Downgrade package via yum
Tony G.
On our organization we have custom npre packages distributed via yum, few days ago a new test package was updated in the repository and new nodes installed this version, the code looked like this:
class common::nagios {
package { "nrpe_custom": ensure => "installed" }
}
To attempt to fix it I wanted to take control of which version we are deploying by doing:
class common::nagios {
$nrpe_version = "01.1-10"
package { "nrpe_custom": ensure => $nrpe_version }
}
The logs show that there was a problem updating(actually downgrading) but does not give me a clue of what might be going wrong:
Dec 19 00:38:25 puppetclient puppetd[3759]: (//Node[puppetclient.example.com]/common/common::nagios/Package[nrpe_custom]/ensure) change from 01.2-20 to 01.1-10 failed: Could not update: Failed to update to version 01.1-10, got version 01.2-20 instead at /opt/puppet/test/classes/common.pp:61
If on the client machine I attempt to downgrade via yum downgrade nrpe_custom-01.1, the package get's downgraded correctly. I had the understanding that package yum is versionable and I should be able to do this kind of changes.
Any suggestion that could help to solve this.
Thanks
--
Tony
Silviu Paragina
http://groups.google.com/group/puppet-users/browse_thread/thread/40a0cbdc8ade0d71/099af2828b89871e?lnk=gst&q=yum#099af2828b89871e
Silviu
Tony G. wrote:
> Hi,
>
> On our organization we have custom npre packages distributed via yum,
> few days ago a new test package was updated in the repository and new
> nodes installed this version, the code looked like this:
>
> class common::nagios {
> package { "nrpe_custom": ensure => "installed" }
> }
>
> To attempt to fix it I wanted to take control of which version we are
> deploying by doing:
> class common::nagios {
> $nrpe_version = "01.1-10"
> package { "nrpe_custom": ensure => $nrpe_version }
> }
>
> The logs show that there was a problem updating(actually downgrading)
> but does not give me a clue of what might be going wrong:
> Dec 19 00:38:25 puppetclient puppetd[3759]:
> (//Node[puppetclient.example.com
> <http://puppetclient.example.com>]/common/common::nagios/Package[nrpe_custom]/ensure)
> change from 01.2-20 to 01.1-10 failed: Could not update: Failed to
> update to version 01.1-10, got version 01.2-20 instead at
> /opt/puppet/test/classes/common.pp:61
>
> If on the client machine I attempt to downgrade via yum downgrade
> nrpe_custom-01.1, the package get's downgraded correctly. I had the
> understanding that package yum is versionable and I should be able to
> do this kind of changes.
>
> Any suggestion that could help to solve this.
>
> Thanks
> --
> Tony
>
> --
>
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
Tony G.
I ran:
/usr/sbin/puppetd -vdt --fqdn `hostname` --environment=development --test
This is the excerpt of the output:
debug: //Node[puppetclient.example.com]/common/common::nagios/Package[nrpe_custom]: 1 change(s)
debug: Package[nrpe_custom](provider=yum): Ensuring => 01.1-10
debug: Puppet::Type::Package::ProviderYum: Executing '/usr/bin/yum -d 0 -e 0 -y install nrpe_custom-01.1-10'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -q nrpe_custom --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}'
err: //Node[puppetclient.example.com]/common/common::nagios/Package[nrpe_custom]/ensure: change from 01.2-20 to 01.1-10 failed: Could not update: Failed to update to version 01.1-10, got version 01.2-20 instead at /opt/puppet/development/classes/common.pp:61
Running it manually I got:
1. /usr/bin/yum -d 0 -e 0 -y install nrpe_custom-01.1-10
Package matching nrpe_custom-01.1-10.x86_64 already installed. Checking for update.
Which is not true, but for some reason yum "believes" it is already installed
2. /bin/rpm -q nrpe_custom --nosignature --nodigest --qf "%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}"
nrpe_custom 0 01.2 20 x86_64
Then Puppet after matching the versions complains with the Error saying the update didn't happen.
