Upgrade Puppet master to Puppet 4

https://docs.puppet.com/puppet/4.5/reference/upgrade_major_server.html

Also see https://bugs.debian.org/832536 and https://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2017-January/010545.html wrt. backwards compatibility with 3.x agents, that might require a little bit of patching on the agent side.

As of 2018-04-04, to install PuppetDB from Debian on Strech one needs:

ackage: lib*-clojure lib*-java
Pin: release o=Debian,n=buster
Pin-Priority: 990

Package: puppetdb libcomidi-clojure libdujour-version-check-clojure libpantomime-clojure libpuppetlabs-http-client-clojure libpuppetlabs-ring-middleware-clojure libssl-utils-clojure libtrapperkeeper-metrics-clojure libtrapperkeeper-status-clojure libtrapperkeeper-webserver-jetty9-clojure libtika-java
Pin: release o=Debian,n=sid
Pin-Priority: 990

To make PuppetDB work and the puppetmaster use it (on sid):

• install Puppet from Stretch (due to https://bugs.debian.org/894800) and apply https://github.com/puppetlabs/puppet/commit/578687a00195191185f44d8cb38f4b7716d99c31 (otherwise it won’t work on sid)
• dpkg-reconfigure puppetdb, go through the dbconfig setup and leave the default settings
• set up TLS like /usr/share/doc/puppetdb/README.Debian says:
  • cp -a /var/lib/puppet/ssl/certs/localhost.pem /etc/puppetdb/cert.pem && cp -a /var/lib/puppet/ssl/private_keys/localhost.pem /etc/puppetdb/private_key.pem && cp -a /var/lib/puppet/ssl/ca/ca_crt.pem /etc/puppetdb/ca_crt.pem && chown puppetdb:puppetdb /etc/puppetdb/*.pem
  • adjust /etc/puppetdb/conf.d/jetty.ini:
    • ssl-port = 8081
    • ssl-key = /etc/puppetdb/private_key.pem
    • ssl-cert = /etc/puppetdb/cert.pem
    • ssl-ca-cert = /etc/puppetdb/ca_crt.pem
• patch puppetdb.service to use /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java instead of /usr/bin/java
• install puppet-terminus-puppetdb and postgresql
• enable storeconfigs in puppet.conf
• create /etc/puppet/puppetdb.conf, owned by puppet:puppet, with contents: [main] server_urls = https://localhost:8081
• create /etc/puppet/routes.yaml, owned by puppet:puppet, with contents: --- master: facts: terminus: puppetdb cache: yaml

Parent Task: #11834 (closed)

Related issues

• Blocked by #11836 (closed)
• Blocks #13284

Original created by @intrigeri on 11837 (Redmine)