Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-8405

puppet_agent: the source parameter cannot be used in environments with a mix of Linux and Windows

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: puppet_agent
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Team:
      Platform OS
    • Method Found:
      Customer Feedback
    • CS Priority:
      Needs Priority
    • QA Risk Assessment:
      Needs Assessment

      Description

      The puppet_agent class has a "source" parameter that can be used to specify the location from which packages should be downloaded during an upgrade. This parameter is often needed in environments that have a proxy or load balancer between the agents and the puppet server. However, Linux agents interpret source as "a root directory" under which to find distrobution-specific package repositories whereas Windows agents interpret source as an absolute URL for a .msi file to install.

      These incompatible interpretations between directory and file means that setting source for Linux agents will cause Windows agents to fail their upgrades and vice versa.

      Reproduction case

      • Install PE 2018.1.5 and Bolt 1.x on a CentOS 7 master node.
      • Configure the master with Windows and CentOS 7 packages for PE 2018.1.4:

      # Fix a hard-coded PE version in the template used to generate install.ps1
      sed -i'' "s/current/<%= scope['pe_version'] %>/" /opt/puppetlabs/puppet/modules/pe_repo/templates/install.ps1.erb
      mkdir -p /opt/puppetlabs/server/data/packages/public/2018.1.4
       
      puppet apply -e 'pe_repo::windows { "windows-x86_64": arch => "x64", agent_version => "5.5.6", pe_version => "2018.1.4"}
        pe_repo::el { "el-7-x86_64": agent_version => "5.5.6", pe_version => "2018.1.4"}'
      

      • Install the puppet_agent module:

      puppet module install puppetlabs-puppet_agent --version 1.7.0
      

      • Install the 2018.1.4 agent on nodes running CentOS 7 and Windows:

      # NOTE: Change to the hostnames of your nodes
      win_node='winrm://Administrator@rmvtndtcan9bnaa.delivery.puppetlabs.net'
      lin_node='ssh://root@umwu0w8tmhfxgz3.delivery.puppetlabs.net'
      nodes="${win_node},${lin_node}"
       
      bolt command run --nodes "${win_node}" --no-ssl \
        "[Net.ServicePointManager]::ServerCertificateValidationCallback = {\$true}
        \$webClient = New-Object System.Net.WebClient
        \$webClient.DownloadFile('https://$(hostname -f):8140/packages/2018.1.4/install.ps1', \$env:temp + '/install.ps1')
        powershell -File (\$env:temp + '/install.ps1')" \
        --password
       
      bolt command run --nodes "${lin_node}" --no-host-key-check \
        "curl -k https://$(hostname -f):8140/packages/2018.1.4/install.bash | bash" \
        --password
       
      puppet cert sign -a
      bolt command run --nodes "${nodes}" --no-ssl --no-host-key-check \
        "puppet agent --onetime --no-daemonize --verbose" \
        --password
      

      • Add an alternate hostname to the master and as an `/etc/hosts` entry on the agents:

      puppet apply <<'EOF'
      pe_hocon_setting { "master alt name":
        ensure  => present,
        path    => '/etc/puppetlabs/enterprise/conf.d/pe.conf',
        setting => '"pe_install::puppet_master_dnsaltnames"',
        value   => ['%{::trusted.certname}', 'alt-name.test'],
      }
      EOF
       
      puppet cert clean $(puppet config print certname)
      rm -f /etc/puppetlabs/puppet/ssl/*/"$(puppet config print certname).pem"
      puppet infrastructure configure --no-recover
       
      cat <<EOF > /etc/puppetlabs/code/environments/production/manifests/site.pp
      node 'default' {
        host { "master alt name":
          ensure => present,
          name   => 'alt-name.test',
          ip     => '$(getent hosts $(hostname -f)|cut -d" " -f1)',
        }
      }
      EOF
       
      bolt command run --nodes "${nodes}" --no-ssl --no-host-key-check \
        "puppet agent --onetime --no-daemonize --verbose" \
        --password
      

      • Apply the puppet_agent class to upgrade the agent nodes, but specify the new alternate hostname as the package source:

      puppet apply <<'EOF'
      pe_node_group { 'Agent Upgrade':
        parent          => 'PE Agent',
        refresh_classes => true,
        pinned          => puppetdb_query("inventory[certname] { ! facts.aio_agent_version = '${facts['aio_agent_version']}' }").map |$row| {
          $row['certname']
        },
        classes         => {
          'puppet_agent' => {
            'package_version' => $facts['aio_agent_version'],
            'source' => 'https://alt-name.test:8140/packages',
          }
        }
      }
      EOF
      

      • Run the upgrade on the agent nodes:

      bolt command run --nodes "${nodes}" --no-ssl --no-host-key-check \
        "puppet --version
        puppet agent --onetime --no-daemonize --verbose" \
        --password
      

      Outcome

      The upgrade runs on both nodes:

      # bolt command run --nodes "${nodes}" --no-ssl --no-host-key-check \
      >   "puppet --version
      >   puppet agent --onetime --no-daemonize --verbose" \
      >   --password
      Please enter your password:
      Started on rmvtndtcan9bnaa.delivery.puppetlabs.net...
      Started on umwu0w8tmhfxgz3.delivery.puppetlabs.net...
      Finished on umwu0w8tmhfxgz3.delivery.puppetlabs.net:
        STDOUT:
          5.5.6
          Info: Using configured environment 'production'
          Info: Retrieving pluginfacts
          Info: Retrieving plugin
          Info: Retrieving locales
          Info: Loading facts
          Info: Caching catalog for umwu0w8tmhfxgz3.delivery.puppetlabs.net
          Info: Applying configuration version '1545433990'
          Notice: /Stage[main]/Puppet_agent::Osfamily::Redhat/File[/etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs]/ensure: defined content as '{md5}7b4ed31e1028f921b5c965df0a42e508'
          Notice: /Stage[main]/Puppet_agent::Osfamily::Redhat/File[/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet]/ensure: defined content as '{md5}16e3e148bc861ee66906e475f8342f81'
          Notice: /Stage[main]/Puppet_agent::Osfamily::Redhat/Yumrepo[pc_repo]/ensure: created
          Info: Yumrepo[pc_repo](provider=inifile): changing mode of /etc/yum.repos.d/pc_repo.repo from 600 to 644
          Notice: /Stage[main]/Puppet_agent::Install/Package[puppet-agent]/ensure: ensure changed '5.5.6-1.el7' to '5.5.8-1.el7'
          Notice: Applied catalog in 7.28 seconds
        STDERR:
          Warning: The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.
             (file: /etc/puppetlabs/code/environments/production/modules/puppet_agent/manifests/prepare.pp, line: 36)
          Warning: The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.
             (file: /etc/puppetlabs/code/environments/production/modules/puppet_agent/manifests/prepare/puppet_config.pp, line: 18)
          Warning: The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.
             (file: /etc/puppetlabs/code/environments/production/modules/puppet_agent/manifests/osfamily/redhat.pp, line: 70)
          Warning: The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.
             (file: /etc/puppetlabs/code/environments/production/modules/puppet_agent/manifests/osfamily/redhat.pp, line: 75)
          Warning: The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.
             (file: /etc/puppetlabs/code/environments/production/modules/puppet_agent/manifests/osfamily/redhat.pp, line: 92)
      Finished on rmvtndtcan9bnaa.delivery.puppetlabs.net:
        STDOUT:
          5.5.6
          Info: Using configured environment 'production'
          Info: Retrieving pluginfacts
          Info: Retrieving plugin
          Info: Retrieving locales
          Info: Loading facts
          Info: Caching catalog for rmvtndtcan9bnaa.delivery.puppetlabs.net
          Info: Applying configuration version '1545433988'
          Notice: /Stage[main]/Puppet_agent::Prepare::Package/File[C:\ProgramData\Puppetlabs\packages]/ensure: created
          Notice: /Stage[main]/Puppet_agent::Prepare::Package/File[C:\ProgramData\Puppetlabs\packages\puppet-agent-x64.msi]/ensure: defined content as '{sha256lite}6989877481def857c2a4372b337ba5c29b0b8f6bf74b9bb7489a148b2d032295'
          Notice: /Stage[main]/Puppet_agent::Windows::Install/File[C:\Users\ADMINI~1\AppData\Local\Temp\install_puppet.bat]/ensure: defined content as '{md5}e60e8c16d8d969f7e2435ad7db4cb6c0'
          Notice: /Stage[main]/Puppet_agent::Windows::Install/Exec[install_puppet.bat]/returns: executed successfully
          Notice: /Stage[main]/Puppet_agent::Windows::Install/Exec[fix inheritable SYSTEM perms]/returns: executed successfully
          Notice: Applied catalog in 6.24 seconds
      Successful on 2 nodes: winrm://Administrator@rmvtndtcan9bnaa.delivery.puppetlabs.net,ssh://root@umwu0w8tmhfxgz3.delivery.puppetlabs.net
      Ran on 2 nodes in 25.33 seconds
      

      But the agent is only upgraded on the CentOS node:

      # bolt command run --nodes "${nodes}" --no-ssl --no-host-key-check \
        "facter osfamily aio_agent_version" \
        --password
      Please enter your password:
      Started on rmvtndtcan9bnaa.delivery.puppetlabs.net...
      Started on umwu0w8tmhfxgz3.delivery.puppetlabs.net...
      Finished on umwu0w8tmhfxgz3.delivery.puppetlabs.net:
        STDOUT:
          aio_agent_version => 5.5.8
          osfamily => RedHat
      Finished on rmvtndtcan9bnaa.delivery.puppetlabs.net:
        STDOUT:
          aio_agent_version => 5.5.6
          osfamily => windows
      Successful on 2 nodes: winrm://Administrator@rmvtndtcan9bnaa.delivery.puppetlabs.net,ssh://root@umwu0w8tmhfxgz3.delivery.puppetlabs.net
      Ran on 2 nodes in 1.05 seconds
      

      The CentOS node had a Yum repo configured that used the alternate master URL:

      # bolt command run --nodes "${lin_node}" --no-host-key-check \
        "cat /etc/yum.repos.d/pc_repo.repo" \
        --password
      Please enter your password:
      Started on umwu0w8tmhfxgz3.delivery.puppetlabs.net...
      Finished on umwu0w8tmhfxgz3.delivery.puppetlabs.net:
        STDOUT:
          [pc_repo]
          name=Puppet Labs puppet5 Repository
          baseurl=https://alt-name.test:8140/packages/2018.1.5/el-7-x86_64
          enabled=True
          gpgcheck=1
          gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
            file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet
          sslcacert=/etc/puppetlabs/puppet/ssl/certs/ca.pem
          sslclientcert=/etc/puppetlabs/puppet/ssl/certs/umwu0w8tmhfxgz3.delivery.puppetlabs.net.pem
          sslclientkey=/etc/puppetlabs/puppet/ssl/private_keys/umwu0w8tmhfxgz3.delivery.puppetlabs.net.pem
      Successful on 1 node: ssh://root@umwu0w8tmhfxgz3.delivery.puppetlabs.net
      Ran on 1 node in 0.28 seconds
      

      While the Windows node attempted to install a directory instead of a MSI package and failed miserably:

      # bolt command run --nodes "${win_node}" --no-ssl \
        "Get-Content (\$env:temp + '/puppet*installer.log')" \
        --password
      Please enter your password:
      Started on rmvtndtcan9bnaa.delivery.puppetlabs.net...
      Finished on rmvtndtcan9bnaa.delivery.puppetlabs.net:
        STDOUT:
          === Verbose logging started: 12/21/2018  23:13:25  Build type: SHIP UNICODE 5.00.10011.00  Calling process: C:\Windows\system32\msiexec.exe ===
          MSI (c) (B0:C8) [23:13:25:373]: Resetting cached policy values
          MSI (c) (B0:C8) [23:13:25:373]: Machine policy value 'Debug' is 0
          MSI (c) (B0:C8) [23:13:25:373]: ******* RunEngine:
                     ******* Product: https://alt-name.test:8140/packages
                     ******* Action:
                     ******* CommandLine: **********
          MSI (c) (B0:C8) [23:13:25:373]: Client-side and UI is none or basic: Running entire install on the server.
          MSI (c) (B0:C8) [23:13:25:373]: Grabbed execution mutex.
          MSI (c) (B0:C8) [23:13:25:404]: Cloaking enabled.
          MSI (c) (B0:C8) [23:13:25:404]: Attempting to enable all disabled privileges before calling Install on Server
          MSI (c) (B0:C8) [23:13:25:404]: Incrementing counter to disable shutdown. Counter after increment: 0
          MSI (s) (D4:88) [23:13:25:420]: Running installation inside multi-package transaction https://alt-name.test:8140/packages
          MSI (s) (D4:88) [23:13:25:420]: Grabbed execution mutex.
          MSI (s) (D4:88) [23:13:25:420]: Resetting cached policy values
          MSI (s) (D4:88) [23:13:25:420]: Machine policy value 'Debug' is 0
          MSI (s) (D4:88) [23:13:25:420]: ******* RunEngine:
                     ******* Product: https://alt-name.test:8140/packages
                     ******* Action:
                     ******* CommandLine: **********
          MSI (s) (D4:88) [23:13:25:420]: Using WinHttp to perform URL download
          MSI (s) (D4:88) [23:13:25:420]: File path is a URL. Downloading file. . .
          MSI (s) (D4:88) [23:13:25:420]: Msi WinHttp: Performing auto proxy detection
          MSI (s) (D4:88) [23:13:25:420]: MSI WinHttp: Proxy Settings Proxy: (none) | Bypass: (none) | AccessType: 0
          MSI (s) (D4:88) [23:13:25:451]: Download of URL resource https://alt-name.test:8140/packages failed with last error 12044
          MSI (s) (D4:88) [23:13:25:451]: MainEngineThread is returning 2
          MSI (s) (D4:88) [23:13:25:466]: User policy value 'DisableRollback' is 0
          MSI (s) (D4:88) [23:13:25:466]: Machine policy value 'DisableRollback' is 0
          MSI (s) (D4:88) [23:13:25:466]: Incrementing counter to disable shutdown. Counter after increment: 0
          MSI (s) (D4:88) [23:13:25:466]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
          MSI (s) (D4:88) [23:13:25:466]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
          MSI (s) (D4:88) [23:13:25:466]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
          MSI (c) (B0:C8) [23:13:25:466]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
          MSI (c) (B0:C8) [23:13:25:466]: MainEngineThread is returning 2
          === Verbose logging stopped: 12/21/2018  23:13:25 ===
       
      Successful on 1 node: winrm://Administrator@rmvtndtcan9bnaa.delivery.puppetlabs.net
      Ran on 1 node in 0.80 seconds
      

      Expected outcome

      Both the CentOS and Windows nodes upgrade successfully.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              chuck Charlie Sharpsteen
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support