Pass --nogpgcheck to yum via puppet

Question

How would one get a --nogpgcheck option to yum via puppet? I've tried

package { 'unsigned-package':
  ensure          => latest,
  install_options => ['--nogpgcheck'],
}

and

package { 'unsigned-package':
  ensure          => latest,
  install_options => ['nogpgcheck'],
}

but looking at the output from an agent run, yum isn't getting that option.

As an aside (and maybe the reason it's not working for me), how do I verify my puppet has the install_options feature?

I'm running puppet 3.3.0-rc2.

Answer 1

I have found that with puppet 3.7.1 passing 'install_options' to the yum provider works. I was able to successfully pass '--nogpgcheck' using it. Just update your puppet now.

Answer 2

I've been able to answer my second question, and it looks like install_options is not implemented for yum on 3.3.0-rc2.

$ grep -ro install_options /usr/lib/ruby/site_ruby/1.8/puppet/provider/package/ | sort | uniq
/usr/lib/ruby/site_ruby/1.8/puppet/provider/package/msi.rb:install_options
/usr/lib/ruby/site_ruby/1.8/puppet/provider/package/sun.rb:install_options
/usr/lib/ruby/site_ruby/1.8/puppet/provider/package/windows.rb:install_options

And an answer to the real question, since this is a custom repository, the trick was to disable gpg checks. This can be done in the instantiation of the puppet yumrepo type, as in

yumrepo { 'customrepo':
  gpgcheck => 0,
}

Another option, as stated in my comment beneath the question would be to gpg sign the packages.

Answer 3

As of puppet 3.4.0

 class pkgoptions {

        package { 'strace':
          ensure          => 'installed',
          provider        => 'yum',
          install_options => [ '--noplugins', '--enablerepo=fedora' ],
          # or install_options => [ '-t', 'squeeze-backports' ], for Debian backports
        }

      }

Reference: http://www.unixdaemon.net/tools/puppet/puppet-package-install-options.html