Details
-
Bug
-
Status: Accepted
-
Normal
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
-
Night's Watch
-
5
-
Needs Assessment
-
Needs Assessment
Description
There are various scenarios in which catalog and plugins may not match:
- plugins are sync-ed while new catalog cannot be retrieved and cached catalog is used instead (this should be subject of https://tickets.puppetlabs.com/browse/PUP-10648 and https://tickets.puppetlabs.com/browse/PUP-10667)
- plugins are partially sync-ed, using new or cached catalog may both lead to inconsistencies
To fix this plugins need to be downloaded in an atomic way. One option is to create a secure directory with the same parent as Puppet[:libdir] and use it to pluginsync. To avoid downloading files we already have, you'd have to copy everything from Puppet[:libdir] to libnew. So maybe something like:
1. create lib.new using ruby equivalent of mktemp -d lib.new and restrict permissions so only the current user can write
2. Pluginsync to lib.new
3. Rename Puppet[:libdir] to lib.old
4. Rename lib.new to Puppet[:libdir]
5. Delete lib.old recursively
It's possible for puppet to crash/ctrl-c between any of those points. If it occurs between 3 and 4, then puppet will have lost all of its plugins. To account for that, if puppet starts and lib.old exists, but Puppet[:libdir] doesn't, then have recover its plugins by renaming lib.old to Puppet[:libdir].
If the crash occurs between 4 and 5, then the new plugins have been committed. So when puppet starts, if Puppet[:libdir] exists, have it delete the stale lib.old.
Attachments
Issue Links
- relates to
-
PUP-11032 Pluginsync Improvements
-
- Open
-