foreman-installer package today, through the kafo library, defaults to relying on the puppet-agent AIO package to handle parsing parameters and running
puppet apply. This enforces a heavy reliance on production of the puppet-agent AIO package by Puppetlabs and leads to Ruby environment issues if attempting to use an SCL for newer Ruby versions.
- Package puppet gem for SCL on EL7
- Switch installer to use puppet from RPM install or gem in Debian case
This would enable:
- Drops reliance on puppet-agent packaging for newer versions of puppet, and for OSes that there is no puppet-agent package for (e.g. Z systems)
- Simplifies installer to rely on packages we package only
- Allows moving installer to SCL on EL7 systems and use newer Ruby
The current design of the installer relies on kafo via the kafo_parsers project to determine the puppet bin path to use when parsing parameters or running puppet apply. In particular, this bin path calculation checks for existence of the AIO puppet package and then defaults to system puppet.
- Couldn’t we just install and use system puppet then?
If Puppetserver is being used on the same box as Foreman or a Smart Proxy, the current installer would default to using the installed puppet-agent package instead of the intended puppet gem install. This could lead to differences in versions of Puppet used by the installer and generate bug reports.
- Can we just always use system puppet for a minimum version of puppet?
On Debian this might would work, but on EL7 the system Ruby is 2.0 which is too old for newer Puppet. The Puppet gem would need to be packaged for an SCL Ruby the same as the installer, Foreman, and the Proxy.
- Sounds simple enough, what’s the rub?
SCLs create a context that must be enabled to ensure that the pathing is correct for a given binfile. Further, the way
kafo use puppet as an executable to shell out to requires that simple
puppet cannot be used. Similar to how we have to handle commands like
rake on a Foreman install on EL7, we need a wrapper on El7. The wrapper would like something like:
#!/bin/bash source scl_source enable tfm exec puppet "$@"
This could be named and deployed as
foreman-installer-puppet and relied upon. This would, however, create a difference between EL7 and Debian in terms of the executable being relied upon. We ought to be able to detect this and have fall backs such that this can work in all environments.
Adding a link to some technical implementation I used for testing this strategy could actually work. This is a link to an RPM packaging PR and some kafo updates to choose this path if its available: