[PUP-2182] Package resource not working as expected in 3.5.0 Created: 2014/04/08  Updated: 2019/08/23  Resolved: 2014/05/20

Status: Closed
Project: Puppet
Component/s: Types and Providers
Affects Version/s: PUP 3.5.0
Fix Version/s: PUP 3.6.1

Type: Bug Priority: Major
Reporter: Sean Edge Assignee: Unassigned
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by PUP-2378 Use of rpm -q --whatprovides breaks w... Closed
Relates
relates to PUP-2746 new parameter "allow_virtual" Closed
relates to PUP-897 package type should accept virtual pa... Closed
relates to PUP-9974 Regression: allow_virtual => true mat... Resolved
relates to PUP-2650 3.6.1 issues "warning" message for de... Closed
Template:
Story Points: 2
Sprint: Week 2014-5-14 to 2014-5-21

 Description   

One of my modules has the following code:

package { 'inetd': ensure => absent; }

On the next Puppet run, Puppet tries to remove the xinetd package (debug output):

Debug: Executing '/bin/rpm -q inetd --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Debug: Executing '/bin/rpm -q inetd --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n --whatprovides'
Debug: Executing '/bin/rpm -e xinetd-2.3.14-39.el6_4.x86_64'
Error: Execution of '/bin/rpm -e xinetd-2.3.14-39.el6_4.x86_64' returned 1: error: Failed dependencies:
        xinetd is needed by (installed) tftp-server-0.49-7.el6.x86_64
Error: /Stage[main]/Services/Package[inetd]/ensure: change from 2.3.14-39.el6_4 to absent failed: Execution of '/bin/rpm -e xinetd-2.3.14-39.el6_4.x86_64' returned 1: error: Failed dependencies:
        xinetd is needed by (installed) tftp-server-0.49-7.el6.x86_64

I've also noticed this problem with the JRE package. Our local yum repo has many versions of java. One of these packages has the %

{NAME}

'jre' (downloaded from oracle's site directly) which is what we used to create the package resource. However it's substituting other java packages that provide 'jre' and installing those packages instead. In fact, if there's a package that provides 'jre' already installed on your system puppet won't install the package named jre!



 Comments   
Comment by Peter Huene [ 2014/04/08 ]

So the xinetd package provides the virtual package 'inetd'. For example, if you asked yum to install 'inetd', it would install 'xinetd'. Likewise, if you ask yum to remove 'inetd', it would remove 'xinetd'. The rpm base provider now supports that functionality, so ensuring inetd is absent is akin to ensuring that xinetd is absent (I get your intention, though; you want to make sure the old inetd package is never present). I currently don't see a way of preventing this without backing out the support for virtual package names or making it an optional feature on the package type.

Comment by Sean Edge [ 2014/04/08 ]

You're right about 'inetd'. I will clean up the module that removes this package since this is really not needed anyway.

My issue actually started with Puppet not installing the jre package so let me focus on that now:

[root@fw ~]# rpm -q puppet
puppet-3.5.0-1.el6.noarch
[root@fw ~]# cat /tmp/test.pp 
package { 'jre': ensure => 'latest' }
[root@fw ~]# puppet apply /tmp/test.pp 
Notice: Compiled catalog for fw in environment production in 0.78 seconds
Notice: Finished catalog run in 1.87 seconds
[root@fw ~]# yum list jre
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Available Packages
jre.i586                                                                                            1.7.0_51-fcs                                                                                                    latest
jre.x86_64                                                                                       1.7.0_51-fcs                                                                                                    latest
[root@fw ~]# rpm -qa | egrep 'java|jre'
java-1.7.0-openjdk-1.7.0.51-2.4.4.1.el6_5.x86_64
tzdata-java-2014b-1.el6.noarch
[root@fw ~]#

In Puppet 3.4.x the "jre" package would have been installed by Puppet there. The package is definitely available. "yum install jre" does what I expect and tries to install the package that I want.

[root@fw ~]# yum install jre
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package jre.x86_64 0:1.7.0_51-fcs will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
=============================================================================================================================================================================================================================================
 Package                                            Arch                                                  Version                                                       Repository                                                      Size
=============================================================================================================================================================================================================================================
Installing:
 jre                                                x86_64                                                1.7.0_51-fcs                                                  latest                                                 32 M
 
Transaction Summary
=============================================================================================================================================================================================================================================
Install       1 Package(s)
 
Total download size: 32 M
Installed size: 80 M
Is this ok [y/N]: n
Exiting on user Command
[root@fw ~]#

While typing this I had an idea and got Puppet 3.5.0 to install the correct JRE package:

[root@fw ~]# cat /tmp/test.pp 
package { 'jre.x86_64': ensure => 'latest' }
[root@fw ~]# puppet apply /tmp/test.pp
Notice: Compiled catalog for fw in environment production in 0.70 seconds
Notice: /Stage[main]/Main/Package[jre.x86_64]/ensure: created
Notice: Finished catalog run in 21.32 seconds

I have a work around now so that's good.

Here it is working as originally expected in 3.4.3:

[root@fw ~]# rpm -Uvh /tmp/puppet-3.4.3-1.el6.noarch.rpm --force
Preparing...                ########################################### [100%]
   1:puppet                 warning: /etc/puppet/auth.conf created as /etc/puppet/auth.conf.rpmnew
########################################### [100%]
[root@fw ~]# rpm -q puppet
puppet-3.4.3-1.el6.noarch
[root@fw ~]# rpm -q jre
jre-1.7.0_51-fcs.x86_64
[root@fw ~]# rpm -e jre
[root@fw ~]# rpm -q jre
package jre is not installed
[root@fw ~]# cat /tmp/test.pp 
package { 'jre': ensure => 'latest' }
[root@fw ~]# puppet apply /tmp/test.pp 
Notice: Compiled catalog for fw in environment production in 0.52 seconds
Notice: /Stage[main]/Main/Package[jre]/ensure: created
Notice: Finished catalog run in 16.31 seconds
[root@fw ~]# rpm -q jre
jre-1.7.0_51-fcs.x86_64
[root@fw ~]#

Comment by Peter Huene [ 2014/04/08 ]

With 3.5.0, could you paste the debug output for this manifest?

package { 'jre':
    ensure => latest
}

I don't have the Oracle jre package, only the virtual one provided by the java package. As such, that manifest installs "jre" without the architecture for both :latest and :present for me.

Thanks.

Comment by Sean Edge [ 2014/04/09 ]

Done:

[root@fw ~]# puppet apply /tmp/test.pp -vd
Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rb
Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb
Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/pe_version.rb
Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb
Info: Loading facts in /etc/puppet/modules/badperms/lib/facter/unlabeled_device_files.rb
Info: Loading facts in /etc/puppet/modules/ntp/lib/facter/ntpservers.rb
Info: Loading facts in /etc/puppet/modules/hadoop/lib/facter/hadoop_data_dirs.rb
Info: Loading facts in /etc/puppet/modules/hadoop/lib/facter/dfs_data_dirs.rb
Info: Loading facts in /etc/puppet/modules/hadoop/lib/facter/mapred_data_dirs.rb
Info: Loading facts in /etc/puppet/modules/kernel/lib/facter/cpu_nx.rb
Info: Loading facts in /etc/puppet/modules/kernel/lib/facter/kernel_nx.rb
Info: Loading facts in /etc/puppet/modules/enc/lib/facter/admin_host.rb
Info: Loading facts in /etc/puppet/modules/pitchfork/lib/facter/pitchfork_initialized.rb
Info: Loading facts in /var/lib/puppet/lib/facter/cidr_netmask.rb
Info: Loading facts in /var/lib/puppet/lib/facter/cpu_nx.rb
Info: Loading facts in /var/lib/puppet/lib/facter/unlabeled_device_files.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/hadoop_data_dirs.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/mapred_data_dirs.rb
Info: Loading facts in /var/lib/puppet/lib/facter/ntpservers.rb
Info: Loading facts in /var/lib/puppet/lib/facter/admin_host.rb
Info: Loading facts in /var/lib/puppet/lib/facter/kernel_nx.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pitchfork_initialized.rb
Info: Loading facts in /var/lib/puppet/lib/facter/dfs_data_dirs.rb
Debug: Executing '/bin/rpm --version'
Debug: Executing '/bin/rpm -ql rpm'
Debug: Executing '/bin/rpm --version'
Notice: Compiled catalog for fw in environment production in 0.84 seconds
Debug: Puppet::Type::Package::ProviderHpux: file /usr/sbin/swinstall does not exist
Debug: Puppet::Type::Package::ProviderApt: file /usr/bin/apt-get does not exist
Debug: Puppet::Type::Package::ProviderDpkg: file /usr/bin/dpkg does not exist
Debug: Puppet::Type::Package::ProviderRug: file /usr/bin/rug does not exist
Debug: Puppet::Type::Package::ProviderAix: file /usr/bin/lslpp does not exist
Debug: Puppet::Type::Package::ProviderPorts: file /usr/local/sbin/portupgrade does not exist
Debug: Puppet::Type::Package::ProviderAptrpm: file apt-get does not exist
Debug: Puppet::Type::Package::ProviderFreebsd: file /usr/sbin/pkg_delete does not exist
Debug: Puppet::Type::Package::ProviderUrpmi: file urpmi does not exist
Debug: Puppet::Type::Package::ProviderPacman: file /usr/bin/pacman does not exist
Debug: Puppet::Type::Package::ProviderPortupgrade: file /usr/local/sbin/portinstall does not exist
Debug: Puppet::Type::Package::ProviderOpkg: file opkg does not exist
Debug: Puppet::Type::Package::ProviderPkg: file /usr/bin/pkg does not exist
Debug: Puppet::Type::Package::ProviderUp2date: file /usr/sbin/up2date-nox does not exist
Debug: Puppet::Type::Package::ProviderPortage: file /usr/bin/eix-update does not exist
Debug: Puppet::Type::Package::ProviderNim: file /usr/bin/lslpp does not exist
Debug: Puppet::Type::Package::ProviderPkgin: file pkgin does not exist
Debug: Puppet::Type::Package::ProviderZypper: file /usr/bin/zypper does not exist
Debug: Puppet::Type::Package::ProviderSun: file /usr/sbin/pkgadd does not exist
Debug: Puppet::Type::Package::ProviderSunfreeware: file pkg-get does not exist
Debug: Puppet::Type::Package::ProviderAptitude: file /usr/bin/aptitude does not exist
Debug: Puppet::Type::Package::ProviderOpenbsd: file pkg_delete does not exist
Debug: Puppet::Type::Package::ProviderFink: file /sw/bin/fink does not exist
Debug: Creating default schedules
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
Debug: Puppet::Type::User::ProviderLdap: true value when expecting false
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Puppet::Type::Group::ProviderLdap: true value when expecting false
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/fw.pem]{:backup=>false, :group=>"puppet", :ensure=>:file, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys/
fw.pem"}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :mode=>"755", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_re
quests"}'
Debug: Using settings: adding file resource 'resourcefile': 'File[/var/lib/puppet/state/resources.txt]{:backup=>false, :ensure=>:file, :loglevel=>:debug, :owner=>"root", :mode=>"640", :links=>:follow, :path=>"/var/lib/puppet/state/resources.txt"}'
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/log/puppet"}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private"}'
Debug: Using settings: adding file resource 'hostcrl': 'File[/var/lib/puppet/ssl/crl.pem]{:backup=>false, :group=>"puppet", :ensure=>:file, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/crl.pem"}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet"}'
Debug: Using settings: adding file resource 'httplog': 'File[/var/log/puppet/http.log]{:backup=>false, :ensure=>:file, :loglevel=>:debug, :owner=>"root", :mode=>"640", :links=>:follow, :path=>"/var/log/puppet/http.log"}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :mode=>"755", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs"}'
Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:backup=>false, :ensure=>:directory, :loglevel=>:debug, :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/client_yaml"}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/fw.pem]{:backup=>false, :group=>"puppet", :ensure=>:file, :loglevel=>:debug, :owner=>"puppet", :mode=>"640", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_ke
ys/fw.pem"}'
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :mode=>"755", :links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys"}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:backup=>false, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/lib"}'
Debug: Using settings: adding file resource 'lastrunreport': 'File[/var/lib/puppet/state/last_run_report.yaml]{:backup=>false, :ensure=>:file, :loglevel=>:debug, :mode=>"640", :links=>:follow, :path=>"/var/lib/puppet/state/last_run_report.yaml"}'
Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:backup=>false, :ensure=>:directory, :loglevel=>:debug, :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/clientbucket"}'
Debug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:backup=>false, :group=>"puppet", :ensure=>:file, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs/ca.pem"}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/ssl/private_keys"}'
Debug: Using settings: adding file resource 'hiera_config': 'File[/etc/puppet/hiera.yaml]{:backup=>false, :ensure=>:file, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet/hiera.yaml"}'
Debug: Using settings: adding file resource 'pluginfactdest': 'File[/var/lib/puppet/facts.d]{:backup=>false, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/facts.d"}'
Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:backup=>false, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet/state/graphs"}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:backup=>false, :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet"}'
Debug: Using settings: adding file resource 'statefile': 'File[/var/lib/puppet/state/state.yaml]{:backup=>false, :ensure=>:file, :loglevel=>:debug, :mode=>"660", :links=>:follow, :path=>"/var/lib/puppet/state/state.yaml"}'
Debug: Using settings: adding file resource 'hostcert': 'File[/var/lib/puppet/ssl/certs/fw.pem]{:backup=>false, :group=>"puppet", :ensure=>:file, :loglevel=>:debug, :owner=>"puppet", :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/ssl/certs/fw.pem"}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :mode=>"771", :links=>:follow, :path=>"/var/lib/puppet/ssl"}'
Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:backup=>false, :ensure=>:directory, :loglevel=>:debug, :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/client_data"}'
Debug: Using settings: adding file resource 'lastrunfile': 'File[/var/lib/puppet/state/last_run_summary.yaml]{:backup=>false, :ensure=>:file, :loglevel=>:debug, :mode=>"644", :links=>:follow, :path=>"/var/lib/puppet/state/last_run_summary.yaml"}'
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:backup=>false, :ensure=>:directory, :loglevel=>:debug, :mode=>"1755", :links=>:follow, :path=>"/var/lib/puppet/state"}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :mode=>"755", :links=>:follow, :path=>"/var/run/puppet"}'
Debug: /File[/var/lib/puppet/ssl/public_keys/fw.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys/fw.pem
Debug: /File[/var/lib/puppet/ssl/public_keys/fw.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys/fw.pem
Debug: /File[/var/lib/puppet/ssl/public_keys/fw.pem]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/public_keys/fw.pem
Debug: /File[/var/lib/puppet/ssl/public_keys/fw.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/public_keys/fw.pem
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/state/resources.txt]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state/resources.txt
Debug: /File[/var/lib/puppet/state/resources.txt]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state/resources.txt
Debug: /File[/var/lib/puppet/state/resources.txt]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state/resources.txt
Debug: /File[/var/lib/puppet/state/resources.txt]/selrange: Found selrange default 's0' for /var/lib/puppet/state/resources.txt
Debug: /File[/var/log/puppet]/seluser: Found seluser default 'system_u' for /var/log/puppet
Debug: /File[/var/log/puppet]/selrole: Found selrole default 'object_r' for /var/log/puppet
Debug: /File[/var/log/puppet]/seltype: Found seltype default 'puppet_log_t' for /var/log/puppet
Debug: /File[/var/log/puppet]/selrange: Found selrange default 's0' for /var/log/puppet
Debug: /File[/var/lib/puppet/ssl/private]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/private]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/private]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/private]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/crl.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/crl.pem
Debug: /File[/var/lib/puppet/ssl/crl.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/crl.pem
Debug: /File[/var/lib/puppet/ssl/crl.pem]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/crl.pem
Debug: /File[/var/lib/puppet/ssl/crl.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/crl.pem
Debug: /File[/var/lib/puppet]/seluser: Found seluser default 'system_u' for /var/lib/puppet
Debug: /File[/var/lib/puppet]/selrole: Found selrole default 'object_r' for /var/lib/puppet
Debug: /File[/var/lib/puppet]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet
Debug: /File[/var/lib/puppet]/selrange: Found selrange default 's0' for /var/lib/puppet
Debug: /File[/var/log/puppet/http.log]/seluser: Found seluser default 'system_u' for /var/log/puppet/http.log
Debug: /File[/var/log/puppet/http.log]/selrole: Found selrole default 'object_r' for /var/log/puppet/http.log
Debug: /File[/var/log/puppet/http.log]/seltype: Found seltype default 'puppet_log_t' for /var/log/puppet/http.log
Debug: /File[/var/log/puppet/http.log]/selrange: Found selrange default 's0' for /var/log/puppet/http.log
Debug: /File[/var/lib/puppet/ssl/certs]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/client_yaml]/seluser: Found seluser default 'system_u' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_yaml]/selrole: Found selrole default 'object_r' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_yaml]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_yaml]/selrange: Found selrange default 's0' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/ssl/private_keys/fw.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private_keys/fw.pem
Debug: /File[/var/lib/puppet/ssl/private_keys/fw.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private_keys/fw.pem
Debug: /File[/var/lib/puppet/ssl/private_keys/fw.pem]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private_keys/fw.pem
Debug: /File[/var/lib/puppet/ssl/private_keys/fw.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private_keys/fw.pem
Debug: /File[/var/lib/puppet/ssl/public_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/public_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/public_keys]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/public_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/lib]/seluser: Found seluser default 'system_u' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/lib]/selrole: Found selrole default 'object_r' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/lib]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/lib]/selrange: Found selrange default 's0' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/state/last_run_report.yaml]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state/last_run_report.yaml
Debug: /File[/var/lib/puppet/state/last_run_report.yaml]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state/last_run_report.yaml
Debug: /File[/var/lib/puppet/state/last_run_report.yaml]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state/last_run_report.yaml
Debug: /File[/var/lib/puppet/state/last_run_report.yaml]/selrange: Found selrange default 's0' for /var/lib/puppet/state/last_run_report.yaml
Debug: /File[/var/lib/puppet/clientbucket]/seluser: Found seluser default 'system_u' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/clientbucket]/selrole: Found selrole default 'object_r' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/clientbucket]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/clientbucket]/selrange: Found selrange default 's0' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certs/ca.pem
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certs/ca.pem
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/certs/ca.pem
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certs/ca.pem
Debug: /File[/var/lib/puppet/ssl/private_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private_keys]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private_keys
Debug: /File[/etc/puppet/hiera.yaml]/seluser: Found seluser default 'system_u' for /etc/puppet/hiera.yaml
Debug: /File[/etc/puppet/hiera.yaml]/selrole: Found selrole default 'object_r' for /etc/puppet/hiera.yaml
Debug: /File[/etc/puppet/hiera.yaml]/seltype: Found seltype default 'puppet_etc_t' for /etc/puppet/hiera.yaml
Debug: /File[/etc/puppet/hiera.yaml]/selrange: Found selrange default 's0' for /etc/puppet/hiera.yaml
Debug: /File[/var/lib/puppet/facts.d]/seluser: Found seluser default 'system_u' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/facts.d]/selrole: Found selrole default 'object_r' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/facts.d]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/facts.d]/selrange: Found selrange default 's0' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/state/graphs]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/state/graphs]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/state/graphs]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/state/graphs]/selrange: Found selrange default 's0' for /var/lib/puppet/state/graphs
Debug: /File[/etc/puppet]/seluser: Found seluser default 'system_u' for /etc/puppet
Debug: /File[/etc/puppet]/selrole: Found selrole default 'object_r' for /etc/puppet
Debug: /File[/etc/puppet]/seltype: Found seltype default 'puppet_etc_t' for /etc/puppet
Debug: /File[/etc/puppet]/selrange: Found selrange default 's0' for /etc/puppet
Debug: /File[/var/lib/puppet/state/state.yaml]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state/state.yaml
Debug: /File[/var/lib/puppet/state/state.yaml]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state/state.yaml
Debug: /File[/var/lib/puppet/state/state.yaml]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state/state.yaml
Debug: /File[/var/lib/puppet/state/state.yaml]/selrange: Found selrange default 's0' for /var/lib/puppet/state/state.yaml
Debug: /File[/var/lib/puppet/ssl/certs/fw.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certs/fw.pem
Debug: /File[/var/lib/puppet/ssl/certs/fw.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certs/fw.pem
Debug: /File[/var/lib/puppet/ssl/certs/fw.pem]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/certs/fw.pem
Debug: /File[/var/lib/puppet/ssl/certs/fw.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certs/fw.pem
Debug: /File[/var/lib/puppet/ssl]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/client_data]/seluser: Found seluser default 'system_u' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/client_data]/selrole: Found selrole default 'object_r' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/client_data]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/client_data]/selrange: Found selrange default 's0' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/state/last_run_summary.yaml]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state/last_run_summary.yaml
Debug: /File[/var/lib/puppet/state/last_run_summary.yaml]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state/last_run_summary.yaml
Debug: /File[/var/lib/puppet/state/last_run_summary.yaml]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state/last_run_summary.yaml
Debug: /File[/var/lib/puppet/state/last_run_summary.yaml]/selrange: Found selrange default 's0' for /var/lib/puppet/state/last_run_summary.yaml
Debug: /File[/var/lib/puppet/state]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state
Debug: /File[/var/lib/puppet/state]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state
Debug: /File[/var/lib/puppet/state]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state
Debug: /File[/var/lib/puppet/state]/selrange: Found selrange default 's0' for /var/lib/puppet/state
Debug: /File[/var/run/puppet]/seluser: Found seluser default 'system_u' for /var/run/puppet
Debug: /File[/var/run/puppet]/selrole: Found selrole default 'object_r' for /var/run/puppet
Debug: /File[/var/run/puppet]/seltype: Found seltype default 'puppet_var_run_t' for /var/run/puppet
Debug: /File[/var/run/puppet]/selrange: Found selrange default 's0' for /var/run/puppet
Debug: /File[/etc/puppet/hiera.yaml]: Autorequiring File[/etc/puppet]
Debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys/fw.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/resources.txt]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certs/fw.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/ssl/private_keys/fw.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/log/puppet/http.log]: Autorequiring File[/var/log/puppet]
Debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/last_run_report.yaml]/seluser: seluser changed 'unconfined_u' to 'system_u'
Debug: /File[/var/lib/puppet/state/last_run_summary.yaml]/seluser: seluser changed 'unconfined_u' to 'system_u'
Debug: Finishing transaction 70142911330740
Debug: Loaded state in 0.04 seconds
Debug: Loaded state in 0.04 seconds
Info: Applying configuration version '1397076814'
Debug: Prefetching yum resources for package
Debug: Executing '/bin/rpm --version'
Debug: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n''
Debug: Executing '/usr/bin/python /usr/lib/ruby/site_ruby/1.8/puppet/provider/package/yumhelper.py'
Debug: Executing '/bin/rpm -q jre --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Debug: Executing '/bin/rpm -q jre --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n --whatprovides'
Debug: Finishing transaction 70142911035060
Debug: Storing state
Debug: Stored state in 0.17 seconds
Notice: Finished catalog run in 4.38 seconds
Debug: Using settings: adding file resource 'rrddir': 'File[/var/lib/puppet/rrd]{:backup=>false, :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :owner=>"puppet", :mode=>"750", :links=>:follow, :path=>"/var/lib/puppet/rrd"}'
Debug: /File[/var/lib/puppet/rrd]/seluser: Found seluser default 'system_u' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/selrole: Found selrole default 'object_r' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/selrange: Found selrange default 's0' for /var/lib/puppet/rrd
Debug: Finishing transaction 70142911677660
Debug: Received report to process from fw
Debug: Processing report from fw with processor Puppet::Reports::Store

Comment by Sergei Genchev [ 2014/04/24 ]

I have another use case in 3.5.1 where it breaks my code and I am not sure how to work around it. I want to use rsyslog instead of syslog on all my servers, so in my manifest I have:

package { 'syslog':
   ensure => 'absent',
}
package {'rsyslog':
  ensure => latest,
}

In this example, once I have syslog uninstalled, puppet will also remove rsyslog (because it provides syslog) and then install it again (because it is being told to do so).

Comment by Peter Huene [ 2014/04/24 ]

From this feedback, it sounds like ensure => absent should not check for virtual packages. The use case here seems to be that you want to ensure some legacy package isn't installed and that some newer version that provides the same name as the legacy package is installed.

The only downside I see to this is that it may be confusing for users to be able to "ensure => latest | present" a package by a name that they can't uninstall using "ensure => absent".

Comment by Sergei Genchev [ 2014/04/24 ]

So far it seems to me that a convenience feature, an ability to install packages by using 'provides' in addition to package name, broke use cases that, as of today, cannot be worked around without resorting to exec. I would love to see use cases mentioned in this ticket (and probably some other) made compatible with installing packages based on 'whatprovides' but not sure if it is possible. If it is not possible or easy I personally would much rather see a convenience feature backed off. I am sure other people have different opinions.

Comment by Peter Huene [ 2014/04/24 ]

I agree that we shouldn't be favoring a convenience feature over maintaining compatibility. The feature in question was that some users expected the package provider (specifically yum) to behave like yum and install packages successfully based on a virtual package name. The pre-3.5.0 behavior was that yum would actually install the package, but rpm would later fail to query it despite the successful installation.

I think we have a few options here:
1. Back out the whatprovides commit so that you can no longer install by virtual package name.
2. Change the provider to not allow uninstall querying with whatprovides, working around the issues we're experiencing here based on the pattern of "I don't want this old package with this physical package name, but I do want the replacement package which provides the old name."
3. Keep the whatprovides functionality, but limit it to an explicit opt-in with a feature:

package { 'vim':
  ensure => present,
  allow_virtual => true
}

Comment by Kylo Ginsberg [ 2014/04/24 ]

Michael Stahnke do you have any input on this? This is a fallout consideration from the support for virtual packages you advocated for, so your thoughts would be appreciated.

Comment by Sergei Genchev [ 2014/04/24 ]

Option 1 is certainly a possibility as far as I am concerned. Probably, the easiest to implement.

Option 2 does not look like it would solve jre use case above, unless I am mistaken.

Option 3 to me sounds like the best solution if it can be implemented.

Comment by Peter Huene [ 2014/04/24 ]

Sergei Genchev Correct, #2 won't fix the jre package issue that Sean Edge is seeing. I'm still having problems reproducing that particular problem.

Sean Edge Sorry I didn't reply sooner, I missed the notification that you had replied to the issue. With the debug output above, it doesn't appear to be installing any package; was the Oracle jre or java package already installed when you ran puppet for that particular output? Additionally, judging from your earlier output, yum finds the jre package in the "latest" repo when doing just "yum install jre". Is this a local repo you've created or something else?

Comment by Sean Edge [ 2014/04/25 ]

Peter Huene No worries. I care less about this since I have the workaround of including the arch in the package name "jre.x86_64" and that does what I want/expect.

Yes, the openjdk package was already there, which was satisfying "jre" from a virtual package/whatprovides perspective. However, I want the package named "jre" specifically.

[root@fw ~]# rpm -q jre
jre-1.7.0_51-fcs.x86_64
[root@fw ~]# rpm -e jre
[root@fw ~]# rpm -q puppet
puppet-3.5.1-1.el6.noarch
[root@fw ~]# cat /tmp/test.pp
package { 'jre': ensure => 'latest' }
[root@fw ~]# puppet apply /tmp/test.pp
Notice: Compiled catalog for fw in environment production in 0.75 seconds
Notice: Finished catalog run in 1.69 seconds
[root@fw ~]# rpm -q --whatprovides jre
java-1.7.0-openjdk-1.7.0.51-2.4.4.1.el6_5.x86_64
[root@fw ~]# rpm -q jre
package jre is not installed

You are correct, "latest" is a local repo in which we combine many packages from various vendors for our deployments. We mirror CentOS, Puppetlabs, PostgreSQL, etc. repos using mrepo. The "jre" package we've had to manually download, since Oracle doesn't make it easy for us to mirror, from Oracle's site because we've recently switched to CentOS from RHEL and we'll no longer be able to use the RH packaged version of Oracle Java.

Option #3 sounds the most reasonable. It also has my vote. I can see how that could be a useful feature if you don't care what kind of JRE you get, you just want to ensure one is there.

Comment by Nick Le Mouton [ 2014/04/27 ]

Just came across this problem on my servers as well. I had to vote on a solution it would be to rollback to previous behaviour (pre 3.5). I can't seem to find any mention of Michael Stahnke's reasoning to add support for virtual packages, so I'm unsure on why this was done in the first place.

Comment by Kylo Ginsberg [ 2014/04/27 ]

For background, this was introduced in PUP-897 (which has links to two long-time redmine issues requesting support for virtual packages).

At this point, I'm leaning toward option #3 (and if we did that, I'm also wondering if allow_virtual should default to true in puppet-4?). But I'd still like to get more input. Adrien Thebo any thoughts on this one?

Comment by Michael Stahnke [ 2014/04/27 ]

My 2 cents is that the package resource should behave like a call to yum. Therefore if I say ensure it's installed, it is. If I say it should be uninstalled, it should be. I don't really see any reason to be more fancy than that. If yum works that way, why shouldn't our abstraction?

I think the syslog example above is odd. Just ensure rsyslog is installed. There should be no need to remove syslog.

Comment by Adrien Thebo [ 2014/04/29 ]

I agree, Option 3 seems to be the best route. I know that apt also supports virtual packages and Puppet demonstrates strange behavior when installing virtual packages from apt, so it makes sense to make a parameter for this.

Comment by Peter Huene [ 2014/04/30 ]

Sounds like there is a general consensus on option 3, although I do agree with Michael Stahnke that it's more intuitive to have the yum provider behave just like yum. Still, with the number of unintended consequences the --whatprovides commit has caused, I think it's best to opt-in to this behavior.

Kylo Ginsberg is this something we should target for 3.6.x given it's a new parameter? For 3.5.x users, that means they'll have to amend their manifests with the architecture specification as a workaround unless we back out the --whatprovides commit in stable.

Comment by Kylo Ginsberg [ 2014/05/07 ]

Sorry for the delay, catching back up.

I agree that it is most intuitive if the yum provider behavior matches yum behavior, and the support for virtual packages was a long-requested feature in puppet. My concern with #3 is that future generations of puppet users will forever need to set the `allow_virtual` flag to get the intuitive behavior, adding a source of confusion.

So, two thoughts:
1) How widespread is the idiom of

package { "old": ensure => absent}; package { "new": ensure => present}

and is it readily addressed by, say, making the first resource conditioned on a fact like operatingsystemrelease? That is the idiom that tripped 3 of the scenarios above (though not the jre case).

2) If we do end up needing a new parameter should it be opt-out rather than opt-in, e.g. 'disable_virtual' rather than 'enable_virtual'? This would allow the default behavior to be the intuitive behavior

Comment by Sergei Genchev [ 2014/05/09 ]

I personally would be fine with an opt-out parameter as long as it exists.
Michael Stahnke : I guess you right: I could just install rsyslog and not remove syslog. In Debian bases distros syslog and rsyslog are conflicting packages, thus I have to do it, but I could base my code off of $osfamily.

Comment by Jason A. Smith [ 2014/05/09 ]

I was just testing the puppet 3.6.0 RC1 when I ran into this problem, so I assume a fix will have to wait till the next version? In my case, I have a puppet manifest to install hiera, and for compatibility with older versions of puppet, it was installing the hiera-puppet package where needed, while for puppet > 3, it was making sure it was removed, which then tries to remove puppet itself:

$ cat /tmp/test.pp
package { 'hiera-puppet': ensure => absent }
 
$ puppet apply /tmp/test.pp --debug
Debug: Prefetching yum resources for package
Debug: Executing '/bin/rpm --version'
Debug: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n''
Debug: Executing '/bin/rpm -q hiera-puppet --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Debug: Executing '/bin/rpm -q hiera-puppet --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n --whatprovides'
Debug: Executing '/bin/rpm -e puppet-3.6.0-0.1rc1.el6.noarch'
Notice: /Stage[main]/Main/Package[hiera-puppet]/ensure: removed
 
$ rpm -q puppet
package puppet is not installed

Which is definitely not what I wanted to happen. As for a fix, I would prefer a solution that doesn't require me to audit all package resources that we have looking for real/virtual package name collisions.

Comment by Peter Huene [ 2014/05/09 ]

Jason A. Smith The fix isn't in yet as there's been some active discussion on the correct course of action to take. We should get something in for the next 3.6 RC and hopefully into 3.5.x as well.

Kylo Ginsberg I'm greatly leaning towards not having it enabled by default. While I agree that the yum provider should ideally behave like yum, I think it's too late now for having it on by default, at least not without a Puppet version of two that documents this behavior is going to change. Should we move ahead with reverting the "on-by-default" behavior into an optional parameter and get it in this sprint?

Comment by Kylo Ginsberg [ 2014/05/09 ]

Crud. Yeah I'm reluctantly sold on an `allow_virtual` parameter. So to collect our thoughts:

  • 3.x would default `allow_virtual` to false
  • 3.x would issue a deprecation warning if `allow_virtual` is false (i.e. we're announcing deprecation of the current approach)
  • 4.x would default `allow_virtual` to true (and remove the deprecation warning)

Yays/nays? And adding Past Haus both for thoughts on this issue in general and to ask if we want to drop the "Provides: hiera-puppet" from the puppet package at some point.

And as far as releases, I've targetted this at 3.6.0, though it might bump out to 3.6.1 depending on how the 3.6.0-rc1 process goes. And we're not anticipating a 3.5.2 at this point.

Comment by Past Haus [ 2014/05/12 ]

Kylo Ginsberg From a packaging standpoint, puppet will always provide hiera-puppet, as the hiera puppet backend is inside of puppet. That might be a change worth discussing for puppet 4.

Comment by Jason A. Smith [ 2014/05/12 ]

I am not a yum or rpm expert, but usually when I see virtual package names, they are truly virtual names, not names of old deprecated packages, like sendmail/postfix (output abbreviated):

$ rpm -q postfix --provides
MTA  
config(postfix) = 2:2.6.6-6.el6_5
server(smtp)  
smtpd  
smtpdaemon  
postfix = 2:2.6.6-6.el6_5
 
$ rpm -q sendmail --provides
MTA  
config(sendmail) = 8.14.4-8.el6
server(smtp)  
smtpdaemon  
sendmail = 8.14.4-8.el6

MTA and smtpdaemon are the virtual names. I could be wrong, but I don't think they normally mix virtual names with real package names. Doing that can cause these types of problems. This should be what the Obsoletes tag is for, and that is already in the puppet spec file. Isn't that enough?

