Deploying additional base OS software packages with cfengine

This is section from my web pages Musings/Experiments With A Virtual Data Center

The minimal CentOS configuration I installed is well, very minimal. A lot of stuff is missing like cron, sudo, rsync, tcsh, which, etc... In addition there are other collections of software that I want installed like bind, Apache, and the support tools for understanding SELinux problems.

cfengine can install these packages from our yum repository. For each package two entries are needed. You first test for the package's existence in the control: directive:

  has_package = ( ReturnsZero( /bin/rpm -q --quiet package ) )

Note: any dashes, -, in the package name have to be changed to underscores, _, in the has_package class name.

Then in the shellcommands: directive you call yum to install the package if the variable have been set:

  !has_package::
     "/usr/bin/yum -y install package"

Additional base OS software packages

I have added the following groups of base OS software packages.
wget
which
sudo
tcsh
vixie-cron
crontabs
logrotate
yum-cron
rsync
ntp
lm_sensors
sudo

SELinux related software

The following packages are useful for troubleshooting problems with SELinux:
audit
setools
setroubleshoot-server
setroubleshoot-plugins

When you install these packages, they also pull in two additional packages:
dbus-python
pygobject2

But when I tried to install the setroubleshoot package it wanted to pull in 73 additional packages:
GConf2, ORBit2, alsa-lib, atk, audiofile, avahi, avahi-glib, cairo, cups-libs, dbus-python, desktop-file-utils, esound, fontconfig, freetype, gail, gamin, gnome-keyring, gnome-mime-data, gnome-mount, gnome-python2, gnome-python2-bonobo, gnome-python2-canvas, gnome-python2-extras, gnome-python2-gnomevfs, gnome-python2-gtkhtml2, gnome-vfs2, gnutls, gtk2, gtkhtml2, hicolor-icon-theme, htmlview, libICE, libIDL, libSM, libX11, libXau, libXcursor, libXdmcp, libXext, libXfixes, libXft, libXi, libXinerama, libXrandr, libXrender, libXres, libart_lgpl, libbonobo, libbonoboui, libdaemon, libglade2, libgnome, libgnomecanvas, libgnomeui, libjpeg, libnotify, libpng, libtiff, libutempter, libwnck, libxslt, notification-daemon, notify-python, pango, pycairo, pygobject2, pygtk2, pyorbit, python-numeric, redhat-menus, shared-mime-info, startup-notification, xorg-x11-filesystem.

This would have been a mistake if we wanted to keep with our minimal OS software installation. But the setroubleshoot package is the GUI based front end to the setroubleshoot-server package. You can still run the SELinux diagnostics from the data in the log files so we can live without the GUI based setroubleshoot package.

This is just a caution that when you are adding software to a server, run yum manually first to make sure it will not install too much additional software.