seed_password seems to ignore the enforced order, causing installation to fail.

[martijndegouw]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.24.0
• Ruby:
• Distribution: Debian 10
• Module version: 9.0.0
• Splunk version: 8.1.0

How to reproduce (e.g Puppet code you use)

  class { '::splunk::params' :
    version  => '8.1.0' ,
    build    => 'f57c09e87251',
  }

  class { 'splunk::enterprise':
    package_ensure        => latest,
    boot_start            => true,
    package_provider      => 'apt',
    manage_package_source => false,
    seed_password         => true,
    password_hash         => '$6$<pwd hash>',
    secret                => 'secret',
  }

What are you seeing

Puppet tries to write to /opt/splunk/etc/splunk.secret before splunk is installed.

What behaviour did you expect instead

I expect puppet first tries to install Splunk, then applies all the password/seed files, and then starts the service.

Output log

Error: Could not set 'file' on ensure: No such file or directory - A directory component in /opt/splunk/etc/splunk.secret20211005-1047-1tgacpl.lock does not exist or is a dangling symbolic link (file: /srv/p                                                                                    uppet/environments/splunkdeptest2/modules/splunk/manifests/enterprise/password/seed.pp, line: 49)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /opt/splunk/etc/splunk.secret20211005-1047-1tgacpl.lock does not exist or is a dangling symbolic link (file: /srv/p                                                                                    uppet/environments/splunkdeptest2/modules/splunk/manifests/enterprise/password/seed.pp, line: 49)
Wrapped exception:
No such file or directory - A directory component in /opt/splunk/etc/splunk.secret20211005-1047-1tgacpl.lock does not exist or is a dangling symbolic link
Error: /Stage[main]/Splunk::Enterprise::Password::Seed/File[/opt/splunk/etc/splunk.secret]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory - A directo                                                                                    ry component in /opt/splunk/etc/splunk.secret20211005-1047-1tgacpl.lock does not exist or is a dangling symbolic link (file: /srv/puppet/environments/splunkdeptest2/modules/splunk/manifests/enterprise/passwo                                                                                    rd/seed.pp, line: 49)
Notice: /Stage[main]/Splunk::Enterprise::Password::Seed/File[/opt/splunk/etc/system/local/user-seed.conf]: Dependency File[/opt/splunk/etc/splunk.secret] has failures: true
Warning: /Stage[main]/Splunk::Enterprise::Password::Seed/File[/opt/splunk/etc/system/local/user-seed.conf]: Skipping because of failed dependencies
Notice: /Stage[main]/Apt::Update/Exec[apt_update]/returns: executed successfully (corrective)
Notice: /Stage[main]/Splunk::Enterprise::Install/Package[splunk]/ensure: created
Notice: /Stage[main]/Splunk::Enterprise::Config/File[/opt/splunk/etc/system/local/alert_actions.conf]/ensure: created
Info: /Stage[main]/Splunk::Enterprise::Config/File[/opt/splunk/etc/system/local/alert_actions.conf]: Scheduling refresh of Class[Splunk::Enterprise::Service]

< snip >

Notice: /Stage[main]/Splunk::Enterprise::Config/Splunk_web[splunk_server_web_port]/ensure: created
Info: /Stage[main]/Splunk::Enterprise::Config/Splunk_web[splunk_server_web_port]: Scheduling refresh of Class[Splunk::Enterprise::Service]
Info: Class[Splunk::Enterprise::Config]: Scheduling refresh of Class[Splunk::Enterprise::Service]
Notice: /Stage[main]/Splunk::Enterprise::Service::Nix/Exec[stop_splunk]/returns: executed successfully
Info: /Stage[main]/Splunk::Enterprise::Service::Nix/Exec[stop_splunk]: Scheduling refresh of Exec[enable_splunk]
Notice: /Stage[main]/Splunk::Enterprise::Service::Nix/Exec[enable_splunk]: Triggered 'refresh' from 1 event
Info: Class[Splunk::Enterprise::Service]: Unscheduling all events on Class[Splunk::Enterprise::Service]
Warning: /Stage[main]/Splunk::Enterprise::Service/Service[Splunkd]: Skipping because of failed dependencies
Info: Class[Splunk::Enterprise]: Unscheduling all events on Class[Splunk::Enterprise]
Notice: /Stage[main]/Puppet::Agent::Service::Daemon/Service[puppet]/ensure: ensure changed 'stopped' to 'running' (corrective)
Info: /Stage[main]/Puppet::Agent::Service::Daemon/Service[puppet]: Unscheduling refresh on Service[puppet]
Info: Stage[main]: Unscheduling all events on Stage[main]
Notice: Applied catalog in 60.33 seconds

Any additional information you'd like to impart

In enterprise.pp I clearly see an order being enforced install -> config ~> service. I'm really confused why puppet tries to apply classes that are from the config class.

[martijndegouw]

Applying the following patch seems to resolve my issue:

diff --git a/manifests/enterprise/config.pp b/manifests/enterprise/config.pp
index 0568f19..d0513c7 100644
--- a/manifests/enterprise/config.pp
+++ b/manifests/enterprise/config.pp
@@ -13,6 +13,7 @@ class splunk::enterprise::config () {
       secret                => $splunk::enterprise::secret,
       splunk_user           => $splunk::enterprise::splunk_user,
       mode                  => 'agent',
+      require               => Class['splunk::enterprise::install'],
       notify                => Class['splunk::enterprise::service'],
     }
   }
@@ -26,6 +27,7 @@ class splunk::enterprise::config () {
       secret               => $splunk::enterprise::secret,
       splunk_user          => $splunk::enterprise::splunk_user,
       mode                 => 'agent',
+      require              => Class['splunk::enterprise::install'],
       notify               => Class['splunk::enterprise::service'],
     }
   }

But I'm not 100% sure this is the right approach.