Jira (PUP-5519) puppet lookup --node <node> <key> should fail if <node> is not recognized by the Node Classifier

[Sean Griffin (JIRA)]

Sean Griffin created an issue

Puppet / PUP-5519 puppet lookup --node <node> <key> should fail if <node> is not recognized by the Node Classifier Issue Type: Bug Assignee: Unassigned Created: 2015/11/19 7:38 AM Priority: Normal Reporter: Sean Griffin The new puppet lookup command takes a --node option to specify the node for which the look up will occur. This causes a check with the node classifier to get the node's environment name, and looks up the key in the context of that environment. If a bogus node name is supplied, look up will issue a warning indicating a missing hostname and/or domain. It will then proceed to look up the symbol in the context of the default environment (production), and exit with an exit code of 0. [root@ky0y7to9bef0ky8 results]# puppet lookup --node bogus data_module::key_in_module Warning: Host is missing hostname and/or domain: bogus Notice: Scope(Class[Data_module]): Starting data_module init.pp { Notice: Scope(Class[Data_module]): lookup(data_module::key_in_module) is [data_module1-production] Notice: Scope(Class[Data_module]): lookup(data_module::key_in_env) is [env2-production] Notice: Scope(Class[Data_module]): lookup(data_module::key_in_module_env) is [env3-production] Notice: Scope(Class[Data_module]): lookup(data_module::key_in_module_hiera) is [hiera5] Notice: Scope(Class[Data_module]): lookup(data_module::key_in_env_hiera) is [hiera6] Notice: Scope(Class[Data_module]): lookup(data_module::key_in_module_env_hiera) is [hiera7] Notice: Scope(Class[Data_module]): } data_module init.pp finished. --- data_module1-production ... [root@ky0y7to9bef0ky8 results]# echo $? 0 [root@ky0y7to9bef0ky8 results]# This lookup request should fail with an error message, not produce any value for the key and exit with a non-zero exit code. See PUP-5059 for instructions on setting up a test environment. Add Comment

This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)

[Henrik Lindberg (JIRA)]

Henrik Lindberg commented on PUP-5519

Re: puppet lookup --node <node> <key> should fail if <node> is not recognized by the Node Classifier I believe there is a conflicting interest in being able to lookup information for nodes that do not (yet) exist to see "what if" for those nodes. I also think there is problems in understanding that the NC does not recognize the node - what if the given "bogus" name is a valid name, but not "recognized by the NC" ? Is that a possible invariant? Ping Sean Griffin

Add Comment

This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)

[Henrik Lindberg (JIRA)]

Henrik Lindberg assigned an issue to Sean Griffin

Puppet / PUP-5519

puppet lookup --node <node> <key> should fail if <node> is not recognized by the Node Classifier

Change By: Henrik Lindberg Assignee: Sean Griffin

Add Comment

[Henrik Lindberg (JIRA)]

Henrik Lindberg updated an issue

Puppet / PUP-5519 puppet lookup --node <node> <key> should fail if <node> is not recognized by the Node Classifier

Change By: Henrik Lindberg Labels: triaged

Add Comment

[Sean Griffin (JIRA)]

Sean Griffin commented on PUP-5519

Re: puppet lookup --node <node> <key> should fail if <node> is not recognized by the Node Classifier Henrik Lindberg If a valid node name is not recognized by the classifier, would that be because no classification rule applies to that node? Does it get the production environment assigned by default? I am ok with the current behavior being correct because of the above scenario and the "what if" case you described. Can we close as 'not a bug'? -Sean

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-5519

Re: puppet lookup --node <node> <key> should fail if <node> is not recognized by the Node Classifier

The warning Warning: Host is missing hostname and/or domain occurs when strict_hostname_checking is disabled and puppet tries to calculate a set of names for the node that may match node declarations in site.pp. The strict hostname checking behavior was changed recently as it could lead to a node getting a catalog it's not supposed to. To trigger the "multiple name" logic, pass the --compile flag. It is still possible to reproduce this error when using puppet lookup --strict_hostname_checking false --node bogus key --compile. In this case puppet lookup generates a node object with the name bogus. Lookup should also set the fqdn parameter so that the annoying message is omitted. In other words, it shouldn't create a node that causes a warning that could have been prevented (by ensuring the fqdn parameter is non-nil). Note the classifier doesn't have a way to determine if a node is bogus or not. It only knows whether or not a node has a valid client cert and whether facts were sent in the node request or can be retrieved from puppetdb. So for example, the classifier can't distinguish between "bogus will never be a valid node" versus "bogus hasn't checked in yet".

Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-5519

Re: puppet lookup --node <node> <key> should fail if <node> is not recognized by the Node Classifier

The code that causes this error will be removed in puppet 7 (PUP-10436), and is skipped by default in 6.x (PUP-10238) so I'm going to close this as won't fix.

Add Comment