The following example shows how you would add a new IPS software package (nmap) by declaring the Puppet package resource type in a manifest.
Example 4 Configuring Packaging With PuppetFirst, you would determine whether the package that you plan to install is already installed:
$ pkg info nmap pkg: info: no packages matching the following patterns you specified are installed on the system. Try specifying -r to query remotely:
If you wanted to check remotely whether the package was installed, you would use the –r option as follows:
# pkg info -r nmap Name: diagnostic/nmap Summary: Network exploration tool and security / port scanner. Description: Nmap is useful for inventorying the network, managing service upgrade schedules, and monitoring host or service uptime. Category: System/Administration and Configuration State: Not installed Publisher: solaris Version: 6.25 Build Release: 5.11 Branch: 0.175.3.0.0.30.0 Packaging Date: Fri Aug 21 16:46:42 2015 Size: 19.07 MB FMRI: pkg://solaris/diagnostic/nmap@6.25,5.11-0.175.3.0.0.30.0:20150821T164642Z
Next, you would use the puppet describe command (as shown in the following partial example output) to check for the appropriate attribute to declare for the package resource type:
# puppet describe package package ======= Manage packages. There is a basic dichotomy in package support right now: Some package types (e.g., yum and apt) can retrieve their own package files, while others (e.g., rpm and sun) cannot. For those package formats that cannot retrieve their own files, you can use the `source` parameter to point to the correct file. Puppet will automatically guess the packaging format that you are using based on the platform you are on, but you can override it using the `provider` parameter; each provider defines what it requires in order to function, and you must meet those requirements to use a given provider. **Autorequires:** If Puppet is managing the files specified as a package's `adminfile`, `responsefile`, or `source`, the package resource will autorequire those files. Parameters ---------- - **adminfile** A file containing package defaults for installing packages. This is currently only used on Solaris. The value will be validated according to system rules, which in the case of Solaris means that it should either be a fully qualified path or it should be in `/var/sadm/install/admin`. - **allow_virtual** Specifies if virtual package names are allowed for install and uninstall. Valid values are `true`, `false`, `yes`, `no`. Requires features virtual_packages. - **allowcdrom** Tells apt to allow cdrom sources in the sources.list file. Normally apt will bail if you try this. Valid values are `true`, `false`. - **category** A read-only parameter set by the package. - **configfiles** Whether configfiles should be kept or replaced. Most packages types do not support this parameter. Defaults to `keep`. Valid values are `keep`, `replace`. - **description** A read-only parameter set by the package. - **ensure** What state the package should be in. On packaging systems that can retrieve new packages on their own, you can choose which package to retrieve by specifying a version number or `latest` as the ensure value. On packaging systems that manage configuration files separately from "normal" system files, you can uninstall config files by specifying `purged` as the ensure value. This defaults to `installed`. Valid values are `present` (also called `installed`), `absent`, `purged`, `held`, `latest`. Values can match `/./`. ...
You would then declare the resource type within the Puppet manifest on the master as follows:
package { 'nmap': ensure => 'present', }
In the previous example, the resource definition title is set to nmap (the package to be installed), and the ensure attribute's value is set to present, which checks that the package is available for installation.
The configuration is verified as follows:
# pkg info nmap Name: diagnostic/nmap Summary: Network exploration tool and security / port scanner. Description: Nmap is useful for inventorying the network, managing service upgrade schedules, and monitoring host or service uptime. Category: System/Administration and Configuration State: Installed Publisher: solaris Version: 6.25 Build Release: 5.11 Branch: 0.175.3.0.0.30.0 Packaging Date: Fri Aug 21 16:46:42 2015 Size: 19.07 MB FMRI: pkg://solaris/diagnostic/nmap@6.25,5.11-0.175.3.0.0.30.0:20150821T164642Z
The output of the previous command shows that the nmap package is now installed on the node. The package is installed when the Puppet agent runs. Or, you can run the puppet agent –t command on the node to manually enforce the configuration changes.
Note that if you were to uninstall the nmap package, Puppet would enforce the specified configuration by reinstalling the package on the node.