Best practice for puppet agent (minor) version updates?

asked 2016-09-22 15:07:50 -0600

Greetings - What is the prevailing opinion on a package update strategy for the puppet agent? This would be applying updates within the same code stream (e.g. 4.5.3 -> 4.6.2), not updating between major versions. Is it recommended to just update periodically to the latest version from the repo or to lock in at a specific version so that you can have a bit more control and keep in sync with the puppet server/master?

Also, (for RHEL, which we are using) the documentation only recommends updating using the repo package. That's fine, but I wonder if anyone is downloading the version-specific RPM for the puppet agent and updating from that file? It will technically work, but not sure if it's recommended. With RHEL and yum, you can update from repo and use the versionlock plugin which works fine too.

I'm just starting out and we have a small number of nodes but will be rolling out the agents to larger numbers of servers over time. I'd like to have a currency/update process that's easily supportable if possible. I'm interested in learning how teams with large enterprises under Puppet are handling this. Thanks!

edit retag flag offensive close merge delete

Comments

https://docs.puppet.com/puppet/latest/reference/puppet_collections.html whenever something's gonna break compatibility they're introduce a new PC number.

Kai Burghardt gravatar imageKai Burghardt ( 2016-09-26 10:43:21 -0600 )edit

Thanks... So are you implying that it's pretty much standard to always get the latest? That's what I planned to do originally but thought maybe it would be safer to manage the agent version a bit more closely. That way the agent version doesn't accidentally get ahead of the puppet server version.

vschaeff gravatar imagevschaeff ( 2016-09-26 17:28:48 -0600 )edit

That depends. Where do you want to appear a failed package update in your monitoring? I tend to Package { ensureĀ => present } on large set-ups and use unattended-upgrade instead. It doesn't unnecessarily blow up the puppet run duration.

Kai Burghardt gravatar imageKai Burghardt ( 2016-09-26 22:31:46 -0600 )edit

Thanks for your input on this.

vschaeff gravatar imagevschaeff ( 2016-09-27 06:17:06 -0600 )edit