Jira (FACT-3082) Regression: Rusn with Puppet 6.25.0 take +2 minutes on non-EC2 VMs

42 views
Skip to first unread message

Oliver Freyermuth (Jira)

unread,
Oct 13, 2021, 2:57:03 PM10/13/21
to puppe...@googlegroups.com
Oliver Freyermuth created an issue
 
Facter / Bug FACT-3082
Regression: Rusn with Puppet 6.25.0 take +2 minutes on non-EC2 VMs
Issue Type: Bug Bug
Affects Versions: FACT 3.14.20
Assignee: Unassigned
Components: Facter 3
Created: 2021/10/13 11:56 AM
Priority: Major Major
Reporter: Oliver Freyermuth

After upgrading from agent 6.24.0 to 6.25.0 and hence to facter version:

3.14.20 (commit 28fd6cc7adae74c7748502e4d18d34f75be92f93)

all our Puppet runs on non-EC2 VMs take +2 minutes spent in the fact collection phase. Debug logging reveals:

Debug: Facter: executing command: /opt/puppetlabs/puppet/bin/virt-what
 
Debug: Facter: kvm
 
Debug: Facter: completed processing output: closing child pipes.
 
Debug: Facter: process exited with status code 0.
 
Debug: Facter: fact "is_virtual" has resolved to true.
 
Debug: Facter: fact "virtual" has resolved to "kvm".
 
Debug: Facter: not running under a Azure instance.
 
Debug: Facter: resolving EC2 facts.
 
Debug: Facter: requesting IMDSv2 token at http://169.254.169.254/latest/api/token.
 
Debug: Facter: requesting http://169.254.169.254/latest/api/token.
 
Debug: Facter: Trying 169.254.169.254:80...
 
Debug: Facter: connect to 169.254.169.254 port 80 failed: Connection timed out
 
Debug: Facter: Failed to connect to 169.254.169.254 port 80: Connection timed out
 
Debug: Facter: Closing connection 0
 
Debug: Facter: EC2 IMDSv2 endpoint is unavailable
 
Debug: Facter: querying EC2 instance metadata at http://169.254.169.254/latest/meta-data/.
 
Debug: Facter: requesting http://169.254.169.254/latest/meta-data/.
 
Debug: Facter: Trying 169.254.169.254:80...
 
Debug: Facter: Connection timed out after 600 milliseconds
 
Debug: Facter: Closing connection 1
 
Debug: Facter: EC2 facts are unavailable: not running under an EC2 instance or EC2 is not responding in a timely manner.

Checking the IMDSv2 endpoint introduces a timeout of 2 minutes, and is the culprit here. Probably introduced by activating IMSDv2 checking by default:
https://github.com/puppetlabs/facter/commit/8c323415a59025232fc06e1dc5853e10c5ee8a32

For the EC2 instance metadata check, a timeout of 600 ms is used, which is far more bearable.

Would it be possible to add a bearable timeout also for the IMDSv2 check?

Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages