I am trying to control the version of puppet agent installed on our RedHat systems.
Our Puppet manifest has
$puppet_version = hiera('profile::puppet_agent::version', '6.12.0') class {'::puppet_agent': collection => 'puppet6', package_version => $puppet_version, service_names => [], # Don't start puppet service msi_move_locked_files => true, manage_pki_dir => false, } # This is required on RedHat 7 only $puppet_release = $::osreleasemaj ? { '7' => '*.el7.*', default => undef, } yum::versionlock { 'puppet-agent': ensure => present, version => $puppet_version, release => $puppet_release, before => Class['Puppet_agent'], } This works to configure puppet and it actually changes the contents of the YUM versionlock config file, but it doesn't seem to work to force puppet-agent to upgrade. I changed the version from 6.12.0 to 6.16.0. Now every puppet run fails with the error message Could not update: Failed to update to version 6.16.0, got version 6.12.0-1.el7 instead.
On RHEL 7, /etc/yum/pluginconf.d/versionlock.list contains:
# File managed by puppet 0:puppet-agent-6.16.0-*.el7.* On RHEL 8, /etc/yum/pluginconf.d/versionlock.list contains:
# File managed by puppet 0:puppet-agent-0:6.16.0-* My understanding is the yum versionlock doesn't care about the version listed in the file - just the package name.
I looked into whether puppet can clear the version lock, run the update, and set the version lock again all in the same agent run, but I can't find any way to make that work.
Any other way to do this?
We are running RHEL7 and RHEL8, and using the official Puppet YUM repositories.
/etc/yum/pluginconf.d/versionlock.listfile and see if it matches your intentions.