0

As part of my internship task, I've to deploy OpenVPN clients on around 60-70 client devices that run CentOS (which reside on private networks and cannot be accessed directly). I'm quite new to package management. I've updated the already existing SPEC file that was created by an employee who no longer works here. I've added a subpackage to the spec file and it generates the subpackage called "mainpackage-openvpn-version" on building. This works properly.

My problem is that when the client devices run "yum update mainpackage-*" (which it does automatically), it only updates the already installed sub-packages (as expected). Is there any way to make it pick up my new openvpn sub-package and install it too? As running yum install on all the 60 machines is not practical, I'm looking for ways to make it work with update. Or am I looking at it completely wrong and is there a cleaner way to handle this?

I've tried to look up ways to do this but could not find anything. It works if I mention the sub-package in the "requires" of the main-package but I don't feel like that's the right way to do it as it's not really a dependency for the main package.

If it helps, I'm posting the relevant section from the SPEC file here. 

%post openvpn

hostname="$(/path/to/get_login.sh)"
sed -i "s/cert_here/$hostname.crt/" /etc/openvpn/client.conf
sed -i "s/key_here/$hostname.key/" /etc/openvpn/client.conf

psswd="$(mysql -Ns -u username -ppassword database -e "SELECT value FROM table
 WHERE parameter='PASSWORD'")"

cd /etc/openvpn/

curl -k -o certs.tar.gz http://webservice-to-get-certificates/$hostname/$psswd

tar -xf /etc/openvpn/certs.tar.gz

rm -f certs.tar.gz

chmod 755 /etc/init.d/openvpn

chkconfig --add openvpn
systemctl start openvpn

%files openvpn
/etc/openvpn/client.conf
%attr(755, -, -) /etc/rc.d/init.d/openvpn
Akhil
  • 101
  • 1

1 Answers1

0

Why are you creating a separate subpackage in the first place?

  • If your subpackage should always be installed when installing the main package, then maybe you shouldn't create a separate subpackage.
  • If your subpackage should not always be automatically installed when installing the main package; then it is the responsibility of the user to install that extra subpackage...
Chris Maes
  • 570
  • 2
  • 9
  • I just wanted to keep it independent in case it needs to removed or modified in the future. I assumed that was the cleaner way to do it as I won't maintaining this myself. Is there any way to handle this scenario with subpackages? – Akhil Feb 14 '19 at 11:02
  • if you want it to always be installed and you really want to keep it separate in a subpackage, then your proposal to add the dependency to the main package seems correct to me. – Chris Maes Feb 14 '19 at 11:07
  • Okay, thanks. As of now, I'm just going to put a dependency and after it is all installed, I'll deploy it again with the dependency removed. That seems to ensure that if the sub-package is removed. it won't affect the main-package. – Akhil Feb 14 '19 at 11:14
  • in that case you better not put intermediate requirements. In that case you better run `yum install` on all those servers... you really need to think about what you want to happen when you make new versions later, what happens when they set up a new machine (then your dependency will not be installed!) – Chris Maes Feb 14 '19 at 11:29