diff --git a/site-modules/profile/manifests/grafana.pp b/site-modules/profile/manifests/grafana.pp
index 7aca07ec..759a4dbf 100644
--- a/site-modules/profile/manifests/grafana.pp
+++ b/site-modules/profile/manifests/grafana.pp
@@ -1,31 +1,30 @@
 class profile::grafana {
   $db = lookup('grafana::db::database')
   $db_username = lookup('grafana::db::username')
   $db_password = lookup('grafana::db::password')
 
   $config = lookup('grafana::config')
 
   include ::postgresql::server
 
   ::postgresql::server::db {$db:
     user     => $db_username,
     password => postgresql_password($db_username, $db_password),
   }
 
   class {'::grafana':
     install_method => 'repo',
-    version        => 'latest',
     cfg            => $config + {
       database => {
         type     => 'postgres',
         host     => '127.0.0.1:5432',
         name     => $db,
         user     => $db_username,
         password => $db_password
       }
     }
   }
 
   contain profile::grafana::vhost
   contain profile::grafana::objects
 }
diff --git a/site-modules/profile/manifests/prometheus/node.pp b/site-modules/profile/manifests/prometheus/node.pp
index 70b6bb56..800d8fee 100644
--- a/site-modules/profile/manifests/prometheus/node.pp
+++ b/site-modules/profile/manifests/prometheus/node.pp
@@ -1,96 +1,96 @@
 # Prometheus configuration for nodes
 class profile::prometheus::node {
   include profile::prometheus::base
 
   $defaults_file = '/etc/default/prometheus-node-exporter'
 
   package {'prometheus-node-exporter':
-    ensure => latest,
+    ensure => present,
     notify => Service['prometheus-node-exporter'],
   }
 
   service {'prometheus-node-exporter':
     ensure  => 'running',
     enable  => true,
     require => [
       Package['prometheus-node-exporter'],
       File[$defaults_file],
     ]
   }
 
   ::systemd::dropin_file {'prometheus-node-exporter/restart.conf':
     ensure   => present,
     unit     => 'prometheus-node-exporter.service',
     filename => 'restart.conf',
     content  => "[Service]\nRestart=always\nRestartSec=5\n",
   }
 
   $lookup_defaults_config = lookup('prometheus::node::defaults_config', Hash)
   $listen_network = lookup('prometheus::node::listen_network', Optional[String], 'first', undef)
   $listen_address = lookup('prometheus::node::listen_address', Optional[String], 'first', undef)
   $actual_listen_address = pick($listen_address, ip_for_network($listen_network))
   $listen_port = lookup('prometheus::node::listen_port')
   $target = "${actual_listen_address}:${listen_port}"
 
   $defaults_config = deep_merge(
     $lookup_defaults_config,
     {
       web => {
         listen_address => $target,
       },
     }
   )
 
   # Uses $defaults_config
   file {$defaults_file:
     ensure  => 'present',
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
     content => template('profile/prometheus/node/prometheus-node-exporter.defaults.erb'),
     require => Package['prometheus-node-exporter'],
     notify  => Service['prometheus-node-exporter'],
   }
 
   $textfile_directory = lookup('prometheus::node::textfile_directory')
   $scripts = lookup('prometheus::node::scripts', Hash, 'deep')
   $scripts_directory = lookup('prometheus::node::scripts::directory')
 
   file {$scripts_directory:
     ensure  => 'directory',
     owner   => 'root',
     group   => 'root',
     mode    => '0700',
     recurse => true,
     purge   => true,
     require => Package['prometheus-node-exporter'],
   }
 
   each($scripts) |$script, $data| {
     file {"${scripts_directory}/${script}":
       ensure  => present,
       owner   => 'root',
       group   => 'root',
       mode    => '0700',
       content => template("profile/prometheus/node/scripts/${script}.erb"),
     }
     if $data['mode'] == 'cron' {
       cron {"prometheus-node-exporter-${script}":
         ensure => absent,
         user   => $data['cron']['user'],
       }
 
       profile::cron::d {"prometheus-node-exporter-${script}":
         target      => 'prometheus',
         user        => $data['cron']['user'],
         command     => "chronic ${scripts_directory}/${script}",
         random_seed => "prometheus-node-exporter-${script}",
         *           => $data['cron']['specification'],
       }
     }
   }
 
   profile::prometheus::export_scrape_config {'node':
     target => $target,
   }
 }
diff --git a/site-modules/profile/manifests/prometheus/server.pp b/site-modules/profile/manifests/prometheus/server.pp
index 578b534d..8032cdf8 100644
--- a/site-modules/profile/manifests/prometheus/server.pp
+++ b/site-modules/profile/manifests/prometheus/server.pp
@@ -1,109 +1,109 @@
 # Configure the Prometheus server
 class profile::prometheus::server {
   include profile::prometheus::base
 
   $config_dir = '/etc/prometheus'
   $config_file = "${config_dir}/prometheus.yml"
   $defaults_file = '/etc/default/prometheus'
   $scrape_configs_dirname = 'exported-configs'
   $scrape_configs_dir = "${config_dir}/${scrape_configs_dirname}"
 
