available in the yum::post_transaction_action
defined type:
action
Data type: String[1]
Name variable a string to label the rule
Default value: $title
key
Data type: Variant[Enum['*'],Yum::RpmNameGlob,Stdlib::Unixpath]
Package name, glob or file name file glob.
state
Data type: Enum['install', 'update', 'remove', 'any', 'in', 'out']
Can be install
, update
, remove
or any
on YUM based systems.
Can be in
, out
or any
on DNF based systems.
Default value: 'any'
command
Data type: String[1]
The command to run
yum::versionlock
Locks package from updates.
-
Note The resource title must use the format By default on CentOS 7 the following format is used. "%{EPOCH}:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}". This can be retrieved via the command `rpm -q --qf '%{EPOCH}:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}'. If "%{EPOCH}" returns as '(none)', it should be set to '0'. Wildcards may be used within token slots, but must not cover seperators, e.g., '0:bsh-4.1.2-9.' covers Bash version 4.1.2, revision 9 on all architectures. By default on CentOS 8 and newer the resource title to just set the package name. If a version is set on CentOS 7 then it behaves like CentOS 8
-
See also
Examples
Sample usage on CentOS 7
yum::versionlock { '0:bash-4.1.2-9.el7.*':
ensure => present,
}
Sample usage on CentOS 8
yum::versionlock { 'bash':
ensure => present,
version => '4.1.2',
release => '9.el8',
epoch => 0,
arch => 'noarch',
}
Sample usage on CentOS 7 with new style version, release, epoch, name parameters.
yum::versionlock { 'bash':
ensure => present,
version => '3.1.2',
release => '9.el7',
epoch => 0,
arch => 'noarch',
}
Parameters
The following parameters are available in the yum::versionlock
defined type:
ensure
Data type: Enum['present', 'absent', 'exclude']
Specifies if versionlock should be present
, absent
or exclude
.
Default value: 'present'
version
Data type: Optional[Yum::RpmVersion]
Version of the package if CentOS 8 mechanism is used. This must be set for dnf based systems (e.g CentOS 8). If version is set then the name var is assumed to a package name and not the full versionlock string.
Default value: undef
release
Data type: Yum::RpmRelease
Release of the package if CentOS 8 mechanism is used.
Default value: '*'
arch
Data type: Variant[Yum::RpmArch, Enum['*']]
Arch of the package if CentOS 8 mechanism is used.
Default value: '*'
epoch
Data type: Integer[0]
Epoch of the package if CentOS 8 mechanism is used.
Default value: 0
Resource types
dnf_module_stream
This type allows Puppet to enable/disable streams via DNF modules
Examples
Enable MariaDB default stream
dnf_module_stream { 'mariadb':
stream => default,
}
Enable MariaDB 10.5 stream
dnf_module_stream { 'mariadb':
stream => '10.5',
}
Disable MariaDB streams
dnf_module_stream { 'mariadb':
stream => absent,
}
Properties
The following properties are available in the dnf_module_stream
type.
stream
Valid values: present
, default
, absent
, %r{.+}
Module stream that should be enabled
String - Specify stream present - Keep current enabled stream if any, otherwise enable default one default - Enable default stream absent - No stream (resets module)
Parameters
The following parameters are available in the dnf_module_stream
type.
module
Valid values: %r{.+}
DNF module to be managed
provider
The specific backend to use for this dnf_module_stream
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
title
Valid values: %r{.+}
Resource title
Functions
yum::bool2num_hash_recursive
Type: Puppet Language
This functions converts the Boolean values of a Hash to Integers, either '0' or '1'. It does this recursively, decending as far as the language implemenation will allow. Note that Structs and Arrays will be ignored, even if they contain Hashes.
Examples
Usage
Hash $foo = {
bar => { 'a' => true, 'b' => 'b' },
baz => false,
qux => [{ 'c' => true }, { 'd' => false }],
}
yum::bool2num_hash_recursive($foo)
The above would return:
{
bar => { 'a' => 1, 'b' => 'b' },
baz => 0,
qux => [{ 'c' => true }, { 'd' => false }],
}
yum::bool2num_hash_recursive(Hash $arg)
This functions converts the Boolean values of a Hash to Integers, either '0' or '1'. It does this recursively, decending as far as the language implemenation will allow. Note that Structs and Arrays will be ignored, even if they contain Hashes.
Returns: Hash
Examples
Usage
Hash $foo = {
bar => { 'a' => true, 'b' => 'b' },
baz => false,
qux => [{ 'c' => true }, { 'd' => false }],
}
yum::bool2num_hash_recursive($foo)
The above would return:
{
bar => { 'a' => 1, 'b' => 'b' },
baz => 0,
qux => [{ 'c' => true }, { 'd' => false }],
}
arg
Data type: Hash
The hash on which to operate
Data types
Yum::RpmArch
Output of rpm -q --queryformat '%{arch}\n' package
Alias of Enum['noarch', 'x86_64', 'i386', 'aarch64', 'arm', 'ppc64', 'ppc64le', 'sparc64', 'ia64', 'alpha', 'ip', 'm68k', 'mips', 'mipsel', 'mk68k', 'mint', 'ppc', 'rs6000', 's390', 's390x', 'sh', 'sparc', 'xtensa']
Yum::RpmName
Can be alphanumeric or contain .
_
+
%
{
}
-
.
Output of rpm -q --queryformat '%{name}\n package
Examples python36-foobar, netscape
Alias of Pattern[/\A([0-9a-zA-Z\._\+%\{\}-]+)\z/]
Yum::RpmNameGlob
Can be alphanumeric or contain .
_
+
%
{
}
-
*
.
Examples python36-, netscape
Alias of Pattern[/\A([*0-9a-zA-Z\._\+%\{\}-]+)\z/]
Yum::RpmRelease
It may not contain a dash.
Output of rpm -q --queryformat '%{release}\n' package
.
Examples 3.4 3.4.el6, 3.4.el6_2
Alias of Pattern[/\A([^-]+)\z/]
Yum::RpmVersion
It may not contain a dash.
Output of rpm -q --queryformat '%{version}\n' package
.
Examples 3.4, 2.5.alpha6
Alias of Pattern[/\A([^-]+)\z/]
Yum::VersionlockString
This type matches strings appropriate for use with yum-versionlock.
Its basic format, using the rpm(8)
query string format, is
%{EPOCH}:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}
. As a Regex, it
breaks down into five distinct parts, plus the seperators.
EPOCH: An unsigned integer type Yum::PackageEpoch = Regexp[/[0-9]*]+/]
NAME: Any valid package name (see https://github.com/rpm-software-management/rpm/blob/master/doc/manual/spec) type Yum::PackageName = Regexp[/[0-9a-zA-Z._+%{}*-]+/]
VERSION: Any valid version string. The only limitation here, according to the RPM manual, is that it may not contain a dash (-
).
type Yum::PackageVersion = Regexp[/[^-]+/]
RELEASE: Any valid release string. Only limitation is that it is not a dash (-
)
type Yum::PackageRelease = Regexp[/[^-]+/]
lint:ignore:140chars
ARCH: Matches a string such as el7.x86_64
. This is actuall two sub-expressions. See below.
type Yum::PackageArch = Regexp[/([0-9a-zZ-Z_*]+)(?:.(noarch|x86_64|i386|arm|ppc64|ppc64le|sparc64|ia64|alpha|ip|m68k|mips|mipsel|mk68k|mint|ppc|rs6000|s390|s390x|sh|sparc|xtensa|*))?/]
lint:endignore
The %{ARCH}
sub-expression is composed of two sub-expressions
separated by a dot (.
), where the second part is optional. The RPM
specification calls the first field the DistTag
, and the second the
BuildArch
.
