<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Bcfg2 RPM/YUM Client Drivers — Bcfg2 1.3.0 documentation</title> <link rel="stylesheet" href="../../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../', VERSION: '1.3.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../../_static/jquery.js"></script> <script type="text/javascript" src="../../_static/underscore.js"></script> <script type="text/javascript" src="../../_static/doctools.js"></script> <script type="text/javascript" src="../../_static/sidebar.js"></script> <link rel="shortcut icon" href="../../_static/favicon.ico"/> <link rel="top" title="Bcfg2 1.3.0 documentation" href="../../index.html" /> <link rel="up" title="Client Tool Drivers" href="../tools.html" /> <link rel="next" title="Client Metadata" href="../metadata.html" /> <link rel="prev" title="VCS Client Tool" href="vcs.html" /> <link rel="stylesheet" href="../../_static/bcfg2.css" type=""/> </head> <body> <div style="text-align: left; padding: 10px 10px 15px 15px"> <a href="../../index.html"><img src="../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="../metadata.html" title="Client Metadata" accesskey="N">next</a> |</li> <li class="right" > <a href="vcs.html" title="VCS Client Tool" accesskey="P">previous</a> |</li> <li><a href="../../index.html">home</a> | </li> <!--<li><a href="../../search.html">search</a> | </li>--> <li><a href="../../help/index.html">help</a> | </li> <li><a href="../../contents.html">documentation </a> »</li> <li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="../index.html" >The Bcfg2 Client</a> »</li> <li><a href="../tools.html" accesskey="U">Client Tool Drivers</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="bcfg2-rpm-yum-client-drivers"> <span id="client-tools-yum"></span><h1>Bcfg2 RPM/YUM Client Drivers<a class="headerlink" href="#bcfg2-rpm-yum-client-drivers" title="Permalink to this headline">¶</a></h1> <p>The RPM and YUM client drivers provide client support for RPMs (installed directly from URLs) and Yum repositories. These drivers were formerly called <tt class="docutils literal"><span class="pre">RPMng</span></tt> and <tt class="docutils literal"><span class="pre">YUMng</span></tt>, respectively, but were renamed for Bcfg2 1.3.0.</p> <div class="section" id="features"> <h2>Features<a class="headerlink" href="#features" title="Permalink to this headline">¶</a></h2> <ul class="simple"> <li>Full RPM package identification using epoch, version, release and arch.</li> <li>Support for multiple instances of packages with the Instance tag.</li> <li>Better control of the RPM verification using the pkg_checks, pkg_verify and verify_flags attributes.</li> <li>Support for install only packages such as the kernel packages.</li> <li>Support for per instance ignoring of individual files for the RPM verification with the Ignore tag.</li> <li>Multiple package Instances with full version information listed in interactive mode.</li> <li>Support for installation and removal of gpg-pubkey packages.</li> <li>Support for controlling what action is taken on package verification failure with the install_action, version_fail_action and verify_fail_action attributes.</li> </ul> </div> <div class="section" id="installation"> <h2>Installation<a class="headerlink" href="#installation" title="Permalink to this headline">¶</a></h2> <div class="section" id="isprelink"> <h3>isprelink<a class="headerlink" href="#isprelink" title="Permalink to this headline">¶</a></h3> <p><tt class="docutils literal"><span class="pre">isprelink</span></tt> is a Python module that can greatly improve the performance of the <tt class="docutils literal"><span class="pre">RPM</span></tt> driver. It should be installed on any system that has prelink installed and will be using the <tt class="docutils literal"><span class="pre">RPM</span></tt> driver.</p> <p>Source can be found at <a class="reference external" href="ftp://ftp.mcs.anl.gov/pub/bcfg/isprelink-0.1.2.tar.gz">ftp://ftp.mcs.anl.gov/pub/bcfg/isprelink-0.1.2.tar.gz</a></p> <p>To compile and install prelink, execute:</p> <div class="highlight-python"><pre>python setup.py install</pre> </div> <p>in the rpmtools directory. The elfutils-libelf-devel package is required for the compilation.</p> <p>There may also be RPMs available in the repositories for your distro.</p> </div> </div> <div class="section" id="configuration-and-usage"> <h2>Configuration and Usage<a class="headerlink" href="#configuration-and-usage" title="Permalink to this headline">¶</a></h2> <div class="section" id="loading-of-rpm"> <h3>Loading of RPM<a class="headerlink" href="#loading-of-rpm" title="Permalink to this headline">¶</a></h3> <p>The RPM driver can be loaded by command line options, client configuration file options or as the default driver for RPM packages.