My cf-agent logs are filled with the output from APT, particularly when I have multiple bundles making new-style package promises. I know that I can set quiet “2”; in /etc/apt/conf.d/99shaddup and enforce that file via cfengine, but that sets a the flag globally even for an admin who is manually running apt.
There is virtually no description of the “options” attribute of a package process other than “It is passed to the module”. From looking at masterfiles/modules/packages/apt_get, I cannot find anywhere that passed-in options would be used.
The package module API (https://docs.cfengine.com/lts/reference-standard-library-package_modules.html) refers to options, but none of the examples have options in the dialog. I assume to expect multiple line.startswith(“Options=”) for each entry in the slist, including lines for any default_options that are set. The apt_get module doesn’t handle this case. I think it’s just a matter of adding those lines to the apt_get_options array.
A more concrete and useful (not just cosmetic) example:
packages:
“mypackage”
comment => “Install mypackage from our internal repo. NB: The Internal repo uses myCA-signed certificate, which is right in this case, but should not be used everywhere”,
package_policy => “addupdate”,
package_method => “apt”,
options => { “https::CaPath=/usr/local/etc/myCA/” };
Thoughts?
--Joe
Yes, you are correct, in https://github.com/cfengine/core/blob/master/cf-agent/package_module.c#L227, the cf-agent passes any values in the options => { } slist down to the underlying process call via STDIN as option=listvalue. Multiline options => {} as you’ve shown below would need to be interpreted by the module program. Certainly, you could create a program that interprets the input with a different grammar. (i.e. Consider anything that does not start with one of the other protocol strings as a continuation of the previous line)
Note that it is “option=”, not “Option=”. The other protocol lines are capitalized (Name, Architecture, Version)
You might find my test setup at https://github.com/jpvlsmv/masterfiles/wiki/Troubleshooting-apt_get-module useful. It’s for the Debian side, but the Vagrantfile can be easily switched to support yum-based installs. You’d just have to find appropriate options and packages to demonstrate.
--Joe
--