Client Upgrade from 3.5.0/3.5.1/3.5.2 to 3.5.3

It looks like the behaviour of packages: promises on 3.5.x is slightly different compare to 3.0.x leading to the bundled policy in update/update_bins.cf  not working. ***This means that dropping the latest packages into the appropriate directory will not be working.***

A workaround is to patch the policy trying to be more specific regarding CFEngine version number. (package_select => "==" and package_version => "3.5.3-1")

# update/update_bins.cf

!am_policy_hub.linux::

   "$(novapkg)"
                    comment => "Update Nova package to a newer version (package is there)",
                     handle => "cfe_internal_update_bins_packages_nova_update_not_windows_pkg_there",
             package_policy => "update",
             package_select => "==",
      package_architectures => { "$(pkgarch)" },
            package_version => "3.5.3-1",
             package_method => u_generic( "$(local_software_dir)" ),
                 ifvarclass => "nova_edition",
                    classes => u_if_else("bin_update_success", "bin_update_fail");


Windows uses a slightly different version format from Linux. You may obtain the information by running appwiz.cpl (Add or Remove Programs) and select cfengine-nova. (3.5.0.65534)

### This is for Windows clients ###

 
!am_policy_hub.windows::

   "$(novapkg)"
                    comment => "Update Nova package to a newer version (package is there)",
                     handle => "cfe_internal_update_bins_packages_nova_update_windows_only_pkg_there",
             package_policy => "update",
             package_select => "==",
      package_architectures => { "$(pkgarch)" },
            package_version => "3.5.3.0",
             package_method => u_generic( "$(local_software_dir)" ),
                 ifvarclass => "nova_edition",
                    classes => u_if_else("bin_update_success", "bin_update_fail");

 

**This is very important**
package_update_command seems to be missing in update/update_bins.cf. You have to add this line manually under Solaris package_method() section. Otherwise your Solaris clients will be left alone without CFEngine running on the hosts!

### Please add this to masterfiles/update/update_bins.cf and let it roll out before doing Solaris upgrade ###

solarisx86|solaris::

 package_changes => "individual";
 package_list_command => "/usr/bin/pkginfo -l";
 package_list_update_command => "/usr/bin/true";
 package_list_update_ifelapsed => "1440";  # cachine once a day

 package_multiline_start    => "\s*PKGINST:\s+[^\s]+";
 package_list_name_regex    => "\s*PKGINST:\s+([^\s]+)";
 package_list_version_regex => "\s*VERSION:\s+([^\s]+)";
 package_list_arch_regex    => "\s*ARCH:\s+([^\s]+)";

 package_file_repositories  => { "$(repo)" };

 package_installed_regex    => "\s*STATUS:\s*(completely|partially)\s+installed.*";
 package_name_convention    => "$(name)-$(version)-$(arch).pkg";
 package_delete_convention  => "$(name)";

 # Cfengine appends path to package and package name below, respectively
 package_add_command        => "/bin/sh $(repo)/add_scr $(repo)/admin_file";
 package_update_command     => "/bin/sh $(repo)/upg_scr $(repo)/admin_file";
 package_delete_command     => "/usr/sbin/pkgrm -n -a $(repo)/admin_file";


On Solaris, a wrapper script and admin file are needed to automatically silently upgrade CFEngine. The files are located in Hub:/var/cfengine/share/solaris_admin_files. You must have those files along with PKG package in the directory. For example:

$ cp /var/cfengine/share/solaris_admin_files/sol_9_and_10/* /var/cfengine/master_software_updates/sunos_5.10_sun4u
$ ls -l /var/cfengine/master_software_updates/sunos_5.10_sun4u/
total 26468
-rwxr-xr-x 1 root root       36 Dec  6 16:34 add_scr
-rwxr-xr-x 1 root root      257 Dec  6 16:34 admin_file
-rw-r--r-- 1 root root 27090944 Dec  5 15:58 CFEcfengine-nova-3.5.3-sparc.pkg
-rwxr-xr-x 1 root root      125 Dec  6 16:34 upg_scr


Then you do something like the following; (Version number on Solaris is only major release number (3.5.3), not hypen and revision number. (-1))

### This is for Solaris clients ###

 
!am_policy_hub.solaris::

   "$(novapkg)"
                    comment => "Update Nova package to a newer version (package is there)",
                     handle => "cfe_internal_update_bins_packages_nova_update_windows_only_pkg_there",
             package_policy => "update",
             package_select => "==",
      package_architectures => { "$(pkgarch)" },
            package_version => "3.5.3",
             package_method => u_generic( "$(local_software_dir)" ),
                 ifvarclass => "nova_edition",
                    classes => u_if_else("bin_update_success", "bin_update_fail");

 

If the client packages are copied nicely but doesn't get installed, please ensure that the package_name matches "package_name_convention" in "body package_method u_generic()" respectively.

Please see an attachment for a working policy, update_bins.cf

Comments

Powered by Zendesk