I have puppet code which automatically installs ifupdown2 on newly provisioned physical servers (along with all other new host configuration). (This is Debian 11 Bullseye.)
However, nearly all of the configuration fails, that's applied after this package is installed, because networking goes down on installation of ifupdown2, and so files can't be downloaded from the puppet server or from apt repos, etc.
Not only that, but Puppet can't self-recover from this. The box has to be handled out of band (i.e. console, ipmi, etc.) to either ifup -a or just reboot so networking will come back up.
I found this is a known issue for ifupdown2 installation: https://www.mail-archive.com/[email protected]/msg1703008.html
The recommendation there is:
For provisioning systems like ansible, puppet etc., I recommend that you set it up to push a script to the node that basically executes the equivalent of "apt-get install ifupdown2 && systemctl restart networking" using nohup or something else to make it not fail if the network itself is down.
My current relevant puppet stanza is just:
package { "ifupdown2":
ensure => 'latest',
}
How should I fix this so the rest of the puppet config will apply correctly, i.e. so that networking will come up as part of applying that one resource?
If you follow the recommendation you have found, you could just restart the networking service after the package installation. This approach requires that the
service{'networking':}is also managed by Puppet.Another method could be using an
execresource:Likewise, you could use an
execto run theifup -a.These might still cause some resources running right after the package update to fail, but will fix the networking for the next Puppet run. If this is not acceptable, you would have to abandon using the
packageresource type for this update altogether. You could replace it with a script that does the update & service restart before ensuring any other resources.