Home / server / Questions / 925053
In Process
mark
Asked: 2018-08-06 23:38:44 +0800 CST

Installing postgres via puppet doesn't refresh package list, install fails

  • 772

I'm on OSX 10.13.6 host running VirtualBox 5.2.16 and vagrant 2.1.2

I'm trying to set up a VM with bento/ubuntu-18.04 using two provisioners:

1) inline shell, to get puppet and the required modules on the system

apt-get install puppet
puppet module install puppetlabs-postgresql

which gives me

/etc/puppet/code/modules
└─┬ puppetlabs-postgresql (v5.7.0)
  ├── puppetlabs-apt (v4.5.1)
  ├── puppetlabs-concat (v4.2.1)
  └── puppetlabs-stdlib (v4.25.1)

2) the puppet provisioning

config.vm.provision "puppet" do |puppet|
  puppet.manifests_path = "vagrant/puppet/manifests/"
  puppet.options = ['--verbose', '--hiera_config /vagrant/vagrant/hiera.yaml']
  puppet.manifest_file  = "test.pp"
end

And, besides the files, this is my most minimalistic manifest producing the problem:

class testproject {
  class { 'postgresql::globals':
    version             => '9.6',
    manage_package_repo => true,
    encoding            => 'UTF8',
  } ->
  class { 'postgresql::server':
    package_ensure          => latest,
    ip_mask_allow_all_users => '0.0.0.0/0',
    listen_addresses        => '*',
  } ->
  postgresql::server::config_entry { 'max_parallel_workers_per_gather':
    value => '2',
  }
  class { 'postgresql::server::contrib':
    package_ensure => latest,
  }
  postgresql::server::db { 'testdb':
    user     => 'testdb',
    password => postgresql_password('testdb', 'testdb'),
    encoding => 'UTF8',
  }

  apt::source { 'elasticsearch':
    location    => 'https://artifacts.elastic.co/packages/5.x/apt',
    release     => 'stable',
    repos       => 'main',
    key         => {
      id     => '46095ACC8548582C1A2699A9D27D666CD88E42B4',
      source => '/vagrant/vagrant/puppet/keys/elasticsearch.gpg',
    },
    include => {
      src => false,
    },
  }
  package { 'elasticsearch':
    ensure  => '5.3.0',
    require => Apt::Source['elasticsearch'],
    notify  => Service['elasticsearch'],
  }
  service { 'elasticsearch':
    ensure     => running,
    enable     => true,
    hasstatus  => true,
    hasrestart => true,
    require    => Package['elasticsearch'],
  }
  file { '/etc/elasticsearch/jvm.options':
    source  => '/vagrant/vagrant/conf/etc-elasticsearch-jvm.options',
    owner   => root,
    group   => elasticsearch,
    mode    => '0660',
    require => [
      Package['elasticsearch'],
    ],
    notify  => Service['elasticsearch'],
  }
}
class { testproject: }

It installs postgres and sets up a user and it installs ElasticSearch 5.3. The issue:

  • only install postgres => works
  • only install ES => works
  • install both, like in the sample => postgres fails, ES works

To me it seems that postgres does not refresh the apt-get cache and thus does not "see" the package and fails.

I've run a complete provisioning with --debug (achtung: ~1.1k lines)
=> https://gist.github.com/mfn/8656324a8dcd736d45035ea8cd0ee74a

The first error is on line 1008:
Error: /Stage[main]/Testproject/Postgresql::Server::Db[testdb]/Postgresql::Server::Role[testdb]/Postgresql_psql[CREATE ROLE testdb ENCRYPTED PASSWORD ****]: Could not evaluate: Error evaluating 'unless' clause, returned pid 14088 exit 1: 'Error: Could not execute posix command: Invalid group: postgres

Invalid group: postgres

Because none of the required postgres packages where instaled, the users weren't created, etc.

But I can see that:

  • source list is added
  • GPG key is imported
  • but somehow the refresh isn't propagated to update the packages

I tried to find problems related to the missing package update and found https://tickets.puppetlabs.com/browse/MODULES-2190

apt::source does not force an 'apt-get update' and fails on first run

And indeed, I was able to get it working by:

  • manually running apt-get update in the VM
  • run provisioning again

In the end this issue links to https://github.com/puppetlabs/puppetlabs-apt#adding-new-sources-or-ppas

I tried modifying the postgres installation to depend on the update like this, but nothing changed:

  class { 'postgresql::server':
    package_ensure          => latest,
    ip_mask_allow_all_users => '0.0.0.0/0',
    listen_addresses        => '*',
    require => Class['apt::update']
  } ->

I also tried adding the example from the docs, without effect:

class testproject {
  Class['apt::update'] -> Package <| provider == 'apt' |>
  class { 'postgresql::globals':

I also wonder I'm missing more explicit resource dependencies here. The postgres part is from an older puppet installation where it worked, but I've yet to figure out if I did something wrong here. Checked with https://forge.puppet.com/puppetlabs/postgresql already a few times.

puppet

1 Answers

  1. Seems I need an explicit dependency to not have the DB user being created before the package is installed; this changed fixed it:

      class { 'postgresql::server':
    package_ensure          => latest,
    ip_mask_allow_all_users => '0.0.0.0/0',
    listen_addresses        => '*',
  } ->
  postgresql::server::db { 'testdb':
    user     => 'testdb',
    password => postgresql_password('testdb', 'testdb'),
    encoding => 'UTF8',
  }

    I.e. adding -> right there.

    Was definitely not "needed" in previous versions but now it seems to be important to have this explicitly stated.

    • 1