From my point of view this is an issue with yum that is not installing the version defined in puppet.
As I previously said, if I do a /usr/bin/yum -d 0 -e 0 -y downgrade nrpe_custom-01.1-10 it successfully installs the defined version.
My concern is that Puppet states that the handling of packages via yum is versionable(The provider is capable of interrogating the package database for installed version(s), and can select which out of a set of available versions of a package to install if asked), which I assumed puppet will find the way to exec yum to update *or downgrade* as in this case, but I guess I took that too literal, and perhaps that is the definition of what a versionable package handler as YUM does, but not exactly with Puppet.
Wish I'll be wrong, but seems like I won't be able to downgrade packages via yum.
Comments?
Thanks!
Tony
Matthew Hyclak
Downgrade via yum is done by a plugin that comes with some caveats
(like how do you "downgrade" a post script that creates a user in
version 2, but not in version 1). This plugin is also not supported on
some earlier versions of yum.
It might be possible to modify the yum provider in puppet to check for
the existence of the plugin, and if the requested version is less than
the installed version, call yum with the downgrade option. My
recommendation would be to open a feature request in the bug tracker
and let someone more versed in ruby and the provider than I am
comment.
Matt
R.I.Pienaar
----- "Matthew Hyclak" <hyc...@gmail.com> wrote:
> > Wish I'll be wrong, but seems like I won't be able to downgrade
> packages via yum.
>
> Downgrade via yum is done by a plugin that comes with some caveats
> (like how do you "downgrade" a post script that creates a user in
> version 2, but not in version 1). This plugin is also not supported
> on some earlier versions of yum.
>
> It might be possible to modify the yum provider in puppet to check
> for the existence of the plugin, and if the requested version is less
> than the installed version, call yum with the downgrade option. My
> recommendation would be to open a feature request in the bug tracker
> and let someone more versed in ruby and the provider than I am
> comment.
automated, unattended and untested downgrading of packages is a recipe for disaster, I think puppet is right in by default not doing downgrades since while it might work for your package in this case, it certainly wont work for many, I've seen downgrades leaving machines very broken indeed due to post scripts not being written to support it as Matthew correctly points out.
If we are to add support for downgrades I'd say it should come with an additional force => true style property on the package resource as it really is very dangerous.
Matthew Hyclak
+1
Matt
jcbollinger
On Dec 22, 12:36 am, "Tony G." <tony...@gmail.com> wrote:
> Running it manually I got:
>
> 1. /usr/bin/yum -d 0 -e 0 -y install nrpe_custom-01.1-10
> Package matching nrpe_custom-01.1-10.x86_64 already installed. Checking for
> update.
>
> Which is not true, but for some reason yum "believes" it is already
> installed
Do you have both i386 and x86_64 versions of the package installed?
Perhaps different versions of the two? Puppet does not account very
well for packages that differ only in architecture.
In any case, if yum's response there is indeed erroneous then you
should work out your yum problems before continuing to wrangle Puppet.
> Then Puppet after matching the versions complains with the Error saying the
> update didn't happen.
>
> From my point of view this is an issue with yum that is not installing the
> version defined in puppet.
And if it is indeed a yum failure, then we can't be much help here.
Indeed, having followed the thread up to now, I don't think I need to
qualify that: there's not much we can do for you. These are some of
the factors in play:
1) By default, yum does not support package downgrading. You need to
install a plugin AND provide appropriate command line options to
persuade it to downgrade packages.
2) Regardless of your yum plugins, Puppet is not issuing the options
that would be needed to enable downgrading.
3) Downgrading isn't especially safe in general.
> My concern is that Puppet states that the handling of packages via yum is
> versionable <http://reductivelabs.com/trac/puppet/wiki/TypeReference#id70>(*The
> provider is capable of interrogating the package database for installed
> version(s), and can select which out of a set of available versions of a
> package to install if asked*), which I assumed puppet will find the way to
> exec yum to update *or downgrade* as in this case, but I guess I took that
> too literal, and perhaps that is the definition of what a versionable
> package handler as YUM does, but not exactly with Puppet.
