Jira (PUP-11440) No option to fail fast when agent-specified environment does not exist

Nate McCurdy (Jira)

unread,

Jan 31, 2022, 5:19:02 PM1/31/22

to puppe...@googlegroups.com

Nate McCurdy created an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Issue Type:	Bug
Affects Versions:	PUP 7.14.0
Assignee:	Unassigned
Created:	2022/01/31 2:18 PM
Priority:	Normal
Reporter:	Nate McCurdy

The Problem

When using an agent-specified environment workflow and the requested environment does not exist, there is no way to halt the Puppet run early and prevent a catalog compilation.

Additionally, the behavior of automatically switching to the "production" environment is unexpected and not desired in an agent-specified environment workflow.

This behavior exposes multiple issues:

The agent gets a 404 from the file_metadatas endpoint, but it still submits a catalog request:

[root@agent7 ~]# puppet agent -t --environment fake --http_debug

Info: Using environment 'fake'

opening connection to server7.vagrant:8140...

opened

starting SSL for server7.vagrant:8140...

SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256

<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_per

.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate

-> "HTTP/1.1 404 Not Found\r\n"

-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"

-> "Content-Type: application/json;charset=utf-8\r\n"

-> "X-Puppet-Version: 7.14.0\r\n"

-> "Content-Length: 87\r\n"

-> "\r\n"

reading 87 bytes...

-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"

read 87 bytes

Conn keep-alive

Notice: Environment 'fake' not found on server, skipping initial pluginsync.

<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\n

- This puts unneeded load on the Puppetserver while it compiles a catalog.

The server responds with a 200, which is odd considering the environment doesn't exist.

-> "HTTP/1.1 200 OK\r\n"

-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"

-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"

-> "X-Puppet-Version: 7.14.0\r\n"

The agent then switches to the "production" environment. Supposedly because it's server-specified. But in my case the external node classifier (ENC) is NOT specifying any environment at all.

Notice: Local environment: 'fake' doesn't match server specified environment 'production', restarting agent run with environment 'production'

Here's my ENC script used for testing:

#!/bin/bash

cat <<EOF

---

class: {}

parameters: {}

EOF

The agent then does pluginsync against the production environment and follows up with another catalog request, this time against production.

<- "POST /puppet/v3/catalog/agent7.vagrant?environment=production HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25797\r\n\r\n"

- - This puts even more unnecessary load on the Puppetserver.

With --strict_environment_mode, the agent again gets the 404 from file_metadatas but for some reason is still requests a catalog from the server.

[root@agent7 ~]# puppet agent -t --environment fake --http_debug --strict_environment_mode

Info: Using environment 'fake'

opening connection to server7.vagrant:8140...

opened

starting SSL for server7.vagrant:8140...

SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256

<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_permissions=ignore&environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\n\r\n"

-> "HTTP/1.1 404 Not Found\r\n"

-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"

-> "Content-Type: application/json;charset=utf-8\r\n"

-> "X-Puppet-Version: 7.14.0\r\n"

-> "Content-Length: 87\r\n"

-> "\r\n"

reading 87 bytes...

-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"

read 87 bytes

Conn keep-alive

Notice: Environment 'fake' not found on server, skipping initial pluginsync.

<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25793\r\n\r\n"

- This puts unneeded load on the Puppetserver as it compiles a catalog.

The agent receives a 200 from the server after the catalog request:

again, which is weird considering the environment doesn't exist.

-> "HTTP/1.1 200 OK\r\n"

-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"

-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"

-> "X-Puppet-Version: 7.14.0\r\n"

-> "Vary: Accept-Encoding, User-Agent\r\n"

-> "Content-Encoding: gzip\r\n"

-> "Content-Length: 316\r\n"

-> "\r\n"

Then the agent gives up with a misleading error:

Error: Not using catalog because its environment 'production' does not match agent specified environment 'fake' and strict_environment_mode is set

- - - This is misleading because the server is NOT specifying an environment (see the ENC script above).
    - The real problem is that the "fake" environment doesn't exist.

Desired Behavior

When using an agent-specified environment workflow:

The agent should not request a catalog after the initial 404 to the file_metadatas API (i.e. when pluginsync failed)
Error messages for non-existent environments shouldn't assume you're using a server-specified environment.

This points above may be too specific to the current implementation, so a more generic way to phrase the desired behavior is something like:

There should be an agent-side option to fail the Puppet run fast when the requested environment doesn't exist.
That option should not cause a catalog compilation on the Puppetserver at all.