DistTag: Any string consiting of only letters, numbers, or an underscore, e.g., el6
, sl7
, or fc24
.
type Yum::PackageDistTag = Regexp[/[0-9a-zZ-Z_*]+/]
lint:ignore:140chars BuildArch: Any string from the list at https://github.com/rpm-software-management/rpm/blob/master/rpmrc.in. Strings are roughly listed from most common to least common to improve performance. type Yum::PackageBuildArch = Regexp[/noarch|x86_64|i386|arm|ppc64|ppc64le|sparc64|ia64|alpha|ip|m68k|mips|mipsel|mk68k|mint|ppc|rs6000|s390|s390x|sh|sparc|xtensa/] lint:endignore
wildcard characters may not span the fields, may not cover the seperators. This is an undocumented but tested limitation of yum-versionlock.
lint:ignore:140chars
- Note Each field may contain wildcard characters (
*
), but the
Examples
A complete, well-formed string: `0:bash-4.1.2-9.el6_2.x86_64'
A well-formed string that has dropped the optional BuildArch sub-field: 0:bash-4.1.2-9.el6_2
A well-formed string using wildcards: *0:bash*-4.*-*.*
An invalid string (wildcard spans the VERSION and RELEASE fields): `0:bash-4.*-el6.x86_64
An invlaid string (wildcard spans the VERSION, RELEASE, and ARCH fields): 0:bash-*
Alias of Pattern[/^([0-9\*]+):([0-9a-zA-Z\._\+%\{\}\*-]+)-([^-]+)-([^-]+)\.(([0-9a-zZ-Z_\*]+)(?:\.(noarch|x86_64|i386|arm|ppc64|ppc64le|sparc64|ia64|alpha|ip|m68k|mips|mipsel|mk68k|mint|ppc|rs6000|s390|s390x|sh|sparc|xtensa|\*))?)$/]
Tasks
init
Allows you to perform yum functions
Supports noop? false
Parameters
action
Data type: Enum[update, upgrade, 'list updates']
Action to perform
quiet
Data type: Optional[Boolean]
Run without output
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
Changelog
All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v7.2.0 (2024-12-12)
Implemented enhancements:
- Add Fedora 40, OracleLinux 9, Rocky 9 #342 (jay7x)
- allow RpmNameGlob for versionlock entries #335 (kBite)
- Support dnf module management - Fix #310 #320 (EmersonPrado)
Fixed bugs:
- yum::copr is not always idempotent #340
- Replace legacy facts #344 (bastelfreak)
- Improve yum::copr idempotency #341 (jay7x)
Merged pull requests:
- Drop support for Oracle 7 #325 (traylenator)
v7.1.0 (2023-06-26)
Implemented enhancements:
v7.0.0 (2023-06-16)
Breaking changes:
- puppetlabs/stdlib: Require 9.x #315 (bastelfreak)
- Drop Puppet 6 support #304 (bastelfreak)
- add Fedora 38, drop Fedora 35 #303 (vchepkov)
Implemented enhancements:
- Add Puppet 8 support #314 (bastelfreak)
- New yum::groups parameter to manage groups #311 (traylenator)
- allow puppetlabs/concat 8.x #302 (vchepkov)
- Add RHEL 9 to supported OS #300 (tuxmea)
Fixed bugs:
- Almalinux 9.2 shows these repos as
-debuginfo
#312 (jcpunk) - Fix purge of unwanted kernels on DNF based machines #309 (traylenator)
- Use dnf or yum augeas path for main configuration #307 (traylenator)
- add missing RPM-GPG-KEY-EPEL-9 #299 (vchepkov)
Merged pull requests:
- Fix acceptance tests for Fedora 36 #308 (traylenator)
v6.2.0 (2023-02-08)
Implemented enhancements:
- add Fedora 37 support #284 (vchepkov)
- Deploying multiple gpgkey in one repo #278 (teluq-pbrideau)
Fixed bugs:
- Revert #258 that added purge_unmanaged_repos #285
- Revert #258, which added purge_unmanaged_repos #287 (kenyon)
Merged pull requests:
v6.1.0 (2022-11-08)
Implemented enhancements:
- add AlmaLinux 9 support #281 (jhoblitt)
- Add sensitive support for configs #275 (teluq-pbrideau)
Fixed bugs:
v6.0.0 (2022-08-04)
Breaking changes:
Implemented enhancements:
v5.6.1 (2022-07-06)
Fixed bugs:
v5.6.0 (2022-07-04)
Implemented enhancements:
- Add RPMFusion repos #261 (jcpunk)
- Add CentOS Stream9 repos #259 (jcpunk)
- Permit easily purging unmanaged repos #258 (jcpunk)
Fixed bugs:
Merged pull requests:
v5.5.0 (2022-06-20)
Implemented enhancements:
Fixed bugs:
- Avoid assumption that package_provider is set #255 (traylenator)
Merged pull requests:
v5.4.0 (2022-04-25)
Implemented enhancements:
- sync with upstream AlmaLinux repository set #249 (vchepkov)
- Allow arch aarch64 in yum::versionlock #239 (traylenator)
Fixed bugs:
- failovermethod parameter doesn't exist in dnf #250 (vchepkov)
- RHEL8: Fix epel-modular repo names #247 (ccolic)
- fix centos8 HA yumrepo target #241 (vchepkov)
Closed issues:
Merged pull requests:
- rubocop: autofix #251 (bastelfreak)
v5.3.1 (2022-02-15)
Fixed bugs:
- yamllint failure on VirtuozzoLinux/7.yaml - duplication of key gpgkey #236 (bastelfreak)
- CentOS 8 has been archived #234 (vchepkov)
Merged pull requests:
- Fix examples in manifests/versionlock.pp #233 (yakatz)
- cleanup .fixtures.yml #230 (bastelfreak)
v5.3.0 (2021-10-26)
Implemented enhancements:
v5.2.0 (2021-09-29)
Implemented enhancements:
- synchronize Rocky repositories with upstream definitions #217 (vchepkov)
- New type yum::post_transaction_action #216 (traylenator)
Closed issues:
- Centos 6 support broken #198
Merged pull requests:
- Allow stdlib 8.0.0 #221 (smortex)
- Render post_transaction_action examples correctly #218 (traylenator)
v5.1.0 (2021-06-10)
Implemented enhancements:
- Add support for AlmaLinux 8 #203 (tparkercbn)
v5.0.0 (2021-06-09)
Breaking changes:
- Drop EoL Fedora support #211 (bastelfreak)
- Drop EoL Puppet 5; Add Puppet 7 support #208 (bastelfreak)
- Drop EoL CentOS 6 support #207 (bastelfreak)
Implemented enhancements:
Fixed bugs:
Closed issues:
- gpgkey cannot specify more than one of content, source #204
- yum::plugin::versionlock fails on CentOS/RHEL 8 #197
- No Repos getting added #168
- module doesn't manage proxy setting #157
Merged pull requests:
- puppetlabs/concat: allow 7.x #210 (bastelfreak)
- puppetlabs/stdlib: allow 7.x #209 (bastelfreak)
- Resolve puppet-lint #192 (jcpunk)
- modulesync 3.0.0 & puppet-lint updates #188 (bastelfreak)
v4.3.0 (2020-07-20)
Implemented enhancements:
- Improve extraction of available updates #181 (smortex)
- Use simpler code for tests for expected failures #173 (traylenator)
Fixed bugs:
- De-duplicate start of string match character #179 (traylenator)
- versionlock must specify at least .* for arch. #177 (traylenator)
Closed issues:
- yum_package_updates fact misinterprets output #180
Merged pull requests:
- prepare release 4.3.0 #186 (vchepkov)
- Add dnf tag to metadata #175 (traylenator)
v4.2.0 (2020-05-22)
Implemented enhancements:
- Enable and add CentOS 8 accept tests #172 (traylenator)
- Support paramatized yum::versionlock #169 (traylenator)
- Add gpg key for EPEL8 #166 (thomasmeeus)
- Add support for yum facts (similar to the apt ones) #141 (smortex)
Closed issues:
- Rhel/Centos 8 versionlock doesn't work #150
Merged pull requests:
- Remove nested code blocks from string docs #171 (traylenator)
- Correct bolt URL #170 (traylenator)
- Fix several markdown lint issues #167 (dhoppe)
- Use voxpupuli-acceptance #163 (ekohl)
- Fix yaml indentation inconsistency #161 (b3n4kh)
v4.1.1 (2020-03-09)
Fixed bugs:
Closed issues:
- CentOS/RHEL 8 Uses DNF but utils package is provided by yum-utils. #158
Merged pull requests:
v4.1.0 (2020-01-20)
Implemented enhancements:
- add 'VirtuozzoLinux' support #147 (kBite)
- Support for DNF-based distros, and Fedora defaults #143 (optiz0r)
- Updated utils package for RHEL 8 #137 (rcalixte)
Fixed bugs:
require
(notcontain
) yum::plugin::versionlock #154 (alexjfisher)
Merged pull requests:
- instantiate yumrepo & yum::config directly #148 (igalic)
- Clean up acceptance spec helper #146 (ekohl)
- use $facts when accessing os fact #144 (igalic)
- add requirement expression in metadata of task #138 (Dan33l)
- Update concat dependency to allow puppetlabs/concat 6.x #136 (treydock)
- Allow
puppetlabs/stdlib
6.x #135 (alexjfisher)
v4.0.0 (2019-05-07)
Breaking changes:
- modulesync 2.7.0 and drop puppet 4 #133 (bastelfreak)
Implemented enhancements:
Fixed bugs:
- Correctly calculate rpmname for all gpg versions #126 (towo)
- Puppet 6 issue and knockout_prefix problem #121 (avidspartan1)
Closed issues:
- gpgkey applied on every run due to output change #125
- In Puppet 6, remove_undef_values doesn't work as expected #120
- --knock-out-prefix "--" knocks out valid content of yum::gpgkeys #111
- removal of mirrorlist is set by 'absent' not by using a knockout. #63
Merged pull requests:
- replace deprecated has_key() with
in
#129 (bastelfreak)
v3.1.1 (2018-10-14)
Closed issues:
- Import GPG keys of unmanaged repos #114
Merged pull requests:
- modulesync 2.2.0 and allow puppet 6.x #124 (bastelfreak)
- Allow puppetlabs/stdlib 5.x and puppetlabs/concat 5.x #113 (bastelfreak)
v3.1.0 (2018-07-24)
Implemented enhancements:
Closed issues:
- feature yum update puppet task support #107
v3.0.0 (2018-07-09)
Breaking changes:
Implemented enhancements:
- EPEL GPG Key #95
- Clean yum metadata after versionlock file update #102 (traylenator)
- Fixes #95 Add EPEL GPG Key and logic to handle yum::gpgkeys #96 (TJM)
Fixed bugs:
Closed issues:
- Amazon Linux manage_os_default_repos does not compile due to unsupported parameters #100
- how does the module get the name of the package? #50
Merged pull requests:
- drop EOL OSs; fix puppet version range #101 (bastelfreak)
- Rely on beaker-hostgenerator for docker nodesets #98 (ekohl)
v2.2.1 (2018-03-28)
Fixed bugs:
- Hiera 5 warning on puppet 5.3.2 #77
Closed issues:
- Unable to exclude multiple packages in yum.conf #80
Merged pull requests:
- update required Puppet version in the documentation #88 (joekohlsdorf)
- migrate Hiera 4 to Hiera 5 #87 (joekohlsdorf)