</p> <p>From the command line:</p> <div class="highlight-python"><pre>bcfg2 -n -v -d -D Action,POSIX,Chkconfig,RPM</pre> </div> <p>This produces quite a bit of output so you may want to redirect the output to a file for review.</p> <p>In the <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt> file:</p> <div class="highlight-python"><div class="highlight"><pre><span class="p">[</span><span class="n">client</span><span class="p">]</span> <span class="n">drivers</span> <span class="o">=</span> <span class="n">Action</span><span class="p">,</span><span class="n">Chkconfig</span><span class="p">,</span><span class="n">POSIX</span><span class="p">,</span><span class="n">RPM</span> </pre></div> </div> </div> <div class="section" id="configuration-file-options"> <h3>Configuration File Options<a class="headerlink" href="#configuration-file-options" title="Permalink to this headline">¶</a></h3> <p>A number of paramters can be set in the client configuration for both the RPM and YUM drivers. Each driver has its own section (<tt class="docutils literal"><span class="pre">[RPM]</span></tt> or <tt class="docutils literal"><span class="pre">[YUM]</span></tt>), and most of the same options are accepted by each driver. An example config might look like this:</p> <div class="highlight-python"><div class="highlight"><pre><span class="p">[</span><span class="n">RPM</span><span class="p">]</span> <span class="n">pkg_checks</span> <span class="o">=</span> <span class="n">true</span> <span class="n">pkg_verify</span> <span class="o">=</span> <span class="n">true</span> <span class="n">erase_flags</span> <span class="o">=</span> <span class="n">allmatches</span> <span class="n">installonlypackages</span> <span class="o">=</span> <span class="n">kernel</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">bigmem</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">enterprise</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">smp</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">modules</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">debug</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">unsupported</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">source</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">devel</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">default</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">largesmp</span><span class="o">-</span><span class="n">devel</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">largesmp</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">xen</span><span class="p">,</span> <span class="n">gpg</span><span class="o">-</span><span class="n">pubkey</span> <span class="n">install_action</span> <span class="o">=</span> <span class="n">install</span> <span class="n">version_fail_action</span> <span class="o">=</span> <span class="n">upgrade</span> <span class="n">verify_fail_action</span> <span class="o">=</span> <span class="n">reinstall</span> </pre></div> </div> <div class="section" id="installonlypackages"> <h4>installonlypackages<a class="headerlink" href="#installonlypackages" title="Permalink to this headline">¶</a></h4> <p>Install-only packages are packages that should only ever be installed or deleted, not upgraded.</p> <p>It is best practice to only ever install/delete kernel packages, the wisdom being that the package for the currently running kernel should always be installed. Doing an upgrade would delete the running kernel package.</p> <p><tt class="docutils literal"><span class="pre">gpg-pubkey</span></tt> will be automatically added to the list of install-only packages.</p> <p>Example:</p> <div class="highlight-python"><div class="highlight"><pre><span class="p">[</span><span class="n">RPM</span><span class="p">]</span> <span class="n">installonlypackages</span> <span class="o">=</span> <span class="n">kernel</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">bigmem</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">enterprise</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">smp</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">modules</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">debug</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">unsupported</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">source</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">devel</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">default</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">largesmp</span><span class="o">-</span><span class="n">devel</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">largesmp</span><span class="p">,</span> <span class="n">kernel</span><span class="o">-</span><span class="n">xen</span><span class="p">,</span> <span class="n">gpg</span><span class="o">-</span><span class="n">pubkey</span> </pre></div> </div> <p>This option is not honored by the <tt class="docutils literal"><span class="pre">YUM</span></tt> driver.</p> </div> <div class="section" id="erase-flags"> <h4>erase_flags<a class="headerlink" href="#erase-flags" title="Permalink to this headline">¶</a></h4> <p>erase_flags are rpm options used by ‘rpm -erase’ in the client <tt class="docutils literal"><span class="pre">Remove()</span></tt> method. The RPM erase is written using rpm-python and does not use the rpm command.</p> <p>The erase flags are specified in the client configuration file as a comma separated list and apply to all RPM erase operations. The following rpm erase options are supported. See the rpm man page for details:</p> <div class="highlight-python"><div class="highlight"><pre><span class="n">noscripts</span> <span class="n">notriggers</span> <span class="n">repackage</span> <span class="n">allmatches</span> <span class="n">nodeps</span> </pre></div> </div> <p>This option is not honored by the <tt class="docutils literal"><span class="pre">YUM</span></tt> driver.</p> </div> <div class="section" id="pkg-checks"> <h4>pkg_checks<a class="headerlink" href="#pkg-checks" title="Permalink to this headline">¶</a></h4> <p>The RPM/YUM drivers do the following three checks/status:</p> <ol class="arabic simple"> <li>Installed</li> <li>Version</li> <li>rpm verify</li> </ol> <p>Setting pkg_checks = true (the default) in the client configuration file means that all three checks will be done for all packages.</p> <p>Setting pkg_checks = false in the client configuration file means that only the Installed check will be done for all packages.</p> <p>The true/false value can be any combination of upper and lower case.</p> <div class="admonition note"> <p class="first admonition-title">Note</p> <ol class="last arabic simple"> <li>pkg_checks must evaluate true for both the client (this option) and the package (see the Package Tag pkg_checks attribute below) for the action to take place.</li> <li>If pkg_checks = false then the Pkgmgr entries do not need the version information. See the examples towards the bottom of the page.</li> </ol> </div> </div> <div class="section" id="pkg-verify"> <h4>pkg_verify<a class="headerlink" href="#pkg-verify" title="Permalink to this headline">¶</a></h4> <p>The RPM/YUM drivers do the following three checks/status:</p> <ol class="arabic simple"> <li>Installed</li> <li>Version</li> <li>rpm verify</li> </ol> <p>Setting pkg_verify = true (the default) in the client configuration file means that all three checks will be done for all packages as long as pkg_checks = true.</p> <p>Setting pkg_verify = false in the client configuration file means that the rpm verify wil not be done for all packages on the client.</p> <p>The true/false value can be any combination of upper and lower case.</p> <div class="admonition note"> <p class="first admonition-title">Note</p> <ol class="last arabic simple"> <li>pkg_verify must evaluate true for both the client (this option) and the package instance (see the Instance Tag pkg_verify attribute below) for the action to take place.</li> </ol> </div> </div> <div class="section" id="install-action"> <h4>install_action<a class="headerlink" href="#install-action" title="Permalink to this headline">¶</a></h4> <p><tt class="docutils literal"><span class="pre">install_action</span></tt> controls whether or not a package instance will be installed if the package instance isn’t installed.</p> <p>If install_action = install then the package instance is installed. If install_action = none then the package instance is not installed.</p> <div class="admonition note"> <p class="first admonition-title">Note</p> <ol class="last arabic simple"> <li>install_action must evaluate true for both the client (this option) and the package instance (see the Instance Tag install_action attribute below) for the action to take place.</li> </ol> </div> </div> <div class="section" id="version-fail-action"> <h4>version_fail_action<a class="headerlink" href="#version-fail-action" title="Permalink to this headline">¶</a></h4> <p><tt class="docutils literal"><span class="pre">version_fail_action</span></tt> controls whether or not a package instance will be updated if the installed package instance isn’t the same version as specified in the configuration.</p> <p>If version_fail_action = upgrade then the package instance is upgraded (or downgraded).</p> <p>If version_fail_action = none then the package instance is not upgraded (or downgraded).</p> <div class="admonition note"> <p class="first admonition-title">Note</p> <ol class="last arabic simple"> <li>verion_fail_action must evaluate true for both the client (this option) and the package instance (see the Instance Tag version_fail_action attribute below) for the action to take place.</li> </ol> </div> </div> <div class="section" id="verify-fail-action"> <h4>verify_fail_action<a class="headerlink" href="#verify-fail-action" title="Permalink to this headline">¶</a></h4> <p><tt class="docutils literal"><span class="pre">verify_fail_action</span></tt> controls whether or not a package instance will be reinstalled if the installed package instance fails the Yum or RPM verify.</p> <p>If verify_fail_action = reinstall then the package instance is reinstalled. If verify_fail_action = none then the package instance is not reinstalled.</p> <div class="admonition note"> <p class="first admonition-title">Note</p> <ol class="last arabic simple"> <li>verify_fail_action must evaluate true for both the client (this option) and the package instance (see the Instance Tag verify_fail_action attribute below) for the action to take place.</li> <li>The driver will not attempt to reinstall a package instance if the only failure is a configuration file.</li> </ol> </div> </div> </div> <div class="section" id="interactive-mode"> <h3>Interactive Mode<a class="headerlink" href="#interactive-mode" title="Permalink to this headline">¶</a></h3> <p>Running the client in interactive mode (-I) prompts for the actions to be taken as before. Prompts are per package and may apply to multiple instances of that package. Each per package prompt will contain a list of actions per instance.</p> <p>In the RPM driver, actions are encoded as:</p> <ul class="simple"> <li>D - Delete</li> <li>I - Install</li> <li>R - Reinstall</li> <li>U - Upgrade/Downgrade</li> </ul> <p>An example follows:</p> <div class="highlight-python"><pre>Install/Upgrade/delete Package aaa_base instance(s) - R(*:10.2-38.*) (y/N) Install/Upgrade/delete Package evms instance(s) - R(*:2.5.5-67.*) (y/N) Install/Upgrade/delete Package gpg-pubkey instance(s) - D(*:9c800aca-40d8063e.*) D(*:0dfb3188-41ed929b.*) D(*:7e2e3b05-44748aba.*) D(*:a1912208-446a0899.*) D(*:9c777da4-4515b5fd.*) D(*:307e3d54-44201d5d.*) (y/N) Install/Upgrade/delete Package module-init-tools instance(s) - R(*:3.2.2-62.*) (y/N) Install/Upgrade/delete Package multipath-tools instance(s) - R(*:0.4.7-29.*) (y/N) Install/Upgrade/delete Package pam instance(s) - R(*:0.99.6.3-29.1.*) (y/N) Install/Upgrade/delete Package perl-AppConfig instance(s) - U(None:1.52-4.noarch -> *:1.63-17.*) (y/N) Install/Upgrade/delete Package postfix instance(s) - R(*:2.3.2-28.*) (y/N) Install/Upgrade/delete Package sysconfig instance(s) - R(*:0.60.4-3.*) (y/N) Install/Upgrade/delete Package udev instance(s) - R(*:103-12.*) (y/N)</pre> </div> </div> <div class="section" id="gpg-keys"> <h3>GPG Keys<a class="headerlink" href="#gpg-keys" title="Permalink to this headline">¶</a></h3> <p>GPG is used by RPM to ‘sign’ packages. All vendor packages are signed with the vendors GPG key. Additional signatures maybe added to the rpm file at the users discretion.</p> <p>It is normal to have multiple GPG keys installed. For example, SLES10 out of the box has six GPG keys installed.</p> <p>To the RPM database all GPG ‘packages’ have the name ‘gpg-pubkey’, which may be nothing like the name of the file specified in the rpm -import command. For example on Centos 4 the file name is RPM-GPG-KEY-centos4. For SLES10 this means that there are six packages with the name ‘gpg-pubkey’ installed.</p> <p>RPM does not check GPG keys at package installation, while YUM does.</p> <p>RPM uses the rpm command for installation and does not therefore check GPG signatures at package install time. RPM uses rpm-python for verification and does by default do signature checks as part of the client Inventory process. To do the signature check the appropriate GPG keys must be installed. rpm-python is not very friendly if the required key(s) is not installed (it crashes the client).</p> <p>The RPM driver detects, on a per package instance basis, if the appropriate key is installed. If it is not, a warning message is printed and the signature check is disabled for that package instance, for that client run only.</p> <p>GPG keys can be installed and removed by the RPM driver. To install a GPG key configure it in Pkgmgr/Rules as a package and add gpg-pubkey to the clients abstract configuration. The gpg-pubkey package/instance is treated as an install only package. gpg-pubkey packages are installed by the RPM driver with the rpm -import command.</p> <p>gpg-pubkey packages will be removed by <tt class="docutils literal"><span class="pre">bcfg2</span> <span class="pre">-r</span> <span class="pre">packages</span></tt> if they are not in the clients configuration.</p> </div> <div class="section" id="ignoring-files-during-verification"> <h3>Ignoring Files during Verification<a class="headerlink" href="#ignoring-files-during-verification" title="Permalink to this headline">¶</a></h3> <p>The <a class="reference internal" href="../../server/plugins/generators/rules.html#path-ignore"><em>ignore</em></a> Path tag is used to exempt individual files from the RPM verification. This is done by comparing the verification failure results with the ignore Path. If there is a match, that entry is not used by the client to determine if a package has failed verification.</p> <p>Path ignore entries can be specified at both the Package level, in which case they apply to all Instances, and/or at the Instance level, in which case they only apply to that instance.</p> <p>See <a class="reference internal" href="../../server/plugins/generators/rules.html#path-ignore"><em>ignore</em></a> for more details.</p> <p>Example:</p> <div class="highlight-xml"><div class="highlight"><pre><span class="c"><!-- Ignore verification failures for centos-release --></span> <span class="nt"><BoundPath</span> <span class="na">name=</span><span class="s">'/etc/yum.repos.d/CentOS-Base.repo'</span> <span class="na">type=</span><span class="s">'ignore'</span><span class="nt">/></span> <span class="nt"><BoundPath</span> <span class="na">name=</span><span class="s">'/etc/yum.repos.d/CentOS-Media.repo'</span> <span class="na">type=</span><span class="s">'ignore'</span><span class="nt">/></span> </pre></div> </div> </div> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="../../index.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">Bcfg2 RPM/YUM Client Drivers</a><ul> <li><a class="reference internal" href="#features">Features</a></li> <li><a class="reference internal" href="#installation">Installation</a><ul> <li><a class="reference internal" href="#isprelink">isprelink</a></li> </ul> </li> <li><a class="reference internal" href="#configuration-and-usage">Configuration and Usage</a><ul> <li><a class="reference internal" href="#loading-of-rpm">Loading of RPM</a></li> <li><a class="reference internal" href="#configuration-file-options">Configuration File Options</a><ul> <li><a class="reference internal" href="#installonlypackages">installonlypackages</a></li> <li><a class="reference internal" href="#erase-flags">erase_flags</a></li> <li><a class="reference internal" href="#pkg-checks">pkg_checks</a></li> <li><a class="reference internal" href="#pkg-verify">pkg_verify</a></li> <li><a class="reference internal" href="#install-action">install_action</a></li> <li><a class="reference internal" href="#version-fail-action">version_fail_action</a></li> <li><a class="reference internal" href="#verify-fail-action">verify_fail_action</a></li> </ul> </li> <li><a class="reference internal" href="#interactive-mode">Interactive Mode</a></li> <li><a class="reference internal" href="#gpg-keys">GPG Keys</a></li> <li><a class="reference internal" href="#ignoring-files-during-verification">Ignoring Files during Verification</a></li> </ul> </li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="vcs.html" title="previous chapter">VCS Client Tool</a></p> <h4>Next topic</h4> <p class="topless"><a href="../metadata.html" title="next chapter">Client Metadata</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="../../_sources/client/tools/yum.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="../metadata.html" title="Client Metadata" >next</a> |</li> <li class="right" > <a href="vcs.html" title="VCS Client Tool" >previous</a> |</li> <li><a href="../../index.html">home</a> | </li> <!--<li><a href="../../search.html">search</a> | </li>--> <li><a href="../../help/index.html">help</a> | </li> <li><a href="../../contents.html">documentation </a> »</li> <li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="../index.html" >The Bcfg2 Client</a> »</li> <li><a href="../tools.html" >Client Tool Drivers</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009-2013, Narayan Desai. Last updated on Mar 20, 2013. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>