Enforcing apt-get update prior to any packages installing via Puppet

I've been having weird, inconsistent bugs occur when running Puppet especially on new systems (where it's more obvious).

Specifically: I've seen cases where a manifest Notifies the apt-get update Exec to refresh the apt database, and suddenly the next series of package installs have failed with 'could not find package'.

It seems that after the Notify is called, somehow either it's asynchronous and Puppet moves on too soon before the apt-get update is complete, or apt itself needs a few moments of gap time between completing the refreshed package database and allowing new packages to be installed (lock file or something?)

I have not been able to track it down; needless to say it's been quite annoying because in my Puppet manifests, it brings everything crashing down around you when you have your dependencies (finally) in a sane, tightly controlled state.

Anyway! I found this article by John Leach which includes this handly little snippet using that weird Puppet relationship syntax I'm yet to get accustomed to:

Exec["apt-update"] -> Package <| |>

This little puppy *enforces* the fact that no package can be installed until the apt-get update Exec has occurred. This seems to have fixed the issue for me, suggesting it's more a case of the former theory above (the latter I'd expect this problem to continue, if the issue was on apt's side and not Puppet's)

Tags: