It looks like the behaviour of packages: promises on 3.5.x is slightly different compare to 3.0.x leading to the bundled policy in update/update_bins.cf not working. ***This means that dropping the latest packages into the appropriate directory will not be working.***
A workaround is to patch the policy trying to be more specific regarding CFEngine version number. (package_select => "==" and package_version => "3.5.3-1")
# update/update_bins.cf
!am_policy_hub.linux::
"$(novapkg)"
comment => "Update Nova package to a newer version (package is there)",
handle => "cfe_internal_update_bins_packages_nova_update_not_windows_pkg_there",
package_policy => "update",
package_select => "==",
package_architectures => { "$(pkgarch)" },
package_version => "3.5.3-1",
package_method => u_generic( "$(local_software_dir)" ),
ifvarclass => "nova_edition",
classes => u_if_else("bin_update_success", "bin_update_fail");
Windows uses a slightly different version format from Linux. You may obtain the information by running appwiz.cpl (Add or Remove Programs) and select cfengine-nova. (3.5.0.65534)
### This is for Windows clients ###
!am_policy_hub.windows::
"$(novapkg)"
comment => "Update Nova package to a newer version (package is there)",
handle => "cfe_internal_update_bins_packages_nova_update_windows_only_pkg_there",
package_policy => "update",
package_select => "==",
package_architectures => { "$(pkgarch)" },
package_version => "3.5.3.0",
package_method => u_generic( "$(local_software_dir)" ),
ifvarclass => "nova_edition",
classes => u_if_else("bin_update_success", "bin_update_fail");
**This is very important**
package_update_command seems to be missing in update/update_bins.cf. You have to add this line manually under Solaris package_method() section. Otherwise your Solaris clients will be left alone without CFEngine running on the hosts!
### Please add this to masterfiles/update/update_bins.cf and let it roll out before doing Solaris upgrade ###
solarisx86|solaris::
package_changes => "individual";
package_list_command => "/usr/bin/pkginfo -l";
package_list_update_command => "/usr/bin/true";
package_list_update_ifelapsed => "1440"; # cachine once a day
package_multiline_start => "\s*PKGINST:\s+[^\s]+";
package_list_name_regex => "\s*PKGINST:\s+([^\s]+)";
package_list_version_regex => "\s*VERSION:\s+([^\s]+)";
package_list_arch_regex => "\s*ARCH:\s+([^\s]+)";
package_file_repositories => { "$(repo)" };
package_installed_regex => "\s*STATUS:\s*(completely|partially)\s+installed.*";
package_name_convention => "$(name)-$(version)-$(arch).pkg";
package_delete_convention => "$(name)";
# Cfengine appends path to package and package name below, respectively
package_add_command => "/bin/sh $(repo)/add_scr $(repo)/admin_file";
package_update_command => "/bin/sh $(repo)/upg_scr $(repo)/admin_file";
package_delete_command => "/usr/sbin/pkgrm -n -a $(repo)/admin_file";
On Solaris, a wrapper script and admin file are needed to automatically silently upgrade CFEngine. The files are located in Hub:/var/cfengine/share/solaris_admin_files. You must have those files along with PKG package in the directory. For example:
$ cp /var/cfengine/share/solaris_admin_files/sol_9_and_10/* /var/cfengine/master_software_updates/sunos_5.10_sun4u
$ ls -l /var/cfengine/master_software_updates/sunos_5.10_sun4u/
total 26468
-rwxr-xr-x 1 root root 36 Dec 6 16:34 add_scr
-rwxr-xr-x 1 root root 257 Dec 6 16:34 admin_file
-rw-r--r-- 1 root root 27090944 Dec 5 15:58 CFEcfengine-nova-3.5.3-sparc.pkg
-rwxr-xr-x 1 root root 125 Dec 6 16:34 upg_scr
Then you do something like the following; (Version number on Solaris is only major release number (3.5.3), not hypen and revision number. (-1))
### This is for Solaris clients ###
!am_policy_hub.solaris::
"$(novapkg)"
comment => "Update Nova package to a newer version (package is there)",
handle => "cfe_internal_update_bins_packages_nova_update_windows_only_pkg_there",
package_policy => "update",
package_select => "==",
package_architectures => { "$(pkgarch)" },
package_version => "3.5.3",
package_method => u_generic( "$(local_software_dir)" ),
ifvarclass => "nova_edition",
classes => u_if_else("bin_update_success", "bin_update_fail");
If the client packages are copied nicely but doesn't get installed, please ensure that the package_name matches "package_name_convention" in "body package_method u_generic()" respectively.
Please see an attachment for a working policy, update_bins.cf