Yes, I think you read too much into that. I also think that Puppet
could provide better support than it currently does. For instance, it
could perhaps add an "allow_downgrade" parameter to the package type
that, for the yum provider, would cause "--allow-downgrade" to be
added to the yum command line. I'm not sure what that would have to
do for other versionable package providers, though.
>
> Wish I'll be wrong, but seems like I won't be able to downgrade packages via
> yum.
Supposing that you mean "via Puppet", I suspect you're right for now.
Perhaps you would consider filing a feature request ticket?
Best,
John
Tony G.
@John: both rpms are x86_64
Thanks
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
--
Tony
Silviu Paragina
> Yes, I think you read too much into that. I also think that Puppet
> could provide better support than it currently does. For instance, it
> could perhaps add an "allow_downgrade" parameter to the package type
> that, for the yum provider, would cause "--allow-downgrade" to be
> added to the yum command line. I'm not sure what that would have to
> do for other versionable package providers, though.
>
wouldn't be the first time my mind plays tricks on me. :-)
Haven't used other package providers :">
Silviu
R.I.Pienaar
----- "Silviu Paragina" <sil...@paragina.ro> wrote:
> AFAIK for apt/dpkg everything is fine as it is. But I might be wrong,
> it wouldn't be the first time my mind plays tricks on me. :-)
> Haven't used other package providers :">
downgrades fail on debian too.
Silviu Paragina
ups
Silviu
Tony G.
Dec 23 10:28:00 puppetclient puppetd[17147]: (//Node[puppetclient.example.com]/common/common::nagios/Package[nrpe_custom]/ensure) ensure changed '01.2-20' to '01.1-10'
Thanks
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
--
Tony
Tony G.
I tried as much as possible to avoid installing this patch in prod but unfortunately is necessary on my situation.
The problem now is that I'm not able to see the yum.rb change in the clients, while in the Test environment works without issues.
My Test environment uses the same Repo as my other environments(Dev, Prod), so I could see the client pick up the new changes and downgraded to what I require.
--snipet--
0a1,2
> require 'puppet/util/package'
>
56a59
> operation = :install
65a69,74
>
> is = self.query
> if is && Puppet::Util::Package.versioncmp(should, is[:ensure]) < 0
> self.debug "Downgrading package #{@resource[:name]} from version #{is[:ensure]} to #{should}"
> operation = :downgrade
> end
68c77
< output = yum "-d", "0", "-e", "0", "-y", :install, wanted
---
> output = yum "-d", "0", "-e", "0", "-y", operation, wanted
notice: /File[/var/lib/puppet/lib/puppet/provider/package/yum.rb]/checksum: checksum changed '{md5}177e93a8fb936921a582ac9ddae93159' to '{md5}14a80f5ee6a033ec568c617b08fd71db'
notice: /File[/var/lib/puppet/lib/puppet/provider/package/yum.rb]/source: replacing from source puppet://puppetclient.example.com/plugins/puppet/provider/package/yum.rb with contents {md5}177e93a8fb936921a582ac9ddae93159
Then it downgrades the package:
--snipet--
notice: //Node[puppetclient.example.com]/common/common::nagios/Package[nrpe_custom]/ensure: ensure changed '01.2-20' to '01.2-10'
My Test Env is using:
puppet-0.24.8-4.el5
puppet-server-0.24.8-4.el5
While Dev/Prod uses:
puppet-server-0.24.8-1.el5.1
puppet-0.24.8-4.el5
The yum.rb remains the same on the clients when getting in contact with the puppetmaster.
On the Dev Env I've deleted the $vardir to pull the full content, but still gets the old yum.rb
Any ideas of what might be going wrong?
Thanks!
Tony