• Welcome to the SIMP documentation!
  • 1. Quick Start
  • 2. Changelogs
  • 3. Getting Started
  • 4. User Guide
  • 5. Contributing to SIMP
  • 6. Security Concept of Operations
  • 7. Security Control Mapping
  • 8. Vulnerability Supplement
  • 9. Help
    • Help
    • 9.1. Frequently Asked Questions
      • 9.1.1. SIMP Version Guide
      • 9.1.2. What is the Password Complexity for SIMP?
      • 9.1.3. How can the root user login
      • 9.1.4. Meltdown and Spectre
      • 9.1.5. Why aren’t audit logs being forwarded to syslog?
      • 9.1.6. Puppet-Related Issues
        • 9.1.6.1. Why is my Puppet Agent crashing when run with --debug?
        • 9.1.6.2. When should I run puppet generate types?
      • 9.1.7. Why does SIMP use rsync?
      • 9.1.8. How to recover from SELINUX policy failure
      • 9.1.9. YUM Repo Issues
    • 9.2. Public Resources
    • 9.3. Commercial Resources
  • 10. License
  • 11. Contact
  • 12. Glossary of Terms
 
SIMP
  • Docs »
  • 9. Help »
  • 9.1. Frequently Asked Questions »
  • 9.1.6. Puppet-Related Issues
  • View page source

9.1.6. Puppet-Related Issues¶

  • Why is my Puppet Agent crashing when run with --debug?
  • When should I run puppet generate types?
    • Situations incron handles automatically
    • Situations incron doesn’t handle
      • Generating types manually
      • Automatically generating types after r10k deploy environment

9.1.6.1. Why is my Puppet Agent crashing when run with --debug?¶

The bug FACT-1732 can cause Facter to crash while attempting to print a Bignum-sized number. On 64-bit systems, this is any integer greater than 4611686018427387903 [1].

Note

Facts provided by SIMP’s modules are not affected by FACT-1732.

  • This issue only affects facts introduced from non-SIMP sources.
  • It will cause the commands puppet agent -t --debug and facter -p to fail with errors when they encounter Bignum-sized numeric fact values.
  • You can fix your own facts to avoid FACT-1732 by returning any potentially large numeric value as a String.

Older versions of SIMP and FACT-1732

SIMP modules’ facts haven’t been susceptible to FACT-1732 since SIMP 6.1.0-0. Before that, the shmall and shmax facts from simp-simplib would crash on systems with a lot of memory.

[1]4611686018427387904 == 2 62

9.1.6.2. When should I run puppet generate types?¶

The puppet generate types command addresses the problem of Puppet Environment isolation (SERVER-94) by generating custom type metadata definitions for each environment. The command must therefore be re-run in response to changes in Puppet environments and compilers.

By default, SIMP automates some of these cases using incron triggers. However, there are still some situations where you will have to make sure that puppet generate types is run.

9.1.6.2.1. Situations incron handles automatically¶

By default, SIMP configures the incron daemon to automatically run puppet generate types under either of the following circumstances:

  • The puppet or puppetserver binaries have been updated.
  • A new Puppet environment directory is added to the system.

This behavior is managed by the Puppet class pupmod::master::generate_types.

Differences from Previous versions of SIMP

Earlier versions of simp-pupmod (7.6.0 through 7.7.1, shipped with SIMP 6.2.0-0 through 6.3.1-0) attempted to automatically trigger puppet generate types under every relevant circumstance. However, some of the triggers could add too much load on the system and were removed from the incron’s watchlist.

These situations must be addressed by other means (see below).

9.1.6.2.2. Situations incron doesn’t handle¶

incron does not handle all cases, so you will need to ensure that puppet generate types is after the following events:

  • A new module that includes custom types is added to an existing environment.
  • An existing custom type’s internal code is updated.

9.1.6.2.2.1. Generating types manually¶

You can run the puppet generate types command as root on the Puppet Server. However, in order to ensure that the Puppet Server process can read the generated files, you must also ensure they have the correct ownership and permissions. One way to do this is by running the following command:

(umask 0027 && sg puppet -c 'puppet generate types --environment ENVIRONMENT')

This creates all files with the correct group ownership.

9.1.6.2.2.2. Automatically generating types after r10k deploy environment¶

If you are using r10k to deploy Control Repository branches using r10k deploy environment, you can set the “generate_types” option in the r10k.yaml file to automatically run puppet generate types for each environment after it is deployed:

Inside r10k.yaml:¶
# Important: this option *must* be defined under a top-level `deploy:`
deploy:
  generate_types: true

If you use r10k to deploy modules as root on the Puppet Server, you must ensure that the generated files have the correct ownership and permissions for the Puppet Server process to read them. One way to do this is by running the following command:

( umask 0027 && sg puppet -c '/usr/share/simp/bin/r10k deploy environment production' )

This will deploy the environment with the correct permissions and group ownership. If deploy/generate_types is set to true, it will also generate environment-safe type metadata files with the same permissions and ownership.

Next Previous

© Copyright 2019, THE SIMP TEAM.

Built with Sphinx using a theme provided by Read the Docs.