Jira (PUP-10543) Puppet agents can't download file content from puppetserver via "raw" https

[Josh Cooper (Jira)]

Josh Cooper created an issue

Puppet / PUP-10543 Puppet agents can't download file content from puppetserver via "raw" https Issue Type: Bug Assignee: Unassigned Created: 2020/06/17 11:41 AM Priority: Normal Reporter: Josh Cooper Trying to download a file from puppetserver using as an https source instead of puppet:// will fail because puppetserver does not allow HEAD requests. This is similar to PUP-6380. For example, given: file { '/tmp/ca.pem': ensure => file, source => "https://${server_facts['servername']}:8140/puppet-ca/v1/certificate/ca?environment=production", } The agent will fail: $ puppet agent -t --http_debug ... <- "HEAD /puppet-ca/v1/certificate/ca?environment=production HTTP/1.1\r\nX-Puppet-Version: 6.17.0\r\nUser-Agent: Puppet/6.17.0 Ruby/2.5.7-p206 (x86_64-darwin18)\r\nAccept: */*\r\nHost: dusty-haulage.delivery.puppetlabs.net:8140\r\n\r\n" -> "HTTP/1.1 403 Forbidden\r\n" -> "Date: Wed, 17 Jun 2020 18:39:03 GMT\r\n" -> "X-Puppet-Version: 6.16.0\r\n" -> "Content-Length: 103\r\n" -> "\r\n" Conn end_transport Conn keep-alive Error: /Stage[main]/Main/File[/tmp/puppetserver]: Could not evaluate: Could not retrieve information from environment production source(s) https://dusty-haulage.delivery.puppetlabs.net:8140/puppet-ca/v1/certificate/ca?environment=production One possible solution is to sniff the response header and fallback to a partial GET request as is done for PUP-6380. Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-10543 Puppet agents can't download file content from puppetserver via "raw" https

Change By: Josh Cooper Fix Version/s: PUP 6.17.0

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-10543 Puppet agents can't download file content from puppetserver via "raw" https

Change By: Josh Cooper Sprint: Platform Core KANBAN

Add Comment

[Josh Cooper (Jira)]

Josh Cooper assigned an issue to Josh Cooper

Puppet / PUP-10543 Puppet agents can't download file content from puppetserver via "raw" https

Change By: Josh Cooper Assignee: Josh Cooper

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-10543 Puppet agents can't download file content from puppetserver via "raw" https

Change By: Josh Cooper Release Notes: Bug Fix Release Notes Summary: If puppet tries to download file metadata from an HTTP(S) file source and the HEAD request results in HTTP 403 Forbidden or 405 Method Not Allowed, then it will fallback to a GET request with a 0 byte range.

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-10543

Re: Puppet agents can't download file content from puppetserver via "raw" https Merged to master in https://github.com/puppetlabs/puppet/commit/7ba18b2caa83a1586057ad123d3e0ad72d0e1f42

Add Comment

[Claire Cadman (Jira)]

Claire Cadman updated an issue

Puppet / PUP-10543

Puppet agents can't download file content from puppetserver via "raw" https

Change By: Claire Cadman Labels: doc_reviewed

Add Comment