Public bug reported:
This is something of a larger problem with configuration management, but
if puppet is running while do-release-upgrade runs, puppet may re-assert
contents of files that the package manager has just changed.
Puppet allows you to key off of the currently running distro release, so
one could imagine boot-critical configuration (filesystems, etc) being
set to e.g. Lucid versions just before a reboot into Precise. If the
reboot succeeds, puppet would subsequently deliver the Precise versions
and things could sort themselves out, but the reboot could well be
stymied by older Lucid versions.
The canonical-memento puppet manifests include a lot of safety features
to prevent precisely this scenario: we insist that /etc be maintained in
bzr, and we halt all configuration management if there are uncommitted
changes there. This means that once the package manager changes any
file in /etc, puppet refuses to run. Not everyone will be as careful as
we are, and even our system is not atomic.
This is of course not specific to do-release-upgrade, and it's a problem
any time you upgrade a package. It's just most dangerous during d-r-u,
because of the breadth and depth of changes.
The upgrade could shut down the puppet agent before upgrading, but once
puppet itself is upgraded that will trigger a restart. It's probably
best to do `puppet agent --disable` before shutting down puppet. Once
this is done, it may be worth warning the sysadmin at the end (perhaps
while advising a reboot) that puppet was running before the upgrade, and
that something like `puppet agent -t --noop` is useful for seeing what
changes puppet would make.
Of course, it's an architectural flaw in puppet that --noop runs still
upload exported resources to the database, and that's just a hazard of
puppet administration these days.
** Affects: update-manager (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/941922
Title:
do-release-upgrade races puppet for file contents
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/941922/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
