We've already seen how to install a package using the package resource, and this is all you need to do with most packages. However, the package resource has a few extra features which may be useful.
The ensure attribute normally takes the value installed in order to install a package, but if you specify absent instead, Puppet will remove the package if it happens to be installed. Otherwise, it will take no action. The following example will remove the apparmor package if it's installed (package_remove.pp):
package { 'apparmor':
ensure => absent,
}By default, when Puppet removes packages, it leaves in place any files managed by the package. To purge all the files associated with the package, use purged instead of absent.
If there are multiple versions of a package available to the system's package manager, specifying ensure => installed will cause Puppet to install the default version (usually the latest). But, if you need a specific version, you can specify that version string as the value of ensure, and Puppet will install that version (package_version.pp):
package { 'openssl':
ensure => '1.0.2g-1ubuntu4.8',
}Tip
It's a good idea to specify an exact version whenever you manage packages with Puppet, so that all the nodes will get the same version of a given package. Otherwise, if you use ensure => installed, they will just get whatever version was current at the time they were built, leading to a situation where different nodes have different package versions.
When a newer version of the package is released, and you decide it's time to upgrade to it, you can update the version string specified in the Puppet manifest and Puppet will upgrade the package everywhere.
On the other hand, if you specify ensure => latest for a package, Puppet will make sure that the latest available version is installed every time the manifest is applied. When a new version of the package becomes available, it will be installed automatically on the next Puppet run.
Tip
This is not generally what you want when using a package repository that's not under your control (for example, the main Ubuntu repository). It means that packages will be upgraded at unexpected times, which may break your application (or at least result in unplanned downtime). A better strategy is to tell Puppet to install a specific version which you know works, and test upgrades in a controlled environment before rolling them out to production.
If you maintain your own package repository and control the release of new packages to it, ensure => latest can be a useful feature: Puppet will update a package as soon as you push a new version to the repo. If you are relying on upstream repositories, such as the Ubuntu repositories, it's better to manage the version number directly by specifying an explicit version as the value of ensure.
Although the
package resource is most often used to install packages using the normal system package manager (in the case of Ubuntu, that's APT), it can install other kinds of packages as well. Library packages for the Ruby programming language are known as gems. Puppet can install Ruby gems for you using the provider => gem attribute (package_gem.pp):
package { 'ruby':
ensure => installed,
}
package { 'puppet-lint':
ensure => installed,
provider => gem,
}
puppet-lint is a Ruby gem and therefore we have to specify provider => gem for this package so that Puppet doesn't think it's a standard system package and try to install it via APT. Since the gem provider is not available unless Ruby is installed, we install the ruby package first, then the puppet-lint gem.
The puppet-lint tool, by the way, is a good thing to have installed. It will check your Puppet manifests for common style errors and make sure they comply with the official Puppet style guide. Try it now:
puppet-lint /examples/lint_test.pp
WARNING: indentation of => is not properly aligned (expected in column 11, but found it in column 10) on line 2In this example, puppet-lint is warning you that the => arrows are not lined up vertically, which the style guide says they should be:
file { '/tmp/lint.txt':
ensure => file,
content => "puppet-lint is your friend
",
}When puppet-lint produces no output, the file is free of lint errors.
Puppet itself is written at least partly in Ruby, and makes use of several Ruby gems. To avoid any conflicts with the version of Ruby and gems which the node might need for other applications, Puppet packages its own version of Ruby and associated gems under the /opt/puppetlabs/ directory. This means you can install (or remove) whichever system version of Ruby you like and Puppet will not be affected.
However, if you need to install a gem to extend Puppet's capabilities in some way, then doing it with a package resource and provider => gem won't work. That is, the gem will be installed, but only in the system Ruby context, and it won't be visible to Puppet.
Fortunately, the puppet_gem provider is available for exactly this purpose. When you use this provider, the gem will be installed in Puppet's context (and, naturally, won't be visible in the system context). The following example demonstrates how to use this provider (package_puppet_gem.pp):
package { 'r10k':
ensure => installed,
provider => puppet_gem,
}To avoid potential package conflicts between different parts of your Puppet code or between your code and third-party modules, the Puppet standard library provides a useful wrapper for the package resource, called ensure_packages(). We'll cover this in detail in Chapter 7, Mastering modules.