Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-4730

The puppet_agent module should not pass environment to the Windows MSI installer

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: puppet_agent
    • Labels:
    • Template:
      MODULES Bug Template
    • Acceptance Criteria:
      • Agent upgrades no longer use the PUPPET_AGENT_ENVIRONMENT parameter to windows msiexec.exe installations.
    • Team:
      Platform OS
    • Sprint:
      Platform OS Kanban
    • CS Priority:
      Needs Priority
    • Zendesk Ticket IDs:
      33845
    • Zendesk Ticket Count:
      1
    • QA Risk Assessment:
      Needs Assessment

      Description

      The install.bat script that puppet_agent runs should not be passing an environment key to the MSI installer as it would cause unintended side effects and possibly break the agent-specified environment workflow.

      That was added in this PR: https://github.com/puppetlabs/puppetlabs-puppet_agent/pull/127

      There is no need to specify the environment when running the MSI on a server that already has Puppet installed. The MSI will correctly preserve the environment.

      ...but more importantly, the MSI install will not add an environment setting if one is not already set. This is the reason for this ticket.

      Setting environment=foo at installation time to the MSI will cause environment=foo to be added to puppet.conf. This breaks the agent-specified environment workflow for reasons described in the following ticket: https://tickets.puppetlabs.com/browse/PA-286

      Reproduction case

      • Install PE 2018.1.5 and Bolt 1.x on a master node.
      • Configure the master with Windows packages for PE 2018.1.4:

      # Fix a hard-coded PE version in the template used to generate install.ps1
      sed -i'' "s/current/<%= scope['pe_version'] %>/" /opt/puppetlabs/puppet/modules/pe_repo/templates/install.ps1.erb
      mkdir -p /opt/puppetlabs/server/data/packages/public/2018.1.4
       
      puppet apply -e 'pe_repo::windows { "windows-x86_64": arch => "x64", agent_version => "5.5.6", pe_version => "2018.1.4"}'
      

      • Install the puppet_agent module:

      puppet module install puppetlabs-puppet_agent --version 1.7.0
      

      • Install the 2018.1.4 agent on a node running Windows:

      # NOTE: Change to the hostname of your node
      win_node='winrm://Administrator@qcx05m12sifwqpy.delivery.puppetlabs.net'
       
      bolt command run --nodes "${win_node}" --no-ssl \
        "[Net.ServicePointManager]::ServerCertificateValidationCallback = {\$true}
        \$webClient = New-Object System.Net.WebClient
        \$webClient.DownloadFile('https://$(hostname -f):8140/packages/2018.1.4/install.ps1', \$env:temp + '/install.ps1')
        powershell -File (\$env:temp + '/install.ps1')" \
        --password
       
      puppet cert sign -a
      bolt command run --nodes "${win_node}" --no-ssl \
        "puppet agent --onetime --no-daemonize --verbose" \
        --password
      

      • Configure site.pp to print out the value of the [agent_specified_environment variable|]:

      cat <<'EOF' > /etc/puppetlabs/code/environments/production/manifests/site.pp
      node 'default' {
        if $::agent_specified_environment =~ Undef {
          notify {"agent_specified_environment is undefined for ${trusted['certname']}": }
        } else {
          notify {"agent_specified_environment is ${::agent_specified_environment} for ${trusted['certname']}": }
        }
      }
      EOF
      

      • Apply the puppet_agent class to upgrade the agent node.

      puppet apply <<'EOF'
      pe_node_group { 'Agent Upgrade':
        parent          => 'PE Agent',
        refresh_classes => true,
        pinned          => puppetdb_query("inventory[certname] { ! facts.aio_agent_version = '${facts['aio_agent_version']}' }").map |$row| {
          $row['certname']
        },
        classes         => {
          'puppet_agent' => {
            'package_version' => $facts['aio_agent_version'],
          }
        }
      }
      EOF
      

      • Run the upgrade on the Windows agent and observe the value of agent_specified_environment before and after.

      bolt command run --nodes "${win_node}" --no-ssl \
        "puppet agent --onetime --no-daemonize --verbose" \
        --password
       
      # Run it again to see if agent_specified_environment changes its value
      bolt command run --nodes "${win_node}" --no-ssl \
        "puppet agent --onetime --no-daemonize --verbose" \
        --password
      

      Outcome

      The agent enters the upgrade with an undefined agent_specified_environment:

      # bolt command run --nodes "${win_node}" --no-ssl \
        "puppet agent --onetime --no-daemonize --verbose" \
        --password
      Please enter your password:
      Started on qcx05m12sifwqpy.delivery.puppetlabs.net...
      Finished on qcx05m12sifwqpy.delivery.puppetlabs.net:
        STDOUT:
          Info: Using configured environment 'production'
          Info: Retrieving pluginfacts
          Info: Retrieving plugin
          Info: Retrieving locales
          Info: Loading facts
          Info: Caching catalog for qcx05m12sifwqpy.delivery.puppetlabs.net
          Info: Applying configuration version '1545849637'
       
          Notice: agent_specified_environment is undefined for qcx05m12sifwqpy.delivery.puppetlabs.net
       
          Notice: /Stage[main]/Main/Node[default]/Notify[agent_specified_environment is undefined for qcx05m12sifwqpy.delivery.puppetlabs.net]/message: defined 'message' as 'agent_specified_environment is undefined for qcx05m12sifwqpy.delivery.puppetlabs.net'
          Notice: /Stage[main]/Puppet_agent::Prepare::Package/File[C:\ProgramData\Puppetlabs\packages]/ensure: created
          Notice: /Stage[main]/Puppet_agent::Prepare::Package/File[C:\ProgramData\Puppetlabs\packages\puppet-agent-x64.msi]/ensure: defined content as '{sha256lite}6989877481def857c2a4372b337ba5c29b0b8f6bf74b9bb7489a148b2d032295'
          Notice: /Stage[main]/Puppet_agent::Windows::Install/File[C:\Users\ADMINI~1\AppData\Local\Temp\install_puppet.bat]/ensure: defined content as '{md5}c7c22a4154e7eab5b7cd693222710dae'
          Notice: /Stage[main]/Puppet_agent::Windows::Install/Exec[install_puppet.bat]/returns: executed successfully
          Notice: /Stage[main]/Puppet_agent::Windows::Install/Exec[fix inheritable SYSTEM perms]/returns: executed successfully
          Notice: Applied catalog in 3.82 seconds
      Successful on 1 node: winrm://Administrator@qcx05m12sifwqpy.delivery.puppetlabs.net
      Ran on 1 node in 77.40 seconds
      

      But the first run post-upgrade reveals agent_specified_environment has been set to "production"

      # bolt command run --nodes "${win_node}" --no-ssl \
        "puppet agent --onetime --no-daemonize --verbose" \
        --password
      Please enter your password:
      Started on qcx05m12sifwqpy.delivery.puppetlabs.net...
      Finished on qcx05m12sifwqpy.delivery.puppetlabs.net:
        STDOUT:
          Info: Using configured environment 'production'
          Info: Retrieving pluginfacts
          Info: Retrieving plugin
          Info: Retrieving locales
          Info: Loading facts
          Info: Caching catalog for qcx05m12sifwqpy.delivery.puppetlabs.net
          Info: Applying configuration version '1545849793'
       
          Notice: agent_specified_environment is production for qcx05m12sifwqpy.delivery.puppetlabs.net
       
          Notice: /Stage[main]/Main/Node[default]/Notify[agent_specified_environment is production for qcx05m12sifwqpy.delivery.puppetlabs.net]/message: defined 'message' as 'agent_specified_environment is production for qcx05m12sifwqpy.delivery.puppetlabs.net'
          Notice: Applied catalog in 0.10 seconds
      Successful on 1 node: winrm://Administrator@qcx05m12sifwqpy.delivery.puppetlabs.net
      Ran on 1 node in 9.32 seconds
      

      Expected outcome

      Upgrading a Windows agent does not alter the value of the agent_specified_environment variable.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              scott.garman Scott Garman
              Reporter:
              nate.mccurdy Nate McCurdy
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support