Roundtable: - people using puppet in personal, community (e.g. tails) and/or professional contexts - puppet maintainers team (apoikos: puppet+facter packages, no modules) - facter in stretch-backports (olasd) - openstack maintainer, upstream puppet-openstack project + Debian packaging of these puppet modules to be used in openstack-cluster-installer (version 2 currently in Sid), contribution very much welcome (zigo) - puppet for desktop machines for end-users + shared puppet modules group (https://forge.puppet.com/smash) (pollo) Agenda: - current status of puppet packages, history - what's up for buster? (puppetdb == pain) - AoB # Current status of puppet packages Latest stable upstream releases are packaged for unstable (puppet, facter, ...). Upstream is moving from Ruby to Clojure for the master processes. The Ruby Puppetmaster is officially deprecated (which was already the case for stretch), we should be using the Clojure Puppet Server. The ruby puppetmaster code is still available and works. Apoikos worked on a rack middleware to route puppet 3 endpoints to the puppet4 endpoints. Puppet 5 seems to be happily working in unstable. Puppet 6 is a large unknown for now, release is expected for the fall, which means that we should be able to release buster with Puppet 6. The DSL for Puppet 6 should be similar to the one used in Puppet 4. - Upstream says that they will try to split puppet types (e.g. like Nagios) into separate modules Sofar the following types seem to have been removed from master and split out to standalone modules - mount (https://github.com/puppetlabs/puppetlabs-mount_core) - zfs (https://github.com/puppetlabs/puppetlabs-zfs_core) - selinux (https://github.com/puppetlabs/puppetlabs-selinux_core) - augeas (https://github.com/puppetlabs/puppetlabs-augeas_core) - nagios (https://github.com/puppetlabs/puppetlabs-nagios_core) - sshkeys (https://github.com/puppetlabs/puppetlabs-sshkeys_core) - cron (https://github.com/puppetlabs/puppetlabs-cron_core) - host (https://github.com/puppetlabs/puppetlabs-host_core) - ... Upstream says these modules will be included in puppet-agent at packaging time; it remains to be seen if this includes the official tarballs as well, and if not, whether we'll bundle them ourselves or use individual packages. # Puppet Server / PuppetDB Neither Puppet server, nor PuppetDB are required to run a puppet master. Upstream says the Ruby master code is deprecated and supports only Puppet Server, but for the time being the rack master code works fine for the time being. Future development might lead to features being available only on Puppet Server, so we should keep an eye open. - Puppet server is not a required goal for Buster. The current goal is to try to get backports in Buster to help spread out the work in time. + This is partly because of doubts about the stability of rjuby in Debian. - PuppetDB is a prerequisite if you want to use exported resources - nice centralised point to get info about your infra - PuppetDB is a glorified JSON-RPC API over Postgres - PuppetDB packaging status + Whole server process is implemented in Clojure + Clojure ecosystem in Debian is young + There is a PuppetDB cli written in Rust (https://github.com/puppetlabs/puppetdb-cli) + Sprint last year during DebConf17, required packaging ~70 dependencies + Since then PuppetDB is in unstable, but has never migrated to testing + PuppetDB packages in unstable are currently broken * The problem seems to come from broken java dependencies that require new upstream versions that require some 10 more deps * Ideally, the Clojure rdeps would benefit from having debhelper/leinengen integration * Worst case scenario for Buster would have an installer in contrib that fetches the jar files and tries to make it Debian friendly + RC bugs holding PuppetDB back: https://bugs.debian.org/878193 https://bugs.debian.org/884186 https://bugs.debian.org/825501 https://bugs.debian.org/850798 https://bugs.debian.org/875365 https://bugs.debian.org/880320 https://bugs.debian.org/880351 https://bugs.debian.org/889125 https://bugs.debian.org/896991 Actionables: - Coordinate w/ java and clojure teams - Track progress on a wiki page (coordinate work there) Ressources: - The Tails project _might_ be able to finance some of the packaging work to get a working PuppetDB in Buster # Hiera Puppet 4.8 includes Hiera 4, but there is still a hiera package in stretch. Puppet uses puppet_lookup internally with the 'new' version of Hiera, but calling hiera manually on the command line uses the 'old' hiera. - The reason the hiera package is being kept in Debian is for legacy support # Puppet EOL (see https://groups.google.com/forum/#!topic/puppet-dev/uNoCQu6rcFU) Puppet 4 is EOL by the end of 2018 Puppet 6 should last the whole Buster life-cycle The 'good news' is that we don't really get support from Puppet upstream, so the EOL dates don't really matter for us. # Who's doing what - olasd: backports + clojure - apoikos: clojure (dh_leiningen) + puppetdb + wiki stuff (puppet master, clojure workflows), mailing list notes - georg: backports, ruby libs - rbalint: ubuntu deltas - intrigeri & pollo: early testing - zigo : IRC channel (#debian-puppet @ OFTC)