Related Info

This looks like it might be a regression in behavior related to ~~PUP-10582~~ and possibly was introduced with changes made for ~~PUP-6802~~.

Add Comment

This message was sent by Atlassian Jira (v8.20.2#820002-sha1:829506d)

Nate McCurdy (Jira)

unread,

Jan 31, 2022, 5:21:03 PM1/31/22

to puppe...@googlegroups.com

Nate McCurdy updated an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:	Nate McCurdy

h2. The Problem

When using an agent-specified environment workflow and the requested environment does not exist, there is no way to halt the Puppet run early and prevent a catalog compilation.

Additionally, the behavior of automatically switching to the "production" environment is unexpected and not desired in an agent-specified environment workflow.

This behavior exposes multiple issues:

* The agent gets a 404 from the {{file_metadatas}} endpoint, but it still submits a catalog request:
**
{noformat}

[root@agent7 ~]# puppet agent -t --environment fake --http_debug
Info: Using environment 'fake'
opening connection to server7.vagrant:8140...
opened
starting SSL for server7.vagrant:8140...
SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256
<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_per
.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate
-> "HTTP/1.1 404 Not Found\r\n"
-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"
-> "Content-Type: application/json;charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Content-Length: 87\r\n"
-> "\r\n"
reading 87 bytes...
-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
read 87 bytes
Conn keep-alive
Notice: Environment 'fake' not found on server, skipping initial pluginsync.

<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\n{noformat}

*
** This puts unneeded load on the Puppetserver while it compiles a catalog.
** The server responds with a 200, which is odd considering the environment doesn't exist.
***
{code:java}

-> "HTTP/1.1 200 OK\r\n"
-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"

-> "X-Puppet-Version: 7.14.0\r\n" {code}

* * The agent then switches to the "production" environment. Supposedly because it's server-specified. But in my case the external node classifier (ENC) is NOT specifying any environment at all.
** *
{code:java}
Notice: Local environment: 'fake' doesn't match server specified environment 'production', restarting agent run with environment 'production' {code}

*
** Here's my ENC script used for testing:
*** *
{code:java}

#!/bin/bash
cat <<EOF
---
class: {}
parameters: {}

EOF {code}

* * The agent then does pluginsync against the production environment and follows up with another catalog request, this time against production.
** *
{code:java}
<- "POST /puppet/v3/catalog/agent7.vagrant?environment=production HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25797\r\n\r\n" {code}

*
** This puts even more unnecessary load on the Puppetserver.
*

With {{{}--strict_environment_mode{}}}, the agent again gets the 404 from file_metadatas but for some reason is it still requests a catalog from the server.
*
* *
{code:java}

[root@agent7 ~]# puppet agent -t --environment fake --http_debug --strict_environment_mode
Info: Using environment 'fake'
opening connection to server7.vagrant:8140...
opened
starting SSL for server7.vagrant:8140...
SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256
<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_permissions=ignore&environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\n\r\n"
-> "HTTP/1.1 404 Not Found\r\n"
-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/json;charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Content-Length: 87\r\n"
-> "\r\n"
reading 87 bytes...
-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
read 87 bytes
Conn keep-alive
Notice: Environment 'fake' not found on server, skipping initial pluginsync.

<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25793\r\n\r\n" {code}

*
** This puts unneeded load on the Puppetserver as it compiles a catalog.
* * The agent receives a 200 from the server after the catalog request:
** * again, which is weird considering the environment doesn't exist.
** *
{code:java}

-> "HTTP/1.1 200 OK\r\n"
-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Vary: Accept-Encoding, User-Agent\r\n"
-> "Content-Encoding: gzip\r\n"
-> "Content-Length: 316\r\n"

-> "\r\n" {code}

* * Then the agent gives up with a misleading error:
** *
{code:java}
Error: Not using catalog because its environment 'production' does not match agent specified environment 'fake' and strict_environment_mode is set {code}

*
** * This is misleading because the server is NOT specifying an environment (see the ENC script above).
** ** The real problem is that the "fake" environment doesn't exist.

h2. Desired Behavior

When using an agent-specified environment workflow:

* The agent should not request a catalog after the initial 404 to the {{file_metadatas}} API (i.e. when pluginsync failed)
* Error messages for non-existent environments shouldn't assume you're using a server-specified environment.

This points above may be too specific to the current implementation, so a more generic way to phrase the desired behavior is something like:

* There should be an agent-side option to fail the Puppet run fast when the requested environment doesn't exist.
* That option should not cause a catalog compilation on the Puppetserver at all.

h2. Related Info

This looks like it might be a regression in behavior related to PUP-10582 and possibly was introduced with changes made for PUP-6802.

