Using ensure => latest, I have systems which do not need all of the same packages.
Will ensure => latest install the packages or only update if they already are present? If they are not present, I do not want them installed. This is to keep existing packages up to date with latest patches. I haven't tried it for fear of installing a package on a system which doesn't need it.
Best Answer
Yes, it will install the package if not present.
You'll only want those resources declared on systems which have the packages - break them out into classes based on system role for those that have the packages installed.