valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 08:58:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
20048c6fca
salt/doc/topics/windows/windows-package-manager.rst
rallytime 4c2f504a85
Merge branch '2016.11' into '2017.7' 
No conflicts.
2018-02-20 17:43:33 -05:00

887 lines
34 KiB
ReStructuredText
Raw Blame History

.. _windows-package-manager:
===========================
Windows Software Repository
===========================
.. note::
In 2015.8.0 and later, the Windows Software Repository cache is compiled on
the Salt Minion, which enables pillar, grains and other things to be
available during compilation time. To support this new functionality,
a next-generation (ng) package repository was created. See the
:ref:`Changes in Version 2015.8.0 <2015-8-0-winrepo-changes>` for details.
The SaltStack Windows Software Repository provides a package manager and software
repository similar to what is provided by yum and apt on Linux. This repository
enables the installation of software using the installers on remote Windows
systems.
In many senses, the operation is similar to that of
the other package managers salt is aware of:
- the ``pkg.installed`` and similar states work on Windows.
- the ``pkg.install`` and similar module functions work on Windows.
High level differences to yum and apt are:
- The repository metadata (SLS files) is hosted through either salt or
git.
- Packages can be downloaded from within the salt repository, a git
repository or from http(s) or ftp urls.
- No dependencies are managed. Dependencies between packages needs to
be managed manually.
Requirements:
- GitPython 0.3 or later, or pygit2 0.20.3 with libgit 0.20.0 or later installed
on your Salt master. The Windows package definitions are downloaded
and updated using Git.
Configuration
=============
Populate the Repository
-----------------------
The SLS files used to install Windows packages are not distributed by default with
Salt. Run the following command to initialize the repository on your Salt
master:
.. code-block:: bash
salt-run winrepo.update_git_repos
Sync Repo to Windows Minions
----------------------------
Run ``pkg.refresh_db`` on each of your Windows minions to synchronize
the package repository.
.. code-block:: bash
salt -G 'os:windows' pkg.refresh_db
Install Windows Software
========================
After completing the configuration steps, you are ready to manage software on your
Windows minions.
Show Installed Packages
-----------------------
.. code-block:: bash
salt -G 'os:windows' pkg.list_pkgs
Install a Package
-----------------
You can query the available version of a package using the Salt pkg module.
.. code-block:: bash
salt winminion pkg.list_available firefox
winminion:
- 15.0.1
- 16.0.2
- 17.0.1
As you can see, there are three versions of Firefox available for installation.
You can refer a software package by its ``name`` or its ``full_name`` surround
by single quotes.
.. code-block:: bash
salt winminion pkg.install 'firefox'
The above line will install the latest version of Firefox.
.. code-block:: bash
salt winminion pkg.install 'firefox' version=16.0.2
The above line will install version 16.0.2 of Firefox.
If a different version of the package is already installed it will be replaced
with the version in the winrepo (only if the package itself supports live
updating).
You can also specify the full name:
.. code-block:: bash
salt winminion pkg.install 'Mozilla Firefox 17.0.1 (x86 en-US)'
Uninstall Windows Software
==========================
Uninstall software using the pkg module:
.. code-block:: bash
salt winminion pkg.remove firefox
salt winminion pkg.purge firefox
.. note::
``pkg.purge`` just executes ``pkg.remove`` on Windows. At some point in the
future ``pkg.purge`` may direct the installer to remove all configs and
settings for software packages that support that option.
Repository Location
===================
Salt maintains a repository of SLS files to install a large number of Windows
packages:
- 2015.8.0 and later minions: https://github.com/saltstack/salt-winrepo-ng
- Earlier releases: https://github.com/saltstack/salt-winrepo
By default, these repositories are mirrored to ``/srv/salt/win/repo-ng``
and ``/srv/salt/win/repo``.
This location can be changed in the master config file by setting the
:conf_master:`winrepo_dir_ng` and :conf_master:`winrepo_dir` options.
Maintaining Windows Repo Definitions in Git Repositories
========================================================
Windows software package definitions can be hosted in one or more Git
repositories. The default repositories are hosted on GitHub by SaltStack. These
include software definition files for various open source software projects.
These software definition files are ``.sls`` files. There are two default
repositories: ``salt-winrepo`` and ``salt-winrepo-ng``. ``salt-winrepo``
contains software definition files for older minions (older than 2015.8.0).
