Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Behaviors

1. By default, apply_prep will:

a. Run puppet_agent::version in with default options for all targets

b. Run puppet_agent::install in with default options for all targets that don't have a Puppet agent


2. By default, puppet_agent::install will:

a. Attempt to install a puppet collection RPM

       i.  RPM installs from https://yum.puppet.com on the public internet

       ii. The Yum repository contains the puppet-agent RPM

b. Install the latest puppet-agent package (currently 6.7+)

       i. RPM installs from https://yum.puppet.com on the public internet

       ii. Based on the puppet collection RPM and the RPMs available from the target's other Yum repos

c. NOT attempt to update an existing `puppet-agent` package (bolt#1208)

i.  No matter how old it is.
ii. Even without defaults, this behavior cannot be changed

Implications

  1. Behavior 1 assumes installing software from the public internet is available, permissible, and desirable

  2. If successful, Behaviors 2a + 2b permanently modify the installed software and repositories on the target OS
    1. This potentially modifies an approved baseline without appropriate controls

  3. These default behaviors are especially problematic, because they are effectively impossible to reconfigure with system or user-level defaults:
    1. Settings from the "user project directory" (~/.puppetlabs/bolt/bolt.yaml) are completely ignored when Bolt is run from an embedded or local project directory, 
    2. There is no other mechanism to provide user-level default bolt configurations.
    3. There is no mechanism to provide system-level default bolt configurations at all.
  • No labels