Add Comment

Nate McCurdy (Jira)

unread,

Jan 31, 2022, 5:23:01 PM1/31/22

to puppe...@googlegroups.com

Nate McCurdy updated an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:	Nate McCurdy

h2. The Problem

When using an agent-specified environment workflow and the requested environment does not exist, there is no way to halt the Puppet run early and prevent a catalog compilation.

Additionally, the behavior of automatically switching to the "production" environment is unexpected and not desired in an agent-specified environment workflow.

This behavior exposes multiple issues ...

*When not using sctrict_environment_mode : *

* The agent gets a 404 from the {{file_metadatas}} endpoint, but it still submits a catalog request:
**
{noformat}[root@agent7 ~]# puppet agent -t --environment fake --http_debug
Info: Using environment 'fake'
opening connection to server7.vagrant:8140...
opened
starting SSL for server7.vagrant:8140...
SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256
<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_per
.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate
-> "HTTP/1.1 404 Not Found\r\n"
-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"
-> "Content-Type: application/json;charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Content-Length: 87\r\n"
-> "\r\n"
reading 87 bytes...
-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
read 87 bytes
Conn keep-alive
Notice: Environment 'fake' not found on server, skipping initial pluginsync.
<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\n{noformat}

*
** This puts unneeded load on the Puppetserver while it compiles a catalog.

* * The server responds with a 200, which is odd considering the environment doesn't exist.
** *

{code:java}-> "HTTP/1.1 200 OK\r\n"

-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n" {code}

* The agent then switches to the "production" environment. Supposedly because it's server-specified. But in my case the external node classifier (ENC) is NOT specifying any environment at all.
**

{code:java}Notice: Local environment: 'fake' doesn't match server specified environment 'production', restarting agent run with environment 'production' {code}

*

** Here's my ENC script used for testing:
** *

{code:java}#!/bin/bash
cat <<EOF
---
class: {}
parameters: {}
EOF {code}

* The agent then does pluginsync against the production environment and follows up with another catalog request, this time against production.
**

{code:java}<- "POST /puppet/v3/catalog/agent7.vagrant?environment=production HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25797\r\n\r\n" {code}

*

** This puts even more unnecessary load on the Puppetserver.

* With {{ {} --strict_environment_mode { : }} }, the *
* The agent again gets the 404 from file_metadatas but for some reason it still requests a catalog from the server.
*
* *

{code:java}[root@agent7 ~]# puppet agent -t --environment fake --http_debug --strict_environment_mode
Info: Using environment 'fake'
opening connection to server7.vagrant:8140...
opened
starting SSL for server7.vagrant:8140...
SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256
<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_permissions=ignore&environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\n\r\n"
-> "HTTP/1.1 404 Not Found\r\n"
-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/json;charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Content-Length: 87\r\n"
-> "\r\n"
reading 87 bytes...
-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
read 87 bytes
Conn keep-alive
Notice: Environment 'fake' not found on server, skipping initial pluginsync.
<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25793\r\n\r\n" {code}

*
** This puts unneeded load on the Puppetserver as it compiles a catalog.
* The agent receives a 200 from the server after the catalog request:

** again Again , which is weird considering the environment doesn't exist.
**

{code:java}-> "HTTP/1.1 200 OK\r\n"
-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Vary: Accept-Encoding, User-Agent\r\n"
-> "Content-Encoding: gzip\r\n"
-> "Content-Length: 316\r\n"
-> "\r\n" {code}

* Then the agent gives up with a misleading error:
**

{code:java}Error: Not using catalog because its environment 'production' does not match agent specified environment 'fake' and strict_environment_mode is set {code}

*

** This is misleading because the server is NOT specifying an environment (see the ENC script above).

** The real problem is that the "fake" environment doesn't exist.

h2. Desired Behavior

When using an agent-specified environment workflow:
* The agent should not request a catalog after the initial 404 to the {{file_metadatas}} API (i.e. when pluginsync failed)
* Error messages for non-existent environments shouldn't assume you're using a server-specified environment.

This points above may be too specific to the current implementation, so a more generic way to phrase the desired behavior is something like:
* There should be an agent-side option to fail the Puppet run fast when the requested environment doesn't exist.
* That option should not cause a catalog compilation on the Puppetserver at all.

h2. Related Info

This looks like it might be a regression in behavior related to PUP-10582 and possibly was introduced with changes made for PUP-6802.

