Created attachment 550142 [details] Patch for #11414 rebased for 2.6.x Description of problem: The Augeas provider shipped in Puppet doesn't compare the Augeas version number properly, affecting the latest release 0.10.0. This causes it to use fallback code for pre-0.3.6 releases and so Augeas resources will show as changed on every run. Version-Release number of selected component (if applicable): Puppet 2.6.x, in Fedora 15, 16 and rawhide. Puppet 2.7.10 for the 2.7.x series should carry the fix. How reproducible: Always. Steps to Reproduce: 1. Install puppet, ruby-augeas 2. mkdir -p /tmp/fakeroot/etc && cp /etc/hosts /tmp/fakeroot/etc/ 3. Create test.pp: augeas { "11414": root => "/tmp/fakeroot", context => "/files/etc/hosts", changes => "set *[ipaddr = '127.0.0.1']/canonical example.com", } 4. puppet apply test.pp 5. puppet apply test.pp (again) Actual results: $ puppet apply test.pp notice: /Stage[main]//Augeas[11414]/returns: executed successfully notice: Finished catalog run in 0.58 seconds $ grep 127.0.0.1 /tmp/fakeroot/etc/hosts 127.0.0.1 example.com localhost.localdomain localhost $ puppet apply test.pp notice: /Stage[main]//Augeas[11414]/returns: executed successfully notice: Finished catalog run in 0.58 seconds Expected results: $ puppet apply test.pp notice: /Stage[main]//Augeas[11414]/returns: executed successfully notice: Finished catalog run in 0.86 seconds $ grep 127.0.0.1 /tmp/fakeroot/etc/hosts 127.0.0.1 example.com localhost.localdomain localhost $ puppet apply test.pp notice: Finished catalog run in 0.30 seconds The second run shouldn't result in another "executed successfully" change as the change had already been made. Additional info: Upstream bug: http://projects.puppetlabs.com/issues/11414 No further releases of 2.6.x are expected by upstream, but Augeas 0.10.0 has been pushed to Fedora so it affects us.
This is affecting my production systems running EL5. Could we please have a build with the patch included for EL5, EL6 and Fedora? Thanks.
I merged the changes into puppet-2.6.x and built some packages for local testing the other day, but haven't had time to smoke test them yet. I did not realize that EL5 and 6 were also being updated to newer augeas from this bug. Thanks for letting me know that. The scratch builds for Fedora and EPEL are here, if you're itching to grab and test them: http://koji.fedoraproject.org/koji/tasks?state=all&owner=tmz&view=tree&method=all&order=-id
Charles, Where are you seeing ruby-augeas >= 0.10 in EPEL? I'm not seeing them: $ koji latest-pkg dist-5E-epel-testing-candidate ruby-augeas Build Tag Built by ---------------------------------------- -------------------- --------------- ruby-augeas-0.4.1-1.el5 dist-5E-epel lutter $ koji latest-pkg dist-6E-epel-testing-candidate ruby-augeas Build Tag Built by ---------------------------------------- -------------------- --------------- ruby-augeas-0.3.0-2.el6 dist-6E-epel-testing kanarip (It's a bit odd that EL-6 is older than EL-5, but that's another matter.)
(In reply to comment #3) > Charles, > > Where are you seeing ruby-augeas >= 0.10 in EPEL? I'm not seeing them: > > $ koji latest-pkg dist-5E-epel-testing-candidate ruby-augeas > Build Tag Built by > ---------------------------------------- -------------------- --------------- > ruby-augeas-0.4.1-1.el5 dist-5E-epel lutter > > $ koji latest-pkg dist-6E-epel-testing-candidate ruby-augeas > Build Tag Built by > ---------------------------------------- -------------------- --------------- > ruby-augeas-0.3.0-2.el6 dist-6E-epel-testing kanarip ruby-augeas is a separate package that provides ruby bindings from the C library. EL4 and EL5 are the only two EPEL distros to worry about that will have Augeas 0.10.0: $ koji latest-pkg dist-5E-epel-testing-candidate augeas Build Tag Built by ---------------------------------------- -------------------- ---------------- augeas-0.10.0-2.el5 dist-5E-epel lutter $ koji latest-pkg dist-4E-epel-testing-candidate augeas Build Tag Built by ---------------------------------------- -------------------- ---------------- augeas-0.10.0-2.el4 dist-4E-epel lutter > (It's a bit odd that EL-6 is older than EL-5, but that's another matter.) Augeas is included in EL6 itself (currently 0.9.0) and so EPEL for EL4/5 is moving a bit faster. #771174 is tracking an update of ruby-augeas for EL6.
Gotcha. I missed the fact that ruby-augeas wasn't part of augeas. I found that out in some testing now as well. I don't plan to update puppet in EL4 anymore. It's on 0.25.6 now and will stay there until it reaches EOL in a month or so. I'll push puppet-2.6.13-1 to testing for Fedora and EPEL soon. This will include the backported changes from 2.7.x. In order for these to apply, a few other augeas changes had to be pulled in as well. The upstream tickets these changes address: http://projects.puppetlabs.com/issues/2728 http://projects.puppetlabs.com/issues/2744 http://projects.puppetlabs.com/issues/8808 And, of course, the subject of this bug: http://projects.puppetlabs.com/issues/11414
The augeas-libs subpackage of augeas is the problem I believe, since that is the one that was updated when things broke: Jan 04 05:05:57 Updated: augeas-libs-0.10.0-2.el5.x86_64 #rpm -qi augeas-libs Name : augeas-libs Relocations: (not relocatable) Version : 0.10.0 Vendor: Fedora Project Release : 2.el5 Build Date: Mon 05 Dec 2011 03:00:33 PM EST Install Date: Wed 04 Jan 2012 05:05:38 AM EST Build Host: x86-05.phx2.fedoraproject.org Group : System Environment/Libraries Source RPM: augeas-0.10.0-2.el5.src.rpm Size : 1124707 License: LGPLv2+ Signature : DSA/SHA1, Tue 06 Dec 2011 01:38:25 PM EST, Key ID 119cc036217521f6 Packager : Fedora Project URL : http://augeas.net/ Summary : Libraries for augeas Description : https://admin.fedoraproject.org/pkgdb/acls/name/augeas https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5192/augeas-0.10.0-2.el5
(In reply to comment #5) > I'll push puppet-2.6.13-1 to testing for Fedora and EPEL soon. This will > include the backported changes from 2.7.x. In order for these to apply, a few > other augeas changes had to be pulled in as well. The upstream tickets these > changes address: > > http://projects.puppetlabs.com/issues/2728 > http://projects.puppetlabs.com/issues/2744 > http://projects.puppetlabs.com/issues/8808 That seems like quite a lot. To be honest, I'm not too comfortable with the Augeas provider in 2.7.x so wouldn't suggest you pull it all in right now. I forgot to mention it in my description, but did you see the attached patch? It should be just the few key lines applicable to 2.6.x.
I have locally built a puppet-2.6.12-1.1.el5 that adds one patch: https://github.com/domcleal/puppet/commit/e3fc5c49.patch I've been running with this for a couple hours now. It solves the problem and hasn't caused any new problems that I've noticed.
Created attachment 550766 [details] Fixes for augeas provider from 2.7.x (In reply to comment #7) > (In reply to comment #5) > > I'll push puppet-2.6.13-1 to testing for Fedora and EPEL soon. This will > > include the backported changes from 2.7.x. In order for these to apply, a few > > other augeas changes had to be pulled in as well. The upstream tickets these > > changes address: > > > > http://projects.puppetlabs.com/issues/2728 > > http://projects.puppetlabs.com/issues/2744 > > http://projects.puppetlabs.com/issues/8808 > > That seems like quite a lot. To be honest, I'm not too comfortable with the > Augeas provider in 2.7.x so wouldn't suggest you pull it all in right now. The diff is not all that bad, really. And it pulls in a few fixes that I can easily see folks filing other puppet bugs to resolve. Looking at this patch, are you still opposed to the changes? (I'm not pulling in the entirety of the 2.7.x augeas provider.) I also pushed the changes in git about 5 minutes before I saw your comment. I can revert them if needed and push a new build to rawhide, but I'd rather do that only if the changes I pulled in are badly broken or cause undesirable behaviour changes. > I forgot to mention it in my description, but did you see the attached patch? > It should be just the few key lines applicable to 2.6.x. Crap, I missed that.
