Page MenuHomePhabricator

puppet package versioning on Bookworm for cloud-vps
Closed, ResolvedPublic

Description

I need to figure out how to manage puppet clients on bookworm. Here are the options:

root@buildvm-6b58b275-340f-4542-8601-7a9f4f351d3d:~# apt-cache madison puppet
    puppet |   7.23.0-1 | mirror+file:/etc/apt/mirrors/debian.list bookworm/main amd64 Packages
    puppet | 5.5.22-2+deb12u3 | http://apt.wikimedia.org/wikimedia bookworm-wikimedia/main amd64 Packages
puppet-agent |   7.23.0-1 | mirror+file:/etc/apt/mirrors/debian.list bookworm/main Sources
    puppet | 5.5.22-2+deb12u3 | http://apt.wikimedia.org/wikimedia bookworm-wikimedia/main Sources

Currently cloud-init sets up clients with puppet and the puppet agent with version 7.23.0-1 . This is not compatible with existing puppetmasters.

Some options:

  1. Explicitly install puppet=5.5.22-2+deb12u3

Specifying a package version is easy with cloud-init but it would have to be the same for all distros. That's not great since atm we support 5.5.22-2 on Bullseye and would need 5.5.22-2+deb12u3 on Bookworm. We could provide identical backports for all support distros (buster, bullseye, bookworm) bu that seems fragile.

  1. Pin puppet to always come from the wikimedia repo

I don't immediately know how to do this, but it is possible to inject apt configuration with cloud-init. This is likely the best option.

  1. Upgrade puppetmasters to version 7, which should be backwards-compatible with existing clients.

This seems like a lot of trouble unless prod is already planning to do this.
I'm pretty sure we don't want/need the agent package, but that's easy enough to remove.

Event Timeline

Andrew renamed this task from puppet package versioning on Bookworm to puppet package versioning on Bookworm for cloud-vps.Jun 6 2023, 1:04 AM
Andrew created this task.

possibly something like:

# prefer Wikimedia APT repository packages in all cases
apt::pin { 'wikimedia':
    package  => '*',
    pin      => 'release o=Wikimedia',
    priority => 1001,
}

for 2)

(source: modules/apt/manifests/init.pp)

cc: @jbond

Thanks @Dzahn ! The challenge is to encode that in cloud-init yaml (which may or may not be possible)

Change 927664 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] vendordata: pin puppet packages to wikimedia repo

https://gerrit.wikimedia.org/r/927664

Change 927664 merged by Andrew Bogott:

[operations/puppet@production] vendordata: pin puppet packages to wikimedia repo

https://gerrit.wikimedia.org/r/927664

Change 927740 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] vendordata: remove malicious quote marks

https://gerrit.wikimedia.org/r/927740

Change 927740 merged by Andrew Bogott:

[operations/puppet@production] vendordata: remove malicious quote marks

https://gerrit.wikimedia.org/r/927740

I now have the proper version installing via cloud-init () but now when puppet is invoked it says:

root@buildvm-c88281bc-7bb0-4a46-9f97-c9b59ba3b845:~# puppet agent -tv
Error: Could not initialize global default settings: The `SortedSet` class has been extracted from the `set` library. You must use the `sorted_set` gem or other alternatives.

I think this is a missing dependency in the package. If I install puppet-agent and then immediately remove it, everything works. (Which I guess means that the puppet-agent package is broken too since it must leak a ruby file).

I think this is a missing dependency in the package.

Indeed, installing 'ruby-sorted-set' fixes things. So the puppet package should have a dependency on that.

I'll manually install ruby-sorted-set for now, but I'm hoping some onlooker will file an upstream bug.

Change 927747 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):

[operations/puppet@production] cloud-vps vendordata: install ruby-sorted-set

https://gerrit.wikimedia.org/r/927747

Change 927747 merged by Andrew Bogott:

[operations/puppet@production] cloud-vps vendordata: install ruby-sorted-set

https://gerrit.wikimedia.org/r/927747

  1. Upgrade puppetmasters to version 7, which should be backwards-compatible with existing clients.

That's part of T330490: Next steps for Puppet 7

I think this is a missing dependency in the package.

Indeed, installing 'ruby-sorted-set' fixes things. So the puppet package should have a dependency on that.

I'll manually install ruby-sorted-set for now, but I'm hoping some onlooker will file an upstream bug.

That's not needed, the dependencies are all correct: puppet is a transition package which depends on puppet-agent. And puppet-agent depends on ruby-sorted-set alreay.