``salt-winrepo-ng`` is for newer minions (2015.8.0 and newer).
Each software definition file contains all the information salt needs to install
that software on a minion including the HTTP or FTP locations of the installer
files, required command-line switches for silent install, etc. Anyone is welcome
to send a pull request to this repo to add new package definitions. The repos
can be browsed here:
`salt-winrepo`_
`salt-winrepo-ng`_
.. _salt-winrepo: https://github.com/saltstack/salt-winrepo.git
.. _salt-winrepo-ng: https://github.com/saltstack/salt-winrepo-ng.git
.. note::
The newer software definition files are run through the salt's parser which
allows for the use of jinja.
Configure which git repositories the master can search for package definitions
by modifying or extending the :conf_master:`winrepo_remotes` and
:conf_master:`winrepo_remotes_ng` options.
.. important::
``winrepo_remotes`` was called ``win_gitrepos`` in Salt versions earlier
than 2015.8.0
Package definitions are pulled down from the online repository by running the
:mod:`winrepo.update_git_repos <salt.runners.winrepo.update_git_repos>` runner.
This command is run on the master:
.. code-block:: bash
salt-run winrepo.update_git_repos
This will pull down the software definition files for older minions
(``salt-winrepo``) and new minions (``salt-winrepo-ng``). They are stored in the
``file_roots`` under ``win/repo/salt-winrepo`` and
``win/repo-ng/salt-winrepo-ng`` respectively.
.. important::
If you have customized software definition files that aren't maintained in a
repository, those should be stored under ``win/repo`` for older minions and
``win/repo-ng`` for newer minions. The reason for this is that the contents
of ``win/repo/salt-winrepo`` and ``win/repo-ng/salt-winrepo-ng`` are wiped
out every time you run a ``winrepo.update_git_repos``.
Additionally, when you run ``winrepo.genrepo`` and ``pkg.refresh_db`` the
entire contents under ``win/repo`` and ``win/repo-ng``, to include all
subdirectories, are used to create the msgpack file.
The next step (if you have older minions) is to create the msgpack file for the
repo (``winrepo.p``). This is done by running the
:mod:`winrepo.genrepo <salt.runners.winrepo.genrepo>` runner. This is also run
on the master:
.. code-block:: bash
salt-run winrepo.genrepo
.. note::
If you have only 2015.8.0 and newer minions, you no longer need to run
``salt-run winrepo.genrepo`` on the master.
Finally, you need to refresh the minion database by running the
:py:func:`pkg.refresh_db <salt.modules.win_pkg.refresh_db>` command. This is run
on the master as well:
.. code-block:: bash
salt '*' pkg.refresh_db
On older minions (older than 2015.8.0) this will copy the winrepo.p file down to
the minion. On newer minions (2015.8.0 and newer) this will copy all the
software definition files (.sls) down to the minion and then create the msgpack
file (``winrepo.p``) locally. The reason this is done locally is because the
jinja needs to be parsed using the minion's grains.
.. important::
Every time you modify the software definition files on the master, either by
running ``salt-run winrepo.update_git_repos``, modifying existing files, or
by creating your own, you need to refresh the database on your minions. For
older minions, that means running ``salt-run winrepo.genrepo`` and then
``salt '*' pkg.refresh_db``. For newer minions (2015.8.0 and newer) it is
just ``salt '*' pkg.refresh_db``.
.. note::
If the ``winrepo.genrepo`` or the ``pkg.refresh_db`` fails, it is likely a
problem with the jinja in one of the software definition files. This will
cause the operations to stop. You'll need to fix the syntax in order for the
msgpack file to be created successfully.
To disable one of the repos, set it to an empty list ``[]`` in the master
config. For example, to disable :conf_master:`winrepo_remotes` set the following
in the master config file:
.. code-block:: bash
winrepo_remotes: []
Creating a Package Definition SLS File
======================================
The package definition file is a yaml file that contains all the information
needed to install a piece of software using salt. It defines information about
the package to include version, full name, flags required for the installer and
uninstaller, whether or not to use the windows task scheduler to install the
package, where to find the installation package, etc.
