New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add versionlock support #44
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am neither a user of the module, nor a user of the tool. So my review is just with Puppet point of view.
metadata.json
Outdated
"name": "puppetlabs/stdlib", | ||
"version_requirement": ">= 4.18.0 < 7.0.0" | ||
}, | ||
{ | ||
"name": "puppetlabs/concat", | ||
"version_requirement": ">= 1.2.5 < 7.0.0" | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How was decided the lower bound ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The lower bound was copied from the Yum module. As the code is for the most part copied directly I also copied the version requirements from that module. In your opinion should these be different?
07b03da
to
0a3f085
Compare
4c0abf7
to
d37c529
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@msurato thank you for the update.
I do not understand why using a parameter ensure
without using it in an standard way
manifests/plugin/versionlock.pp
Outdated
# include zypprepo::plugin::versionlock | ||
# | ||
class zypprepo::plugin::versionlock ( | ||
Enum['present', 'absent'] $ensure = 'present', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why this parameter without using it ?
IMO this parameter should be simply removed.
Otherwise it may suggest that it's possible to make sure it's not there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because of how concat is used ensure=>absent will indeed remove the lock. It can be argued that we can remove the statement as this is the same as ensure=>absent. However, will that also not break user's expectations (i.e. to ensure this is absent add ensure=>absent)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removing a statement does not imply the absence. It just means that we do not describe the desired state of this. So this means that it is not handled by Puppet.
Arguing that remove a statement is same that ensure => absent
is misunderstanding how Puppet works.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I double checked my test just to be certain.
Due to how concat is setup, it will remove any line that is not specifically defined by the module. This is unlike augeas that will remove specific lines. I can, of course, remove the ensure parameter, but would this break user's expectations?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, I think a better option would be to make a parameter that sets the value of concat::replace
to false
.
class zypprepo::plugin::versionlock (
Boolean $replace = true,
Stdlib::Absolutepath $path = '/etc/zypp/locks',
) {
concat { $path:
mode => '0644',
owner => 'root',
group => 'root',
replace => $replace,
}
concat::fragment { 'versionlock_header':
target => $path,
content => '# File managed by puppet\n',
order => '01',
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That said, the point of Puppet is to set system state. It is never a good idea to have something both managed by Puppet and manually modifiable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dhollinger and @Dan33l , how about this as a plan?
- I remove the ensure block as only present does anything. And
- I add a notice to the documentation giving the warning that once any locks are defined by the module, all locks must be defined by the module or they will be removed.
Does this work?
manifests/versionlock.pp
Outdated
# architectures. | ||
# | ||
define zypprepo::versionlock ( | ||
Enum['present', 'absent'] $ensure = 'present', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
IMO this parameter should be simply removed.
Otherwise it may suggest that it's possible to make sure it's not there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is possible to ensure that it is not there. Only statements that are defined will be locked and running "zypper al package" will be reset at the next Puppet run.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm in agreement with @Dan33l here. The proper use here would be to port any existing locks you have into Puppet code or Hieradata and let Puppet manage the entire thing. Puppet doesn't do much good as a tool for managing system state if the stuff it manages can also be touched from other sources as well.
@@ -0,0 +1,40 @@ | |||
# This type matches strings appropriate for use with zypprepo-versionlock. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sweet, a nice type with good documentation! 👍
cdf81e4
to
6ad9648
Compare
Adding versionlock class. This is a port of the versionlock class from the yum module. The purpose of this is to prevent zypper from updating a specified package under a normal update run.
Adding versionlock plugin class test. This is a port of the versionlock
class in the yum module. The purpose of this is to prevent zypper from
updating a specified package under a normal update run.
Pull Request (PR) description
This is a port of the yum::versionlock to zypper.
This Pull Request (PR) fixes the following issues
n/a