https://tylercipriani.com/tags/configuration-management/ Tyler Cipriani ikiwiki Tue, 14 Feb 2017 15:11:05 +0000 https://tylercipriani.com/blog/2015/05/23/Puppet-Apt-get-update-Source-lists-and-Dumbness/ https://tylercipriani.com/blog/2015/05/23/Puppet-Apt-get-update-Source-lists-and-Dumbness/ Tyler Cipriani computing configuration-management Sat, 23 May 2015 00:00:00 +0000 2017-02-14T15:11:05Z <p>Configuration management software is nice because it lets you be a little dumb. Puppet, Chef, Ansible, and Salt have all managed to smooth down many of the rough edges that were ubiquitous in the terrible bash and perl scripts used for old-time, ad-hoc configuration management.</p> <p>My main problem with configuration management software is that <em>I’m still dumb</em>. I’m still dumb and there are now new, non-obvious, ways to be dumb.</p> <p>One non-obvious example is below:</p> <div class="sourceCode" id="cb1"><pre class="sourceCode numberSource ruby numberLines"><code class="sourceCode ruby"><a class="sourceLine" id="cb1-1" title="1">package { <span class="st">&#39;apache&#39;</span>:</a> <a class="sourceLine" id="cb1-2" title="2"> <span class="kw">ensure</span> =&gt; installed,</a> <a class="sourceLine" id="cb1-3" title="3"> require =&gt; <span class="dt">File</span>[<span class="st">&#39;/etc/apt/sources.list.d/some_source.list&#39;</span>]</a> <a class="sourceLine" id="cb1-4" title="4">}</a> <a class="sourceLine" id="cb1-5" title="5"></a> <a class="sourceLine" id="cb1-6" title="6">file { <span class="st">&#39;/etc/apt/sources.list.d/some_source.list&#39;</span>:</a> <a class="sourceLine" id="cb1-7" title="7"> notify =&gt; <span class="dt">Exec</span>[<span class="st">&#39;apt-get update&#39;</span>],</a> <a class="sourceLine" id="cb1-8" title="8"> source =&gt; ...</a> <a class="sourceLine" id="cb1-9" title="9">}</a> <a class="sourceLine" id="cb1-10" title="10"></a> <a class="sourceLine" id="cb1-11" title="11">exec { <span class="st">&#39;apt-get update&#39;</span>: }</a></code></pre></div> <p>On the surface, this little contrived example seems fine: Apache requires a special source, adding that source triggers an <code>apt-get update</code>. Therefore, before Apache is installed, our sources list should be up-to-date, right? Wrong.</p> <p>The problem here is subtle: the <code>notify =&gt; Exec['apt-get update']</code> in the file resource means that the file <code>"/etc/apt/sources.d/${name}.list"</code> has to exist before <code>apt-get update</code> is run. Adding <code>require =&gt; File['/etc/apt/sources.list.d/some_source.list']</code> to the Apache package means that it will be installed only after <code>"/etc/apt/sources.d/${name}.list"</code> gets added.</p> <p><strong>HOWEVER</strong>, the Apache package, currently, has no relationship with <code>apt-get update</code>. This means Puppet may try to install the Apache package <em>after</em> adding <code>/etc/apt/sources.d/some_source.list</code>, but <em>before</em> running <code>apt-get update</code>.</p> <p>While the short example above is not a problem in isolation, it <em>can be</em> a problem in a larger manifest. Puppet will succeed with some packages, fail in others, then create <a href="http://en.wikipedia.org/wiki/Dependency_hell">unresolvable dependency conflicts</a> on the next run (after <code>apt-get update</code> has run).</p> <blockquote> <p><strong>Edit</strong>—2016-03-20</p> <p>This relationship is easier to see when you take advantage of puppet’s <code>--graph</code> ability:</p> <div class="sourceCode" id="cb2"><pre class="sourceCode bash"><code class="sourceCode bash"><a class="sourceLine" id="cb2-1" title="1"><span class="ex">puppet</span> apply --graph test.pp dot -Tpng /var/lib/puppet/state/graphs/relationships.dot -o Pictures/relationships.png</a></code></pre></div> <p><img src="https://tylercipriani.com/static/images/2016/2016-03-20_puppet-dot.png" alt="Puppet relationship graph" /><br /> </p> </blockquote> //tylercipriani.com/blog/2015/05/23/Puppet-Apt-get-update-Source-lists-and-Dumbness/#comments