v2.2.0 (2018-01-04)
Fixed bugs:
- Fix EPEL repo IDs #81 (lamawithonel)
Closed issues:
Merged pull requests:
- bump lowest puppet version 4.6.1->4.10.9 #85 (bastelfreak)
- Fix documentation instructions for mirrorlist #83 (jorhett)
- Run beaker tests on all supported & available docker sets #79 (ekohl)
- Add RHEL repos and update README. #75 (pillarsdotnet)
v2.1.0 (2017-11-02)
Implemented enhancements:
- Add AmazonLinux 2017 compatibility. #71 (pillarsdotnet)
v2.0.2 (2017-10-10)
Closed issues:
Merged pull requests:
- Release 2.0.2 #70 (bastelfreak)
- Update README.md #69 (arjenz)
- Emtpy hiera files throw puppet 4 warnings #67 (benohara)
v2.0.1 (2017-09-01)
Implemented enhancements:
Fixed bugs:
- Drop empty yaml file #55 (traylenator)
Closed issues:
- Update to puppetlabs/concat 3 or 4 #66
- yum::versionlock with ensure => absent doesn't purge entries #61
- versionlock.list updated after package {} install #43
Merged pull requests:
- Contain the versionlock subclass to help with ordering around package resources #65 (bovy89)
- Support
ensure => absent
with yum::versionlock #62 (bovy89)
v2.0.0 (2017-06-14)
Breaking changes:
- BREAKING: Config create resources pattern #37 (lamawithonel)
Implemented enhancements:
- Add module data for EPEL #44 (lamawithonel)
- Manage yumrepos via data #40 (lamawithonel)
- Update README.md #39 (jskarpe)
- Be more strict about versionlock strings #38 (lamawithonel)
Fixed bugs:
- Versionlock release string may contain dots #49 (traylenator)
- Fix typo. #45 (johntconklin)
- Remove
section
parameter fromyum::config
#33 (lamawithonel)
Closed issues:
- Class[Yum]: has no parameter named 'config_options' #48
- Augeas errors arise when applying yum settings on Cent OS 6 clients #47
- Remove individual configs from init.pp, use create_resources pattern instead #36
- Fix versionlock regex #35
- yum::config fails with comma separated values #21
v1.0.0 (2017-01-14)
Implemented enhancements:
- Update for Puppet 4, remove support for Puppet 3 #25 (lamawithonel)
Merged pull requests:
v0.10.0 (2017-01-11)
Implemented enhancements:
- Bump min version_requirement for Puppet + deps #22 (juniorsysadmin)
- Add parameter clean_old_kernels #20 (treydock)
- Correct format of fixtures file. #14 (traylenator)
v0.9.15 (2016-09-26)
Merged pull requests:
- Update changelog and version #12 (jskarpe)
- Added basic spec tests #11 (jskarpe)
- Bug: Puppet creates empty key files when using Hiera and create_resources() #7 (lklimek)
- Manage yum::versionlock with concat #6 (jpoittevin)
v0.9.14 (2016-08-15)
Merged pull requests:
v0.9.13 (2016-08-15)
Merged pull requests:
v0.9.12 (2016-08-12)
v0.9.11 (2016-08-12)
v0.9.10 (2016-08-12)
v0.9.9 (2016-08-12)
v0.9.8 (2016-08-04)
0.9.8 (2016-05-30)
0.9.7 (2016-05-30)
0.9.6 (2015-04-29)
0.9.5 (2015-04-07)
0.9.4 (2014-12-08)
0.9.3 (2014-11-06)
0.9.2 (2014-09-02)
0.9.1 (2014-08-20)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 9.0.0 < 10.0.0)
- puppetlabs/concat (>= 1.2.5 < 10.0.0)
The MIT License (MIT) Copyright (c) 2014-16 Institute of Computer Science, Masaryk University Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.