Jira (PUP-9207) puppet lookup --compile returns incorrect results when trusted facts define environment

0 views
Skip to first unread message

Thomas Kishel (JIRA)

unread,
Oct 3, 2018, 5:07:06 PM10/3/18
to puppe...@googlegroups.com
Thomas Kishel created an issue
 
Puppet / Bug PUP-9207
puppet lookup --compile returns incorrect results when trusted facts define environment
Issue Type: Bug Bug
Assignee: Unassigned
Attachments: groups.png
Created: 2018/10/03 2:06 PM
Environment:

PE 2018.1.3 and PE 2018.1.4 and possibly others
Priority: Minor Minor
Reporter: Thomas Kishel

When the agent's environment is defined by node group membership based upon a trusted fact not equaling a value, puppet lookup --compile returns results from the wrong environment.

[root@puppet-master-201813 ~] cat /etc/puppetlabs/code/environments/development/hieradata/common.yaml
 
---
 
env: 'development'
 
 
 
[root@puppet-master-201813 ~] cat /etc/puppetlabs/code/environments/production/hieradata/common.yaml
 
---
 
env: 'production'
 
 
 
[root@puppet-master-201813 ~] cat /etc/puppetlabs/code/environments/development/manifests/site.pp
 
node default {
 
  $e = lookup('env')
 
  notify {"DEV ${e}":}
 
}
 
 
 
[root@puppet-master-201813 ~] cat /etc/puppetlabs/code/environments/production/manifests/site.pp
 
 
 
node default {
 
  $e = lookup('env')
 
  notify {"PRO ${e}":}
 
}


[root@puppet-master-201813 ~]# puppet lookup --explain --node puppet-compile-201813.puppetdebug.vlan env
 
Searching for "lookup_options"
 
  Global Data Provider (hiera configuration version 3)
 
    Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
 
    Hierarchy entry "yaml"
 
      Merge strategy hash
 
        Path "/etc/puppetlabs/code/environments/production/hieradata/virtual/virtualbox.yaml"
 
          Original path: "virtual/%{::virtual}"
 
          No such key: "lookup_options"
 
        Path "/etc/puppetlabs/code/environments/production/hieradata/nodes/puppet-compile-201813.puppetdebug.vlan.yaml"
 
          Original path: "nodes/%{::trusted.certname}"
 
          Path not found
 
        Path "/etc/puppetlabs/code/environments/production/hieradata/common.yaml"
 
          Original path: "common"
 
          No such key: "lookup_options"
 
Searching for "env"
 
  Global Data Provider (hiera configuration version 3)
 
    Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
 
    Hierarchy entry "yaml"
 
      Path "/etc/puppetlabs/code/environments/production/hieradata/virtual/virtualbox.yaml"
 
        Original path: "virtual/%{::virtual}"
 
        No such key: "env"
 
      Path "/etc/puppetlabs/code/environments/production/hieradata/nodes/puppet-compile-201813.puppetdebug.vlan.yaml"
 
        Original path: "nodes/%{::trusted.certname}"
 
        Path not found
 
      Path "/etc/puppetlabs/code/environments/production/hieradata/common.yaml"
 
        Original path: "common"
 
        Found key: "env" value: "production"
 
 
 
[root@puppet-master-201813 ~]# puppet lookup --explain --node puppet-compile-201813.puppetdebug.vlan env --compile
 
Searching for "env"
 
  Global Data Provider (hiera configuration version 3)
 
    Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
 
    Hierarchy entry "yaml"
 
      Path "/etc/puppetlabs/code/environments/development/hieradata/virtual/virtualbox.yaml"
 
        Original path: "virtual/%{::virtual}"
 
        No such key: "env"
 
      Path "/etc/puppetlabs/code/environments/development/hieradata/nodes/puppet-compile-201813.puppetdebug.vlan.yaml"
 
        Original path: "nodes/%{::trusted.certname}"
 
        Path not found
 
      Path "/etc/puppetlabs/code/environments/development/hieradata/common.yaml"
 
        Original path: "common"
 
        Found key: "env" value: "development"


[root@puppet-compile-201813 ~]# puppet agent -t
 
Info: Using configured environment 'production'
 
Info: Retrieving pluginfacts
 
Info: Retrieving plugin
 
Info: Retrieving locales
 
Info: Loading facts
 
Info: Caching catalog for puppet-compile-201813.puppetdebug.vlan
 
Info: Applying configuration version 'f17138ab67e9f0ff6c6ead9b8c83fd8fa2ef75ec'
 
Notice: PRO production
 
Notice: /Stage[main]/Main/Node[default]/Notify[PRO production]/message: defined 'message' as 'PRO production'
 
