TransWikia.com

Set YUM versionlock, but allow updating to specific versions

Server Fault Asked by yakatz on November 4, 2021

I am trying to control the version of puppet agent installed on our RedHat systems.

Our Puppet manifest has

$puppet_version = hiera('profile::puppet_agent::version', '6.12.0')

class {'::puppet_agent':
  collection            => 'puppet6',
  package_version       => $puppet_version,
  service_names         => [], # Don't start puppet service
  msi_move_locked_files => true,
  manage_pki_dir        => false,
}

# This is required on RedHat 7 only
$puppet_release = $::osreleasemaj ? {
  '7'     => '*.el7.*',
  default => undef,
}

yum::versionlock { 'puppet-agent':
  ensure  => present,
  version => $puppet_version,
  release => $puppet_release,
  before  => Class['Puppet_agent'],
}

This works to configure puppet and it actually changes the contents of the YUM versionlock config file, but it doesn’t seem to work to force puppet-agent to upgrade. I changed the version from 6.12.0 to 6.16.0. Now every puppet run fails with the error message Could not update: Failed to update to version 6.16.0, got version 6.12.0-1.el7 instead.

On RHEL 7, /etc/yum/pluginconf.d/versionlock.list contains:

# File managed by puppet
0:puppet-agent-6.16.0-*.el7.*

On RHEL 8, /etc/yum/pluginconf.d/versionlock.list contains:

# File managed by puppet
0:puppet-agent-0:6.16.0-*

My understanding is the yum versionlock doesn’t care about the version listed in the file – just the package name.

I looked into whether puppet can clear the version lock, run the update, and set the version lock again all in the same agent run, but I can’t find any way to make that work.

Any other way to do this?

We are running RHEL7 and RHEL8, and using the official Puppet YUM repositories.

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP