The RPM and YUM client drivers provide client support for RPMs (installed directly from URLs) and Yum repositories.
isprelink is a Python module that can greatly improve the performance of the RPM driver. It should be installed on any system that has prelink installed and will be using the RPM driver.
Source can be found at ftp://ftp.mcs.anl.gov/pub/bcfg/isprelink-0.1.2.tar.gz
To compile and install prelink, execute:
python setup.py install
in the rpmtools directory. The elfutils-libelf-devel package is required for the compilation.
There may also be RPMs available in the repositories for your distro.
The RPM driver can be loaded by command line options, client configuration file options or as the default driver for RPM packages.
From the command line:
bcfg2 -n -v -d -D Action,POSIX,Chkconfig,RPM
This produces quite a bit of output so you may want to redirect the output to a file for review.
In the bcfg2.conf file:
[client]
drivers = Action,Chkconfig,POSIX,RPM
A number of paramters can be set in the client configuration for both the RPM and YUM drivers. Each driver has its own section ([RPM] or [YUM]), and most of the same options are accepted by each driver. An example config might look like this:
[RPM]
pkg_checks = true
pkg_verify = true
erase_flags = allmatches
installonlypackages = kernel, kernel-bigmem, kernel-enterprise, kernel-smp, kernel-modules, kernel-debug, kernel-unsupported, kernel-source, kernel-devel, kernel-default, kernel-largesmp-devel, kernel-largesmp, kernel-xen, gpg-pubkey
install_action = install
version_fail_action = upgrade
verify_fail_action = reinstall
Install-only packages are packages that should only ever be installed or deleted, not upgraded.
It is best practice to only ever install/delete kernel packages, the wisdom being that the package for the currently running kernel should always be installed. Doing an upgrade would delete the running kernel package.
gpg-pubkey will be automatically added to the list of install-only packages.
Example:
[RPM]
installonlypackages = kernel, kernel-bigmem, kernel-enterprise, kernel-smp, kernel-modules, kernel-debug, kernel-unsupported, kernel-source, kernel-devel, kernel-default, kernel-largesmp-devel, kernel-largesmp, kernel-xen, gpg-pubkey
This option is not honored by the YUM driver.
erase_flags are rpm options used by ‘rpm -erase’ in the client Remove() method. The RPM erase is written using rpm-python and does not use the rpm command.
The erase flags are specified in the client configuration file as a comma separated list and apply to all RPM erase operations. The following rpm erase options are supported. See the rpm man page for details:
noscripts
notriggers
repackage
allmatches
nodeps
This option is not honored by the YUM driver.
The RPM/YUM drivers do the following three checks/status:
Setting pkg_checks = true (the default) in the client configuration file means that all three checks will be done for all packages.
Setting pkg_checks = false in the client configuration file means that only the Installed check will be done for all packages.
The true/false value can be any combination of upper and lower case.
Note
The RPM/YUM drivers do the following three checks/status:
Setting pkg_verify = true (the default) in the client configuration file means that all three checks will be done for all packages as long as pkg_checks = true.
Setting pkg_verify = false in the client configuration file means that the rpm verify wil not be done for all packages on the client.
The true/false value can be any combination of upper and lower case.
Note
install_action controls whether or not a package instance will be installed if the package instance isn’t installed.
If install_action = install then the package instance is installed. If install_action = none then the package instance is not installed.
Note
version_fail_action controls whether or not a package instance will be updated if the installed package instance isn’t the same version as specified in the configuration.
If version_fail_action = upgrade then the package instance is upgraded (or downgraded).
If version_fail_action = none then the package instance is not upgraded (or downgraded).
Note
verify_fail_action controls whether or not a package instance will be reinstalled if the installed package instance fails the Yum or RPM verify.
If verify_fail_action = reinstall then the package instance is reinstalled. If verify_fail_action = none then the package instance is not reinstalled.
Note
Running the client in interactive mode (-I) prompts for the actions to be taken as before. Prompts are per package and may apply to multiple instances of that package. Each per package prompt will contain a list of actions per instance.
In the RPM driver, actions are encoded as:
An example follows:
Install/Upgrade/delete Package aaa_base instance(s) - R(*:10.2-38.*) (y/N)
Install/Upgrade/delete Package evms instance(s) - R(*:2.5.5-67.*) (y/N)
Install/Upgrade/delete Package gpg-pubkey instance(s) - D(*:9c800aca-40d8063e.*) D(*:0dfb3188-41ed929b.*) D(*:7e2e3b05-44748aba.*) D(*:a1912208-446a0899.*) D(*:9c777da4-4515b5fd.*) D(*:307e3d54-44201d5d.*) (y/N)
Install/Upgrade/delete Package module-init-tools instance(s) - R(*:3.2.2-62.*) (y/N)
Install/Upgrade/delete Package multipath-tools instance(s) - R(*:0.4.7-29.*) (y/N)
Install/Upgrade/delete Package pam instance(s) - R(*:0.99.6.3-29.1.*) (y/N)
Install/Upgrade/delete Package perl-AppConfig instance(s) - U(None:1.52-4.noarch -> *:1.63-17.*) (y/N)
Install/Upgrade/delete Package postfix instance(s) - R(*:2.3.2-28.*) (y/N)
Install/Upgrade/delete Package sysconfig instance(s) - R(*:0.60.4-3.*) (y/N)
Install/Upgrade/delete Package udev instance(s) - R(*:103-12.*) (y/N)
GPG is used by RPM to ‘sign’ packages. All vendor packages are signed with the vendors GPG key. Additional signatures maybe added to the rpm file at the users discretion.
It is normal to have multiple GPG keys installed. For example, SLES10 out of the box has six GPG keys installed.
To the RPM database all GPG ‘packages’ have the name ‘gpg-pubkey’, which may be nothing like the name of the file specified in the rpm -import command. For example on Centos 4 the file name is RPM-GPG-KEY-centos4. For SLES10 this means that there are six packages with the name ‘gpg-pubkey’ installed.
RPM does not check GPG keys at package installation, while YUM does.
RPM uses the rpm command for installation and does not therefore check GPG signatures at package install time. RPM uses rpm-python for verification and does by default do signature checks as part of the client Inventory process. To do the signature check the appropriate GPG keys must be installed. rpm-python is not very friendly if the required key(s) is not installed (it crashes the client).
The RPM driver detects, on a per package instance basis, if the appropriate key is installed. If it is not, a warning message is printed and the signature check is disabled for that package instance, for that client run only.
GPG keys can be installed and removed by the RPM driver. To install a GPG key configure it in Pkgmgr/Rules as a package and add gpg-pubkey to the clients abstract configuration. The gpg-pubkey package/instance is treated as an install only package. gpg-pubkey packages are installed by the RPM driver with the rpm -import command.
gpg-pubkey packages will be removed by bcfg2 -r packages if they are not in the clients configuration.
The ignore Path tag is used to exempt individual files from the RPM verification. This is done by comparing the verification failure results with the ignore Path. If there is a match, that entry is not used by the client to determine if a package has failed verification.
Path ignore entries can be specified at both the Package level, in which case they apply to all Instances, and/or at the Instance level, in which case they only apply to that instance.
See ignore for more details.
Example:
<!-- Ignore verification failures for centos-release -->
<BoundPath name='/etc/yum.repos.d/CentOS-Base.repo' type='ignore'/>
<BoundPath name='/etc/yum.repos.d/CentOS-Media.repo' type='ignore'/>