   $global_config = lookup('prometheus::server::config::global', Hash)
   $rule_files = []
   $scrape_configs = []
   $remote_read = []
   $remote_write = []
   $alert_relabel_configs = []
   $alertmanagers = []
 
   $full_config = {
     global         => $global_config,
     rule_files     => $rule_files,
     scrape_configs => $scrape_configs + [
       {
         job_name        => 'exported',
         file_sd_configs => [
           {
             files => [
               "${scrape_configs_dirname}/*.yaml",
             ]
           },
         ]
       },
     ],
     alerting       => {
       alert_relabel_configs => $alert_relabel_configs,
       alertmanagers         => $alertmanagers,
     },
     remote_read    => $remote_read,
     remote_write   => $remote_write,
   }
 
   $lookup_defaults_config = lookup('prometheus::server::defaults_config', Hash)
   $listen_network = lookup('prometheus::server::listen_network', Optional[String], 'first', undef)
   $listen_address = lookup('prometheus::server::listen_address', Optional[String], 'first', undef)
   $actual_listen_address = pick($listen_address, ip_for_network($listen_network))
   $listen_port = lookup('prometheus::server::listen_port')
   $target = "${actual_listen_address}:${listen_port}"
 
   $defaults_config = deep_merge(
     $lookup_defaults_config,
     {
       web => {
         listen_address => $target,
       },
     }
   )
 
   profile::prometheus::export_scrape_config {'prometheus':
     target => $target,
   }
 
   package {'prometheus':
-    ensure => latest,
+    ensure => present,
     notify => Service['prometheus'],
   }
 
   service {'prometheus':
     ensure  => 'running',
     enable  => true,
     require => [
       Package['prometheus'],
       File[$config_file],
       File[$defaults_file]
     ],
   }
 
   file {$config_file:
     ensure  => 'present',
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
     require => Package['prometheus'],
     notify  => Service['prometheus'],
     content => inline_yaml($full_config),
   }
 
   file {$scrape_configs_dir:
     ensure  => 'directory',
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
     require => Package['prometheus'],
     recurse => true,
     purge   => true,
   }
 
   # Uses $defaults_config
   file {$defaults_file:
     ensure  => 'present',
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
     content => template('profile/prometheus/server/prometheus.defaults.erb'),
     require => Package['prometheus'],
     notify  => Service['prometheus'],
   }
 
   Profile::Prometheus::Scrape_config <<| prometheus_server == $trusted['certname'] |>>
 }
diff --git a/site-modules/profile/manifests/swh/deploy/objstorage.pp b/site-modules/profile/manifests/swh/deploy/objstorage.pp
index 41d8bac7..400a2a12 100644
--- a/site-modules/profile/manifests/swh/deploy/objstorage.pp
+++ b/site-modules/profile/manifests/swh/deploy/objstorage.pp
@@ -1,25 +1,25 @@
 # Deployment of the swh.objstorage.api server
 
 class profile::swh::deploy::objstorage {
   $conf_directory = lookup('swh::deploy::objstorage::conf_directory')
   $group = lookup('swh::deploy::objstorage::group')
   $swh_packages = ['python3-swh.objstorage']
 
   package {$swh_packages:
-    ensure  => latest,
+    ensure  => present,
     require => Apt::Source['softwareheritage'],
   }
   Package[$swh_packages] ~> Service['gunicorn-swh-objstorage']
 
   file {$conf_directory:
     ensure => directory,
     owner  => 'root',
     group  => $group,
     mode   => '0750',
   }
 
   ::profile::swh::deploy::rpc_server {'objstorage':
     executable => 'swh.objstorage.api.wsgi',
     worker     => 'async',
   }
 }
diff --git a/site-modules/profile/manifests/swh/deploy/scheduler_updater.pp b/site-modules/profile/manifests/swh/deploy/scheduler_updater.pp
index 0aae812f..fd63ac88 100644
--- a/site-modules/profile/manifests/swh/deploy/scheduler_updater.pp
+++ b/site-modules/profile/manifests/swh/deploy/scheduler_updater.pp
@@ -1,32 +1,32 @@
 # Deployment of swh-scheduler-updater related utilities
 
 class profile::swh::deploy::scheduler_updater {
   # Package and backend configuration
   $scheduler_updater_packages = ['python3-swh.scheduler.updater']
 
   package {$scheduler_updater_packages:
-    ensure => latest,
+    ensure => present,
   }
 
   $backend_conf_dir = lookup('swh::deploy::scheduler::updater::backend::conf_dir')
   $backend_conf_file = lookup('swh::deploy::scheduler::updater::backend::conf_file')
   $backend_user = lookup('swh::deploy::scheduler::updater::backend::user')
   $backend_group = lookup('swh::deploy::scheduler::updater::backend::group')
   $backend_config = lookup('swh::deploy::scheduler::updater::backend::config')
 
   # file {$backend_conf_dir:
   #   ensure => directory,
   #   owner  => 'root',
   #   group  => $backend_group,
   #   mode   => '0755',
   # }
 
   file {$backend_conf_file:
     ensure  => present,
     owner   => 'root',
     group   => $backend_group,
     mode    => '0640',
     content => inline_template("<%= @backend_config.to_yaml %>\n"),
   }
 
 }