Take a look at this example for Firefox:
.. code-block:: yaml
firefox:
'17.0.1':
installer: 'salt://win/repo/firefox/English/Firefox Setup 17.0.1.exe'
full_name: Mozilla Firefox 17.0.1 (x86 en-US)
locale: en_US
reboot: False
install_flags: '-ms'
uninstaller: '%ProgramFiles(x86)%/Mozilla Firefox/uninstall/helper.exe'
uninstall_flags: '/S'
'16.0.2':
installer: 'salt://win/repo/firefox/English/Firefox Setup 16.0.2.exe'
full_name: Mozilla Firefox 16.0.2 (x86 en-US)
locale: en_US
reboot: False
install_flags: '-ms'
uninstaller: '%ProgramFiles(x86)%/Mozilla Firefox/uninstall/helper.exe'
uninstall_flags: '/S'
'15.0.1':
installer: 'salt://win/repo/firefox/English/Firefox Setup 15.0.1.exe'
full_name: Mozilla Firefox 15.0.1 (x86 en-US)
locale: en_US
reboot: False
install_flags: '-ms'
uninstaller: '%ProgramFiles(x86)%/Mozilla Firefox/uninstall/helper.exe'
uninstall_flags: '/S'
Each software definition file begins with a package name for the software. As in
the example above ``firefox``. The next line is indented two spaces and contains
the version to be defined. As in the example above, a software definition file
can define multiple versions for the same piece of software. The lines following
the version are indented two more spaces and contain all the information needed
to install that package.
.. warning::
The package name and the ``full_name`` must be unique to all other packages
in the software repository.
The version line is the version for the package to be installed. It is used when
you need to install a specific version of a piece of software.
.. warning::
The version must be enclosed in quotes, otherwise the yaml parser will
remove trailing zeros.
.. note::
There are unique situations where previous versions are unavailable. Take
Google Chrome for example. There is only one url provided for a standalone
installation of Google Chrome.
(https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi)
When a new version is released, the url just points to the new version. To
handle situations such as these, set the version to `latest`. Salt will
install the version of Chrome at the URL and report that version. Here's an
example:
.. code-block:: yaml
chrome:
latest:
full_name: 'Google Chrome'
installer: 'https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi'
install_flags: '/qn /norestart'
uninstaller: 'https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi'
uninstall_flags: '/qn /norestart'
msiexec: True
locale: en_US
reboot: False
Available parameters are as follows:
:param str full_name:
The Full Name for the software as shown in "Programs and Features" in the
control panel. You can also get this information by installing the package
manually and then running ``pkg.list_pkgs``. Here's an example of the output
from ``pkg.list_pkgs``:
.. code-block:: bash
salt 'test-2008' pkg.list_pkgs
test-2008
----------
7-Zip 9.20 (x64 edition):
9.20.00.0
Microsoft .NET Framework 4 Client Profile:
4.0.30319,4.0.30319
Microsoft .NET Framework 4 Extended:
4.0.30319,4.0.30319
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022:
9.0.21022
Mozilla Firefox 17.0.1 (x86 en-US):
17.0.1
Mozilla Maintenance Service:
17.0.1
NSClient++ (x64):
0.3.8.76
Notepad++:
6.4.2
Salt Minion 0.16.0:
0.16.0
Notice the Full Name for Firefox: ``Mozilla Firefox 17.0.0 (x86 en-US)``.
That's exactly what's in the ``full_name`` parameter in the software
definition file.
If any of the software installed on the machine matches one of the software
definition files in the repository, the full_name will be automatically
renamed to the package name. The example below shows the ``pkg.list_pkgs``
for a machine that already has Mozilla Firefox 17.0.1 installed.
.. code-block:: bash
test-2008:
----------
7zip:
9.20.00.0
Microsoft .NET Framework 4 Client Profile:
4.0.30319,4.0.30319
Microsoft .NET Framework 4 Extended:
4.0.30319,4.0.30319
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022:
9.0.21022
Mozilla Maintenance Service:
17.0.1
Notepad++:
6.4.2
Salt Minion 0.16.0:
0.16.0
firefox:
17.0.1
nsclient:
0.3.9.328
.. important::
The version number and ``full_name`` need to match the output from
``pkg.list_pkgs`` so that the status can be verified when running a
highstate.
.. note::
It is still possible to successfully install packages using
``pkg.install``, even if the ``full_name`` or the version number don't
match. However, this can make troubleshooting issues difficult, so be
careful.
.. tip::
To force salt to display the full name when there's already an existing
package definition file on the system, you can pass a bogus ``saltenv``
parameter to the command like so: ``pkg.list_pkgs saltenv=NotARealEnv``
:param str installer:
The path to the ``.exe`` or ``.msi`` to use to install the package. This can
be a path or a URL. If it is a URL or a salt path (``salt://``), the package
will be cached locally and then executed. If it is a path to a file on disk
or a file share, it will be executed directly.
.. note::
If storing software in the same location as the winrepo it is best
practice to place each installer in its own directory rather than the
root of winrepo. Then you can place your package definition file in the
same directory. It is best practice to name the file ``init.sls``. This
will be picked up by ``pkg.refresh_db`` and processed properly.
:param str install_flags:
Any flags that need to be passed to the installer to make it perform a
silent install. These can often be found by adding ``/?`` or ``/h`` when
running the installer from the command-line. A great resource for finding
these silent install flags can be found on the WPKG project's wiki_:
.. warning::
Salt will not return if the installer is waiting for user input so it is
imperative that the software package being installed has the ability to
install silently.
:param str uninstaller:
The path to the program used to uninstall this software. This can be the
path to the same `exe` or `msi` used to install the software. It can also be
a GUID. You can find this value in the registry under the following keys:
- Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall
- Software\\Wow6432None\\Microsoft\\Windows\\CurrentVersion\\Uninstall
:param str uninstall_flags:
Any flags that need to be passed to the uninstaller to make it perform a
silent uninstall. These can often be found by adding ``/?`` or ``/h`` when
running the uninstaller from the command-line. A great resource for finding
these silent install flags can be found on the WPKG project's wiki_:
.. warning::
Salt will not return if the uninstaller is waiting for user input so it
is imperative that the software package being uninstalled has the
ability to uninstall silently.
Here are some examples of installer and uninstaller settings:
.. code-block:: yaml
7zip:
'9.20.00.0':
installer: salt://win/repo/7zip/7z920-x64.msi
full_name: 7-Zip 9.20 (x64 edition)
reboot: False
install_flags: '/qn /norestart'
msiexec: True
uninstaller: '{23170F69-40C1-2702-0920-000001000000}'
uninstall_flags: '/qn /norestart'
Alternatively the ``uninstaller`` can also simply repeat the URL of an msi
file:
.. code-block:: yaml
7zip:
'9.20.00.0':
installer: salt://win/repo/7zip/7z920-x64.msi
full_name: 7-Zip 9.20 (x64 edition)
reboot: False
install_flags: '/qn /norestart'
msiexec: True
uninstaller: salt://win/repo/7zip/7z920-x64.msi
uninstall_flags: '/qn /norestart'
:param msiexec:
This tells salt to use ``msiexec /i`` to install the package and
``msiexec /x`` to uninstall. This is for ``.msi`` installations. Possible
options are: True, False or the path to ``msiexec.exe`` on your system
.. code-block:: yaml
7zip:
'9.20.00.0':
installer: salt://win/repo/7zip/7z920-x64.msi
full_name: 7-Zip 9.20 (x64 edition)
reboot: False
install_flags: '/qn /norestart'
msiexec: 'C:\Windows\System32\msiexec.exe'
uninstaller: salt://win/repo/7zip/7z920-x64.msi
uninstall_flags: '/qn /norestart'
:param bool allusers:
This parameter is specific to ``.msi`` installations. It tells ``msiexec``
to install the software for all users. The default is ``True``.
:param bool cache_dir:
If ``True`` and the installer URL begins with ``salt://``, the entire
directory where the installer resides will be recursively cached. This is
useful for installers that depend on other files in the same directory for
installation.
.. warning::
Be aware that all files and directories in the same location as the
installer file will be copied down to the minion. If you place your
installer file in the root of winrepo (``/srv/salt/win/repo-ng``) and
``cache_dir: True`` the entire contents of winrepo will be cached to
the minion. Therefore, it is best practice to place your installer files
in a subdirectory if they are to be stored in winrepo.
:param str cache_file:
When the installer URL begins with ``salt://``, this indicates a single file
to copy down for use with the installer. It is copied to the same location
as the installer. Use this over ``cache_dir`` if there are many files in the
directory and you only need a specific file and don't want to cache
additional files that may reside in the installer directory.
Here's an example for a software package that has dependent files:
.. code-block:: yaml
sqlexpress:
'12.0.2000.8':
installer: 'salt://win/repo/sqlexpress/setup.exe'
full_name: Microsoft SQL Server 2014 Setup (English)
reboot: False
install_flags: '/ACTION=install /IACCEPTSQLSERVERLICENSETERMS /Q'
cache_dir: True
:param bool use_scheduler:
If ``True``, Windows will use the task scheduler to run the installation.
This is useful for running the Salt installation itself as the installation
process kills any currently running instances of Salt.
:param str source_hash:
This tells Salt to compare a hash sum of the installer to the provided hash
sum before execution. The value can be formatted as
``<hash_algorithm>=<hash_sum>``, or it can be a URI to a file containing the
hash sum.
For a list of supported algorithms, see the `hashlib documentation
<https://docs.python.org/2/library/hashlib.html>`_.
Here's an example of source_hash usage:
.. code-block:: yaml
messageanalyzer:
'4.0.7551.0':
full_name: 'Microsoft Message Analyzer'
installer: 'salt://win/repo/messageanalyzer/MessageAnalyzer64.msi'
install_flags: '/quiet /norestart'
uninstaller: '{1CC02C23-8FCD-487E-860C-311EC0A0C933}'
uninstall_flags: '/quiet /norestart'
msiexec: True
source_hash: 'sha1=62875ff451f13b10a8ff988f2943e76a4735d3d4'
:param bool reboot: Not implemented
:param str local: Not implemented
Examples can be found at https://github.com/saltstack/salt-winrepo-ng
.. _standalone-winrepo:
Managing Windows Software on a Standalone Windows Minion
========================================================
The Windows Package Repository functions similar in a standalone environment,
with a few differences in the configuration.
To replace the winrepo runner that is used on the Salt master, an :mod:`execution module
<salt.modules.win_repo>` exists to provide the same functionality to standalone
minions. The functions are named the same as the ones in the runner, and are
used in the same way; the only difference is that ``salt-call`` is used instead
of ``salt-run``:
.. code-block:: bash
salt-call winrepo.update_git_repos
salt-call winrepo.genrepo
salt-call pkg.refresh_db
After executing the previous commands the repository on the standalone system
is ready to use.
Custom Location for Repository SLS Files
----------------------------------------
If :conf_minion:`file_roots` has not been modified in the minion
configuration, then no additional configuration needs to be added to the
minion configuration. The :py:func:`winrepo.genrepo
<salt.modules.win_repo.genrepo>` function from the :mod:`winrepo
<salt.modules.win_repo>` execution module will by default look for the
filename specified by :conf_minion:`winrepo_cachefile` within
``C:\salt\srv\salt\win\repo``.
If the :conf_minion:`file_roots` parameter has been modified, then
:conf_minion:`winrepo_dir` must be modified to fall within that path, at the
proper relative path. For example, if the ``base`` environment in
:conf_minion:`file_roots` points to ``D:\foo``, and
:conf_minion:`winrepo_source_dir` is ``salt://win/repo``, then
:conf_minion:`winrepo_dir` must be set to ``D:\foo\win\repo`` to ensure that
:py:func:`winrepo.genrepo <salt.modules.win_repo.genrepo>` puts the cachefile
into right location.
Config Options for Minions 2015.8.0 and Later
=============================================
The :conf_minion:`winrepo_source_dir` config parameter (default:
``salt://win/repo``) controls where :mod:`pkg.refresh_db
<salt.modules.win_pkg.refresh_db>` looks for the cachefile (default:
``winrepo.p``). This means that the default location for the winrepo cachefile
would be ``salt://win/repo/winrepo.p``. Both :conf_minion:`winrepo_source_dir`
and :conf_minion:`winrepo_cachefile` can be adjusted to match the actual
location of this file on the Salt fileserver.
Config Options for Minions Before 2015.8.0
==========================================
If connected to a master, the minion will by default look for the winrepo
cachefile (the file generated by the :mod:`winrepo.genrepo runner
<salt.runners.winrepo.genrepo>`) at ``salt://win/repo/winrepo.p``. If the
cachefile is in a different path on the salt fileserver, then
:conf_minion:`win_repo_cachefile` will need to be updated to reflect the proper
location.