(In reply to comment #9) > Created attachment 550766 [details] > Fixes for augeas provider from 2.7.x > > (In reply to comment #7) > > (In reply to comment #5) > > > I'll push puppet-2.6.13-1 to testing for Fedora and EPEL soon. This will > > > include the backported changes from 2.7.x. In order for these to apply, a few > > > other augeas changes had to be pulled in as well. The upstream tickets these > > > changes address: > > > > > > http://projects.puppetlabs.com/issues/2728 > > > http://projects.puppetlabs.com/issues/2744 > > > http://projects.puppetlabs.com/issues/8808 > > > > That seems like quite a lot. To be honest, I'm not too comfortable with the > > Augeas provider in 2.7.x so wouldn't suggest you pull it all in right now. > > The diff is not all that bad, really. And it pulls in a few fixes that I can > easily see folks filing other puppet bugs to resolve. Looking at this patch, > are you still opposed to the changes? (I'm not pulling in the entirety of the > 2.7.x augeas provider.) > > I also pushed the changes in git about 5 minutes before I saw your comment. I > can revert them if needed and push a new build to rawhide, but I'd rather do > that only if the changes I pulled in are badly broken or cause undesirable > behaviour changes. I wouldn't say it's badly broken and I can't foresee any problems using those patches in isolation. That said, it seems odd to me to bring in half of the 2.7.x features/changes to the provider as it'll leave the package at a halfway point that we haven't tested at all - given there have been a number of other commits to it in 2.7.x upstream. I'd feel more comfortable if it was either 2.6.x or 2.7.x.
Sorry for another reply, just seen something else. (In reply to comment #9) > I also pushed the changes in git about 5 minutes before I saw your comment. I > can revert them if needed and push a new build to rawhide, but I'd rather do > that only if the changes I pulled in are badly broken or cause undesirable > behaviour changes. One of the changes, #2744 is a bit scary. If you read the release notes for 2.7.8: http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#Display-file-diffs-through-the-Puppet-log-system "We now send file diffs through our regular logging system, so that they can be viewed in reports and logs. Note that this may have security implications if reports are being sent to an untrusted destination, as Puppet now exposes partial file contents in reports." It also changed the behaviour of noop according to the RC release notes: "As of 845825a, file diffs are now logged, rather than printed to console. Because log messages may be stored and more broadly readable, we no longer implicitly set show_diff in noop mode." If you don't mind, I think it's probably best to take the smaller patch and leave these sort of surprises to the 2.6.x -> 2.7.x jump.
The show-diff stuff can be disabled in puppet.conf by default (IIRC). It's not really a behavioral change, it's more like a new feature with optional behavior change. :) I'm happy to discuss that more out-of-band. (I wrote those release notes, so it might just be that I didn't articulate them very well)
Yeah, you're completely correct Dominic. I've reverted master to the minimal patch you made and am building for Fedora and EPEL now. Thanks for all the help here, to you and Charles. Sadly, since augeas-0.10 is already in stable and I'm only just now pushing puppet to -testing, it's going to be broken for at least a few days or so. I forget at this point what the EPEL enforcement is for pushing to stable. Without karma, I think it's 2 weeks. I don't know what it is with karma. And I don't want to just shove this through to stable too fast and find we break other things. It's unfortunate that no one pointed this out while augeas was still in testing. :(
puppet-2.6.13-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/puppet-2.6.13-2.fc15
puppet-2.6.13-2.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/puppet-2.6.13-2.el6
puppet-2.6.13-2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/puppet-2.6.13-2.fc16
puppet-2.6.13-2.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/puppet-2.6.13-2.el5
(In reply to comment #13) > Sadly, since augeas-0.10 is already in stable and I'm only just now pushing > puppet to -testing, it's going to be broken for at least a few days or so. I > forget at this point what the EPEL enforcement is for pushing to stable. > Without karma, I think it's 2 weeks. I don't know what it is with karma. And > I don't want to just shove this through to stable too fast and find we break > other things. It's unfortunate that no one pointed this out while augeas was > still in testing. :( That was my fault, I should have put two and two together after testing the Augeas 0.10.0 package and then separately providing the fix for the bug upstream. Apologies for the disruption.
Package puppet-2.6.13-2.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing puppet-2.6.13-2.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0028/puppet-2.6.13-2.el6 then log in and leave karma (feedback).
puppet-2.6.13-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
puppet-2.6.13-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
puppet-2.6.13-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
puppet-2.6.13-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.