Forum: Cfengine Help
Subject: Re: Last one, Package management for Solaris 10 (a working example)
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,20818,20832#msg-20832
Hi,
I tried to get "package_method solaris" working but it was to slow doing a
"pkginfo -l"
without arguments and then it started to parse. Maybe I didn't use it correctly.
I create my own Solaris packages and in some I use the manifest class (not
Cfengine
class) which automatically imports xml-manifests during package install. This
means
that I have to stop the service before I can remove the package so I had to
write my
own bundle.
I also have to make sure the global zone don't do package management at same
time as
a local one because then your stuck with:
## Waiting for up to <300> seconds for package administration commands to
become available.....
You can install local zones in parallel. I use packages in data stream format
because
it's faster to download. I specify version (PSTAMP) to be checked against
installed base
to not have to download the package file and then compare. All packages are
removed
before they are installed. I don't want the "find /tmp /zones...." be run three
times, bundle
shall do nothing if the lockfile is found the first time.
###############
# Common.
###############
bundle common g
{
vars:
any::
"phost" string => "XXX.XXX.XXX.XXX";
"dir_repository" string => translatepath("/path/to/rep");
"packages_dir" string =>
translatepath("$(dir_repository)/packages");
"common_files_dir" string =>
translatepath("$(dir_repository)/files");
solaris::
"find" string => "/usr/bin/find";
"pkgadd" string => "/usr/sbin/pkgadd";
"pkginfo" string => "/usr/bin/pkginfo";
"pkgparam" string => "/usr/bin/pkgparam";
"svcadm" string => "/usr/sbin/svcadm";
"svcs" string => "/usr/bin/svcs";
"zonename" string => "/usr/bin/zonename";
"zone_name" string => execresult("$(g.zonename)","noshell");
"pkg_base" string => "$(packages_dir)/solaris";
"admin_file" string => "pkg_noask";
classes:
solaris::
# Is this a global zone.
"isglobalzone" expression => strcmp("$(zone_name)","global");
}
########################
# Common package stuff
########################
bundle common pkgs
{
# Maybe someday this will go into common g.....
vars:
solaris::
#
# Common packages.
#
"common_packages" slist => {
"CORPopenssh",
....
....
};
#
# Packages for global zone only.
#
"gz_packages" slist => {
"CORPopenntpd",
"CTEact",
...
...
};
#
# Define PSTAMP version.
#
"version" string => "20101124:1";
"version" string => "20090120:1";
"version" string => "pod520060822152034";
#
# Define fmri - fault management resource identifier
# (see smf(5))
#
"fmri" string => "svc:/site/opensshd:default";
"fmri" string => "svc:/site/openntpd:default";
#
# Responsfiles.
#
"response" string => "CTEact.resp";
}
###############################################
# Create /var/sadm/install/admin/pkg_noask.
###############################################
bundle agent admin_file
{
vars:
solaris.!pkg_noask_updated::
"pkg_noask_content" string =>
"mail=
instance=overwrite
partial=nocheck
runlevel=nocheck
idepend=nocheck
rdepend=nocheck
space=nocheck
setuid=nocheck
conflict=nocheck
action=nocheck
networktimeout=60
networkretries=3
authentication=quit
keystore=/var/sadm/security
proxy=
basedir=default";
files:
solaris::
"/var/sadm/install/admin/pkg_noask"
create => "true",
perms => mog(0644,root,sys),
edit_defaults => empty,
edit_line => create_file("$(pkg_noask_content)"),
classes => if_repaired("pkg_noask_updated");
}
################################################################################
################################### Library ####################################
################################################################################
#############################################
# Secure copy with no backup.
#############################################
body copy_from scp_no_backup(from,server)
{
source => "$(from)";
servers => { "$(server)" };
compare => "digest";
encrypt => "true";
verify => "true";
copy_backup => "false";
}
#######################################
# Remove file.
#######################################
bundle agent remove_file(file)
{
files:
# Delete file.
"$(file)"
delete => tidy,
file_select => plain;
}
######################
# Install package.
######################
bundle agent install_pkg(name,pkgbundle)
{
#
# Initiate variables.
#
vars:
!zone_lockfile_checked::
"zone_lockfile" string => execresult("$(g.find) /tmp
/zones/*/root/tmp \( -name \".ai.pkg.zone.lock-*\" -a ! -size 0 \)
2>/dev/null","noshell");
"zone_lockfile_is_checked" string => "yes";
"fmri" string => "$($(pkgbundle).fmri[$(name)])";
"response_file" string => "$($(pkgbundle).response[$(name)])";
installed::
"service_status" string => execresult("$(g.svcs) -Ho state $(fmri)
2>/dev/null","useshell");
#
# Verify environment.
#
classes:
"zone_lockfile_checked" expression =>
regcmp("$(lockfile_is_checked)","yes");
"zone_lockfile_exist" not => regcmp("$(lockfile)","");
!zone_lockfile_exist::
"installed" expression => returnszero("$(g.pkginfo) -q
$(name)","noshell");
"fmri_isdefined" not => strcmp("$(fmri)","");
"response_file" not => strcmp("$(response_file)","");
"service_disabled" expression =>
strcmp("$(service_status)","disabled");
#
# Copy package from policy server.
#
files:
!zone_lockfile_exist.!installed::
"/tmp/$(name)"
perms => mo(644,root),
copy_from => scp_no_backup("$(g.pkg_base)/$(name)","$(g.phost)"),
depth_search => recurse("inf"),
classes => if_repaired("ok_to_setup");
!zone_lockfile_exist.!installed.response_file::
"/tmp/$(name).resp"
perms => mo(644,root),
copy_from =>
scp_no_backup("$(g.pkg_base)/$(name).resp","$(g.phost)"),
depth_search => recurse("inf"),
classes => if_repaired("response_file_ok");
#
# Run commands.
#
commands:
!zone_lockfile_exist.ok_to_setup.!response_file::
"$(g.pkgadd)",
args => "-G -n -a $(g.admin_file) -d /tmp/$(name) $(name)",
classes => if_repaired("$(name)_installed_ok");
!zone_lockfile_exist.ok_to_setup.response_file::
"$(g.pkgadd)",
args => "-G -a $(g.admin_file) -r /tmp/$(name).resp -d /tmp/$(name)
$(name)",
classes => if_repaired("$(name)_installed_ok");
"$(g.svcadm)"
args => "enable -s $(fmri)",
ifvarclass =>
"!zone_lockfile_exist.$(name)_installed_ok.fmri_isdefined",
classes => if_repaired("ok_to_remove_$(name)");
!zone_lockfile_exist.installed.fmri_isdefined.service_disabled::
"$(g.svcadm)",
args => "enable -s $(fmri)",
classes => if_repaired("$(fmri)_enabled");
#
# Remove spooled package.
#
methods:
"remove_spooled_package" usebundle => remove_file("/tmp/$(name).*"),
ifvarclass => "$(name)_installed_ok|ok_to_remove_$(name)";
}
######################
# Remove package.
######################
bundle agent remove_pkg(name,pkgbundle)
{
#
# Initiate variables.
#
vars:
!zone_lockfile_checked::
"zone_lockfile" string => execresult("$(g.find) /tmp
/zones/*/root/tmp \( -name \".ai.pkg.zone.lock-*\" -a ! -size 0 \)
2>/dev/null","noshell");
"zone_lockfile_is_checked" string => "yes";
"fmri" string => "$($(pkgbundle).fmri[$(name)])";
"installed_pkg_version" string => execresult("$(g.pkgparam) $(name)
PSTAMP 2>/dev/null","useshell");
#
# Verify environment.
#
classes:
"zone_lockfile_checked" expression =>
regcmp("$(lockfile_is_checked)","yes");
"zone_lockfile_exist" not => regcmp("$(lockfile)","");
!zone_lockfile_exist::
"fmri_isdefined" not => strcmp("$(fmri)","");
"installed" expression => returnszero("$(g.pkginfo) -q
$(name)","noshell");
!zone_lockfile_exist.installed::
"version_mismatch" not =>
strcmp("$(installed_pkg_version)","$($(pkgbundle).version[$(name)])");
#
# Remove installed package.
#
commands:
!zone_lockfile_exist.fmri_isdefined.installed.version_mismatch::
"$(g.svcadm)",
args => "disable -s $(fmri)",
classes => if_repaired("stopped_ok");
!zone_lockfile_exist.(stopped_ok|!fmri_isdefined).installed.version_mismatch::
"$(g.pkgrm)",
args => "-n -a $(g.admin_file) $(name)";
}
#########################
# Keep packages up2date.
#########################
bundle agent upgrade_pkg
{
vars:
solaris::
"common_pkgs" slist => { "@(pkgs.common_packages)" };
solaris.isglobalzone::
"gz_pkgs" slist => { "@(pkgs.gz_packages)" };
"all_pkgs" slist => { "@(common_pkgs)","@(gz_pkgs)" };
solaris.!isglobalzone::
"all_pkgs" slist => { "@(common_pkgs)" };
methods:
solaris::
"remove_pkgs" usebundle => remove_pkg("$(all_pkgs)","pkgs");
"install_pkgs" usebundle => install_pkg("$(all_pkgs)","pkgs");
}
################################################################################
################################### Library ####################################
################################################################################
I run it with:
"Admin file" usebundle => admin_file;
"Keep up2date" usebundle => upgrade_pkg;
I hope I got it all right, it's a little bit of copy/paste.
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
