Ask Your Question

Version checking and if and else loop.

asked 2015-07-10 13:31:42 -0600

jimsonpai gravatar image

updated 2015-07-10 14:15:06 -0600

Hi all, just start puppet. As everyone else knows, starting something is always the most difficult. Well for practice I wanna do the following: I assume I am to put it in init.pp.

if 'openssl' version == '1.0.2b' or '1.0.2d'
    upgrade to 1.1.1e
     do nothing

Currently my code looks like this

 package { 'openssl':
    if 'openssl' version == '1.0.2b' or '1.0.2d' {
        ensure => '1.1.1e'
    else {

I have several problems:

1) I don't think my syntax for the version of openssl is written correctly. When I do simple google search I see people ensuring version of openssl something like this '1.0.1e-15.el6', sometimes it's '1.0.1e-16.el6_5.7' I am confused on determining what's after the '-'

2) I don't think typing "openssl' will make puppet knows it's openssl

3)3) How to check version of openssl? I think my syntax if 'openssl' version == 'xxx' is not correct.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2015-07-13 03:42:47 -0600

What you are looking for is something like this (version string may differ):

 package { 'openssl':
  ensure => '1.1.1e',

A handy trick is to make the Puppet agent help write the code for you. Try to log in to a Puppet node and type puppet resource package openssl:

> puppet resource package openssl
package { 'openssl':
  ensure => '1.0.1e-30.el6_6.9',

The output shows you the currect state, so you simply edit the version string, and the code is ready to go into your puppet class.

Puppet knows how to manage packages on the various OS'es it supports (using e.g. apt-get, yum, pkg-add, or whatever). It knows how to query for existing packages and versions and how to determine if an update is required.

So simply typing 'openssl' is indeed enough information for Puppet (assuming it's enough information for the OS's package manager).

You don't need to worry about all the details. This is the beauty of Puppet :-).

edit flag offensive delete link more

answered 2015-07-11 03:46:54 -0600

You've misunderstood the purpose of Puppet.

All you should have Puppet doing is something like this:

package { 'openssl':
  ensure => present,

Then have a look at what something like MCollective can do.

edit flag offensive delete link more


I don't see how mcollective have anything to do with this?

MikaelBarfred gravatar imageMikaelBarfred ( 2015-07-13 08:41:12 -0600 )edit

He was suggesting that if immediate checking of versions and forcing updates was needed, that mcollective could help with that. I wrote about something similar when Shellshock hit.

binford2k gravatar imagebinford2k ( 2015-07-13 11:14:01 -0600 )edit

What I'm saying, I guess, is that I don't, personally, use Puppet to pin packages to specific versions - there are better ways of doing that, IMO. And I suspect that jimsonpai's problem is better solved with Mcollective than inside puppet.

Alex Harvey gravatar imageAlex Harvey ( 2015-07-14 10:25:52 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-07-10 13:31:42 -0600

Seen: 426 times

Last updated: Jul 13 '15