Add Comment

Nate McCurdy (Jira)

unread,

Jan 31, 2022, 5:25:02 PM1/31/22

to puppe...@googlegroups.com

{code:java}-> "HTTP/1.1 200 OK\r\n"
-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n" {code}

* The agent then switches to the "production" environment. Supposedly because it's server-specified. But in my case the external node classifier (ENC) is NOT specifying any environment at all.
**
{code:java}Notice: Local environment: 'fake' doesn't match server specified environment 'production', restarting agent run with environment 'production' {code}

* Here's my ENC script used for testing:
**

{code:java}#!/bin/bash
cat <<EOF
---
class: {}
parameters: {}
EOF {code}

* The agent then does pluginsync against the production environment and follows up with another catalog request, this time against production.
**
{code:java}<- "POST /puppet/v3/catalog/agent7.vagrant?environment=production HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25797\r\n\r\n" {code}

* This puts even more unnecessary load on the Puppetserver.

*With {{--strict_environment_mode:}}*

* The agent again gets the 404 from file_metadatas but for some reason it still requests a catalog from the server.
**

{code:java}[root@agent7 ~]# puppet agent -t --environment fake --http_debug --strict_environment_mode
Info: Using environment 'fake'
opening connection to server7.vagrant:8140...
opened
starting SSL for server7.vagrant:8140...
SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256
<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_permissions=ignore&environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\n\r\n"
-> "HTTP/1.1 404 Not Found\r\n"
-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/json;charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Content-Length: 87\r\n"
-> "\r\n"
reading 87 bytes...
-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
read 87 bytes
Conn keep-alive
Notice: Environment 'fake' not found on server, skipping initial pluginsync.
<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25793\r\n\r\n" {code}

*

* * This puts unneeded load on the Puppetserver as it compiles a catalog.

* The agent receives a 200 from the server after the catalog request:

** Again, which is weird considering the environment doesn't exist.

**
{code:java}-> "HTTP/1.1 200 OK\r\n"
-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Vary: Accept-Encoding, User-Agent\r\n"
-> "Content-Encoding: gzip\r\n"
-> "Content-Length: 316\r\n"
-> "\r\n" {code}

* Then the agent gives up with a misleading error:
**
{code:java}Error: Not using catalog because its environment 'production' does not match agent specified environment 'fake' and strict_environment_mode is set {code}

*

* * This is misleading because the server is NOT specifying an environment (see the ENC script above).

** The real problem is that the "fake" environment doesn't exist.

h2. Desired Behavior

When using an agent-specified environment workflow:
* The agent should not request a catalog after the initial 404 to the {{file_metadatas}} API (i.e. when pluginsync failed)
* Error messages for non-existent environments shouldn't assume you're using a server-specified environment.

This The points above may be too specific to the current implementation, so a more generic way to phrase the desired behavior is something like:

* There should be an agent-side option to fail the Puppet run fast when the requested environment doesn't exist.
* That option should not cause a catalog compilation on the Puppetserver at all.

h2. Related Info

This looks like it might be a regression in behavior related to PUP-10582 and possibly was introduced with changes made for PUP-6802.

Add Comment

Nate McCurdy (Jira)

unread,

Jan 31, 2022, 5:26:03 PM1/31/22

to puppe...@googlegroups.com

{ code:java noformat }-> "HTTP/1.1 200 OK\r\n"

-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"

-> "X-Puppet-Version: 7.14.0\r\n" { code noformat }

* The agent then switches to the "production" environment. Supposedly because it's server-specified. But in my case the external node classifier (ENC) is NOT specifying any environment at all.
**

{ code:java noformat }Notice: Local environment: 'fake' doesn't match server specified environment 'production', restarting agent run with environment 'production' { code noformat }

* Here's my ENC script used for testing:
**

{code: java bash }#!/bin/bash

cat <<EOF
---
class: {}
parameters: {}
EOF {code}

* The agent then does pluginsync against the production environment and follows up with another catalog request, this time against production.
**

{ code:java noformat }<- "POST /puppet/v3/catalog/agent7.vagrant?environment=production HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25797\r\n\r\n" { code noformat }

* This puts even more unnecessary load on the Puppetserver.

