[PUP-10018] The module tool won't solve some dependencies without --force or --ignore-dependencies Created: 2019/09/13 Updated: 2020/03/13
|Affects Version/s:||PUP 6.8.1|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Template:||PUP Bug Template customfield_10700 324663|
|Master OS:||RHEL 7 (x86_64)|
|Team:||Puppet Developer Experience|
|Method Found:||Needs Assessment|
|QA Risk Assessment:||Needs Assessment|
Puppet Version: 6.8.1
The module tool refuses to perform valid module upgrades under some circumstances, unless the --force or --ignore-dependencies option is applied. Even --ignore-dependencies does not suffice in some cases. Specifically, it seems unwilling to perform an upgrade across a major version of the specified module if that requires an upgrade even of the minor version of one of that module's dependencies. Alternatively, the tool's objection might be to performing a set of upgrades that are valid as a group, but which cannot be broken down into a sequence of separate, individually-valid upgrades.
The particular case in which I experienced this can be reproduced like so:
One should not need to use --force or --ignore-dependencies to upgrade from one set of module versions in which all dependencies are satisfied to another set of module versions in which all dependencies are satisfied.
The module tool should be willing to perform upgrades such as those described without using --force or --ignore-dependencies. In particular, it should be willing to perform any combination of minor-version upgrades in service to an upgrade of the module named on the command line, so long as it results in a final state in which all dependencies are satisfied. Use of --force or --ignore-dependencies is not desirable here because it does not automatically solve dependencies, and it can (and often does) produce a situation in which dependencies indeed are not fully satisfied.
It would be acceptable, albeit not ideal for this purpose, to require use of a new, different command-line argument.
Here's an example of the observed behavior. Specific module versions are expressed via --version options to ensure reproducibility. The target versions for the upgrade commands reflect the latest versions of the modules involved as of the time of this report, and at this time, the upgrade failures can also be reproduced without specifying target module versions.
Preparing the environment ...
# puppet module list
# puppet module install puppetlabs-apt --version=6.3.0
# puppet module install puppetlabs-puppet_agent --version=2.1.2
Reproducing the issue ...
# puppet module upgrade puppetlabs-puppet_agent --version=2.2.0
# puppet module upgrade puppetlabs-apt --version=7.1.0
# puppet module upgrade puppetlabs-apt --version=7.1.0 --ignore-dependencies
|Comment by Jorie Tappa [ 2019/09/23 ]|
Hi John Bollinger, unfortunately the Puppet Module Tool is no longer under active development, have you tried using PDK to solve this issue?
|Comment by John Bollinger [ 2019/09/23 ]|
Hi Jorie Tappa, To the best of my knowledge, PDK does not address the problem of installing or upgrading modules in a working Puppet environment (the special case of the "pdk test unit" command notwithstanding). Perhaps I have used the wrong name. As the instructions for reproducing the issue show, I am talking about the "puppet module install" and especially "puppet module upgrade" commands. These do not emit deprecation warnings when run, and I do not recall seeing any notification elsewhere of their deprecation.
|Comment by Josh Cooper [ 2020/03/12 ]|
I think the puppetlabs-puppet_agent upgrade from 2.1.2 to 2.2.0 fails because the latter requires apt >= 7.0.1 and the PMT doesn't know to upgrade dependencies at the same time.
I'm not sure why --ignore-dependencies doesn't work, but --force does as a workaround:
After which you can upgrade apt as expected:
|Comment by John Bollinger [ 2020/03/13 ]|
Thanks for your comments, Josh Cooper. I'm a bit distanced from this issue now, six months later, but I know that I did in the end get the module updates performed. I forget whether I used --force for that, but I suspect that I instead uninstalled several modules and then installed new versions with their newer dependencies. Of course, the whole point of this issue is that neither --force nor --ignore-dependencies should be required in cases such as the one presented.
Also, "the PMT doesn't know to upgrade dependencies at the same time" does seem to sum up the problem, but my vague and possibly mistaken recollection is that it's not completely accurate. That is, I think I do see it perform multiple upgrades in the same run sometimes, just not when any of the upgrades crosses a major-version-number threshold.