-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
explains what happens when gpgcheck is not set in yum #45796
Conversation
@mkrizek @webknjaz @jtyr @dagwieers would this meet everyone's needs? |
@@ -108,6 +108,8 @@ | |||
description: | |||
- Tells yum whether or not it should perform a GPG signature check on | |||
packages. | |||
- No default setting. If the value is not set, falls back on the global | |||
default setting in C(/etc/yum.conf). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The module documentation is using defaults as described in the yum.conf
man page. For gpgcheck
option it's this:
gpgcheck Either `1' or `0'. This tells yum whether or not it should perform a GPG signature check on
packages. When this is set in the [main] section it sets the default for all repositories. The
default is `0'.
That means that the module should have defaults: 'no'
. Then any additional text is not required as it's logical that the defaults can be overridden from the global config file (/etc/yum.conf
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I disagree. This documentation covers the Ansible module, which does not have a default setting. In the absence of a setting in the Ansible task, the default system setting gets applied. That default is no
. However, I take your point about /etc/yum.conf
and will update the suggested change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@acozine Agreed, the default means that if you do not specify it, what will happen. And in this case, if you don't specify it, it leaves this part of the configuration as-is. No change.
In the near future we will show the argument_spec in the module documentation, so it becomes more important to have the argument_spec very clear (or clarify using documentation).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In fact the user may want to do any of four things:
- Add specifically gpgcheck=yes
- Add specifically gpgcheck=no
- Remove gpgcheck from the config
- Leave the gpgcheck untouched (keep as-is)
At the moment we only cover 3 options (no, yes, null).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The option should have default: 'no'
as that's whats in the yum.conf
documentation. Most of the options in the module are in the same situation - default set in the DOCUMENTATION
but no default set in the argument_spec
. gpgcheck
should be no exception.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
More logical would be to add a note into the DOCUMENTATION
explaining the relation between the defaults in the DOCUMENTATION
and defaults set by YUM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dagwieers This module cannot Leave the gpgcheck untouched (keep as-is)
. This module enforces an explicit value into the repo file. If the option is not specified, the option is not set at all and then whatever system default is applied instead.
PR ansible#45796 (cherry picked from commit 34b8cbd)
SUMMARY
Related to #39485.
Related to #36267.
We've gone back and forth a few times on how to describe the way the
gpgcheck
parameter works. It has no default value, but functionally it defaults to the setting in/etc/yum.conf
, which defaults tono
. This PR is an attempt to clarify how thegpgcheck
parameter interacts with the settings on the target machine.ISSUE TYPE
COMPONENT NAME
docs.ansible.com
ANSIBLE VERSION
2.8