karnauskas / chef-yum-plugin-versionlock Goto Github PK
View Code? Open in Web Editor NEWManages Yum plugin to lock specified packages from being updated
License: Other
Manages Yum plugin to lock specified packages from being updated
License: Other
Existing:
listfile: node['yum-plugin-versionlock']['listfile'],
Correct:
locklist: node['yum-plugin-versionlock']['locklist'],
Without this if you add the lock and then install the package without version specified and there is newer version of the package available it fails because it is not aware of the lock.
In our code we ran into this issue...This is our solution.. might not be the best and might be overly convoluted but it works
execute 'yum-cache-clean' do
command 'yum -q makecache'
action :nothing
end
Chef.event_handler do
on :resource_update_applied do |resource, _, update|
begin
if resource.class == Chef::Resource::Template && resource.name == resource.run_context.node["yum-plugin-versionlock"]["locklist"] && update.first.start_with?("update content in file")
resource = resource.run_context.resource_collection.lookup('execute[yum-cache-clean]')
resource.run_action(:run)
Chef::Provider::Package::Yum::YumCache.instance.reload
end
rescue
# Ignored
end
end
end
In practice only the Chef::Provider::Package::Yum::YumCache.instance.reload
is needed, we did have the makecache in our old implementation of the lock.. In that case it would be possible to just call this on add
and remove
actions to avoid this convolution.
Could you please roll a release for 0.2.0? Would be nice to have the Chef 12.5+ custom resource stuff released.
Thanks!
TLDR: If a package has dashes in its name, the current regex used by :update
can match multiple package names and delete unintended locks on Centos 7 and below.
We are using this cookbook to lock some Docker packages on Centos 7, namely docker-ce
and docker-ce-cli
. We have two versionlock resources :update
ing the lock for each of those packages.
The update regex is /^[0-9]+:$PKGNAME-.+-.+\./
, which when filled in for docker-ce
becomes ^[0-9]+:docker-ce-.+-.+\.
The -.+
directly following the package name matches the -cli
of the docker-ce-cli
lockfile line instead of the version. This would cause all matching lines--both docker-ce
and docker-ce-cli
--to be replaced with the docker-ce
version string, and as of #25 any duplicate lines are removed. The line for docker-ce-cli
is then re-added by its lock resource.
The end result is valid, but as the -cli
line is removed and readded each converge, this breaks idempotency.
On Centos 8, the epoch and :
following the package name prevents this from happening.
We are in the process of updating our internal cookbooks to be idempotent and as such are just noticing this now. I believe this may have also been present with the old Chef::FileEdit
-based resource as well, since that used the same regex.
Updating the regex to look for a number at the start of the version string may fix this, but I am not sure if that would hold for all packages. Some might still have a number after a dash in their name and still trigger this issue, but this would solve this issue for most packages.
Proposed C6/7 regex:
/^\d+:$PKGNAME-\d.*-.+\./
I can make a pull request to make this change, but I wanted to see if there is a better way of handling this first.
If it's ready (it's in the CHANGELOG), could we get 0.2.2 pushed to Supermarket please? We're trying to migrate to Chef Infra Client 16.x now that it's been out for a long time. 0.2.1 does not work with 16.x.
Hi,
I'm using Chef Server 12.7.2-1 in Ubuntu and I found that a change broke the cookbook for me.
I'm seeing this error when trying to upload the cookbook v0.1.2:
Uploading yum-plugin-versionlock [0.2.0]
ERROR: The data in your request was invalid
Response: Invalid value '>= 6' for metadata.platforms
It looks like the issue is being caused by the lines:
supports 'redhat', '>= 6'
supports 'centos', '>= 6'
Please let me know if I can help with something else.
Regards
Thank you for this valuable cookbook! I find that on chef 16.2 I need to add provides :yum_version_lock
in addition to resource_name in order for the resource to be recognized.
According to https://docs.chef.io/release_notes/#breaking-change-in-resources having both should be backwards-compatible with previous chef versions.
centos 6:
[root@localhost /]# cat /etc/yum/pluginconf.d/versionlock.list
0:rpm-4.11.3-21.x86_64
0:sed-4.2.2-5.x86_64
0:grep-2.20-3.x86_64
0:grep-2.20-3.x86_64
0:grep-2.20-3.x86_64
0:grep-2.20-3.x86_64
centos 8:
[root@dokken /]# cat /etc/dnf/plugins/versionlock.list
rpm-0:4.11.3-21.x86_64
sed-0:4.2.2-5.x86_64
grep-0:2.20-3.x86_64
grep-0:2.20-3.x86_64
grep-0:2.20-3.x86_64
The currently-released version of this cookbook on the supermarket (v0.4.0
) is currently causing some deprecation warnings for unified_mode
. These were fixed in f882e3c but there has not been a release since then.
Could you please cut a release including the unified_mode
fix?
Thanks!
Looks like cookbook does not install yum version lock plugin. Will submit a PR.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.