Jira (PUP-5874) Purging doesn't work when a package dependancy is required inside same catalog

[Jonathan Tripathy (JIRA)]

Jonathan Tripathy created an issue

Puppet / PUP-5874 Purging doesn't work when a package dependancy is required inside same catalog Issue Type: Bug Assignee: Branan Riley Created: 2016/02/10 10:18 AM Priority: Normal Reporter: Jonathan Tripathy I noticed this issue inside the puppetlabs-firewall module, however the situation is probably relevant to many other modules as well. If I have the following manifest: class {'firewall':} resources {'firewall': purge=>true} I get the following error, as the firewall class isn't being executed first: # /opt/puppetlabs/bin/puppet apply site.pp Notice: Compiled catalog for ja35cpxhttwrv7e.delivery.puppetlabs.net in environment production in 0.76 seconds Error: /Stage[main]/Main/Resources[firewall]: Failed to generate additional resources using 'generate': Command iptables_save is missing Notice: /Stage[main]/Firewall::Linux/Package[iptables]/ensure: created Notice: /Stage[main]/Firewall::Linux::Debian/Package[iptables-persistent]/ensure: created Notice: Applied catalog in 2.66 seconds The firewall class should be executed first as the firewall types (that are generated by the 'resources' metatype) has an autorequire on Package['iptables'] (which is inside the firewall class), however the autorequire isn't being executed. Naturally, this works the second time around, as the iptables package has been installed on the system. Add Comment

This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)

[Jonathan Tripathy (JIRA)]

Jonathan Tripathy updated an issue

Puppet / PUP-5874 Purging doesn't work when a package dependancy is required inside same catalog

Change By: Jonathan Tripathy

I noticed this issue inside the puppetlabs-firewall module, however the situation is probably relevant to many other modules as well. If I have the following manifest:

{code}

class {'firewall':} resources {'firewall': purge=>true}

{code}

I get the following error, as the firewall class isn't being executed first:

{code}

# /opt/puppetlabs/bin/puppet apply site.pp Notice: Compiled catalog for ja35cpxhttwrv7e.delivery.puppetlabs.net in environment production in 0.76 seconds Error: /Stage[main]/Main/Resources[firewall]: Failed to generate additional resources using 'generate': Command iptables_save is missing Notice: /Stage[main]/Firewall::Linux/Package[iptables]/ensure: created Notice: /Stage[main]/Firewall::Linux::Debian/Package[iptables-persistent]/ensure: created Notice: Applied catalog in 2.66 seconds

{code}

The firewall class should be executed first as the firewall types (that are generated by the 'resources' metatype) has an autorequire on Package['iptables'] (which is inside the firewall class), however the autorequire isn't being executed.

Note: Before the first run, the iptables package was removed by me to replicate this issue using the following command: {code} apt-get remove iptables --purge {code}

Naturally, this works the second time around, as the iptables package has been installed on the system.

Add Comment

[Branan Riley (JIRA)]

Branan Riley updated an issue

Puppet / PUP-5874 Purging doesn't work when a package dependancy is required inside same catalog

Change By: Branan Riley Scrum Team: Client Platform

Add Comment

[Branan Riley (JIRA)]

Branan Riley commented on PUP-5874

Re: Purging doesn't work when a package dependancy is required inside same catalog My understanding of what's happening here: Resources to be purged are generated before any resources in the catalog are applied. This is done by calling `self.instances` on the to-be-purged type. If that type can't query its instances due to a missing package, the Resources instance will fail to generate its children, and no purging will happen. If we moved purge to use `eval_generate` this would work, but at the expense of breaking autorequires against purged resources, wihch I just fixed in PUP-1963 . Possibly we want to have an option on the Resources type for whether it should `generate` or `eval_generate`, but the naming of that, and the tradeoffs it creates around relationships to the Resources type and the instances it generates, need to be thought out very carefully.

Add Comment

[Chris Denneen (JIRA)]

Chris Denneen commented on PUP-5874

Re: Purging doesn't work when a package dependancy is required inside same catalog

Branan Riley I know this has been open a while. What's the fix to avoid the iptables_save missing Error being generated?

Add Comment

This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)

[Henrik Lindberg (JIRA)]

Henrik Lindberg updated an issue

Puppet / PUP-5874

Purging doesn't work when a package dependancy is required inside same catalog

Change By: Henrik Lindberg Labels: triaged

Add Comment

[Geoff Nichols (JIRA)]

Geoff Nichols updated an issue

Puppet / PUP-5874 Purging doesn't work when a package dependancy is required inside same catalog

Change By: Geoff Nichols Team: Agent

Add Comment

[Robert (JIRA)]

Robert commented on PUP-5874

Re: Purging doesn't work when a package dependancy is required inside same catalog Anyone have any ideas on how to get around this problem? Should this be reported as a bug related to the puppet resource "purge" functionality instead of the firewall?

Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Rob Braden (JIRA)]

Rob Braden assigned an issue to Unassigned

Puppet / PUP-5874

Purging doesn't work when a package dependancy is required inside same catalog

Change By: Rob Braden Assignee: Branan Riley

Add Comment