[Pkg-puppet-devel] Bug#950182: Puppet 5.5 EOL in November 2020

Antoine Beaupre anarcat at debian.org
Wed Jan 29 20:50:35 GMT 2020 

Package: puppet
Version: 5.5.10-4
Severity: important

Puppet 5.5 will reach end of life in November 2020, before Debian
Buster does (~2022):

https://puppet.com/docs/puppet/5.5/about_agent.html

(Since this page can basically disappear at any time in the future
(because they regularly archive those and break those links), here's
what's supposed to be a permanent link for that:

https://puppet.com/docs/puppet/latest/about_agent.html

... and since they manage to break that as well often, here are IA
links for both:

https://web.archive.org/web/20200129203719/https://puppet.com/docs/puppet/5.5/about_agent.html
https://web.archive.org/web/20200129203732/https://puppet.com/docs/puppet/latest/about_agent.html

...)

Anyways. The point is, our Puppets will die a horrible death. Poor
little inanimate creatures! What should we do about our little
favorite cloths! Should we forget about them in the bottom drawer of a
dusty filing cabinet? Throw them in a ritual fire and hope for the
best?

No! We should figure out a way to provide an upstream-supported
version of Puppet somehow.

The first stage of this would probably be to package Puppet 6 and ship
it in Bullseye.

>From what I can tell from the release notes:

https://puppet.com/docs/puppet/6.0/release_notes_puppet.html

... the upgrade from 5 to 6 doesn't involve much churn in the DSL, so
it's not as big of a deal as the 3 to 4 or 4 to 5 migrations we had to
suffer through. The tooling does change, however, so it might be
tricky on the packaging side (which is why, I am guessing, P6 is not
yet in Debian).

(The release notes do mention we now require Ruby 2.3, but that's not
a problem: we've had that for a while in Debian now. And I suspect
there must be some atrocities hidden behind PuppetDB coming up, so far
I'm plugging my ears and signing "la la la everything is written in C
i can't hear you".)

Once we land in testing, maybe we could provide a backport, or
convince the release team to forcibly upgrade people to Puppet 6
(gasp!) in buster, if that upgrade is indeed non-destructive, so that
we do have security support for a longer period there...

(Now what is *really* hilarious about all this is that upgrading to
Puppet 6 does *not* actually give us a better support window right
now: the latest 6.x release EOL date is *August* 2020, *before* the
Puppet 5.5 EOL time. This is utterly incomprehensible to me. From what
I can tell in their support docs:

https://puppet.com/docs/puppet-enterprise/product-support-lifecycle/

... they seem to be saying they release a LTS every two years, with a
six month (!!) overlap between the two "so you have time to test your
upgrade prior to the next LTS release". I don't quite understand how
they can possibly imagine we upgrade an entire fleet of Puppet servers
and large manifests in six months, but maybe that's just me...

It seems the perfect match for Debian and Puppet support windows would
be this impossible world when Puppet would release an LTS at exactly
the same time Debian would ship a release (and that it would be
instantly packaged and shipped in that release as well of
course). Then the Puppet release would be supported for 2 years and 6
months, which is roughly our support window for core stable releases
in Debian as well these days... But of course, that's basically
impossible so we'll have to find long-term ways of dealing with this
problem.)

Note that I'm ignoring the oldstable and oldoldstable releases here,
which both ship completely unsupported upstream releases (4.8 and 3.7,
respectively), and for which we don't have a good user story either.

-- System Information:
Debian Release: 10.2
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages puppet depends on:
ii  adduser              3.118
ii  facter               3.11.0-2+deb10u1
ii  hiera                3.2.0-2
ii  init-system-helpers  1.56+nmu1
ii  lsb-base             10.2019051400
ii  ruby                 1:2.5.1
ii  ruby-augeas          1:0.5.0-3+b6
ii  ruby-deep-merge      1.1.1-1
ii  ruby-shadow          2.5.0-1+b1

Versions of packages puppet recommends:
ii  debconf-utils  1.5.71
ii  lsb-release    10.2019051400
ii  ruby-selinux   2.8-1+b1

Versions of packages puppet suggests:
pn  ruby-hocon  <none>
pn  ruby-rrd    <none>

-- debconf-show failed

More information about the Pkg-puppet-devel mailing list