Puppet: System Administration Automated

Support

Running Puppet on Gentoo

This page is for the documentation of any caveats or solutions related to running Puppet under Gentoo.

Installation

Installation is simple, Puppet is in the portage tree and can be installed with portage. Puppet is still marked unstable so you will need to add it to /etc/portage/package.keywords. The Puppet portage provider depends on information from a package query tool:eix which needs to be initialized before it is usable. The Puppet ebuild will warn you about this. I'd say provider support is well rounded although lacking in the specific strengths of Gentoo (slots and useflags).

AFAIK there is no support (yet) for any of the alternative package managers.

Caveats

There's a couple of things to look out for when running puppet on gentoo

  • Slots:
    Gentoo has the notion of slots, which allows you to install the same lib with different versions on a system. Puppet has problems with that because it uses the name of a package as an unique identifier. This doesn't work for obvious reasons
  • USE-flags:
    Gentoo has USE-flags which enable or disable functionality in a package at compile aka install time. The package version does not change, but the package functionality might change drastically. The Puppet Gentoo provider has no support for use-flags and puppet thus cannot upgrade or reinstall on a use-flag change. I'm unaware of a elegant way of triggering a reinstall by puppet when change flags.
  • revdep-rebuild
    In some cases you need to run revdep-rebuild after an upgrade of a package, you will need to script this, Puppet nor Gentoo can detect this for you Careless upgrading (with Puppet) can trigger huge problems. (for example do an incompatible upgrade of openssl and see what fails and whether or not you can still login).
  • eix-update
    The Puppet provider uses eix to query information about packages. eix uses a database for fast lookups. Keeping Puppet informed of possible upgrades and installed packages needs regular runs of eix-update.

Bug Resolutions

  • "ensure => latest" seems to force recompile of packages, even when current
    • This is caused by a bug in eix which, though passed --no-color as an option, renders ANSI color codes in the output. To resolve, upgrade eix to a version >= 0.9.4.
    • AFAIK this still doesn't solve the entire problem, in some cases, particularly with slots involved eix will output multiple possible package versions confusing puppet into recompiling every run
    • This could also be caused by resource clashing as discussed here ImprovedResourceIdentification. Specifying packages like the following solved an issue I was facing with repeated upgrading of dev-db/mysql (v5.0.44) because puppet thought the currently installed MySQL was v5.0 (virtual/mysql 5.0): 
      package { "dev-db/mysql":
    name => "mysql",
    category => "dev-db",
    ensure => latest
}