diff options
| author | Owen Jacobson <owen.jacobson@grimoire.ca> | 2013-02-19 09:52:41 -0500 |
|---|---|---|
| committer | Owen Jacobson <owen.jacobson@grimoire.ca> | 2013-02-19 09:52:41 -0500 |
| commit | 9daa701bb43db22dab897672833a0fa8ec51e57f (patch) | |
| tree | 48cc4fc5f94b895d1cabd15a4faaadc83c59e871 /wiki | |
| parent | 31e4552bac8f7fa5b01bce66a41235e2a075b622 (diff) | |
Puppet upgrade notes
Diffstat (limited to 'wiki')
| -rw-r--r-- | wiki/devops/puppet-2.7-to-3.1.md | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/wiki/devops/puppet-2.7-to-3.1.md b/wiki/devops/puppet-2.7-to-3.1.md new file mode 100644 index 0000000..69cedd2 --- /dev/null +++ b/wiki/devops/puppet-2.7-to-3.1.md @@ -0,0 +1,51 @@ +# Notes on upgrading Puppet from 2.7 to 3.1 + +## Bad + +* As usual, you have to upgrade the puppet master first. 2.7 agents can speak + to 3.1 masters just fine, but 3.1 agents cannot speak to 2.7 masters. + +* I tried to upgrade the Puppet master using both `puppet agent` (failed when + package upgrades shut down the puppet master) and `puppet apply` (failed for + Ubuntu-specific reasons outlined below) + +* [This bug](https://projects.puppetlabs.com/issues/19308). + +* You more or less can't upgrade Puppet using Puppet. + +## Good + +* My 2.7 manifests worked perfectly under 3.1. + +* Puppet's CA and SSL certs survived intact and required no maintenance after + the upgrade. + +* The Hiera integration into class parameters works as advertised and really + does help a lot. + +* Once I figured out how to execute it, the upgrade was pretty smooth. + +* No Ruby upgrade! + +* Testing the upgrade in a VM sandbox meant being able to fuck up safely. + [Vagrant](http://www.vagrantup.com) is super awesome. + +## Package Management Sucks + +Asking Puppet to upgrade Puppet went wrong on Ubuntu because of the way Puppet +is packaged: there are three (ish) Puppet packages, and Puppet's resource +evaluation bits try to upgrade and install one package at a time. Upgrading +only "puppetmaster" upgraded "puppet-common" but not "puppet", causing Apt to +remove "puppet"; upgrading only "puppet" similarly upgraded "puppet-copmmon" +but not "puppetmaster", causing Apt to remove "puppetmaster". + +The Puppet aptitude provider (which I use instead of apt-get) for Package +resources also doesn't know how to tell aptitude what to do with config files +during upgrades. This prevented Puppet from being able to upgrade pacakges +even when running standalone (via `puppet apply`). + +Finally, something about the switchover from Canonical's Puppet .debs to +Puppetlabs' .debs caused aptitude to consider all three packages "broken" +after a manual upgrade ('aptitude upgrade puppet puppetmaster'). Upgrading the +packages a second time corrected it; this is the path I eventually took with +my production puppetmaster and nodes. |