fixes #973 - Do not restart agent service on package changes#981
Open
Flo2388 wants to merge 2 commits intotheforeman:masterfrom
Open
fixes #973 - Do not restart agent service on package changes#981Flo2388 wants to merge 2 commits intotheforeman:masterfrom
Flo2388 wants to merge 2 commits intotheforeman:masterfrom
Conversation
Change the relationship between puppet::agent::install and puppet::agent::config/puppet::agent::service from notification (~>) to ordering-only (->). The notification caused a reload-or-restart of the agent service immediately after a package upgrade, which killed the newly started service and left it in a failed state. When upgrading the openvox-agent package (e.g. 8.23.1 → 8.24.1), the following race condition occurs: 1. The running puppet agent (PID A) applies the package resource, spawning apt-get/dpkg as child processes. 2. The package's postinst script calls systemctl try-restart puppet. systemd stops the service and sends SIGTERM to the main service PID. 3. PID A and its children (apt-get, dpkg) survive as orphan processes in the cgroup because they are child processes, not the main PID tracked by systemd. 4. The postinst script starts a new puppet service (PID B). The service is now healthy. 5. The orphaned PID A finishes the package resource and, due to the ~> (notification) relationship, triggers reload-or-restart on the puppet service. This sends SIGHUP to PID B — the service that was just started in step 4. 6. PID B exits, the service enters the dead state, and no puppet agent is running. Changing ~> to -> between puppet::agent::install and puppet::agent::service preserves ordering but removes the redundant notification. The package postinst already handles the service restart during upgrades.
…:config/puppet::agent::service to ensure proper ordering. Changed notification to ordering-only to prevent service restart issues during package upgrades.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Change the relationship between puppet::agent::install and puppet::agent::config/puppet::agent::service from notification (~>) to ordering-only (->). The notification caused a reload-or-restart of the agent service immediately after a package upgrade, which killed the newly started service and left it in a failed state.
When upgrading the openvox-agent package (e.g. 8.23.1 → 8.24.1), the following race condition occurs:
The running puppet agent (PID A) applies the package resource, spawning apt-get/dpkg as child processes.
The package's postinst script calls systemctl try-restart puppet. systemd stops the service and sends SIGTERM to the main service PID.
PID A and its children (apt-get, dpkg) survive as orphan processes in the cgroup because they are child processes, not the main PID tracked by systemd.
The postinst script starts a new puppet service (PID B). The service is now healthy.
The orphaned PID A finishes the package resource and, due to the ~> (notification) relationship, triggers reload-or-restart on the puppet service. This sends SIGHUP to PID B — the service that was just started in step 4.
PID B exits, the service enters the dead state, and no puppet agent is running.
Changing ~> to -> between puppet::agent::install and puppet::agent::service preserves ordering but removes the redundant notification. The package postinst already handles the service restart during upgrades.