[PUP-1295] Yum provider "purge" target runs irrespective of package installation status Created: 2013/12/30  Updated: 2016/06/01  Resolved: 2016/04/25

Status: Closed
Project: Puppet
Component/s: Types and Providers
Affects Version/s: PUP 3.2.4
Fix Version/s: PUP 4.2.0

Type: Bug Priority: Normal
Reporter: redmine.exporter Assignee: Unassigned
Resolution: Fixed Votes: 9
Labels: Community
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones PUP-1198 Package type and provider need to con... Closed
Template:
Story Points: 1
Sprint: Client 2015-05-27
Release Notes: Bug Fix
QA Contact: Eric Thompson

 Description   

It seems the yum provider will try to purge an absent package:

[root@test ~]# cat test.pp 
package { logwatch: ensure => purged; }
 
[root@test ~]# /bin/rpm -q logwatch --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}'
package logwatch is not installed
 
[root@test ~]# puppet -d -v test.pp 
debug: Puppet::Type::Package::ProviderRpm: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderUrpmi: Executing '/bin/rpm -ql rpm'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderAptrpm: Executing '/bin/rpm -ql rpm'
debug: Puppet::Type::Package::ProviderPorts: file /usr/local/sbin/portupgrade does not exist
debug: Puppet::Type::Package::ProviderAptitude: file /usr/bin/aptitude does not exist
debug: Puppet::Type::Package::ProviderSunfreeware: file pkg-get does not exist
debug: Puppet::Type::Package::ProviderUp2date: file /usr/sbin/up2date-nox does not exist
debug: Puppet::Type::Package::ProviderApt: file /usr/bin/apt-get does not exist
debug: Puppet::Type::Package::ProviderPortage: file /usr/bin/emerge does not exist
debug: Puppet::Type::Package::ProviderRug: file /usr/bin/rug does not exist
debug: Puppet::Type::Package::ProviderDpkg: file /usr/bin/dpkg does not exist
debug: Puppet::Type::Package::ProviderSun: file /usr/sbin/pkgrm does not exist
debug: Puppet::Type::Package::ProviderAptrpm: file apt-get does not exist
debug: Puppet::Type::Package::ProviderFink: file /sw/bin/fink does not exist
debug: Puppet::Type::Package::ProviderHpux: file /usr/sbin/swremove does not exist
debug: Puppet::Type::Package::ProviderUrpmi: file urpmi does not exist
debug: Puppet::Type::Package::ProviderFreebsd: file /usr/sbin/pkg_info does not exist
debug: Puppet::Type::Package::ProviderOpenbsd: file pkg_info does not exist
debug: Creating default schedules
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/certs/test.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/public_keys/test.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys/test.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 23973287885200 with 0 changes
debug: Prefetching yum resources for package
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}
''
info: Applying configuration version '1272893121'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -q logwatch --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}
'
debug: //Package[logwatch]: Changing ensure
debug: //Package[logwatch]: 1 change(s)
debug: Puppet::Type::Package::ProviderYum: Executing '/usr/bin/yum -y erase logwatch'
notice: //Package[logwatch]/ensure: created
debug: Finishing transaction 23456258088960 with 1 changes



 Comments   
Comment by Bruce Bushby [ 2014/01/23 ]

This is affecting all of our machines:
[root@xxxx-linux opt]#
[root@xxxx-linux opt]# rpm -qa | grep puppet
puppet-3.3.2-1.el6.noarch
[root@xxxx-linux opt]#

The package does not exist, but we still get the syslog message due to the use of "ensure => "purged";

class sudo::install {
if ( $operatingsystem in [ 'redhat', 'RedHat' ]) {
package

{ "sudo": ensure => latest; "xxxx-sudoers": ensure => "purged"; }

}
}

The syslof message:
Jan 23 03:42:28 xxxx-linux puppet-agent[17413]: (/Stage[main]/Sudo::Install/Package[xxxx-sudoers]/ensure) created
Jan 23 03:42:31 xxxx-linux puppet-agent[17413]: Finished catalog run in 5.10 seconds
Jan 23 04:42:29 xxxx-linux puppet-agent[18542]: (/Stage[main]/Sudo::Install/Package[xxxx-sudoers]/ensure) created
Jan 23 04:42:32 xxxx-linux puppet-agent[18542]: Finished catalog run in 5.62 seconds
Jan 23 05:42:30 xxxx-linux puppet-agent[19258]: (/Stage[main]/Sudo::Install/Package[xxxx-sudoers]/ensure) created
Jan 23 05:42:33 xxxx-linux puppet-agent[19258]: Finished catalog run in 7.09 seconds
Jan 23 06:42:29 xxxx-linux puppet-agent[20361]: (/Stage[main]/Sudo::Install/Package[xxxx-sudoers]/ensure) created
Jan 23 06:42:31 xxxx-linux puppet-agent[20361]: Finished catalog run in 5.48 seconds

Comment by Jason Corley [ 2014/02/27 ]

I'm seeing this as well with puppet 3.2.4, centos 6.5, and ruby 1.9.3p484

Comment by Mike Reznik [ 2014/04/09 ]

Still seeing this issue, Puppet 3.3.2, CentOS 6.3, Ruby 1.8.7

Comment by Hunter (Hunner) Haugen [ 2014/05/23 ]

Still seeing this issue, Puppet 3.6.1, CentOS 6.5, ruby 1.8.7p352

Comment by Daniel Dreier [ 2014/06/02 ]

I've confirmed this again on master / 3.6.1 on CentOS 6.5. yum remove is run each time. The yum remove should only run if the package is actually installed.