.. _2015-8-0-winrepo-changes:
Changes in Version 2015.8.0
===========================
Git repository management for the Windows Software Repository has changed
in version 2015.8.0, and several master/minion config parameters have been
renamed to make their naming more consistent with each other.
For a list of the winrepo config options, see :ref:`here
<winrepo-master-config-opts>` for master config options, and :ref:`here
<winrepo-minion-config-opts>` for configuration options for masterless Windows
minions.
On the master, the :mod:`winrepo.update_git_repos
<salt.runners.winrepo.update_git_repos>` runner has been updated to use either
pygit2_ or GitPython_ to checkout the git repositories containing repo data. If
pygit2_ or GitPython_ is installed, existing winrepo git checkouts should be
removed after upgrading to 2015.8.0, to allow them to be checked out again by
running :py:func:`winrepo.update_git_repos
<salt.runners.winrepo.update_git_repos>`.
If neither GitPython_ nor pygit2_ are installed, then Salt will fall back to
the pre-existing behavior for :mod:`winrepo.update_git_repos
<salt.runners.winrepo.update_git_repos>`, and a warning will be logged in the
master log.
.. note::
Standalone Windows minions do not support the new GitPython_/pygit2_
functionality, and will instead use the :py:func:`git.latest
<salt.states.git.latest>` state to keep repositories up-to-date. More
information on how to use the Windows Software Repo on a standalone minion
can be found :ref:`here <standalone-winrepo>`.
Config Parameters Renamed
-------------------------
Many of the legacy winrepo configuration parameters have changed in version 2015.8.0
to make the naming more consistent. The old parameter names will still work,
but a warning will be logged indicating that the old name is deprecated.
Below are the parameters which have changed for version 2015.8.0:
Master Config
*************
======================== ================================
Old Name New Name
======================== ================================
win_repo :conf_master:`winrepo_dir`
win_repo_mastercachefile :conf_master:`winrepo_cachefile`
win_gitrepos :conf_master:`winrepo_remotes`
======================== ================================
.. note::
``winrepo_cachefile`` is no longer used by 2015.8.0 and later minions, and
the ``winrepo_dir`` setting is replaced by ``winrepo_dir_ng`` for 2015.8.0
and later minions.
See :ref:`here <winrepo-master-config-opts>` for detailed information on all
master config options for the Windows Repo.
Minion Config
*************
======================== ================================
Old Name New Name
======================== ================================
win_repo :conf_minion:`winrepo_dir`
win_repo_cachefile :conf_minion:`winrepo_cachefile`
win_gitrepos :conf_minion:`winrepo_remotes`
======================== ================================
See :ref:`here <winrepo-minion-config-opts>` for detailed information on all
minion config options for the Windows Repo.
pygit2_/GitPython_ Support for Maintaining Git Repos
----------------------------------------------------
The :py:func:`winrepo.update_git_repos <salt.runners.winrepo.update_git_repos>`
runner (and the corresponding :py:func:`remote execution function
<salt.modules.win_repo.update_git_repos>` for standalone minions) now makes use
of the same underlying code used by the :ref:`Git Fileserver Backend
<tutorial-gitfs>` and :mod:`Git External Pillar <salt.pillar.git_pillar>` to
maintain and update its local clones of git repositories. If a compatible
version of either pygit2_ (0.20.3 and later) or GitPython_ (0.3.0 or later) is
installed, then Salt will use it instead of the old method (which invokes the
:py:func:`git.latest <salt.states.git.latest>` state).
.. note::
If compatible versions of both pygit2_ and GitPython_ are installed, then
Salt will prefer pygit2_, to override this behavior use the
:conf_master:`winrepo_provider` configuration parameter:
.. code-block:: yaml
winrepo_provider: gitpython
The :mod:`winrepo execution module <salt.modules.win_repo>` (discussed
above in the :ref:`Managing Windows Software on a Standalone Windows Minion
<standalone-winrepo>` section) does not yet officially support the new
pygit2_/GitPython_ functionality, but if either pygit2_ or GitPython_ is
installed into Salt's bundled Python then it *should* work. However, it
should be considered experimental at this time.
.. _pygit2: https://github.com/libgit2/pygit2
.. _GitPython: https://github.com/gitpython-developers/GitPython
To minimize potential issues, it is a good idea to remove any winrepo git
repositories that were checked out by the old (pre-2015.8.0) winrepo code when
upgrading the master to 2015.8.0 or later, and run
:py:func:`winrepo.update_git_repos <salt.runners.winrepo.update_git_repos>` to
clone them anew after the master is started.
