[MODULES-4730] The puppet_agent module should not pass environment to the Windows MSI installer - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: puppet_agent
Labels:
- windows

Acceptance Criteria:
- Agent upgrades no longer use the PUPPET_AGENT_ENVIRONMENT parameter to windows msiexec.exe installations.
Epic Link:
Improve puppet_agent's Windows support
Team:
Platform OS
Sprint:
Platform OS Kanban

CS Priority:
Needs Priority
Zendesk Ticket IDs:
33845
Zendesk Ticket Count:
1

QA Risk Assessment:
Needs Assessment

Description

The install.bat script that puppet_agent runs should not be passing an environment key to the MSI installer as it would cause unintended side effects and possibly break the agent-specified environment workflow.

That was added in this PR: https://github.com/puppetlabs/puppetlabs-puppet_agent/pull/127

There is no need to specify the environment when running the MSI on a server that already has Puppet installed. The MSI will correctly preserve the environment.

...but more importantly, the MSI install will not add an environment setting if one is not already set. This is the reason for this ticket.

Setting environment=foo at installation time to the MSI will cause environment=foo to be added to puppet.conf. This breaks the agent-specified environment workflow for reasons described in the following ticket: https://tickets.puppetlabs.com/browse/PA-286

Reproduction case

Install PE 2018.1.5 and Bolt 1.x on a master node.

Configure the master with Windows packages for PE 2018.1.4:

# Fix a hard-coded PE version in the template used to generate install.ps1

sed -i'' "s/current/<%= scope['pe_version'] %>/" /opt/puppetlabs/puppet/modules/pe_repo/templates/install.ps1.erb

mkdir -p /opt/puppetlabs/server/data/packages/public/2018.1.4

puppet apply -e 'pe_repo::windows { "windows-x86_64": arch => "x64", agent_version => "5.5.6", pe_version => "2018.1.4"}'

Install the puppet_agent module:

puppet module install puppetlabs-puppet_agent --version 1.7.0

Install the 2018.1.4 agent on a node running Windows:

# NOTE: Change to the hostname of your node

win_node='winrm://Administrator@qcx05m12sifwqpy.delivery.puppetlabs.net'

bolt command run --nodes "${win_node}" --no-ssl \

  "[Net.ServicePointManager]::ServerCertificateValidationCallback = {\$true}

  \$webClient = New-Object System.Net.WebClient

  \$webClient.DownloadFile('https://$(hostname -f):8140/packages/2018.1.4/install.ps1', \$env:temp + '/install.ps1')

  powershell -File (\$env:temp + '/install.ps1')" \

  --password

puppet cert sign -a

bolt command run --nodes "${win_node}" --no-ssl \

  "puppet agent --onetime --no-daemonize --verbose" \

  --password

Configure site.pp to print out the value of the [agent_specified_environment variable|]:

cat <<'EOF' > /etc/puppetlabs/code/environments/production/manifests/site.pp

node 'default' {

  if $::agent_specified_environment =~ Undef {

    notify {"agent_specified_environment is undefined for ${trusted['certname']}": }

  } else {

    notify {"agent_specified_environment is ${::agent_specified_environment} for ${trusted['certname']}": }

EOF

Apply the puppet_agent class to upgrade the agent node.

puppet apply <<'EOF'

pe_node_group { 'Agent Upgrade':

  parent          => 'PE Agent',

  refresh_classes => true,

  pinned          => puppetdb_query("inventory[certname] { ! facts.aio_agent_version = '${facts['aio_agent_version']}' }").map |$row| {

    $row['certname']

},

  classes         => {

    'puppet_agent' => {

      'package_version' => $facts['aio_agent_version'],

EOF

Run the upgrade on the Windows agent and observe the value of agent_specified_environment before and after.

bolt command run --nodes "${win_node}" --no-ssl \

  "puppet agent --onetime --no-daemonize --verbose" \

  --password

# Run it again to see if agent_specified_environment changes its value

bolt command run --nodes "${win_node}" --no-ssl \

  "puppet agent --onetime --no-daemonize --verbose" \

  --password

Outcome

The agent enters the upgrade with an undefined agent_specified_environment:

# bolt command run --nodes "${win_node}" --no-ssl \

  "puppet agent --onetime --no-daemonize --verbose" \

  --password

Please enter your password:

Started on qcx05m12sifwqpy.delivery.puppetlabs.net...

Finished on qcx05m12sifwqpy.delivery.puppetlabs.net:

  STDOUT:

    Info: Using configured environment 'production'

    Info: Retrieving pluginfacts

    Info: Retrieving plugin

    Info: Retrieving locales

    Info: Loading facts

    Info: Caching catalog for qcx05m12sifwqpy.delivery.puppetlabs.net

    Info: Applying configuration version '1545849637'

    Notice: agent_specified_environment is undefined for qcx05m12sifwqpy.delivery.puppetlabs.net

    Notice: /Stage[main]/Main/Node[default]/Notify[agent_specified_environment is undefined for qcx05m12sifwqpy.delivery.puppetlabs.net]/message: defined 'message' as 'agent_specified_environment is undefined for qcx05m12sifwqpy.delivery.puppetlabs.net'

    Notice: /Stage[main]/Puppet_agent::Prepare::Package/File[C:\ProgramData\Puppetlabs\packages]/ensure: created

    Notice: /Stage[main]/Puppet_agent::Prepare::Package/File[C:\ProgramData\Puppetlabs\packages\puppet-agent-x64.msi]/ensure: defined content as '{sha256lite}6989877481def857c2a4372b337ba5c29b0b8f6bf74b9bb7489a148b2d032295'

    Notice: /Stage[main]/Puppet_agent::Windows::Install/File[C:\Users\ADMINI~1\AppData\Local\Temp\install_puppet.bat]/ensure: defined content as '{md5}c7c22a4154e7eab5b7cd693222710dae'

    Notice: /Stage[main]/Puppet_agent::Windows::Install/Exec[install_puppet.bat]/returns: executed successfully

    Notice: /Stage[main]/Puppet_agent::Windows::Install/Exec[fix inheritable SYSTEM perms]/returns: executed successfully

    Notice: Applied catalog in 3.82 seconds

Successful on 1 node: winrm://Administrator@qcx05m12sifwqpy.delivery.puppetlabs.net

Ran on 1 node in 77.40 seconds

But the first run post-upgrade reveals agent_specified_environment has been set to "production"

# bolt command run --nodes "${win_node}" --no-ssl \

  "puppet agent --onetime --no-daemonize --verbose" \

  --password

Please enter your password:

Started on qcx05m12sifwqpy.delivery.puppetlabs.net...

Finished on qcx05m12sifwqpy.delivery.puppetlabs.net:

  STDOUT:

    Info: Using configured environment 'production'

    Info: Retrieving pluginfacts

    Info: Retrieving plugin

    Info: Retrieving locales

    Info: Loading facts

    Info: Caching catalog for qcx05m12sifwqpy.delivery.puppetlabs.net

    Info: Applying configuration version '1545849793'

    Notice: agent_specified_environment is production for qcx05m12sifwqpy.delivery.puppetlabs.net

    Notice: /Stage[main]/Main/Node[default]/Notify[agent_specified_environment is production for qcx05m12sifwqpy.delivery.puppetlabs.net]/message: defined 'message' as 'agent_specified_environment is production for qcx05m12sifwqpy.delivery.puppetlabs.net'

    Notice: Applied catalog in 0.10 seconds

Successful on 1 node: winrm://Administrator@qcx05m12sifwqpy.delivery.puppetlabs.net

Ran on 1 node in 9.32 seconds

Expected outcome

Upgrading a Windows agent does not alter the value of the agent_specified_environment variable.

Attachments

Issue Links

relates to

PA-673 Regression in Windows puppet.conf environment setting

Resolved

PA-286 Windows MSI should not put an environment setting in puppet.conf by default

Closed

mentioned in: Page Loading...

Activity

People

Assignee:: Scott Garman

Reporter:: Nate McCurdy

Votes:: 0 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 2017/04/03 2:37 PM

Updated:: 2019/12/05 3:40 AM

Resolved:: 2019/02/05 2:00 PM