# coding: utf-8 # Define the different packaging systems. Each package system is implemented # in a module, which then gets used to individually extend each package object. # This allows packages to exist on the same machine using different packaging # systems. require 'puppet/parameter/package_options' require 'puppet/parameter/boolean' module Puppet Type.newtype(:package) do @doc = "Manage packages. There is a basic dichotomy in package support right now: Some package types (such as yum and apt) can retrieve their own package files, while others (such as rpm and sun) cannot. For those package formats that cannot retrieve their own files, you can use the `source` parameter to point to the correct file. Puppet will automatically guess the packaging format that you are using based on the platform you are on, but you can override it using the `provider` parameter; each provider defines what it requires in order to function, and you must meet those requirements to use a given provider. You can declare multiple package resources with the same `name` as long as they have unique titles, and specify different providers and commands. Note that you must use the _title_ to make a reference to a package resource; `Package[]` is not a synonym for `Package[]` like it is for many other resource types. **Autorequires:** If Puppet is managing the files specified as a package's `adminfile`, `responsefile`, or `source`, the package resource will autorequire those files." feature :reinstallable, "The provider can reinstall packages.", :methods => [:reinstall] feature :installable, "The provider can install packages.", :methods => [:install] feature :uninstallable, "The provider can uninstall packages.", :methods => [:uninstall] feature :upgradeable, "The provider can upgrade to the latest version of a package. This feature is used by specifying `latest` as the desired value for the package.", :methods => [:update, :latest] feature :purgeable, "The provider can purge packages. This generally means that all traces of the package are removed, including existing configuration files. This feature is thus destructive and should be used with the utmost care.", :methods => [:purge] feature :versionable, "The provider is capable of interrogating the package database for installed version(s), and can select which out of a set of available versions of a package to install if asked." feature :version_ranges, "The provider can ensure version ranges." feature :holdable, "The provider is capable of placing packages on hold such that they are not automatically upgraded as a result of other package dependencies unless explicit action is taken by a user or another package.", :methods => [:hold, :unhold] feature :install_only, "The provider accepts options to only install packages never update (kernels, etc.)" feature :install_options, "The provider accepts options to be passed to the installer command." feature :uninstall_options, "The provider accepts options to be passed to the uninstaller command." feature :disableable, "The provider can disable packages. This feature is used by specifying `disabled` as the desired value for the package.", :methods => [:disable] feature :supports_flavors, "The provider accepts flavors, which are specific variants of packages." feature :package_settings, "The provider accepts package_settings to be ensured for the given package. The meaning and format of these settings is provider-specific.", :methods => [:package_settings_insync?, :package_settings, :package_settings=] feature :virtual_packages, "The provider accepts virtual package names for install and uninstall." feature :targetable, "The provider accepts a targeted package management command." ensurable do desc <<-EOT What state the package should be in. On packaging systems that can retrieve new packages on their own, you can choose which package to retrieve by specifying a version number or `latest` as the ensure value. On packaging systems that manage configuration files separately from "normal" system files, you can uninstall config files by specifying `purged` as the ensure value. This defaults to `installed`. Version numbers must match the full version to install, including release if the provider uses a release moniker. For example, to install the bash package from the rpm `bash-4.1.2-29.el6.x86_64.rpm`, use the string `'4.1.2-29.el6'`. On supported providers, version ranges can also be ensured. For example, inequalities: `<2.0.0`, or intersections: `>1.0.0 <2.0.0`. EOT attr_accessor :latest newvalue(:present, :event => :package_installed) do provider.install end newvalue(:absent, :event => :package_removed) do provider.uninstall end newvalue(:purged, :event => :package_purged, :required_features => :purgeable) do provider.purge end newvalue(:disabled, :required_features => :disableable) do provider.disable end # Alias the 'present' value. aliasvalue(:installed, :present) newvalue(:latest, :required_features => :upgradeable) do # Because yum always exits with a 0 exit code, there's a retrieve # in the "install" method. So, check the current state now, # to compare against later. current = self.retrieve begin provider.update rescue => detail self.fail Puppet::Error, _("Could not update: %{detail}") % { detail: detail }, detail end if current == :absent :package_installed else :package_changed end end newvalue(/./, :required_features => :versionable) do begin provider.install rescue => detail self.fail Puppet::Error, _("Could not update: %{detail}") % { detail: detail }, detail end if self.retrieve == :absent :package_installed else :package_changed end end defaultto :installed # Override the parent method, because we've got all kinds of # funky definitions of 'in sync'. def insync?