yum repo and package dependencies with puppet

June 28, 2010

Over the last couple of months I’ve been using puppet to help scale out sysadmin tasks. As puppet manifests are based on a declarative programming language I’ve discovered you can not rely on flow control such as ‘drop in a RPM GPG key, then configure repo foo. Once both of those tasks are done install package bar from repo foo’ unless you add some smarts.

This is how I install a package on a RHEL5/CentOS/Fedora type system which depends on a yum repo first which in turn depends on a GPG key.

Within the puppet manifest first define a file resource for the GPG key that RPM needs to install packages from the EPEL repository

file { "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL":
    owner => root,
    group => root,
    mode => 0444,
    source => "puppet:///yum/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL"

The yum puppet module I have has RPM-GPG-KEY-EPEL in /etc/puppet/modules/yum/files/etc/pki/rpm-gpg/ on the puppetmaster server.

Next define a yumrepo resource with the repo details. Note the ‘require’ attribute which references the GPG key file resource.

yumrepo { "epel":
    mirrorlist => 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch',
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL",
    require => File["/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL"]

Finally the package resource which references the yumrepo resource.

package { [
    ensure => latest,
    require => Yumrepo[ "epel" ],

Previous post:

Next post: