Jira (BOLT-1142) Following bolt installation instructions on a PEnode can be dangerous

5 views
Skip to first unread message

Alex Dreyer (JIRA)

unread,
Feb 22, 2019, 2:33:04 PM2/22/19
to puppe...@googlegroups.com
Alex Dreyer created an issue
 
Puppet Task Runner / Task BOLT-1142
Following bolt installation instructions on a PE node can be dangerous
Issue Type: Task Task
Assignee: Unassigned
Created: 2019/02/22 11:32 AM
Priority: Normal Normal
Reporter: Alex Dreyer

Enabling the foss puppet 6 repo on PE nodes may be dangerous.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Marty Ewings (JIRA)

unread,
Feb 25, 2019, 11:53:04 AM2/25/19
to puppe...@googlegroups.com
Marty Ewings updated an issue
Change By: Marty Ewings
Priority: Normal Major

Marty Ewings (JIRA)

unread,
Feb 25, 2019, 11:56:05 AM2/25/19
to puppe...@googlegroups.com
Marty Ewings updated an issue
Change By: Marty Ewings
CS Priority: Needs Priority

Marty Ewings (JIRA)

unread,
Feb 25, 2019, 11:56:05 AM2/25/19
to puppe...@googlegroups.com
Marty Ewings commented on Task BOLT-1142
 
Re: Following bolt installation instructions on a PE node can be dangerous

Enabling the foss puppet 6 repo on PE master nodes. Causes the Puppet agent to Update to Latest.The Agent being a head of the master particularly dangerous on infrastructure nodes, and places the Customer in an unsupported configuration.

 

The first noticeable impact is that puppet runs will start throwing errors about being unable to download and populate rpms for PE_repo:

 

Notice: /Stage[main]/Pe_repo::Platform::Windows_x86_64/Pe_repo::Windows[windows-x86_64]/Pe_staging::File[puppet-agent-x64.msi]/Exec[/opt/puppetlabs/server/data/packages/public/2019.0.0/windows-x86_64-6.3.0/puppet-agent-x64.msi]/returns: % Total % Received % Xferd Average Speed Time Time Time CurrentNotice: /Stage[main]/Pe_repo::Platform::Windows_x86_64/Pe_repo::Windows[windows-x86_64]/Pe_staging::File[puppet-agent-x64.msi]/Exec[/opt/puppetlabs/server/data/packages/public/2019.0.0/windows-x86_64-6.3.0/puppet-agent-x64.msi]/returns: Dload Upload Total Spent Left SpeedNotice: /Stage[main]/Pe_repo::Platform::Windows_x86_64/Pe_repo::Windows[windows-x86_64]/Pe_staging::File[puppet-agent-x64.msi]/Exec[/op100 283 100 283 0 0 803 0 --:--:-- --:--:-- --:--:-- 803agent-x64.msi]/returns:Notice: /Stage[main]/Pe_repo::Platform::Windows_x86_64/Pe_repo::Windows[windows-x86_64]/Pe_staging::File[puppet-agent-x64.msi]/Exec[/op 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0agent-x64.msi]/returns:Notice: /Stage[main]/Pe_repo::Platform::Windows_x86_64/Pe_repo::Windows[windows-x86_64]/Pe_staging::File[puppet-agent-x64.msi]/Exec[/opt/puppetlabs/server/data/packages/public/2019.0.0/windows-x86_64-6.3.0/puppet-agent-x64.msi]/returns: curl: (22) The requested URL returned error: 404 Not FoundError: 'curl -f -L -o puppet-agent-x64.msi https://pm.puppetlabs.com/puppet-agent/2019.0.0/6.3.0/repos/windows/puppet-agent-x64.msi' returned 22 instead of one of [0]Error: /Stage[main]/Pe_repo::Platform::Windows_x86_64/Pe_repo::Windows[windows-x86_64]/Pe_staging::File[puppet-agent-x64.msi]/Exec[/opt/puppetlabs/server/data/packages/public/2019.0.0/windows-x86_64-6.3.0/puppet-agent-x64.msi]/returns: change from 'notrun' to ['0'] failed: 'curl -f -L -o puppet-agent-x64.msi https://pm.puppetlabs.com/puppet-agent/2019.0.0/6.3.0/repos/windows/puppet-agent-x64.msi' returned 22 instead of one of [0] (corrective)Notice: /Stage[main]/Pe_repo::Platform::El_5_x86_64/Pe_repo::El[el-5-x86_64]/Pe_repo::Repo[el-5-x86_64 2019.0.0]/Pe_staging::Deploy[puppet-agent-el-5-x86_64.tar.gz]/Pe_staging::File[puppet-agent-el-5-x86_64.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-6.3.0/puppet-agent-el-5-x86_64.tar.gz]/returns: % Total % Received % Xferd Average Speed Time Time Time CurrentNotice: /Stage[main]/Pe_repo::Platform::El_5_x86_64/Pe_repo::El[el-5-x86_64]/Pe_repo::Repo[el-5-x86_64 2019.0.0]/Pe_staging::Deploy[puppet-agent-el-5-x86_64.tar.gz]/Pe_staging::File[puppet-agent-el-5-x86_64.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-6.3.0/puppet-agent-el-5-x86_64.tar.gz]/returns: Dload Upload Total Spent Left SpeedNotice: /Stage[main]/Pe_repo::Platform::El_5_x86_64/Pe_repo::El[el-5-x86_64]/Pe_repo::Repo[el-5-x86_64 2019.0.0]/Pe_staging::Deploy[puppet-agent-el-5-x86_64.tar.gz]/Pe_staging::File[puppet-agent-el-5-x86_64.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet100 286 100 286 0 0 947 0 --:--:-- --:--:-- --:--:-- 950Notice: /Stage[main]/Pe_repo::Platform::El_5_x86_64/Pe_repo::El[el-5-x86_64]/Pe_repo::Repo[el-5-x86_64 2019.0.0]/Pe_staging::Deploy[puppet-agent-el-5-x86_64.tar.gz]/Pe_staging::File[puppet-agent-el-5-x86_64.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Notice: /Stage[main]/Pe_repo::Platform::El_5_x86_64/Pe_repo::El[el-5-x86_64]/Pe_repo::Repo[el-5-x86_64 2019.0.0]/Pe_staging::Deploy[puppet-agent-el-5-x86_64.tar.gz]/Pe_staging::File[puppet-agent-el-5-x86_64.tar.gz]/Exec[/opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-6.3.0/puppet-agent-el-5-x86_64.tar.gz]/returns: curl: (22) The requested URL returned error: 404 Not Found

This is due to the url being formed in part by the AIO_Agent_Version fact, which in this case is wrong:

curl -f -L -o puppet-agent-x64.msi https://pm.puppetlabs.com/puppet-agent/2019.0.0/6.3.0/repos/windows/puppet-agent-x64.msi' returned 22 instead of one of [0]

 

David Kramer (JIRA)

unread,
Feb 26, 2019, 12:41:05 PM2/26/19
to puppe...@googlegroups.com
David Kramer updated an issue
 
Change By: David Kramer
Sprint: Bolt Ready for Grooming Kanban

Alex Dreyer (JIRA)

unread,
Feb 26, 2019, 12:42:04 PM2/26/19
to puppe...@googlegroups.com
Alex Dreyer updated an issue
Change By: Alex Dreyer
Enabling the foss puppet 6 repo on PE nodes may be dangerous.

explore what exact circumstances cause this and how to avoid them

Cas Donoghue (JIRA)

unread,
Mar 6, 2019, 4:51:02 PM3/6/19
to puppe...@googlegroups.com
Cas Donoghue assigned an issue to Cas Donoghue
Change By: Cas Donoghue
Assignee: Cas Donoghue

Adam Bottchen (JIRA)

unread,
Mar 7, 2019, 7:21:03 PM3/7/19
to puppe...@googlegroups.com
Adam Bottchen updated an issue
Change By: Adam Bottchen
CS Priority: Needs Priority Reviewed

Alex Dreyer (JIRA)

unread,
Mar 11, 2019, 1:34:06 PM3/11/19
to puppe...@googlegroups.com
Alex Dreyer updated an issue
Change By: Alex Dreyer
Fix Version/s: BOLT Next

Alex Dreyer (JIRA)

unread,
Mar 11, 2019, 1:34:06 PM3/11/19
to puppe...@googlegroups.com
Alex Dreyer updated an issue
Change By: Alex Dreyer
Labels: docs

Alex Dreyer (JIRA)

unread,
Mar 11, 2019, 1:34:07 PM3/11/19
to puppe...@googlegroups.com
Alex Dreyer updated an issue
Change By: Alex Dreyer
Release Notes Summary: docs only
Release Notes: Not Needed

Melissa Amos (JIRA)

unread,
Mar 14, 2019, 1:34:05 PM3/14/19
to puppe...@googlegroups.com

Melissa Amos (JIRA)

unread,
Mar 14, 2019, 1:35:05 PM3/14/19
to puppe...@googlegroups.com
Melissa Amos updated an issue
 
Change By: Melissa Amos
Labels: docs docs-reviewed

Joshua Partlow (JIRA)

unread,
Apr 12, 2019, 1:38:03 PM4/12/19
to puppe...@googlegroups.com
Joshua Partlow commented on Task BOLT-1142
 
Re: Following bolt installation instructions on a PE node can be dangerous

From the perspective of PE's installer tooling, the agent version is fixed between installations; nothing manages the puppet-agent version until the next run of the installer script from the next version PE tarball. But if a repo source has more recent versions of puppet-agent and someone uses the package manager, for, say an os upgrade (PE-26356), then the agent can get upgraded unexpectedly, potentially breaking PE. (Mostly adding this note for my own reference and to tie the two tickets together).

Garrett Guillotte (JIRA)

unread,
Jun 10, 2019, 2:37:05 PM6/10/19
to puppe...@googlegroups.com
Garrett Guillotte updated an issue
 
Change By: Garrett Guillotte
Comment: A comment with security level 'Developers' was removed.

Austin Boyd (JIRA)

unread,
Nov 14, 2019, 1:04:06 PM11/14/19
to puppe...@googlegroups.com
Austin Boyd updated an issue
Change By: Austin Boyd
Zendesk Ticket IDs: 33923
Zendesk Ticket Count: 1

Austin Boyd (JIRA)

unread,
Nov 18, 2019, 9:57:05 AM11/18/19
to puppe...@googlegroups.com

Austin Boyd (JIRA)

unread,
Nov 20, 2019, 5:19:05 AM11/20/19
to puppe...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages