Skip to content

fix: keep puppetserver gems out of the var-dir mount path#153

Open
slauger wants to merge 1 commit into
OpenVoxProject:mainfrom
slauger:feature/separate-var-dir-from-gems
Open

fix: keep puppetserver gems out of the var-dir mount path#153
slauger wants to merge 1 commit into
OpenVoxProject:mainfrom
slauger:feature/separate-var-dir-from-gems

Conversation

@slauger

@slauger slauger commented Jun 23, 2026

Copy link
Copy Markdown
Member

AI Summarize of this PR

Problem

The bundled puppetserver.conf points master-var-dir at /opt/puppetlabs/server/data/puppetserver -- the same directory that holds the static, image-provided jruby-gems and vendored-jruby-gems (where require 'puppet' is loaded from).

To persist variable runtime data (yaml, server_data, bucket, reports) people mount a volume on data/puppetserver. That overlays and empties the gem directories, so the server can no longer load Puppet and dies with:

LoadError: no such file to load -- puppet

The entrypoint only restores vendored-jruby-gems, not jruby-gems, so that workaround is incomplete.

Fix

Point master-var-dir at a dedicated .../puppetserver/var sub-directory. The variable data now has its own mountable location, and the gems stay untouched at their absolute paths. gem-home / gem-path are already absolute and are not derived from the var-dir, so they are unaffected.

  • openvoxserver/files/etc/puppetlabs/puppetserver/conf.d/puppetserver.conf: master-var-dir -> .../puppetserver/var
  • openvoxserver/prep_build_container.sh: create the new var directory (ownership is already handled by the recursive chown on data/puppetserver)

Applies to both the Ubuntu and Alpine images via the shared prep scripts.

Verification

Built the Ubuntu image and ran, as the puppet user:

Mount require 'puppet'
none (baseline) OK (8.27.0)
empty volume on .../puppetserver/var OK (8.27.0)
empty volume on .../puppetserver LoadError: no such file to load -- puppet

So the new var dir is freely mountable without clobbering the gems, and the old foot-gun is reproduced as the control. This also makes running with a read-only root filesystem viable.

Breaking change

This changes the default master-var-dir location. Existing deployments that persist or mount variable data at /opt/puppetlabs/server/data/puppetserver will need to move that mount to /opt/puppetlabs/server/data/puppetserver/var. Data previously persisted at the old path will not be picked up automatically.

Follow-up

The Helm chart most likely needs a matching change. It currently mounts a volume over the whole data/puppetserver directory, which is exactly what triggers the LoadError and what this PR makes unnecessary. That mount should be moved to .../puppetserver/var (or dropped in favour of persisting only what actually needs it). Happy to follow up there.

Signed-off-by: Simon Lauger <simon@lauger.de>
@slauger slauger requested a review from a team as a code owner June 23, 2026 16:05
@rwaffen rwaffen added the bug Something isn't working label Jun 24, 2026
@rwaffen

rwaffen commented Jun 24, 2026

Copy link
Copy Markdown
Member

LGTM, but I’m not certain if I’ve read all the discussions in Slack correctly. Therefore, I’ll hold off on approving until we’ve reached a consensus.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

Status: No status

Development

Successfully merging this pull request may close these issues.

2 participants