I have been a Puppet user for a couple of years now, first at work, and
eventually for my personal servers and computers. Although it can have a steep
learning curve, I find Puppet both nimble and very powerful. I also prefer it
to Ansible for its speed and the agent-server model it uses.
Sadly, Puppet Labs hasn't been the most supportive upstream and tends to move
pretty fast. Major versions rarely last for a whole Debian Stable release and
packages are full of vendored libraries.
Since 2017, Apollon Oikonomopoulos has been the one doing most of the work on
Puppet in Debian. Sadly, he's had less time for that lately and with Puppet 5
being deprecated in January 2021, Thomas Goirand, Utkarsh Gupta and I have been
trying to package Puppet 6 in Debian for the last 6 months.
With Puppet 6, the old ruby Puppet server using Passenger is not supported
anymore and has been replaced by
, written in Clojure and running
on the JVM. That's quite a large change and although
some of the Clojure libraries
(already in Debian) uses, packaging it
meant quite a lot of work.
Work in the Clojure team
As part of my efforts to package
, I had the pleasure to join the
Clojure team and learn a lot about the Clojure ecosystem.
As I mentioned earlier, a lot of the Clojure dependencies needed for
were already in the archive. Unfortunately, when Apollon
Oikonomopoulos packaged them, the
build tool hadn't been packaged
yet. This meant I had to rebuild a lot of packages, on top of packaging some
Since then, thanks to the efforts of Elana Hashman,
packaged and lets us run the upstream testsuites and create
closer to those upstream releases.
During my work on
, I worked on the following packages:
List of packages
If you want to learn more about packaging Clojure libraries and applications,
I rewrote the Debian Clojure packaging tutorial
and added a section
about the quirks of using
without a dedicated
Work left to get puppetserver 6 in the archive
Unfortunately, I was not able to finish the
6 packaging work.
It is thus unlikely it will make it in Debian Bullseye. If the issues described
below are fixed, it would be possible to to package
So what's left?
Although I tried my best (kudos to Utkarsh Gupta and Thomas Goirand for the
in Debian is still broken. It does build properly, but the
testsuite fails with multiple errors:
ruby-psych is broken (#959571)
- there are some random java failures on a few tests (no clue why)
- tests ran by
raklelib/rspec.rake fail to run, maybe because the
command line option isn't compatible with our version of
rake? Utkarsh seemed
to know why this happens.
testsuite failures aside, I have not been able to use the
package currently builds in
(testsuite failure). I had the
same exact failure with the (more broken)
version that is currently in
the archive, which leads me to think this is a
. More on that below.
To try to bypass these issues, I tried to vendor
. At first I understood vendoring
upstream pre-built artifacts (
) and shipping them directly.
After talking with people on the
channels, I now understand why this isn't a good idea (and why it's not
permitted in Debian). Many thanks to the people who were patient and kind enough
to discuss this with me and give me alternatives.
As far as I now understand it, vendoring
in Debian means "to have an embedded
copy of the source code in another package". Code shipped that way still needs
to be built from source. This means we need to build
ourselves, one way
or another. Vendoring
in another package thus isn't terribly helpful.
the proper way isn't possible, I would suggest trying to
build the package using embedded code copies of the external libraries
needs to build, instead of trying to use the Debian libraries.
should make it easier to replicate what upstream does and to have a final
that can be used.
This package is a first-level dependency for
and is the glue
It builds fine, but the testsuite fails when using the Debian
think the problem is caused by a
package plays with the
a little to try use
Debian packages instead of downloading gems from the web, as upstream
does. This seems to clash with the
variables in the
package. The testsuite
plays around with these variables and some Ruby libraries can't be found.
I tried to fix this, but failed. Using the upstream
of the Debian
package, the testsuite passes fine.
This package could clearly be uploaded to NEW right now by ignoring the
testsuite failures (we're just packaging static
source files in the
proper location in a
issues aside, packaging puppetserver itself is 80% done. Using the
artifact, the testsuite fails with a weird
Clojure error I'm not sure I understand, but I haven't debugged it for very
Upstream uses git submodules to vendor puppet (agent), hiera (3), facter and
puppet-resource-api for the testsuite to run properly. I haven't touched that,
but I believe we can either:
- link to the Debian packages
- fix the Debian packages if they don't include the right files (maybe in a new
binary package that just ships part of the source code?)
Without the testsuite actually running, it's hard to know what files are needed
in those packages.
Puppet 5 is now deprecated.
If you or your organisation cares about Puppet in Debian,
really isn't far away from making it in the archive.
Very talented Debian Developers are always eager to work on these issues and
can be contracted for very reasonable rates. If you're interested in
contracting someone to help iron out the last issues, don't hesitate to reach
out via one of the following:
As for I, I'm happy to say I got a new contract and will go back to teaching
Economics for the Winter 2021 session. I might help out with some general Debian
packaging work from time to time, but it'll be as a hobby instead of a job.
The work I did during the last 6 weeks would be not have been possible without
the support of the Wikimedia Foundation, who were gracious enough to contract
me. My particular thanks to Faidon Liambotis, Moritz M hlenhoff and John Bond.
Many, many thanks to Rob Browning, Thomas Goirand, Elana Hashman, Utkarsh Gupta
and Apollon Oikonomopoulos for their direct and indirect help, without which
all of this wouldn't have been possible.