Behaviors
1. By default, apply_prep will:
a. Run puppet_agent::version in with default options for all targets
b. Run puppet_agent::install in with default options for all targets that don't have a Puppet agent
2. By default, puppet_agent::install will:
a. Attempt to install a public internet Yum repository
b. Install the latest puppet-agent package (currently 6.7+)
c. NOT attempt to update an existing `puppet-agent` package (bolt#1208)
i. No matter how old it is.
ii. Even without defaults, this behavior cannot be changed
Implications
- Behavior 1 assumes installing software from the public internet is available, permissible, and desirable
- If successful, Behaviors 2a + 2b permanently modify the installed software and repositories on the target OS
- This potentially modifies an approved baseline without appropriate controls
- This potentially modifies an approved baseline without appropriate controls
- These default behaviors are especially problematic, because they are effectively impossible to reconfigure with system or user-level defaults:
- Settings from the "user project directory" (
~/.puppetlabs/bolt/bolt.yaml) are completely ignored when Bolt is run from an embedded or local project directory, - There is no other mechanism to provide user-level default bolt configurations.
- There is no mechanism to provide system-level default bolt configurations at all.
- Settings from the "user project directory" (