After upgrading to Puppet Enterprise 2019.8.3 or 2019.8.4, PuppetDB restarts after agent logs “facts_blacklist is deprecated” or “cert_whitelist_path is deprecated” errors

If you are using facts_blacklist to exclude facts from being stored in PuppetDB or using cert_whitelist_path to validate certificates against a list of matching names, after you upgrade to Puppet Enterprise 2019.8.3 or 2019.8.4, PuppetDB will restart after each Puppet run. After every restart, it takes several minutes to bring the database back online.

This issue is resolved in PE 2019.8.5.

Error messages and logs

The parameters facts_blacklist and cert_whitelist_path were deprecated in PE 2019.8.3. If they remain in your code or classification after you upgrade to Puppet Enterprise 2019.8.3 and 2019.8.4, PuppetDB will restart after each Puppet run.

Puppet agent logs on the primary server (at /var/log/messages on RHEL or /var/log/syslog on Ubuntu) include a deprecation warning for that parameter, such as:

Warning: /Stage[main]/Puppet_enterprise::Puppetdb::Database_ini/Puppet_enterprise:: Deprecated_parameter[puppet_enterprise::puppetdb::database_ini::facts_blacklist]/ Notify[puppet_enterprise::puppetdb::database_ini::facts_blacklist is deprecated]/message: current_value 'absent', should be 'The puppet_enterprise::puppetdb::database_ini::facts_blacklist parameter is deprecated and has been replaced by puppet_enterprise::puppetdb::database_ini::facts_blocklist, which provides the same functionality. The deprecated parameter will be removed in a future release; however, it has been set to \'...\'. Please change your Classifier classification, hiera data, or /etc/puppetlabs/enterprise/conf.d/pe.conf, as appropriate, to use the new parameter.'

Following that, there is a refresh event that schedules a PuppetDB service restart:

Notice: Class[Puppet_enterprise::Puppetdb::Database_ini]: Would have triggered 'refresh' from 1 event Info: Class[Puppet_enterprise::Puppetdb::Database_ini]: Scheduling refresh of Service[pe-puppetdb]

Version and installation information

PE version: Upgrading to PE 2019.8.3 or 2019.8.4

Installation type: Any

Solution

If you're using either facts_blacklist or cert_whitelist_path parameters, avoid the issue completely by upgrading to a version where the issue is resolved (2019.8.5 and later.)

If you must upgrade to one of the affected versions, fix the issue using the steps in the known issue PuppetDB restarts continually after upgrade with deprecated parameters. It is better to avoid the issue by completing these steps is immediately prior to upgrading. However, the steps will still work if you use them after upgrading. Please make sure to stop puppet service while completing the steps, otherwise blocked facts will be ignored and might be added to the PuppetDB database.