The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:

Bug #15735

Deprecate 'puppet kick' run mode

Added by eric sorenson almost 4 years ago. Updated over 2 years ago.

Status:Re-openedStart date:07/30/2012
Priority:HighDue date:
Assignee:eric sorenson% Done:

0%

Category:agent
Target version:3.x
Affected Puppet version: Branch:https://github.com/puppetlabs/puppet/pull/1129
Keywords:telly_deprecation

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket is now tracked at: https://tickets.puppetlabs.com/browse/PUP-1135


Description

People interested in puppet kick functionality should set up mcollective. Supporting it causes problems like #10418. Let’s consider removing it for Telly.


Related issues

Related to Puppet Documentation - Feature #15954: Create page to explain deprecation of the 'puppet kick' r... Rejected 08/14/2012
Related to Puppet Documentation - Bug #15838: Puppet Windows Service doesn't support listen=true Closed 08/06/2012

History

#1 Updated by eric sorenson over 3 years ago

  • Status changed from Needs Decision to Accepted
  • Target version changed from 3.x to 3.0.0

Yes, puppet kick should start deprecation in telly.

#2 Updated by eric sorenson over 3 years ago

  • Assignee changed from eric sorenson to Anonymous

#3 Updated by Anonymous over 3 years ago

We should:

  • Single-line deprecation warning when puppet kick is run.
  • Single-line deprecation warning when agent is invoked with listen flag.
  • One good page on our website talking about why and what to do next (we’ll need a ticket for this).

#4 Updated by Anonymous over 3 years ago

  • Assignee deleted (Anonymous)

#5 Updated by eric sorenson over 3 years ago

  • Assignee set to eric sorenson
  • Priority changed from Normal to High

First we need a doc page that indicates what the replacement path for the deprecation is.

#6 Updated by Anonymous over 3 years ago

I’ve create a link to point to the deprecation information: http://links.puppetlabs.com/puppet-kick-deprecation

Right now it just points to this bug report, but once #15954 is done it should point to the page created for that.

#7 Updated by Henrik Lindberg over 3 years ago

  • Branch set to https://github.com/puppetlabs/puppet/pull/1121

Fixed in pull request.

#8 Updated by Henrik Lindberg over 3 years ago

  • Status changed from Accepted to In Topic Branch Pending Review

#9 Updated by Henrik Lindberg over 3 years ago

  • Branch changed from https://github.com/puppetlabs/puppet/pull/1121 to https://github.com/puppetlabs/puppet/pull/1127

#10 Updated by Henrik Lindberg over 3 years ago

  • Branch changed from https://github.com/puppetlabs/puppet/pull/1127 to https://github.com/puppetlabs/puppet/pull/1129

#11 Updated by Anonymous over 3 years ago

  • Status changed from In Topic Branch Pending Review to Merged - Pending Release

#12 Updated by Matthaus Owens over 3 years ago

  • Status changed from Merged - Pending Release to Closed

Released in Puppet 3.0.0-rc7

#13 Updated by Jo Rhett over 3 years ago

I am deeply amused that you have deprated this behavior, without any timeline for having puppet control working in mcollective. Nice job.

You can no longer use X in v3, you must use Y. Y does not yet support v3, you must use X.

Sweet.

#14 Updated by R.I. Pienaar over 3 years ago

@jo if you want to test there is a new in-progress agent @ https://github.com/ripienaar/mcollective-puppet-agent capable of managing Puppet 2 and 3, it lacks the ‘mco puppet’ command but the README shows typical use cases while we work on that.

#15 Updated by Jo Rhett about 3 years ago

Always fun to deprecate something, disable it, and 6 months later there’s still no documentation about the process for replacing it.

For example:

  1. The puppet agent is great, but it doesn’t document that you need direct_addressing enabled (which is not a default) in order for it to work.

  2. Does this disable /run entirely? Can this be removed from auth.conf?

  3. Someone really should document a best practice for managing/balancing cron jobs for the puppet daemon, or whatever the recommended solution is. Tons of stuff dated back to .24 days out there — is a cron job with fqdn_rand(30) current best practice?

  4. Is there any functionality for setting puppet options on a per-run basis, ie “mco puppet runonce —ignoreschedules” or “—config ignoreschedules=1” or whatever?

#16 Updated by R.I. Pienaar about 3 years ago

Jo Rhett wrote:

Always fun to deprecate something, disable it, and 6 months later there’s still no documentation about the process for replacing it.

For example:

  1. The puppet agent is great, but it doesn’t document that you need direct_addressing enabled (which is not a default) in order for it to work.

the readme is on github, send a pull request, it’s the open source way.

  1. Is there any functionality for setting puppet options on a per-run basis, ie “mco puppet runonce —ignoreschedules” or “—config ignoreschedules=1” or whatever?

we wont allow arbitrary arguments, but happy to add more based on feature requests

#17 Updated by Jo Rhett about 3 years ago

Sorry, I will send patches for various things but it won’t be this month. buried

I’m making suggestions for ways to improve the experience for others. I found it frustrating to flounder through each of these.

Feature request: “—ignoreschedules” is something absolutely essential for us. I’ve got a bastard patch that you’d hate, but I think others would prefer official support.

#18 Updated by Nikita Stupin over 2 years ago

  • Status changed from Closed to Re-opened
  • Target version changed from 3.0.0 to 3.x

Please not deprecate puppet kick. We use puppet in some our projects, and not use mcollective, also don’t plan use mcollective. Why? Mcollective is require mq (activemq/rabbitmq & etc) and provides unneeded functionality. We can use one function from mcollective – puppet agent runonce, but why do we need to install extra software, and extra daemon on each agent?

#19 Updated by Markus Joosten over 2 years ago

I can only agree to what Nikita said. Mcollective has such a huge overhead, since it is relies on ActiveMQ which is a Java application after all. Most of our systems do not have Java installed (for several purposes, security being only one of those reasons!) and with the current puppet kick functionality we can at least trigger our puppet agents to run.

Just out of curiosity, what is the current reason for deprecating the kick functionality? Is it to hard to maintain code-wise? Does it lack some critical features? Security issues?

The referenced bug #10418 seems to be resolved.

#20 Updated by Jo Rhett over 2 years ago

You only need java and activemq on a single system, not every system. Unless you have tens of thousands of systems (wherein you wouldn’t be arguing for puppet kick anyway) activemq’s resource consumption will be neglible. For less than a thousand systems IMHO you can safely stick this on any other host in your puppet architecture: puppetmaster, dashboard, puppetdb, etc. It has near-zero I/O requirements except on the network interface.

Seriously:

$ ps -U activemq -u activemq -o cp,pcpu,pmem,rss,stat,f,etime,cputime,cmd
 CP %CPU %MEM   RSS STAT F     ELAPSED     TIME CMD
  0  0.0  0.0   1268 Sl  1 16-13:31:12 00:04:19 /usr/sbin/tanukiwrapper /usr/share/activemq/conf/activemq-wrapper.conf wrapper.syslog.ident=activemq wrapper.pidfile=/var/run/activemq/activemq.pid wrapper.daemonize=TRUE
  1  0.1  1.2 204968 Sl  0 16-13:31:12 00:25:55 java -Dactivemq.home=/usr/share/activemq -Dactivemq.base=/usr/share/activemq -Dcom.sun.management.jmxremote -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Xmx512m -Dja

#21 Updated by Aleksey Zhukov over 2 years ago

Did I get it right, that the problem is not with kick but with listener part, and the problem is having a network server in a privileged process and exposing a whole Puppet::Network::HTTP::WEBrickREST just to serve the run indirection? Insecure, has some overhead but doesn’t look like a terrible hack to me. Or there are other issues with that?

As for MCollective – it has much worse overhead, mostly cognitive one – you have to grok it and deploy. A tiny DYI server that’d send HUP on authenticated request or maybe even a xinetd or, possibly, knockd could replace kick, without a hassle of having MCollective deployment just to trigger Puppet agents.

#22 Updated by Anonymous over 2 years ago

Redmine Issue #15735 has been migrated to JIRA:

https://tickets.puppetlabs.com/browse/PUP-1135

Also available in: Atom PDF