-
Notifications
You must be signed in to change notification settings - Fork 566
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Non-atomic default plugins update can cause havoc. #1090
Labels
bug
Something isn't working
Comments
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 21, 2024
… remove, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 21, 2024
… remove, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 21, 2024
… remove, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
zoojar
added a commit
to zoojar/puppet-jenkins
that referenced
this issue
Mar 22, 2024
…move, then move
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
Have a broken download repo/url when this module runs.
What are you seeing
The combined effects of these two bits of code:
https://github.com/voxpupuli/puppet-jenkins/blob/v4.0.0/manifests/plugin.pp#L185-L190
https://github.com/voxpupuli/puppet-jenkins/blob/v4.0.0/manifests/params.pp#L8-L16
Will completely trash a jenkins instance if the plugin download URL is unresponsive at the time it runs. Because the code is not atomic and is prone to dangerous failure if the plugin file download fails. Because it removes critical plugins without replacing them with anything at all, thus placing you in dependency hell for your jenkins instance. Because structs and credentials underpin just about everything useful Jenkins ever does.
What behaviour did you expect instead
To degrade gracefully in the even of a failure to download. Not to delete a plugin until it has already been downloaded to a temporary directory and then move the intermediate version into place live with for example a more atomic 'mv' call, or equivalent puppet resource. Perhaps a defined type might be better here than a chain of exec and archive.
Output log
/Stage[main]/Jenkins::Config/Jenkins::Plugin[credentials]/Archive[credentials.hpi]/ensure)
/Stage[main]/Jenkins::Config/Jenkins::Plugin[structs]/Archive[structs.hpi]/ensure)
Then the rest is in STDOUT etc. My client is pretty sensitive so I can't share much more. Don't think there's a need as this problem is pretty clear.
Any additional information you'd like to impart
You can work around this with hiera:
jenkins::default_plugins: []
And you can, if you have one, just restore a backup of your plugins directory to before the problem happened in order to get functional jenkins back again.
This is particularly bad because it's not at all obvious that this has happened until you really go digging, so not only does it fail to degrade gracefully it can leave you in a mess that is very badly broken and hard to track down. Even if the problem itself can't be fixed, at least some easier to figure out debug information would be good. Although I imagine the problem itself is simple enough to fix in the puppet code.
The text was updated successfully, but these errors were encountered: