Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
40bcbbb1d3de7287cb700a5baf6800d2ece24efd
gitea-pages/admin-guide/configuration/software/packages.md

151 lines
5.1 KiB
Markdown
Raw Blame History

# Package Installation
## Install Packages with Hiera Package Groups
The packages automatically installed onto a system by Puppet are managed in the Hiera list `base::package_groups`. It contains the names of the package groups to be installed. Items can be added at all levels of the Hiera hierarchy and are merged.
The package groups itself are Hieara lists named `base::pkg_group::$USE_CASE`.
Here list all the packages you want to install.
Currently there exist the following package groups in the main [`common.yaml`](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/data/common.yaml):
- `base::pkg_group::system_tools` (installed by default)
- `base::pkg_group::daq_buffer`
- `base::pkg_group::desktop_settings`
- `base::pkg_group::dev`
- `base::pkg_group::login_server`
- `base::pkg_group::qt5`
- `base::pkg_group::root`
but further ones can be created in Hiera at lower hierachies and added to `base::package_groups`, for example
```
base::pkg_group::java:
- 'java-1.8.0-openjdk'
- 'java-11-openjdk'
- 'java-17-openjdk'
base::package_groups:
- 'java'
```
## Install a Group of Packages
To add a RedHat predefined group of packages (checkout out `dnf grouplist --hidden`) prepend the name of it with a `@`, e.g. for "Java Platform" it would be `@Java Platform`:
```
base::pkg_group::java:
- '@Java Platform'
```
## Install Latest Package Version
Puppet by default only checks if a package is installed and only installs it if missing.
To ensure that always the latest available package version is installed, append the `:latest` tag to the package name in the package group:
```
base::pkg_group::java:
- 'java-1.8.0-openjdk'
- 'java-11-openjdk'
- 'java-17-openjdk:latest'
```
## Install Packages only on Given OS Version
Certain packages are only used on a given OS Version, so a `os=` with the OS name and the major version selects a package only for given OS, where as a `os!` will filter away given package on hosts with given OS, so they are not installed there.
```
base::pkg_group::java:
- 'java-1.8.0-openjdk:os=redhat7'
- 'java-11-openjdk'
- 'java-17-openjdk:os!redhat7'
```
Note that this tag can be combined with the `latest` and `absent` tag.
## Install Module Stream
RHEL 8 introduced the concept of [module streams](https://docs.pagure.org/modularity/).
A specific stream can be selected with the `stream` tag:
```yaml
base::pkg_group::nodejs:
- 'nodejs:stream=12'
```
## Install Python Modules with `pip`
The `pip` tag can be used to install a PYPI Python package using `pip`, e.g. `pygame-utility`:
```yaml
base::pkg_group::my_pip_modules:
- 'pygame-utility:pip'
```
To install a packages for specific python versions use the tag `:pip<version>` (example: `- 'numpy:pip3.12'`).
Note that packages installed with `pip` are not updated automatically!
## Remove Packages
To remove an already installed package, append the `:absent` tag to the package name in the package group:
```
base::pkg_group::java:
- 'java-1.8.0-openjdk:absent'
- 'java-11-openjdk'
- 'java-17-openjdk'
```
## Ignore Packages
To make packages unavailable for installation, even though provided by the package repositories, add them in Hiera to the list `base::package_exclude`:
```
base::package_exclude:
- 'epics-base-7.0.6*'
```
This list is merged over the full Hiera hierachy, so there is no need to copy exclusions from higher levels when creating an exclusion on a low level.
This list can also be used to opt out packages from other, maybe inherited package groups. But unlike the `:absent` tag in a package list it will not uninstall a package when found.
### Version Lock
If you have the need to freeze a software on given version, you can use `dnf versionlock`. First you need to install the `python3-dnf-plugin-versionlock` package (see above).
Then on the node best run
```
dnf versionlock add $PACKAGE
```
for every package you do not wish to get updates installed any more. If there are newer packages you might test with `dnf update --assumeno` if it does not show your software any more, while other updates are still possible. Sometimes this can cause dependency resolution failures and you might need to add a version lock for one ore more packages which depend on the locked package.
After you best put the resulting `/etc/dnf/plugins/versionlock.list` in Hiera with [`files::files`](../files/distribute_files) for reproducability.
#### Kernel Version Lock
A full kernel version lock needs to include a number of packages:
```
dnf versionlock add kernel kernel-core kernel-modules kernel-tools kernel-tools-libs kernel-headers kernel-devel
```
and if AFS is configured
```
dnf versionlock add kmod-yfs
```
### Install Debuginfo Packages
The package repositories for debuginfo packages are disabled by default. To spontaneously install such a package, do
```
dnf --enablerepo '*_debug' install ...
```
## Missing Package
If there is no such package in the repositories, then
```
Error: Execution of '/usr/bin/dnf -d 0 -e 1 -y install non-existing-package-for-test' returned 1: Error: Unable to find a match: non-existing-package-for-test
```
View Git Blame Copy Permalink