Do not restart agent service on package changes

[Flo2388]

Change the relationship between puppet::agent::install and puppet::agent::config/puppet::agent::service from notification (~>) to ordering-only (->). The notification caused a reload-or-restart of the agent service immediately after a package upgrade, which killed the newly started service and left it in a failed state.

When upgrading the openvox-agent package (e.g. 8.23.1 → 8.24.1 or later), the following race condition occurs:

1. The running puppet agent (PID A) applies the package resource, spawning apt-get/dpkg as child processes.

2. The package's postinst script calls systemctl try-restart puppet. systemd stops the service and sends SIGTERM to the main service PID.

3. PID A and its children (apt-get, dpkg) survive as orphan processes in the cgroup because they are child processes, not the main PID tracked by systemd.

4. The postinst script starts a new puppet service (PID B). The service is now healthy.

5. The orphaned PID A finishes the package resource and, due to the ~> (notification) relationship, triggers reload-or-restart on the puppet service. This sends SIGHUP to PID B — the service that was just started in step 4.

6. PID B exits, the service enters the dead state, and no puppet agent is running.

Changing ~> to -> between puppet::agent::install and puppet::agent::service preserves ordering but removes the redundant notification. The package postinst already handles the service restart during upgrades.

[Flo2388]

fixes #973

[Flo2388]

Here is the result of the test with my fork. Update runs successfully and in the status we can see, that the service is not failed, but new version is already picked up.

I tested with an Ubuntu 22.04 node.

root@test-agent-01:~# puppet agent -t
Info: Refreshing CA certificate
Info: CA certificate is unmodified, using existing CA certificate
Info: Refreshing CRL
Info: CRL is unmodified, using existing CRL
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Notice: Requesting catalog from puppet.example.com:8140 (203.0.113.10)
Notice: Catalog compiled by puppet.example.com
Info: Caching catalog for test-agent-01.example.com
Info: Applying configuration version '1780503021'
Notice: /Stage[main]/Puppet::Agent::Install/Package[openvox-agent]/ensure: ensure changed '8.23.1-1+ubuntu22.04' to '8.27.0-1+ubuntu22.04'
Notice: Applied catalog in 11.72 seconds
root@test-agent-01:~# systemctl status puppet
● puppet.service - Puppet agent daemon provided by OpenVox
     Loaded: loaded (/lib/systemd/system/puppet.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2026-06-03 18:10:30 CEST; 12s ago
       Docs: man:puppet-agent(8)
   Main PID: 777605 (puppet)
      Tasks: 6 (limit: 4554)
     Memory: 145.0M
        CPU: 6.603s
     CGroup: /system.slice/puppet.service
             ├─777605 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize
             └─777747 "puppet agent: applying configuration" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""

Jun 03 18:10:30 test-agent-01.example.com systemd[1]: puppet.service: Deactivated successfully.
Jun 03 18:10:30 test-agent-01.example.com systemd[1]: Stopped Puppet agent daemon provided by OpenVox.
Jun 03 18:10:30 test-agent-01.example.com systemd[1]: puppet.service: Consumed 27min 36.203s CPU time.
Jun 03 18:10:30 test-agent-01.example.com systemd[1]: Started Puppet agent daemon provided by OpenVox.
Jun 03 18:10:36 test-agent-01.example.com puppet-agent[777605]: Starting Puppet client version 8.27.0
Jun 03 18:10:41 test-agent-01.example.com puppet-agent[777747]: Requesting catalog from puppet.example.com:8140 (203.0.113.10)