Puppet: How to skip restart during package upgrade until config is replaced?

apt puppet ubuntu varnish

I'm trying to get Puppet to upgrade our Varnish 3 servers to Varnish 4, a major update which requires an updated config file or it won't start. This is on Ubuntu 12.04.

The Varnish module is essentially built with these classes and dependencies:

Class['varnish::repo']
-> Class['varnish::install']
-> Class['varnish::tools']
-> Class['varnish::config']
~> Class['varnish::service']

I've updated the Apt-repo URL in varnish::repo, set ensure=>latest in varnish::install and provided an updated config file to varnish::config. So far so good.

When Puppet runs these dependencies, the run fails at the varnish::install stage because Apt tries to restart the Varnish daemon immediately after upgrading it, not giving Puppet the chance to replace the config file. The failure in the varnish::install class leads to a broken dependency chain and causes the remaining classes to fail as well. The result is a broken Varnish installation that needs manual recovery.

How do you deal with this?

I thought about using policy-rc.d, which essentially tells Apt not to perform automatic stops and starts of services. I tried creating the file before the upgrade and removing it afterwards.

file {'/usr/sbin/policy-rc.d':
    ensure  => $ensure,
    content => "#!/bin/sh\nexit 101",
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
}

Of course creating and removing is a problem because Puppet sees this as a duplicate resource.

Why do I want to remove the policy again, after just installing it, you ask? Because we use unattended-upgrades to perform minor security-upgrades and I want to allow automatic service restarts in those cases, just not in this case. Furthermore, policy-rc.d affects all services, not just Varnish.

Maybe I'm thinking about this wrongly, but can I somehow tell Puppet or Apt to wait with the restart until the config file is replaced as well?


Solution 1:

Why not replace the config file before installing the update? If it loads on restart, it won't use the "wrong" config file till after the update restarts it . . .

Related

SCSI disks capped at 40 MB/s
Windows Event Collector Load Balancing to multiple Collectors
Rename Junk folder in dovecot IMAP server
Strange non-delivery behavior with Office 365 Hosted Exchange
How can I introspect the "shared subtree" mount flags for a particular mount?
ProxyPassReverse Not Working with 302 Redirect
Can I use both RSA and ECC certificates in apache?
Why Outlook, Hotmail and Live return 250 Mail queued for delivery, but they never deliver it? [duplicate]
Postfix stops picking up mails at night
Wget, self signed cert and --no-check-certificate not working
Deny anonymous downloads in AWS S3
Possible to have DHCP hand out different DNS server address when using different tunnel?