Notice: Applied catalog in 8.81 seconds

Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Thomas Kishel (JIRA)

unread,
Oct 3, 2018, 5:07:06 PM10/3/18
to puppe...@googlegroups.com
Thomas Kishel updated an issue
Change By: Thomas Kishel
Attachment: groups.png

Thomas Kishel (JIRA)

unread,
Oct 3, 2018, 5:08:04 PM10/3/18
to puppe...@googlegroups.com
Thomas Kishel updated an issue
Change By: Thomas Kishel
Attachment: trusted.png

Thomas Kishel (JIRA)

unread,
Oct 3, 2018, 5:08:04 PM10/3/18
to puppe...@googlegroups.com
Thomas Kishel updated an issue
Change By: Thomas Kishel
Attachment: matching_nodes.,png.png

Thomas Kishel (JIRA)

unread,
Oct 3, 2018, 5:08:04 PM10/3/18
to puppe...@googlegroups.com
Thomas Kishel updated an issue
Change By: Thomas Kishel
Attachment: rules.png

Thomas Kishel (JIRA)

unread,
Oct 3, 2018, 5:09:03 PM10/3/18
to puppe...@googlegroups.com
Thomas Kishel commented on Bug PUP-9207
 
Re: puppet lookup --compile returns incorrect results when trusted facts define environment

See attached screen captures for Console view of the test Groups, Rules, and Nodes.

Thomas Kishel (JIRA)

unread,
Oct 3, 2018, 5:19:03 PM10/3/18
to puppe...@googlegroups.com
Thomas Kishel commented on Bug PUP-9207

Charlie Sharpsteen (JIRA)

unread,
Oct 4, 2018, 1:49:04 PM10/4/18
to puppe...@googlegroups.com
Charlie Sharpsteen updated an issue
 
Change By: Charlie Sharpsteen
CS Priority: Needs Priority

Henrik Lindberg (JIRA)

unread,
Oct 4, 2018, 3:25:04 PM10/4/18
to puppe...@googlegroups.com
Henrik Lindberg commented on Bug PUP-9207
 
Re: puppet lookup --compile returns incorrect results when trusted facts define environment

At present lookup will use a node's current environment as the intent when this was implemented was to answer questions why a value ended up in the catalog. That in contrast to the value it will have when compiling a new catalog. There is another ticket about changing this to always use the "what-will-be-environment" value instead of "what-you-got-last-environment".

Is that what is at play here? Or something else? (Can be determined if the problematic behaviour is observed when node is in one env now and will be in another when it makes its nest request for a catalog).

Thomas Kishel (JIRA)

unread,
Oct 4, 2018, 5:56:03 PM10/4/18
to puppe...@googlegroups.com
Thomas Kishel commented on Bug PUP-9207

This does not involve a transition from one environment to another: repeated testing (including puppet agent runs and the above puppet lookups) returns the same results.

Empirically, it appears that trusted facts are not in scope when using "puppet lookup --compile" ...
causing the (environment) node group rule (based upon a trusted fact != a specific value, in the example: "pp_role != ppserver") ...
to include the node instead of excluding it ...
changing the environment of the node in the context of the lookup ...
resulting in the lookup reading from different environment than would be read during a puppet agent run.

Jorie Tappa (JIRA)

unread,
Oct 8, 2018, 4:54:07 PM10/8/18
to puppe...@googlegroups.com
Jorie Tappa updated an issue
 
Change By: Jorie Tappa
Sub-team: Language

Jorie Tappa (JIRA)

unread,
Oct 8, 2018, 4:54:07 PM10/8/18
to puppe...@googlegroups.com
Jorie Tappa updated an issue
Change By: Jorie Tappa
Team: Server

Neil Binney (JIRA)

unread,
Oct 9, 2018, 3:12:04 AM10/9/18
to puppe...@googlegroups.com
Neil Binney updated an issue
Change By: Neil Binney
CS Priority: Needs Priority Reviewed

Josh Cooper (Jira)

unread,
Jul 24, 2020, 9:16:03 PM7/24/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Epic Link: PUP-6870
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

Josh Cooper (Jira)

unread,
Jul 24, 2020, 9:17:03 PM7/24/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Team: Froyo Coremunity

Josh Cooper (Jira)

unread,
Aug 21, 2020, 6:43:03 PM8/21/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Sprint: Coremunity Hopper

Josh Cooper (Jira)

unread,
Aug 21, 2020, 6:47:03 PM8/21/20
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-9207
 
Re: puppet lookup --compile returns incorrect results when trusted facts define environment

I believe this is a duplicate of PUP-8094, because lookup does not submit trusted facts on behalf of the node whose data value is being resolved. See my comment in https://tickets.puppetlabs.com/browse/PUP-8094?focusedCommentId=732996&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-732996. I'm going to mark this as a duplicate, but let me know if I missed something.
Reply all
Reply to author
Forward
0 new messages