I am trying to control the version of puppet agent installed on our RedHat systems.
Our Puppet manifest has
$puppet_version = hiera('profile::puppet_agent::version', '6.12.0')
class {'::puppet_agent':
collection => 'puppet6',
package_version => $puppet_version,
service_names => [], # Don't start puppet service
msi_move_locked_files => true,
manage_pki_dir => false,
}
# This is required on RedHat 7 only
$puppet_release = $::osreleasemaj ? {
'7' => '*.el7.*',
default => undef,
}
yum::versionlock { 'puppet-agent':
ensure => present,
version => $puppet_version,
release => $puppet_release,
before => Class['Puppet_agent'],
}
This works to configure puppet and it actually changes the contents of the YUM versionlock config file, but it doesn't seem to work to force puppet-agent to upgrade. I changed the version from 6.12.0 to 6.16.0. Now every puppet run fails with the error message Could not update: Failed to update to version 6.16.0, got version 6.12.0-1.el7 instead.
On RHEL 7, /etc/yum/pluginconf.d/versionlock.list contains:
# File managed by puppet
0:puppet-agent-6.16.0-*.el7.*
On RHEL 8, /etc/yum/pluginconf.d/versionlock.list contains:
# File managed by puppet
0:puppet-agent-0:6.16.0-*
My understanding is the yum versionlock doesn't care about the version listed in the file - just the package name.
I looked into whether puppet can clear the version lock, run the update, and set the version lock again all in the same agent run, but I can't find any way to make that work.
Any other way to do this?
We are running RHEL7 and RHEL8, and using the official Puppet YUM repositories.
0 Answers