Additional added features include the ability to access authenticated git
repositories (**NOTE:** pygit2_ only), and to set per-remote config settings.
An example of this would be the following:
.. code-block:: yaml
winrepo_remotes:
- https://github.com/saltstack/salt-winrepo.git
- git@github.com:myuser/myrepo.git:
- pubkey: /path/to/key.pub
- privkey: /path/to/key
- passphrase: myaw3s0m3pa$$phr4$3
- https://github.com/myuser/privaterepo.git:
- user: mygithubuser
- password: CorrectHorseBatteryStaple
.. note::
Per-remote configuration settings work in the same fashion as they do in
gitfs, with global parameters being overridden by their per-remote
counterparts (for instance, setting :conf_master:`winrepo_passphrase` would
set a global passphrase for winrepo that would apply to all SSH-based
remotes, unless overridden by a ``passphrase`` per-remote parameter).
See :ref:`here <gitfs-per-remote-config>` for more a more in-depth
explanation of how per-remote configuration works in gitfs, the same
principles apply to winrepo.
There are a couple other changes in how Salt manages git repos using
pygit2_/GitPython_. First of all, a ``clean`` argument has been added to the
:py:func:`winrepo.update_git_repos <salt.runners.winrepo.update_git_repos>`
runner, which (if set to ``True``) will tell the runner to dispose of
directories under the :conf_master:`winrepo_dir` which are not explicitly
configured. This prevents the need to manually remove these directories when a
repo is removed from the config file. To clean these old directories, just pass
``clean=True``, like so:
.. code-block:: bash
salt-run winrepo.update_git_repos clean=True
However, if a mix of git and non-git Windows Repo definition files are being
used, then this should *not* be used, as it will remove the directories
containing non-git definitions.
The other major change is that collisions between repo names are now detected,
and the :py:func:`winrepo.update_git_repos
<salt.runners.winrepo.update_git_repos>` runner will not proceed if any are
detected. Consider the following configuration:
.. code-block:: yaml
winrepo_remotes:
- https://foo.com/bar/baz.git
- https://mydomain.tld/baz.git
- https://github.com/foobar/baz
The :py:func:`winrepo.update_git_repos <salt.runners.winrepo.update_git_repos>`
runner will refuse to update repos here, as all three of these repos would be
checked out to the same directory. To work around this, a per-remote parameter
called ``name`` can be used to resolve these conflicts:
.. code-block:: yaml
winrepo_remotes:
- https://foo.com/bar/baz.git
- https://mydomain.tld/baz.git:
- name: baz_junior
- https://github.com/foobar/baz:
- name: baz_the_third
.. _wiki: http://wpkg.org/Category:Silent_Installers
Troubleshooting
===============
Incorrect name/version
----------------------
If the package seems to install properly, but salt reports a failure then it is
likely you have a version or ``full_name`` mismatch.
Check the exact ``full_name`` and version used by the package. Use
``pkg.list_pkgs`` to check that the names and version exactly match what is
installed.
Changes to sls files not being picked up
----------------------------------------
Ensure you have (re)generated the repository cache file (for older minions) and
then updated the repository cache on the relevant minions:
.. code-block:: bash
salt-run winrepo.genrepo
salt winminion pkg.refresh_db
Packages management under Windows 2003
--------------------------------------
On Windows server 2003, you need to install optional Windows component "wmi
windows installer provider" to have full list of installed packages. If you
don't have this, salt-minion can't report some installed software.
How Success and Failure are Reported
------------------------------------
The install state/module function of the Windows package manager works roughly
as follows:
1. Execute ``pkg.list_pkgs`` and store the result
2. Check if any action needs to be taken. (i.e. compare required package
and version against ``pkg.list_pkgs`` results)
3. If so, run the installer command.
4. Execute ``pkg.list_pkgs`` and compare to the result stored from
before installation.
5. Success/Failure/Changes will be reported based on the differences
between the original and final ``pkg.list_pkgs`` results.
If there are any problems in using the package manager it is likely due to the
data in your sls files not matching the difference between the pre and post
``pkg.list_pkgs`` results.
Reference in New Issue View Git Blame Copy Permalink