Can puppet update package to latest minor release

For example I have php-fpm installed:

Name        : php-fpm
Arch        : x86_64
Version     : 5.4.16
Release     : 23.el7_0.3
Size        : 4.5 M
Repo        : installed
From repo   : updates
Summary     : PHP FastCGI Process Manager
URL         : http://www.php.net/
License     : PHP and Zend and BSD

The goal is to keep PHP on the latest 5.4 release. Currently I have this in the manifest: ensure => '5.4.16-23.el7_0.3',.

That won't update if a new version or release comes out, while I don't want it to update to 5.5 unexpectedly.

I have tried the following:

ensure => '5.4.16',
ensure => '5.4',
ensure => '5.4.16-*',
ensure => '5.4.*',

All of which give me something similar to:

change from 5.4.16-23.el7_0.3 to 5.4 failed: Could not update: Failed to update to version 5.4, got version 5.4.16-23.el7_0.3 instead

This being on RHEL/CentOS it is probably meet the requirement to simply have ensure => latest, for PHP, I am just using PHP as an example. I stil like to know:

The puppet way to manage minor releases. (If there is one, or two… I read that at least you can maintain your own repo, but is there a pure puppet syntax like the one I guessed above?)
There are obviously packages other than PHP, how would you use puppet to manage packages from that are perhaps from different repo, or perhaps for a distro other than RHEL/CentOS, etc.
I read from the puppet reference that the ensure "values can match /./", is that regex or what? http://docs.puppetlabs.com/references/3.7.5/type.html#package-attribute-ensure

I am running open source Puppet 3.7.5 on RHEL/CentOS 7.

Best Answer

No, puppet can't update to latest minor, but can only ensure specific version, or can ensure package is present, or latest.

What you should do is create your own custom repositories, which will have only packages of your relevance (for example 5.4 series of PHP) and then in puppet just set:

package { 'php-fpm': ensure => latest }

This will check every puppet run if there is an update.

Also, if you don't use additional repositories which offer newer PHP packages to your system, ensure => latest will behave exactly as you want it - because of the way CentOS updates its packages. There will never be php-5.5 in CentOS 7, but php will stay at 5.4 series. 5.5 and any newer updates will be provided through php55, php56, etc. - which means you will have to change the package name in puppet manifest to reflect the version you want, for example:

package { 'php56-fpm': ensure => latest }

So, answer is NO, you have to ensure your repositories only offer the major version you want and then you can use ensure => latest within puppet.

To set that up in repositories, you can use things like:

include
exclude
priority

Best Answer

Related Solutions

Is Capistrano or Puppet capable of this

Centos – Puppet error on already installed package on centos

Related Topic