package: version => "latest", looks not work after package new version released.

[shenzhen ems]

Hello.

I use below script to install some packages, with the words "version => "latest"", the packages were installed the latest version in the first time, but after some packages new version was released, the packages is not updated.

#install_packages.cf

bundle agent install_packages
{
classes:
"packages" or => { $(packages) };
vars:
"packages" slist => { readstringlist("$(sys.workdir)/inputs/packages/packages.txt","#[^\n]*","\n",800,9000 ) };

packages:
linux.packages::
"shellinabox"; "libmodule-install-perl"; "make"; "net-tools"; "google-chrome-stable"
    policy => "present",
    version => "latest",
    package_module => apt_get;
}

bundle agent __main__
{
  methods:
    "szx2_packages";
}

e.g, package: google-chrome-stable:

Current version is 105.xx

root@name:/var/cfengine/modules/packages# ./apt_get list-installed < /dev/null | grep -A2 chrome
Name=google-chrome-stable
Version=105.0.5195.125-1
Architecture=amd64

The cache of local version is 107.xx
root@name:/var/cfengine/modules/packages# ./apt_get list-updates-local < /dev/null | grep -A2 chrome
Name=google-chrome-stable
Version=107.0.5304.110-1
Architecture=amd64

After running "cf-agent -K" times and waiting for 1-2 weeks, the Chrome version is still 105.xx.

Policy server OS:  CentOS 7.9.2009(core)

CFEngine version: cfengine-community-3.18.1

Client OS: Ubuntu 20.04

Could you help advise?

Thanks

[craig.c...@northern.tech]

Certainly you have the right idea. The documentation mentions using "latest" for the version attribute when policy is "present".

https://docs.cfengine.com/docs/3.18/reference-promise-types-packages.html#version

I tried a package which needed upgrading for me an an ubuntu 20 box, unzip, and it worked fine with a similar policy.

I added the ppa for google chrome: 

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -                                                                                                                                                    
sudo sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/goog
le.list'  

I installed your 105 version of chrome from https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_VERSION}_amd64.deb and then ran policy with "google-chrome-stable" specified with version latest.

The google-chrome-stable package was updated to 107.

I used default masterfiles from an enterprise 3.18.1 hub install (should be identical masterfiles as community) and changed services/main.cf to this:

bundle agent main
{
  packages:

    "google-chrome-stable"
      policy => "present",
      version => "latest",
      package_module => apt_get;
}

Can you make an agent run with more logging such as "cf-agent -Kv > /tmp/cfagent-verbose.log" and search for "BEGIN bundle install_packages" as well as a line like "BEGIN parsing file: /var/cfengine/.../install_packages.cf"?

I am wondering if somehow that file and/or bundle is not included in the default policy set run by "cf-agent -K" and that somehow google-chrome-stable was installed in another way or before some other changes happened to your policy.

-Craig

[shenzhen ems]

Hi Craig,

Thanks for your reply! Pgp key and google ppa had been added to system, but I didn't change services/main.cf like yours.

I have use version => "107.0.5304.121-1" to upgrade all clients Chrome to latest version. I will change main.cf in another test environment and check the result.

- BR

[shenzhen ems]

Hello Craig, 

In my test environment, Chrome is upgraded from 107.0.5304.110-1 to 107.0.5304.121-1, but I didn't change service/main.cf. Let's waiting for next time new Chrome release and see if it works.

Thank you!

On Tuesday, November 29, 2022 at 1:52:16 AM UTC+8 craig.c...@northern.tech wrote: