Feature #11837
Upgrade Puppet master to Puppet 4
100%
Description
https://docs.puppet.com/puppet/4.5/reference/upgrade_major_server.html
Also see https://bugs.debian.org/832536 and https://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2017-January/010545.html wrt. backwards compatibility with 3.x agents, that might require a little bit of patching on the agent side.
As of 2018-04-04, to install PuppetDB from Debian on Strech one needs:
ackage: lib*-clojure lib*-java
Pin: release o=Debian,n=buster
Pin-Priority: 990
Package: puppetdb libcomidi-clojure libdujour-version-check-clojure libpantomime-clojure libpuppetlabs-http-client-clojure libpuppetlabs-ring-middleware-clojure libssl-utils-clojure libtrapperkeeper-metrics-clojure libtrapperkeeper-status-clojure libtrapperkeeper-webserver-jetty9-clojure libtika-java
Pin: release o=Debian,n=sid
Pin-Priority: 990
To make PuppetDB work and the puppetmaster use it (on sid):
- install Puppet from Stretch (due to https://bugs.debian.org/894800) and apply https://github.com/puppetlabs/puppet/commit/578687a00195191185f44d8cb38f4b7716d99c31 (otherwise it won’t work on sid)
dpkg-reconfigure puppetdb
, go through the dbconfig setup and leave the default settings- set up TLS like
/usr/share/doc/puppetdb/README.Debian
says:cp -a /var/lib/puppet/ssl/certs/localhost.pem /etc/puppetdb/cert.pem && cp -a /var/lib/puppet/ssl/private_keys/localhost.pem /etc/puppetdb/private_key.pem && cp -a /var/lib/puppet/ssl/ca/ca_crt.pem /etc/puppetdb/ca_crt.pem && chown puppetdb:puppetdb /etc/puppetdb/*.pem
- adjust
/etc/puppetdb/conf.d/jetty.ini
:ssl-port = 8081
ssl-key = /etc/puppetdb/private_key.pem
ssl-cert = /etc/puppetdb/cert.pem
ssl-ca-cert = /etc/puppetdb/ca_crt.pem
- patch
puppetdb.service
to use/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
instead of/usr/bin/java
- install
puppet-terminus-puppetdb
andpostgresql
- enable
storeconfigs
inpuppet.conf
- create
/etc/puppet/puppetdb.conf
, owned bypuppet:puppet
, with contents:[main] server_urls = https://localhost:8081
- create
/etc/puppet/routes.yaml
, owned bypuppet:puppet
, with contents:--- master: facts: terminus: puppetdb cache: yaml
Subtasks
Related issues
Blocked by Tails - |
Resolved | 2016-09-24 | |
Blocks Tails - Feature #13284: Core work: Sysadmin (Adapt our infrastructure) | Confirmed | 2017-06-30 |
History
#1 Updated by intrigeri 2016-09-24 04:48:33
- blocked by
Feature #11833: Make our Puppet code compatible with the "future" parser added
#2 Updated by intrigeri 2016-09-24 04:48:37
- blocked by
Feature #11835: Upgrade Puppet master and clients to 3.8 added
#3 Updated by intrigeri 2016-09-24 04:48:43
- blocked by
Feature #11836: Stop stringifying Puppet facts added
#4 Updated by intrigeri 2016-09-24 04:49:29
- blocks
Feature #11838: Upgrade Puppet agents to Puppet 4 added
#5 Updated by intrigeri 2016-10-02 13:27:50
- blocks deleted (
)Feature #11835: Upgrade Puppet master and clients to 3.8
#6 Updated by intrigeri 2017-04-09 11:01:43
- Assignee set to intrigeri
#7 Updated by intrigeri 2017-04-11 16:05:04
- Description updated
#8 Updated by intrigeri 2017-06-05 13:39:40
- Target version set to Tails_3.5
#9 Updated by intrigeri 2018-01-09 22:58:08
- Target version changed from Tails_3.5 to Tails_3.6
#10 Updated by intrigeri 2018-01-09 23:01:16
- blocks Feature #13284: Core work: Sysadmin (Adapt our infrastructure) added
#11 Updated by intrigeri 2018-01-26 20:24:18
- Target version changed from Tails_3.6 to Tails_3.7
#12 Updated by intrigeri 2018-04-04 08:44:34
- Description updated
#13 Updated by intrigeri 2018-04-04 11:38:48
- Description updated
#14 Updated by intrigeri 2018-04-04 12:08:02
- Description updated
#15 Updated by intrigeri 2018-04-05 13:07:21
- blocks
Feature #15490: Remove MariaDB on puppet-git.lizard added
#16 Updated by intrigeri 2018-04-05 16:14:49
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 20
Upgrade done, re-enabled puppet agent everywhere, everything looks good except Puppet fails on the 4 systems that have shorewall. It might be that upgrading the shorewall module or Feature #11838 will fix that. I’ll look into this tomorrow or Saturday.
#17 Updated by intrigeri 2018-04-06 08:15:28
- % Done changed from 20 to 30
intrigeri wrote:
> Puppet fails on the 4 systems that have shorewall. It might be that upgrading the shorewall module or Feature #11838 will fix that.
Fixed by Feature #11838 :)
I’ve also followed the rest of the upgrade doc and then https://docs.puppet.com/puppet/4.5/upgrade_major_post.html.
Next steps:
- ensure our last run check + the corresponding monitoring works fine
Feature #15492Feature #15490
#18 Updated by intrigeri 2018-04-06 08:37:23
- Assignee changed from intrigeri to groente
- % Done changed from 30 to 50
- QA Check set to Ready for QA
intrigeri wrote:
> Next steps:
>
> * ensure our last run check + the corresponding monitoring works fine
It’s broken => Bug #15493.
> * Feature #15492
> * Feature #15490
Both are now ready for QA.
#19 Updated by groente 2018-05-02 10:52:11
- blocked by deleted (
)Feature #15490: Remove MariaDB on puppet-git.lizard
#20 Updated by groente 2018-05-02 13:54:35
- blocks deleted (
)Feature #11833: Make our Puppet code compatible with the "future" parser
#21 Updated by groente 2018-05-02 13:55:18
- Status changed from In Progress to Resolved
- % Done changed from 50 to 100
- QA Check changed from Ready for QA to Pass
clear, thanks!
#22 Updated by groente 2018-05-02 13:58:49
- blocked by deleted (
)Feature #11838: Upgrade Puppet agents to Puppet 4