AIX Agent with NIM

[Ian Stickland]

Hi - 

I have been playing around with the Puppet AIX agent and trying to get my head around the NIM package provider. 

The task I've set myself is to write a basic module that allows me to install the latest OpenSSL/SSH fixes as this has become quite a regular task :) 

I've kind of got there, but it's thrown up some odd behaviour in the  NIM package provider (and probably the AIX through installp one too... )

What it seems the NIM provider does is enumerate each individual package or actually AIX fileset... it then seems to look for each fileset using lslpp and if it doesn't find it, tries to install it immediately, again as a single fileset. 

This kind of works, but does occasionally fall foul of dependencies. 

However, it largely misses some of the main functionality used by installp on AIX systems in my view. 

For example, when you install an AIX service pack, it a a directory of quite literally hundreds of filesets, and the file names are pretty much incomprehensible in relation to what actual fileset is contained within. 

The nimclient command effectively supports two attributes that have default values that make life a lot easier. 

filesets=all

fixes=update_all

So, if you want to install all the filesets in the lpp_source listed you'd use the former, and if you want to apply all fixes to only what is installed then you'd use the latter. So for example, to install an AIX fix pack without adding any new features (filesets) to your AIX install you end with something like

nimclient -o cust -a installp_flags=acgXY -a lpp_source=AIXFIXPACK -a fixes=update_all

If you wanted to install all filesets in an lpp source then you'd need something like...

nimclient -o cust -a installp_flags=acgXY -a lpp_source=PRODUCT -a files=all

The other thing I've noticed in the debug output is the handling of multiple filesets in the package name. As mentioned above the nim.rb provider goes through each provided name in sequence checking it exists with lslpp and then if it doesn't trying to immediate install just that fileset. 

I can see why this behaviour may be wanted if you want to ensure the exact version of exact filesets, but given that puppet seems to not enforce specifying a version, when it isn't specified, it may be better to just pass all the fileset names to installp. 

If you do that, *and* there are any inter-dependencies, installp will figure it out and install all of the filesets, plus any that are required dependents assuming they are in the source directory/resource you are using. 

It would also be nice to be able to add any additional command line flags too.... to force the install of a backlevel fileset for example. Dangerous yes, but sometimes useful. 

[Michael Stahnke]

Hey thanks for that feedback. If we could have that in a Jira ticket, it'd be more likely to get attention, as we could get it to the right folk to look at. I know I am always interested in feedback on our AIX work, because all customers/users do not use it the same way.

File a ticket in the PUP project in jira please. Thanks

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b2027a4b-df21-4f02-95b8-86268da25129%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.