Comment by Peter Huene [ 2014/05/12 ]

Behavior with the proposed fix:

[vagrant@localhost puppet]$ sudo -E bundle exec puppet apply -e 'package { "vim": ensure => installed }'
Notice: Compiled catalog for localhost.sd.cox.net in environment production in 0.38 seconds
Warning: The allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
   (at /home/vagrant/src/puppet/lib/puppet/type.rb:816:in `set_default')
Error: Could not find package vim
Error: /Stage[main]/Main/Package[vim]/ensure: change from absent to present failed: Could not find package vim
Notice: Finished catalog run in 0.45 seconds
[vagrant@localhost puppet]$ sudo -E bundle exec puppet apply -e 'package { "vim": ensure => installed, allow_virtual => true }'
Notice: Compiled catalog for localhost.sd.cox.net in environment production in 0.39 seconds
Notice: Finished catalog run in 0.13 seconds
[vagrant@localhost puppet]$ sudo -E bundle exec puppet apply -e 'package { "vim": ensure => installed, allow_virtual => false }'
Notice: Compiled catalog for localhost.sd.cox.net in environment production in 0.37 seconds
Error: Could not find package vim
Error: /Stage[main]/Main/Package[vim]/ensure: change from absent to present failed: Could not find package vim
Notice: Finished catalog run in 0.45 seconds

It goes without saying that the deprecation warning will only be present iff:

  • The package provider being used supports the "virtual_packages" feature.
  • The user has not specified a value for allow_virtual.

When the default does change, the deprecation warning will be removed.

Comment by Michael Stahnke [ 2014/05/12 ]

Jason A. Smith there are two (maybe 3) reasons to do virtual packages. One is to say that package supplies something like a mail transport as is the case for sendmail/postfix. Another is to say a package has superseded an older package, such as puppet with hiera-pupppet. (A third and much less used virtual provides is for package groups).

We follow the guidelines from the Fedora project as much as possible. See https://fedoraproject.org/wiki/Packaging:Guidelines#Renaming.2FReplacing_Existing_Packages for how we did this.

Comment by Adrien Thebo [ 2014/05/14 ]

Merged in 7201c2e. The PR was targeted at master but we may backport onto stable for the 3.6.1 release.

Comment by Peter Huene [ 2014/05/14 ]

That was my fault. I got this ticket confused with another that we decided for 3.7.0. I've put up https://github.com/puppetlabs/puppet/pull/2654 to merge it into stable for 3.6.1.

Comment by Peter Huene [ 2014/05/15 ]

The fix for this issue has now been merged into stable, where it will go into the upcoming 3.6.1 release. It has also been merged into master (3.7.0) and into puppet-4 (4.x).

Comment by Josh Cooper [ 2014/05/16 ]

Merged into stable in 35db4e4

Comment by Josh Cooper [ 2014/05/19 ]

On Centos 5.6, whose package provider supports virtual packages, with repo config pl-puppet-0dc5ad3da230fafb0fdd68b2e633b47fa333e742.

1. If allow_virtual is not specified, it issues a deprecation warning and says it failed to install the vim package (as expected), but actually it did install the package:

[root@centos64-x64 ~]# which vim
/usr/bin/which: no vim in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
[root@centos64-x64 ~]# puppet apply -e "package { 'vim': ensure => latest }" --debug
Debug: Executing '/bin/rpm --version'
Debug: Executing '/bin/rpm --version'
Debug: Executing '/bin/rpm -ql rpm'
...
 Notice: Compiled catalog for centos64-x64.localdomain in environment production in 0.21 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
   (at /usr/lib/ruby/site_ruby/1.8/puppet/type.rb:816:in `set_default')
...
Debug: Prefetching yum resources for package
Debug: Executing '/bin/rpm --version'
Debug: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n''
Debug: Executing '/bin/rpm -q vim --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Debug: Package[vim](provider=yum): Ensuring => latest
Debug: Executing '/usr/bin/yum -d 0 -e 0 -y install vim'
Debug: Executing '/bin/rpm -q vim --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Error: Could not update: Could not find package vim
Wrapped exception:
Could not find package vim
Error: /Stage[main]/Main/Package[vim]/ensure: change from absent to latest failed: Could not update: Could not find package vim
...
[root@centos64-x64 ~]#  which vim
/usr/bin/vim

2. If allow_virtual => false, the deprecation warning is not displayed (as expected), but the package is still installed like above:

[root@centos64-x64 ~]# which vim
/usr/bin/which: no vim in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
# puppet apply -e "package { 'vim': ensure => latest, allow_virtual => false }"
...
Error: /Stage[main]/Main/Package[vim]/ensure: change from absent to latest failed: Could not update: Could not find package vim
...
[root@centos64-x64 ~]# which vim
/usr/bin/vim

3. If allow_virtual => true, it doesn't issue deprecation warning and successfully installs package (as expected):

[root@centos64-x64 ~]# which vim
/usr/bin/which: no vim in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
[root@centos64-x64 ~]# puppet apply -e "package { 'vim': ensure => latest, allow_virtual => true }"
Notice: Compiled catalog for centos64-x64.localdomain in environment production in 0.21 seconds
Notice: /Stage[main]/Main/Package[vim]/ensure: created
Notice: Finished catalog run in 1.66 seconds
[root@centos64-x64 ~]# which vim
/usr/bin/vim

Comment by Peter Huene [ 2014/05/19 ]

You're observing the original bug that was fixed by supporting virtual packages; that is to say, when installing a virtual package, yum installs the package successfully but the followup query to check if it installed doesn't find it. The solution to that issue is what caused the issue noted in this ticket. This fix regresses us to the pre-3.5.0 behavior while allowing people that want to install a virtual package a way to get puppet to work (allow_virtual => true).

