1

I use puppet/Vcsrepo to distribute and update software to a bunch of linux servers from a Bitbucket(cloud) server. This worked fine for years but about 6 months ago Puppet started complaining about every repository Error: Path /usr/local/tools/... exists and is not the desired repository. on every run. I think the issue may have started when we moved from on on prem version of bitbucket to the cloud version.

If I delete the path and run puppet the it replaces the directory and then barfs again on the next run. I have ended up deleting the repositories whenever I need them updated.

The puppet code has been simplified down to:

  define deploy(Array $names) {

    $names.each |$repo| {
      vcsrepo { "/usr/local/tools/$repo":
        ensure   => present,
        provider => git,
        user     => 'tools',
        source   => "https://xxxx@bitbucket.org/uoa/$repo.git",
      }
    }

  }
  
.....

  $names_list = [
    'common-library',
    'common-tools'
  ]

  ...::deploy {"base-tools":
    names => $names_list,
  }

Any ideas what the issue is or how to diagnose the problem.

Russell Fulton
  • 201
  • 1
  • 3
  • 17

1 Answers1

1

Yes, a CVE patch for git broke your existing config. This was released on Debian Buster in the past few days, causing breakage there on system puppet (5.5.10-4). There doesn't seem to be a patch available for vcsrepo 3.2.1, the latest with Puppet 5 support. I'm not sure why my Bullseye machines don't seem to be affected.

If you can upgrade to Puppet 6 then the current vcsrepo version handles this.

If not, as a workaround, you can do:

once:

      concat { '/etc/gitconfig' :
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
      }

and then in your define inside the each loop:

      concat::fragment { "gitconfig_$repo" :
        target  => '/etc/gitconfig',
        content => "[safe]\n\tdirectory = /usr/local/tools/$repo\n\n",
        before  => Vcsrepo["/usr/local/tools/$repo"],
      }
Bill McGonigle
  • 667
  • 5
  • 8