explains what happens when gpgcheck is not set in yum #45796
Conversation
|
@mkrizek @webknjaz @jtyr @dagwieers would this meet everyone's needs? |
ansibot
added
affects_2.8
| @@ -108,6 +108,8 @@ | |||
| description: | |||
| - Tells yum whether or not it should perform a GPG signature check on | |||
| packages. | |||
| - No default setting. If the value is not set, falls back on the global | |||
| default setting in C(/etc/yum.conf). | |||
There was a problem hiding this comment.
The module documentation is using defaults as described in the yum.conf man page. For gpgcheck option it's this:
gpgcheck Either `1' or `0'. This tells yum whether or not it should perform a GPG signature check on
packages. When this is set in the [main] section it sets the default for all repositories. The
default is `0'.
That means that the module should have defaults: 'no'. Then any additional text is not required as it's logical that the defaults can be overridden from the global config file (/etc/yum.conf).
There was a problem hiding this comment.
I disagree. This documentation covers the Ansible module, which does not have a default setting. In the absence of a setting in the Ansible task, the default system setting gets applied. That default is no. However, I take your point about /etc/yum.confand will update the suggested change.
There was a problem hiding this comment.
@acozine Agreed, the default means that if you do not specify it, what will happen. And in this case, if you don't specify it, it leaves this part of the configuration as-is. No change.
In the near future we will show the argument_spec in the module documentation, so it becomes more important to have the argument_spec very clear (or clarify using documentation).
There was a problem hiding this comment.
In fact the user may want to do any of four things:
- Add specifically gpgcheck=yes
- Add specifically gpgcheck=no
- Remove gpgcheck from the config
- Leave the gpgcheck untouched (keep as-is)
At the moment we only cover 3 options (no, yes, null).
There was a problem hiding this comment.
The option should have default: 'no' as that's whats in the yum.conf documentation. Most of the options in the module are in the same situation - default set in the DOCUMENTATION but no default set in the argument_spec. gpgcheck should be no exception.
There was a problem hiding this comment.
More logical would be to add a note into the DOCUMENTATION explaining the relation between the defaults in the DOCUMENTATION and defaults set by YUM.
There was a problem hiding this comment.
@dagwieers This module cannot Leave the gpgcheck untouched (keep as-is). This module enforces an explicit value into the repo file. If the option is not specified, the option is not set at all and then whatever system default is applied instead.
ansibot
added
needs_revision
PR ansible#45796 (cherry picked from commit 34b8cbd)
SUMMARY
Related to #39485.
Related to #36267.
We've gone back and forth a few times on how to describe the way the
gpgcheckparameter works. It has no default value, but functionally it defaults to the setting in/etc/yum.conf, which defaults tono. This PR is an attempt to clarify how thegpgcheckparameter interacts with the settings on the target machine.ISSUE TYPE
COMPONENT NAME
docs.ansible.com
ANSIBLE VERSION
2.8