Upgrading agents
Sections
Upgrade your agents as new versions of Puppet Enterprise become available. The puppet_agent module helps automate upgrades, and provides the safest upgrade. Alternatively, you can upgrade individual nodes using a script.
Setting your desired agent version
To upgrade your primary server but use an older agent version that is still
compatible with the new primary server, define a
pe_repo::platform::<AGENT_OS_VERSION_ARCHITECTURE>
class
with the agent_version
variable set to your desired
agent version.
To ensure your agents are always running the same version as your primary
server, in the puppetlabs-puppet_agent module, set the package_version
variable for the puppet_agent
class to auto
. This
causes agents to automatically upgrade themselves on their first Puppet run after a primary server upgrade.
Upgrade agents using the puppet_agent module
The puppetlabs-puppet_agent module, available from the Forge, enables you to upgrade multiple *nixor Windows agents at one time. The module handles all the latest version-to-version upgrades.
After the Puppet run, you can verify the upgrade with /opt/puppetlabs/bin/puppet --version
Upgrade agents using a script
To upgrade an individual node, for example to test or troubleshoot, you can upgrade directly from the node using a script. This method relies on a package repository hosted on your primary server.
/opt/puppetlabs/puppet/bin/openssl version
and the agent's
version with openssl version
.Upgrade a *nix agent using a script
You an upgrade an individual *nix agent using a script.
-
Configure the primary server to download the agent version you want to upgrade.
- SSH into the agent node you want to upgrade.
-
Run the upgrade command appropriate to the
operating system.
- Most *nix
cacert="$(puppet config print localcacert)" uri="https://$(puppet config print server):8140/packages/current/install.bash" curl --cacert "$cacert" "$uri" | sudo bash
Copied!See Usage notes for curl examples for information about forming curl commands.
-
Mac OS X, Solaris, and AIX
cacert="$(puppet config print localcacert)" uri="https://$(puppet config print server):8140/packages/current/install.bash" curl --cacert "$cacert" "$uri" | sudo bash
Copied!
- Most *nix
PE services restarts automatically after upgrade.
Upgrade a Windows agent using a script
You can upgrade an individual Windows agent using a script. For Windows, this method is riskier than using the puppet_agent module to upgrade, because you must manually complete and verify steps that the module handles automatically.
<PRIMARY_HOSTNAME>
portion of the installer script—as provided in the following example—refers to the
FQDN of the primary server. The FQDN must be fully resolvable by the machine on
which you're installing or upgrading the agent.Upgrade agents without internet access
If you don't have access to the internet beyond your infrastructure you can download the appropriate agent tarball from an internet-connected system and then upgrade using a script.
-
On your primary server, copy the agent tarball to
/opt/puppetlabs/server/data/packages/public/<PE VERSION>/<PLATFORM>
. -
Run Puppet:
puppet agent -t
- Follow the steps to Upgrade agents using a script.
Upgrading the agent independent of PE
You can optionally upgrade the agent to a newer version than the one packaged with your current PE installation.
For details about Puppet agents versions that are tested and supported for PE, see the PE component version table.
The agent version is specified on a platform-by-platform basis in the
PE Master node group, in
any pe_repo::platform
class, using the
agent_version
parameter.
When you install new nodes or upgrade existing nodes, the agent install script installs the version of the agent specified for its platform class. If a version isn’t specified for the node’s platform, the script installs the default version packaged with your current version of PE.
agent_version
parameter.The platform in use on your primary server requires special consideration. The agent version used on your primary server must match the agent version used on other infrastructure nodes, including compilers and replicas, otherwise your primary server won’t compile catalogs for these nodes.
agent_version
for your primary server platform, you must either:- (Recommended) Upgrade the agent on your primary server—and any existing infrastructure nodes—to the newer agent version. You can upgrade these nodes by running the agent install script.
- Manually install the older agent version used on your primary server on any new
infrastructure nodes you provision. You can’t install these nodes using
the agent install script, because the script uses the agent version specified
for the platform class, instead of the primary server’s current agent version.
Manual installation requires configuring
puppet.conf
, DNS alt names, CSR attributes, and other relevant settings.