1. Using Puppet to Perform Configuration Management in Oracle Solaris 11.4
  2. Using Puppet to Manage Oracle Solaris System Configuration
  3. Using Puppet to Configure Packaging

Using Puppet to Configure Packaging

The following example shows how to add a new IPS software package (nmap) by declaring the Puppet package resource type in a manifest.

Example 5-1 Configuring Packaging With Puppet

First, determine whether the package that you want to install is installed already.

  • Run the following command on the local system:

    $ pkg info nmap
pkg: info: no packages matching the following patterns you specified are
installed on the system. Try specifying -r to query remotely:

  • Run the following command from a remote system:

    # pkg info -r nmap
 Name: diagnostic/nmap
       Summary: Network exploration tool and security / port scanner.
   Description: Nmap is useful for inventorying the network, managing service
                upgrade schedules, and monitoring host or service uptime.
      Category: System/Administration and Configuration
         State: Not installed
     Publisher: solaris
     ...

Next, run the puppet describe package command to check for the appropriate attribute (or parameter) to declare for the package resource type.

The following example puppet describe package command shows excerpted output: 

# puppet describe package

package
=======
Manage packages.  There is a basic dichotomy in package
support right now:  Some package types (e.g., yum and apt) can
retrieve their own package files, while others (e.g., rpm and sun)
cannot.  For those package formats that cannot retrieve their own files,
you can use the `source` parameter to point to the correct file.
Puppet will automatically guess the packaging format that you are
using based on the platform you are on, but you can override it
using the `provider` parameter; each provider defines what it
requires in order to function, and you must meet those requirements
to use a given provider.
**Autorequires:** If Puppet is managing the files specified as a
package's `adminfile`, `responsefile`, or `source`, the package
resource will autorequire those files.


Parameters
----------

- **adminfile**
    A file containing package defaults for installing packages.
    This is currently only used on Oracle Solaris.  The value will be
    validated according to system rules, which in the case of
    Oracle Solaris means that it should either be a fully qualified path
    or it should be in `/var/sadm/install/admin`.

- **allow_virtual**
    Specifies if virtual package names are allowed for install and
    uninstall.
    Valid values are `true`, `false`, `yes`, `no`.
    Requires features virtual_packages.

- **allowcdrom**
    Tells apt to allow cdrom sources in the sources.list file.
    Normally apt will bail if you try this.
    Valid values are `true`, `false`.

- **category**
    A read-only parameter set by the package.

- **configfiles**
    Whether configfiles should be kept or replaced.  Most packages
    types do not support this parameter. Defaults to `keep`.
    Valid values are `keep`, `replace`.

- **description**
    A read-only parameter set by the package.

- **ensure**
    What state the package should be in. On packaging systems that can
    retrieve new packages on their own, you can choose which package to
    retrieve by specifying a version number or `latest` as the ensure
    value. On packaging systems that manage configuration files separately
    from "normal" system files, you can uninstall config files by
    specifying `purged` as the ensure value. This defaults to `installed`.
    Valid values are `present` (also called `installed`), `absent`,
    `purged`, `held`, `latest`. Values can match `/./`.
.
.
.

The example resource type declaration in the Puppet manifest on the Puppet Server specifies the following configuration information:

  • Specifies nmap as the package to install.

  • Ensures that the nmap package is available for installation by setting the ensure attribute to present. 

package { 'nmap':
  ensure => 'present',
}

Running the following pkg info nmap command verifies that the nmap package has been installed on the node: 

# pkg info nmap
          Name: diagnostic/nmap
       Summary: Network exploration tool and security / port scanner.
   Description: Nmap is useful for inventorying the network, managing service
                upgrade schedules, and monitoring host or service uptime.
      Category: System/Administration and Configuration
         State: Installed
     Publisher: solaris
       Version: 7.70
        Branch: 11.5.0.0.0.56.0
Packaging Date: Fri Sep 27 17:05:48 2019
          Size: 22.61 MB
          FMRI: pkg://solaris/diagnostic/nmap@7.70-11.5.0.0.0.56.0:20190927T170548Z

Note that the specified package can be installed in one of the following ways:

  • Automatically - When the Puppet Agent runs

  • Manually - When you run the puppet agent -t command on the node

Note that if you later uninstall the nmap package, Puppet enforces the specified configuration by reinstalling the package on the node.