(is) @lateststamp ||= (Time.now.to_i - 1000) # Iterate across all of the should values, and see how they # turn out. @should.each { |should| case should when :present return true unless [:absent, :purged, :disabled].include?(is) when :latest # Short-circuit packages that are not present return false if is == :absent || is == :purged # Don't run 'latest' more than about every 5 minutes if @latest and ((Time.now.to_i - @lateststamp) / 60) < 5 #self.debug "Skipping latest check" else begin @latest = provider.latest @lateststamp = Time.now.to_i rescue => detail error = Puppet::Error.new(_("Could not get latest version: %{detail}") % { detail: detail }) error.set_backtrace(detail.backtrace) raise error end end case when is.is_a?(Array) && is.include?(@latest) return true when is == @latest return true when is == :present # This will only happen on packaging systems # that can't query versions. return true else self.debug "#{@resource.name} #{is.inspect} is installed, latest is #{@latest.inspect}" end when :absent return true if is == :absent || is == :purged when :purged return true if is == :purged # this handles version number matches and # supports providers that can have multiple versions installed when *Array(is) return true else # We have version numbers, and no match. If the provider has # additional logic, run it here. return provider.insync?(is) if provider.respond_to?(:insync?) end } false end # This retrieves the current state. LAK: I think this method is unused. def retrieve provider.properties[:ensure] end # Provide a bit more information when logging upgrades. def should_to_s(newvalue = @should) if @latest super(@latest) else super(newvalue) end end def change_to_s(currentvalue, newvalue) # Handle transitioning from any previous state to 'purged' return 'purged' if newvalue == :purged # Check for transitions from nil/purged/absent to 'created' (any state that is not absent and not purged) return 'created' if (currentvalue.nil? || currentvalue == :absent || currentvalue == :purged) && (newvalue != :absent && newvalue != :purged) # The base should handle the normal property transitions super(currentvalue, newvalue) end end newparam(:name) do desc "The package name. This is the name that the packaging system uses internally, which is sometimes (especially on Solaris) a name that is basically useless to humans. If a package goes by several names, you can use a single title and then set the name conditionally: # In the 'openssl' class $ssl = $operatingsystem ? { solaris => SMCossl, default => openssl } package { 'openssl': ensure => installed, name => $ssl, } ... $ssh = $operatingsystem ? { solaris => SMCossh, default => openssh } package { 'openssh': ensure => installed, name => $ssh, require => Package['openssl'], } " isnamevar validate do |value| if !value.is_a?(String) raise ArgumentError, _("Name must be a String not %{klass}") % { klass: value.class } end end end # We call providify here so that we can set provider as a namevar. # Normally this method is called after newtype finishes constructing this # Type class. providify paramclass(:provider).isnamevar def self.parameters_to_include [:provider] end # Specify a targeted package management command. newparam(:command, :required_features => :targetable) do desc <<-EOT The targeted command to use when managing a package: package { 'mysql': provider => gem, } package { 'mysql-opt': name => 'mysql', provider => gem, command => '/opt/ruby/bin/gem', } Each provider defines a package management command; and uses the first instance of the command found in the PATH. Providers supporting the targetable feature allow you to specify the absolute path of the package management command; useful when multiple instances of the command are installed, or the command is not in the PATH. EOT isnamevar defaultto :default end # We have more than one namevar, so we need title_patterns. # However, we cheat and set the patterns to map to name only # and completely ignore provider (and command, for targetable providers). # So far, the logic that determines uniqueness appears to just # "Do The Right Thing™" when provider (and command) are explicitly set. # # The following resources will be seen as unique by puppet: # # # Uniqueness Key: ['mysql', nil] # package {'mysql': } # # # Uniqueness Key: ['mysql', 'gem', nil] # package {'gem-mysql': # name => 'mysql, # provider => gem, # } # # # Uniqueness Key: ['mysql', 'gem', '/opt/ruby/bin/gem'] # package {'gem-mysql-opt': # name => 'mysql, # provider => gem # command => '/opt/ruby/bin/gem', # } # # This does not handle the case where providers like 'yum' and 'rpm' should # clash. Also, declarations that implicitly use the default provider will # clash with those that explicitly use the default. def self.title_patterns # This is the default title pattern for all types, except hard-wired to # set only name. [ [ /(.*)/m, [ [:name] ] ] ] end newproperty(:package_settings, :required_features=>:package_settings) do desc "Settings that can change the contents or configuration of a package. The formatting and effects of package_settings are provider-specific; any provider that implements them must explain how to use them in its documentation. (Our general expectation is that if a package is installed but its settings are out of sync, the provider should re-install that package with the desired settings.) An example of how package_settings could be used is FreeBSD's port build options --- a future version of the provider could accept a hash of options, and would reinstall the port if the installed version lacked the correct settings. package { 'www/apache22': package_settings => { 'SUEXEC' => false } } Again, check the documentation of your platform's package provider to see the actual usage." validate do |value| if provider.respond_to?(:package_settings_validate) provider.package_settings_validate(value) else super(value) end end munge do |value| if provider.respond_to?(:package_settings_munge) provider.package_settings_munge(value) else super(value) end end def insync?(is) provider.package_settings_insync?(should, is) end def should_to_s(newvalue) if provider.respond_to?(:package_settings_should_to_s) provider.package_settings_should_to_s(should, newvalue) else super(newvalue) end end def is_to_s(currentvalue) if provider.respond_to?(:package_settings_is_to_s) provider.package_settings_is_to_s(should, currentvalue) else super(currentvalue) end end def change_to_s(currentvalue, newvalue) if provider.respond_to?(:package_settings_change_to_s) provider.package_settings_change_to_s(currentvalue, newvalue) else super(currentvalue,newvalue) end end end newproperty(:flavor, :required_features => :supports_flavors) do desc "OpenBSD and DNF modules support 'flavors', which are further specifications for which type of package you want." validate do |value| if [:disabled, "disabled"].include?(@resource[:ensure]) && value raise ArgumentError, _('Cannot have both `ensure => disabled` and `flavor`') end end end newparam(:source) do desc "Where to find the package file. This is mostly used by providers that don't automatically download packages from a central repository. (For example: the `yum` provider ignores this attribute, `apt` provider uses it if present and the `rpm` and `dpkg` providers require it.) Different providers accept different values for `source`. Most providers accept paths to local files stored on the target system. Some providers may also accept URLs or network drive paths. Puppet will not automatically retrieve source files for you, and usually just passes the value of `source` to the package installation command. You can use a `file` resource if you need to manually copy package files to the target system." validate do |value| provider.validate_source(value) end end newparam(:instance) do desc "A read-only parameter set by the package." end newparam(:status) do desc "A read-only parameter set by the package." end newparam(:adminfile) do desc "A file containing package defaults for installing packages. This attribute is only used on Solaris. Its value should be a path to a local file stored on the target system. Solaris's package tools expect either an absolute file path or a relative path to a file in `/var/sadm/install/admin`. The value of `adminfile` will be passed directly to the `pkgadd` or `pkgrm` command with the `-a <ADMINFILE>` option." end newparam(:responsefile) do desc "A file containing any necessary answers to questions asked by the package. This is currently used on Solaris and Debian. The value will be validated according to system rules, but it should generally be a fully qualified path." end newparam(:configfiles) do desc "Whether to keep or replace modified config files when installing or upgrading a package. This only affects the `apt` and `dpkg` providers." defaultto :keep newvalues(:keep, :replace) end newparam(:category) do desc "A read-only parameter set by the package." end newparam(:platform) do desc "A read-only parameter set by the package." end newparam(:root) do desc "A read-only parameter set by the package." end newparam(:vendor) do desc "A read-only parameter set by the package." end newparam(:description) do desc "A read-only parameter set by the package." end newparam(:allowcdrom) do desc "Tells apt to allow cdrom sources in the sources.list file. Normally apt will bail if you try this." newvalues(:true, :false) end newparam(:enable_only, :boolean => false, :parent => Puppet::Parameter::Boolean) do desc <<-EOT Tells `dnf module` to only enable a specific module, instead of installing its default profile. Modules with no default profile will be enabled automatically without the use of this parameter. Conflicts with the `flavor` property, which selects a profile to install. EOT defaultto false validate do |value| if [true, :true, "true"].include?(value) && @resource[:flavor] raise ArgumentError, _('Cannot have both `enable_only => true` and `flavor`') end if [:disabled, "disabled"].include?(@resource[:ensure]) raise ArgumentError, _('Cannot have both `ensure => disabled` and `enable_only => true`') end end end newparam(:install_only, :boolean => false, :parent => Puppet::Parameter::Boolean, :required_features => :install_only) do desc <<-EOT It should be set for packages that should only ever be installed, never updated. Kernels in particular fall into this category. EOT defaultto false end newparam(:install_options, :parent => Puppet::Parameter::PackageOptions, :required_features => :install_options) do desc <<-EOT An array of additional options to pass when installing a package. These options are package-specific, and should be documented by the software vendor. One commonly implemented option is `INSTALLDIR`: package { 'mysql': ensure => installed, source => 'N:/packages/mysql-5.5.16-winx64.msi', install_options => [ '/S', { 'INSTALLDIR' => 'C:\\mysql-5.5' } ], } Each option in the array can either be a string or a hash, where each key and value pair are interpreted in a provider specific way. Each option will automatically be quoted when passed to the install command. With Windows packages, note that file paths in an install option must use backslashes. (Since install options are passed directly to the installation command, forward slashes won't be automatically converted like they are in `file` resources.) Note also that backslashes in double-quoted strings _must_ be escaped and backslashes in single-quoted strings _can_ be escaped. EOT end newparam(:uninstall_options, :parent => Puppet::Parameter::PackageOptions, :required_features => :uninstall_options) do desc <<-EOT An array of additional options to pass when uninstalling a package. These options are package-specific, and should be documented by the software vendor. For example: package { 'VMware Tools': ensure => absent, uninstall_options => [ { 'REMOVE' => 'Sync,VSS' } ], } Each option in the array can either be a string or a hash, where each key and value pair are interpreted in a provider specific way. Each option will automatically be quoted when passed to the uninstall command. On Windows, this is the **only** place in Puppet where backslash separators should be used. Note that backslashes in double-quoted strings _must_ be double-escaped and backslashes in single-quoted strings _may_ be double-escaped. EOT end newparam(:allow_virtual, :boolean => true, :parent => Puppet::Parameter::Boolean, :required_features => :virtual_packages) do desc 'Specifies if virtual package names are allowed for install and uninstall.' defaultto do provider_class = provider.class if provider_class.respond_to?(:defaultto_allow_virtual) provider_class.defaultto_allow_virtual else true end end end autorequire(:file) do autos = [] [:responsefile, :adminfile].each { |param| val = self[param] if val autos << val end } source = self[:source] if source && absolute_path?(source) autos << source end autos end # This only exists for testing. def clear obj = @parameters[:ensure] if obj obj.latest = nil end end # The 'query' method returns a hash of info if the package # exists and returns nil if it does not. def exists? @provider.get(:ensure) != :absent end def present?(current_values) super && current_values[:ensure] != :purged end # This parameter exists to ensure backwards compatibility is preserved. # See https://github.com/puppetlabs/puppet/pull/2614 for discussion. # If/when a metaparameter for controlling how arbitrary resources respond # to refreshing is created, that will supersede this, and this will be # deprecated. newparam(:reinstall_on_refresh) do desc "Whether this resource should respond to refresh events (via `subscribe`, `notify`, or the `~>` arrow) by reinstalling the package. Only works for providers that support the `reinstallable` feature. This is useful for source-based distributions, where you may want to recompile a package if the build options change. If you use this, be careful of notifying classes when you want to restart services. If the class also contains a refreshable package, doing so could cause unnecessary re-installs." newvalues(:true, :false) defaultto :false end # When a refresh event is triggered, calls reinstall on providers # that support the reinstall_on_refresh parameter. def refresh if provider.reinstallable? && @parameters[:reinstall_on_refresh].value == :true && @parameters[:ensure].value != :purged && @parameters[:ensure].value != :absent provider.reinstall end end newproperty(:mark, :required_features => :holdable) do mark_doc='Valid values are: hold/none' desc <<-EOT Set to hold to tell Debian apt/Solaris pkg to hold the package version #{mark_doc} Default is "none". Mark can be specified with or without `ensure`, if `ensure` is missing will default to "present". Mark cannot be specified together with "purged", or "absent" values for `ensure`. EOT newvalues(:hold, :none) munge do |value| case value when "hold", :hold :hold when "none", :none :none else raise ArgumentError, _('Invalid hold value %{value}. %{doc}') % { value: value.inspect, doc: mark_doc} end end def insync?(is) @should[0] == is end def should @should[0] if @should && @should.is_a?(Array) && @should.size == 1 end def retrieve provider.properties[:mark] end def sync if @should[0] == :hold provider.hold else provider.unhold end end end validate do if @parameters[:mark] && [:absent, :purged].include?(@parameters[:ensure].should) raise ArgumentError, _('You cannot use "mark" property while "ensure" is one of ["absent", "purged"]') end end end end