Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-1946

Puppet-Agent and components should not use external nightlies for testing



    • Type: Task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:
    • Team:
      Platform OS
    • Sprint:
      Platform OS Kanban
    • QA Risk Assessment:
      Needs Assessment


      For running tests against the latest version of puppetserver, we should be hitting something internal. Currently, we hit nightlies.puppetlabs.com, which is external. This only provides granularity on the puppet5 v. puppet6 level right now, but we need to pin puppet-agent 1.10.x to the puppetserver 2.x release stream. We can't do that with how nightlies is currently set up.

      Copied from a comment from Branan Riley in PA-1915:

      I'd prefer not to use the actual nightly repos for a couple of reasons:

      • They won't be updated in the case of a security event
      • They don't really support multiple release streams. We have 5/6 right now, but that won't always be the case in the future. Even right now, it means that 1.10 and 5.3 are pinned when they shouldn't be.
      • They're way outside the firewall (S3?) which is always a potential failure point

      Ideally, we should have an internal data source of some sort for what the last passing version of each stream is, that will be updated whether it's from an internal fork due to a CVE, or whether it's the normal process.

      In that world, we'd want to see every agent branch testing against the last passing build of the associated puppetserver branch. I believe that means:

      1.10.x -> 2.6.x (or 2.x - PE vs. FOSS versions)
      5.3.x -> 5.1.x
      5.5.x -> 5.3.x
      master -> master

      puppet-agent currently pushes up some last-passing files for every branch to builds, which Server couple probably replicate. These are generated from the information available in the build pipeline and scp'd to builds. during the promotion step. See https://github.com/puppetlabs/ci-job-configs/blob/master/resources/scripts/puppet-agent-internal-promotion.sh#L64-L87 and http://builds.delivery.puppetlabs.net/passing-agent-SHAs/


          Issue Links



              casey.williams Casey Williams
              melissa Melissa Stone
              0 Vote for this issue
              2 Start watching this issue



                  Zendesk Support