Comment by Jason Corley [ 2014/12/30 ]

confirmed again with puppet 3.7.1 on centos 6.5

Comment by Anton Fomenko [ 2015/02/03 ]

Same on puppet 3.7.3 on centos 5, 6 and 7.

Comment by Peter Huene [ 2015/05/11 ]

This will happen on any package provider that reports itself as purgeable but does not provide :purged resources.

I think the correct fix here is to treat absent packages as being in-sync with ensure => purged.

Comment by Peter Huene [ 2015/05/11 ]

Sadly it looks like the dpkg provider does rely on :purged and :absent to be independent statuses reported by the provider (former means entirely uninstalled, while the latter means uninstalled but still purgable). May need to localize this fix to the yum provider (and other providers that suffer from this problem).

Comment by Michael Smith [ 2015/05/18 ]

Review plans:

  • gem supports uninstall but not purge
  • yum supports purge but not uninstall
  • apt/dpkg supports both purge and uninstall
  • apple supports neither

Review how the behavior changes under each provider.

Comment by Kurt Wall [ 2015/05/19 ]

Validate in master at SHA=a08e8262875d5c7e50c91eda06892e46e722a257. Setting ensure => purged on a non-existent package does not result in a an attempt to uninstall the non-existent package:

# test.pp
package { 'logwatch':
  ensure => purged,
}
 
# rpm -q logwatch
package logwatch is not installed
 
# puppet apply --verbose --debug test.pp
[...]
Info: Applying configuration version '1432047339'
Debug: Prefetching yum resources for package
Debug: Executing: '/usr/bin/rpm --version'
Debug: Executing '/usr/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n''
Debug: Executing: '/usr/bin/rpm -q logwatch --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Debug: Executing: '/usr/bin/rpm -q logwatch --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n --whatprovides'
Debug: /Stage[main]/Main/Package[logwatch]: Nothing to manage: no ensure and the resource doesn't exist
Debug: Finishing transaction 33799880
Debug: Storing state
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Debug: Stored state in 0.01 seconds
Notice: Applied catalog in 0.08 seconds
Debug: Finishing transaction 35441120
Debug: Received report to process from xc5hlllybchiak3.delivery.puppetlabs.net
Debug: Evicting cache entry for environment 'production'
Debug: Caching environment 'production' (cache ttl: 0)
Debug: Processing report from xc5hlllybchiak3.delivery.puppetlabs.net with processor Puppet::Reports::Store

Comment by Kurt Wall [ 2015/05/19 ]

Resolved per previous comment.

Comment by Florian Faltermeier [ 2016/04/15 ]

Hello,

could you please backport this fix for Puppet 3.x ?

Thank you!

Kind regards,
Florian

Comment by Branan Riley [ 2016/04/25 ]

Hi Florian,

Because this ticket has been closed for so long (almost a year and almost 2 Puppet versions), I think it would be better if you put up a new ticket for a 3.x backport. That doesn't mean that we'll definitely do it - 3.x work is pretty low priority for us. It would be much more likely to get in if you were willing to do the backport yourself and open a PR for us.

Thanks,
Branan

Comment by Trevor Vaughan [ 2016/06/01 ]

Branan Riley I would recommend reopening this since it also appears to happen in 4.5

[root@el7-system manifests]# /usr/local/share/gems/gems/puppet-4.5.0/bin/puppet resource package haveged ensure=purged
Notice: /Package[haveged]/ensure: purged
package { 'haveged':
  ensure => 'absent',
[root@el7-system manifests]# /usr/local/share/gems/gems/puppet-4.5.0/bin/puppet resource package haveged ensure=purged
Notice: /Package[haveged]/ensure: purged
package { 'haveged':
  ensure => 'absent',
}
[root@el7-system manifests]# /usr/local/share/gems/gems/puppet-4.5.0/bin/puppet resource package haveged
package { 'haveged':
  ensure => 'absent',
}
[root@el7-system manifests]# /usr/local/share/gems/gems/puppet-4.5.0/bin/puppet resource package haveged ensure=absent
package { 'haveged':
  ensure => 'absent',
}

Generated at Sat Aug 24 22:08:35 PDT 2019 using JIRA 7.7.1#77002-sha1:e75ca93d5574d9409c0630b81c894d9065296414.