Ask Your Question

Package resource acts differently if in a Each loop

asked 2016-07-20 21:50:28 -0600

mike.r gravatar image

using PE 2016. pe_build => 2016.1.2

Im writing out a compliance module for RHEL7, one of the compliance rules is to check for certain pkg and make sure they are absent,

my rule manifest looks like this,

class cis_rhel7::rule::rule_2_1_1 (

  $packages = $::cis_rhel7::params::packages,

) inherits cis_rhel7::params {
    # Remove Packages
     each($packages) |$item| {

       $pkg = split($item,'%')

       package { "(${pkg[2]}) - ${pkg[1]}":
         name    => $pkg[0],
         ensure  => absent,

$packages var is this (from params.pp)

$packages = [   'telnet-server %Telnet server removed %2.1.1',
                'telnet %Telnet client removed %2.1.2',
                'rsh-server %RSH server removed %2.1.3',
                'rsh %RSH client removed %2.1.4',
                'ypbind %NIS client removed %2.1.5',
                'ypserv %NIS server removed %2.1.6',
                'tftp %TFTP client removed %2.1.7',
                'tftp-server %TFTP server removed %2.1.8',
                'talk %Talk client removed %2.1.9',
                'talk-server %Talk server removed %2.1.10',
                'xinetd %Xinetd removed %2.1.11'

when running on test box with debug, Package resource doesnt see the installed package "talk" and moves on,

0;36mDebug: Executing: '/usr/bin/rpm -q talk  --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Debug: Executing: **'/usr/bin/rpm -q talk**  --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n --whatprovides'
Debug: /Stage[main]/Cis_rhel7::Rule::Rule_2_1_1/Package[(2.1.9) - Talk client removed ]: Nothing to manage: no ensure and the resource doesnt exist

When I run the same thing using the Package resource outside of the Each loop, it does notice the package,

package { "219 TALK REMOVE":
  name => "talk",
  ensure => absent,
  noop   => true,

from agent run:

[mNotice: /Stage[main]/Cis_rhel7::Rule::Rule_2_1_1/Package[219 TALK REMOVE]/ensure: current_value 0.17-46.el7, should be absent (noop)
Debug: /Stage[main]/Cis_rhel7::Rule::Rule_2_1_1/Package[219 TALK REMOVE]: The container Class[Cis_rhel7::Rule::Rule_2_1_1] will propagate my refresh event

Is this an expected behavior?

edit retag flag offensive close merge delete


Are you trying to ensure certain *versions* of packages are removed or do you want any version of the packages removed? If the latter, why not try something like:

$prohibited_packages = hiera_array('prohibited_packages')
package { $prohibited_packages: ensure => absent, }

bschonecker gravatar imagebschonecker ( 2016-07-24 10:01:45 -0600 )edit

Yaml File:
- telnet
- telnet-server
- talk

bschonecker gravatar imagebschonecker ( 2016-07-24 10:08:05 -0600 )edit

this is for any version of the pkg, i wanted to avoid using hiera, and keep everything in params class for the module

mike.r gravatar imagemike.r ( 2016-07-25 16:37:17 -0600 )edit

I would advise that you DO use Hiera. However, there's no reason to put all that information in your $packages array. Just do this:

$prohibited_packages = ['telnet', 'talk', 'foo', 'bar', ]
package {$prohibited_packages: ensure => absent,}

bschonecker gravatar imagebschonecker ( 2016-07-25 21:21:15 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2016-07-22 08:33:38 -0600

DarylW gravatar image

Is it due to the space you have after the package, before the %, since you are splitting on %? Try removing that space. (and/or printing out the $pkg[0] in a string like notice("Package name:[${pkg[0]}]") to verify the string it's using)

edit flag offensive delete link more


I removed spaces from pkg string, still same issue, it doesnt see the installed packages. This looks like a bug

mike.r gravatar imagemike.r ( 2016-07-26 09:59:42 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2016-07-20 21:50:28 -0600

Seen: 88 times

Last updated: Jul 22 '16