Comment by Peter Huene [ 2014/05/19 ]

So to make this behavior consistent, I've added a "yum list" command when "allow_virtual => false or default" which will error on virtual package names, but accept available or installed real package names. This occurs before the package is installed.

The fix is available in Pull Request 2672. I've also moved the rpm query we do to ensure the correct version was installed to occur only if ensure is a version string; it was unnecessary otherwise.

Comment by Peter Huene [ 2014/05/19 ]

Updated PR to fix zypper as well.

Comment by Josh Cooper [ 2014/05/19 ]

Merged to stable in a901afdd5f8 to be released in 3.6.1

Comment by Josh Cooper [ 2014/05/19 ]

Reverified the steps in https://jira.puppetlabs.com/browse/PUP-2182?focusedCommentId=67440&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-67440, but this time, puppet only installs the vim virtual package when allow_virtual => true as expected. The other times (when allow_virtual is not specified or false), it generates an error and does not install the package. Similarly, if the package is installed, then trying to ensure => absent only works when allow_virtual => true:

[root@centos64-x64 puppet]# which vim
/usr/bin/vim
[root@centos64-x64 puppet]# bundle exec puppet apply -e "package { 'vim': ensure => absent, allow_virtual => false }"
Notice: Compiled catalog for centos64-x64.localdomain in environment production in 0.26 seconds
Notice: Finished catalog run in 0.12 seconds
[root@centos64-x64 puppet]# which vim
/usr/bin/vim
[root@centos64-x64 puppet]# bundle exec puppet apply -e "package { 'vim': ensure => absent, allow_virtual => true }"
Notice: Compiled catalog for centos64-x64.localdomain in environment production in 0.27 seconds
Notice: /Stage[main]/Main/Package[vim]/ensure: removed
Notice: Finished catalog run in 0.18 seconds
[root@centos64-x64 puppet]# which vim
/usr/bin/which: no vim in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)

Also verified the zypper works similarly using tightvnc which provides vnc.

With allow_virtual not specified:

vagrant-opensuse-123-64:~/puppet # which vncconnect
which: no vncconnect in (/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games)
vagrant-opensuse-123-64:~/puppet # bundle exec puppet apply -e "package { 'vnc': ensure => installed }"
Notice: Compiled catalog for vagrant-opensuse-123-64.corp.day.com in environment production in 0.22 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
   (at /root/puppet/lib/puppet/type.rb:816:in `set_default')
Error: Execution of '/usr/bin/zypper --quiet install --auto-agree-with-licenses --no-confirm --name vnc' returned 104: Package 'vnc' not found.
Error: /Stage[main]/Main/Package[vnc]/ensure: change from absent to present failed: Execution of '/usr/bin/zypper --quiet install --auto-agree-with-licenses --no-confirm --name vnc' returned 104: Package 'vnc' not found.
Notice: Finished catalog run in 1.72 seconds
vagrant-opensuse-123-64:~/puppet # which vncconnect
which: no vncconnect in (/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games)

With allow_virtual => false:

vagrant-opensuse-123-64:~/puppet # bundle exec puppet apply -e "package { 'vnc': ensure => installed, allow_virtual => false }"
Notice: Compiled catalog for vagrant-opensuse-123-64.corp.day.com in environment production in 0.22 seconds
Error: Execution of '/usr/bin/zypper --quiet install --auto-agree-with-licenses --no-confirm --name vnc' returned 104: Package 'vnc' not found.
Error: /Stage[main]/Main/Package[vnc]/ensure: change from absent to present failed: Execution of '/usr/bin/zypper --quiet install --auto-agree-with-licenses --no-confirm --name vnc' returned 104: Package 'vnc' not found.
Notice: Finished catalog run in 1.73 seconds
vagrant-opensuse-123-64:~/puppet # which vncconnect
which: no vncconnect in (/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games)

With allow_virtual => true, it correctly installs the package:

vagrant-opensuse-123-64:~/puppet # bundle exec puppet apply -e "package { 'vnc': ensure => installed, allow_virtual => true }"
Notice: Compiled catalog for vagrant-opensuse-123-64.corp.day.com in environment production in 0.22 seconds
Notice: /Stage[main]/Main/Package[vnc]/ensure: created
Notice: Finished catalog run in 2.99 seconds
vagrant-opensuse-123-64:~/puppet # which vncconnect
/usr/bin/vncconnect

Comment by Kurt Wall [ 2014/05/20 ]

Verified in master at SHA=8a0abe05f4257cc3a10ed2444d9c661f196c15a1. With allow_virtual => false, ensure => absent,, a virtual package will not be removed:

# which vim
/usr/bin/vim
# puppet apply -e "package { 'vim': ensure => absent, allow_virtual => false }"
Notice: Compiled catalog for centos6-5-base.localdomain in environment production in 0.24 seconds
Notice: Finished catalog run in 0.79 seconds
# which vim
/usr/bin/vim
{code{
 
Setting {{allow_virtual => true}} causes the package to be removed:

  1. puppet apply -e "package { 'vim': ensure => absent, allow_virtual => true }

    "
    Notice: Compiled catalog for centos6-5-base.localdomain in environment production in 0.23 seconds
    Notice: /Stage[main]/Main/Package[vim]/ensure: removed
    Notice: Finished catalog run in 0.45 seconds

  2. which vim
    /usr/bin/which: no vim in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)

     

Comment by Robin Bowes [ 2016/04/12 ]

This change causes a regression detailed in PUP-4039

Generated at Wed Nov 20 21:33:08 PST 2019 using JIRA 7.7.1#77002-sha1:e75ca93d5574d9409c0630b81c894d9065296414.