| Puppet Version: all
OS Name/Version: all When using a File resource with an http(s) source type and a checksum_value, Puppet does not validate that the content it downloads and puts into place matches the mandated checksum. This can cause Puppet to repeatedly re-download the file on every run, constantly reporting success, when in fact it is failing to retrieve the expected content. Assume the following manifest.
file { '/tmp/file': |
ensure => file, |
source => 'http://httpstat.us/200', |
checksum => 'sha256', |
checksum_value => 'ea8fac7c65fb589b0d53560f5251f74f9e9b243478dcb6b3ea79b5e36449c8d9', |
#checksum_value => 'f9bafc82ba5f8fb02b25020d66f396860604f496ca919480147fa525cb505d88', |
}
|
Let the commented-out f9bafc8 checksum be correct, and ea8fac7 be incorrect. Desired Behavior: When Puppet applies this manifest and downloads f9bafc8 from http://httpstat.us/200, it should report failure. The content does not match the checksum_value parameter ea8fac7. Actual Behavior: When Puppet applies this manifest, it saves the f9bafc8 file and reports success. On subsequent runs it observes that the f9bafc8 content is present, does not match the required ea8fac7, re-downloads the f9bafc8 content from http://httpstat.us/200, and reports a successful change. It incorrectly reports that it changed the file content to ea8fac7. The current behavior for three consecutive Puppet runs is shown below.
[reidmv@reids-mbp:~/Workspace/tmp/puppet-code/] % puppet apply test.pp |
Notice: Compiled catalog for reids-macbook-pro.local in environment production in 0.02 seconds |
Notice: /Stage[main]/Main/File[/tmp/file]/ensure: created |
Notice: Applied catalog in 0.50 seconds |
[reidmv@reids-mbp:~/Workspace/tmp/puppet-code/] % puppet apply test.pp |
Notice: Compiled catalog for reids-macbook-pro.local in environment production in 0.02 seconds |
Notice: /Stage[main]/Main/File[/tmp/file]/checksum_value: checksum_value changed 'f9bafc8...' to 'ea8fac7...' |
Notice: Applied catalog in 0.67 seconds |
[reidmv@reids-mbp:~/Workspace/tmp/puppet-code/] % puppet apply test.pp |
Notice: Compiled catalog for reids-macbook-pro.local in environment production in 0.02 seconds |
Notice: /Stage[main]/Main/File[/tmp/file]/checksum_value: checksum_value changed 'f9bafc8...' to 'ea8fac7...' |
Notice: Applied catalog in 0.52 seconds
|
|
