- Problem
Puppet Version: 6.15.0
Puppet Server Version: 6.11.1
OS Name/Version: CentOS 7
Puppet makes a HTTP request for /file_metadata/ for files that are set to "ensure => absent" and have source => 'puppet:///modules/.... This defeats the purpose of using static catalogs when your intent is to reduce the amount of file_metadata HTTP traffic. It causes unnecessary traffic and overheard on the Puppet server.
- Reproduction
Given this Puppet code:
node 'agent1.vagrant' { |
|
file { '/root/one': |
ensure => file, |
owner => 0, |
group => 0, |
mode => '0644', |
source => 'puppet:///modules/test/one', |
} |
|
file { '/root/two': |
ensure => absent, |
owner => 0, |
group => 0, |
mode => '0644', |
source => 'puppet:///modules/test/two', |
} |
|
}
|
Running puppet agent -t from agent1.vagrant causes these messages in Puppetserver's logs:
==> /var/log/puppetlabs/puppetserver/puppetserver.log <== |
2020-05-22T18:44:27.159Z INFO [qtp9036388-38] [puppetserver] Puppet Inlined resource metadata into static catalog for agent1.vagrant in environment production in 0.01 seconds |
2020-05-22T18:44:27.160Z INFO [qtp9036388-38] [puppetserver] Puppet Compiled static catalog for agent1.vagrant in environment production in 0.12 seconds |
|
==> /var/log/puppetlabs/puppetserver/puppetserver-access.log <== |
10.20.1.6 - - [22/May/2020:18:44:26 +0000] "GET /puppet/v3/node/agent1.vagrant?environment=production&configured_environment=production&transaction_uuid=ee221fd5-13a0-4fdd-9413-1b57a98cd690 HTTP/1.1" 200 12572 "-" "Puppet/6.15.0 Ruby/2.5.8-p224 (x86_64-linux)" 33 - 30 |
10.20.1.6 - - [22/May/2020:18:44:26 +0000] "GET /puppet/v3/file_metadatas/pluginfacts?recurse=true&ignore=.svn&ignore=CVS&ignore=.git&ignore=.hg&links=follow&checksum_type=md5&source_permissions=use&environment=production HTTP/1.1" 200 240 "-" "Puppet/6.15.0 Ruby/2.5.8-p224 (x86_64-linux)" 17 - 12 |
10.20.1.6 - - [22/May/2020:18:44:26 +0000] "GET /puppet/v3/file_metadatas/plugins?recurse=true&ignore=.svn&ignore=CVS&ignore=.git&ignore=.hg&links=follow&checksum_type=md5&source_permissions=ignore&environment=production HTTP/1.1" 200 244 "-" "Puppet/6.15.0 Ruby/2.5.8-p224 (x86_64-linux)" 19 - 14 |
10.20.1.6 - - [22/May/2020:18:44:26 +0000] "GET /puppet/v3/file_metadatas/locales?recurse=true&ignore=.svn&ignore=CVS&ignore=.git&ignore=.hg&ignore=%2A.pot&ignore=config.yaml&links=follow&checksum_type=md5&source_permissions=ignore&environment=production HTTP/1.1" 200 244 "-" "Puppet/6.15.0 Ruby/2.5.8-p224 (x86_64-linux)" 76 - 72 |
10.20.1.6 - - [22/May/2020:18:44:27 +0000] "POST /puppet/v3/catalog/agent1.vagrant?environment=production HTTP/1.1" 200 1864 "-" "Puppet/6.15.0 Ruby/2.5.8-p224 (x86_64-linux)" 272 25743 268 |
10.20.1.6 - - [22/May/2020:18:44:27 +0000] "GET /puppet/v3/file_metadata/modules/test/two?links=manage&checksum_type=md5&source_permissions=ignore&environment=production HTTP/1.1" 200 258 "-" "Puppet/6.15.0 Ruby/2.5.8-p224 (x86_64-linux)" 17 - 13 |
10.20.1.6 - - [22/May/2020:18:44:27 +0000] "PUT /puppet/v3/report/agent1.vagrant?environment=production HTTP/1.1" 200 9 "-" "Puppet/6.15.0 Ruby/2.5.8-p224 (x86_64-linux)" 47 7134 43
|
- Desired Behavior
A file resource with both ensure => absent and source => <valid_puppet_uri> should not result in an agent requesting its metadata. For example, I expect this resource to not cause a lookup of the file's metadata.
file { '/root/two': |
ensure => absent, |
owner => 0, |
group => 0, |
mode => '0644', |
source => 'puppet:///modules/test/two', |
}
|
|