*With {{--strict_environment_mode:}}*
* The agent again gets the 404 from file_metadatas but for some reason it still requests a catalog from the server.
**

{ code:java noformat }[root@agent7 ~]# puppet agent -t --environment fake --http_debug --strict_environment_mode

Info: Using environment 'fake'
opening connection to server7.vagrant:8140...
opened
starting SSL for server7.vagrant:8140...
SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256
<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_permissions=ignore&environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\n\r\n"
-> "HTTP/1.1 404 Not Found\r\n"
-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/json;charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Content-Length: 87\r\n"
-> "\r\n"
reading 87 bytes...
-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
read 87 bytes
Conn keep-alive
Notice: Environment 'fake' not found on server, skipping initial pluginsync.

<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25793\r\n\r\n" { code noformat }

** This puts unneeded load on the Puppetserver as it compiles a catalog.

* The agent receives a 200 from the server after the catalog request:
** Again, which is weird considering the environment doesn't exist.
**

{ code:java noformat }-> "HTTP/1.1 200 OK\r\n"

-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Vary: Accept-Encoding, User-Agent\r\n"
-> "Content-Encoding: gzip\r\n"
-> "Content-Length: 316\r\n"

-> "\r\n" { code noformat }

* Then the agent gives up with a misleading error:
**

{ code:java noformat }Error: Not using catalog because its environment 'production' does not match agent specified environment 'fake' and strict_environment_mode is set { code noformat }

** This is misleading because the server is NOT specifying an environment (see the ENC script above).

** The real problem is that the "fake" environment doesn't exist.

h2. Desired Behavior

When using an agent-specified environment workflow:
* The agent should not request a catalog after the initial 404 to the {{file_metadatas}} API (i.e. when pluginsync failed)
* Error messages for non-existent environments shouldn't assume you're using a server-specified environment.

The points above may be too specific to the current implementation, so a more generic way to phrase the desired behavior is something like:
* There should be an agent-side option to fail the Puppet run fast when the requested environment doesn't exist.
* That option should not cause a catalog compilation on the Puppetserver at all.

h2. Related Info

This looks like it might be a regression in behavior related to PUP-10582 and possibly was introduced with changes made for PUP-6802.

Add Comment

Nate McCurdy (Jira)

unread,

Jan 31, 2022, 5:31:01 PM1/31/22

to puppe...@googlegroups.com

{noformat}-> "HTTP/1.1 200 OK\r\n"

-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"

-> "X-Puppet-Version: 7.14.0\r\n" {noformat}

* The agent then switches to the "production" environment. Supposedly because it's server-specified. But in my case the external node classifier (ENC) is NOT specifying any environment at all.
**

{noformat}Notice: Local environment: 'fake' doesn't match server specified environment 'production', restarting agent run with environment 'production' {noformat}

* Here's my ENC script used for testing:
**

{code:bash}#!/bin/bash

cat <<EOF
---
class: {}
parameters: {}
EOF {code}

* The agent then does pluginsync against the production environment and follows up with another catalog request, this time against production.
**

{noformat}<- "POST /puppet/v3/catalog/agent7.vagrant?environment=production HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25797\r\n\r\n" {noformat}

* This puts even more unnecessary load on the Puppetserver.

*With {{--strict_environment_mode:}}*
* The agent again gets the 404 from file_metadatas but for some reason it still requests a catalog from the server.
**

{noformat}[root@agent7 ~]# puppet agent -t --environment fake --http_debug --strict_environment_mode

Info: Using environment 'fake'
opening connection to server7.vagrant:8140...
opened
starting SSL for server7.vagrant:8140...
SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256
<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_permissions=ignore&environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\n\r\n"
-> "HTTP/1.1 404 Not Found\r\n"
-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/json;charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Content-Length: 87\r\n"
-> "\r\n"
reading 87 bytes...
-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
read 87 bytes
Conn keep-alive
Notice: Environment 'fake' not found on server, skipping initial pluginsync.

<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25793\r\n\r\n" {noformat}

** This puts unneeded load on the Puppetserver as it compiles a catalog.
* The agent receives a 200 from the server after the catalog request:
** Again, which is weird considering the environment doesn't exist.
**

{noformat}-> "HTTP/1.1 200 OK\r\n"

-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Vary: Accept-Encoding, User-Agent\r\n"
-> "Content-Encoding: gzip\r\n"
-> "Content-Length: 316\r\n"

-> "\r\n" {noformat}

* Then the agent gives up with a misleading error:
**

{noformat}Error: Not using catalog because its environment 'production' does not match agent specified environment 'fake' and strict_environment_mode is set {noformat}

** This is misleading because the server is NOT specifying an environment (see the ENC script above).
** The real problem is that the "fake" environment doesn't exist.

h2. Desired Behavior

When using an agent-specified environment workflow:
* The agent should not request a catalog after the initial 404 to the {{file_metadatas}} API (i.e. when pluginsync failed)
* Error messages for non-existent environments shouldn't assume you're using a server-specified environment.

The points above may be too specific to the current implementation, so a more generic way to phrase the desired behavior is something like:
* There should be an agent-side option to fail the Puppet run fast when the requested environment doesn't exist.
* That option should not cause a catalog compilation on the Puppetserver at all.

* The error message seen when the environment doesn't exist should clearly say that the problem is a non-existent environment.

h2. Related Info

This looks like it might be a regression in behavior related to PUP-10582 and possibly was introduced with changes made for PUP-6802.

Add Comment

Josh Cooper (Jira)

unread,

Jan 31, 2022, 7:35:02 PM1/31/22

to puppe...@googlegroups.com

Josh Cooper updated an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:	Josh Cooper
Team:	Phoenix

Add Comment

Lisa Ross (Jira)

unread,

Feb 9, 2022, 12:48:01 PM2/9/22

to puppe...@googlegroups.com

Lisa Ross updated an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:	Lisa Ross
Sprint:	Phoenix 2022-03-02

Add Comment

Josh Cooper (Jira)

unread,

Feb 10, 2022, 3:06:03 AM2/10/22

to puppe...@googlegroups.com

Josh Cooper commented on

PUP-11440

Re: No option to fail fast when agent-specified environment does not exist

In the non-strict mode case, we do want the agent run to continue and have the server redirect the agent to a valid environment. Otherwise, if you've configured all 50k agents to use a specific environment and you delete the environment from the server, then all agents will be stuck and you can't use puppet to fix itself.

In the strict mode case, if we detect that the environment doesn't exist on the server prior to pluginsync, then we should abort the run, since we know there's no point in continuing.

This seems to work as expected:

diff --git a/lib/puppet/configurer.rb b/lib/puppet/configurer.rb

index d97c73bc46..457b9eed8e 100644

--- a/lib/puppet/configurer.rb

+++ b/lib/puppet/configurer.rb

@@ -327,12 +327,16 @@ class Puppet::Configurer

         push_current_environment_and_loaders

end

+      # store original value so it can be restored later

       temp_value = options[:pluginsync]

       # only validate server environment if pluginsync is requested

-      options[:pluginsync] = valid_server_environment? if options[:pluginsync] == true

+      options[:pluginsync] = valid_server_environment? if options[:pluginsync]

+      # get_facts relies on the pluginsync option

       query_options, facts = get_facts(options) unless query_options

+      # restore value as get_facts may be called again during convergence

       options[:pluginsync] = temp_value

       query_options[:configured_environment] = configured_environment

@@ -443,7 +447,11 @@ class Puppet::Configurer

       true

     rescue Puppet::HTTP::ResponseError => detail

       if detail.response.code == 404

-        Puppet.notice(_("Environment '%{environment}' not found on server, skipping initial pluginsync.") % { environment: @environment })

+        if Puppet[:strict_environment_mode]

+          raise Puppet::Error.new(_("Environment '%{environment}' not found on server, aborting run.") % { environment: @environment })

+        else

+          Puppet.notice(_("Environment '%{environment}' not found on server, skipping initial pluginsync.") % { environment: @environment })

+        end

       else

         Puppet.log_exception(detail, detail.message)

end

Which results in:

$ bundle exec puppet agent -t -E fake

Info: Using environment 'fake'

Notice: Environment 'fake' not found on server, skipping initial pluginsync.

Notice: Local environment: 'fake' doesn't match server specified environment 'production', restarting agent run with environment 'production'

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Retrieving locales

Info: Caching catalog for localhost

Info: Applying configuration version '1644480167'

Notice: Applied catalog in 0.01 seconds

$ bundle exec puppet agent -t -E fake --strict_environment_mode

Info: Using environment 'fake'

Error: Failed to apply catalog: Environment 'fake' not found on server, aborting run.

Add Comment

Nirupama Mantha (Jira)

unread,

Feb 10, 2022, 11:49:01 AM2/10/22

to puppe...@googlegroups.com

Nirupama Mantha updated an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:	Nirupama Mantha
Story Points:	3

Add Comment

Nirupama Mantha (Jira)

unread,

Feb 10, 2022, 11:50:01 AM2/10/22

to puppe...@googlegroups.com

Nirupama Mantha updated an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:	Nirupama Mantha
Affects Version/s:	PUP 6.26.0

Add Comment

Nate McCurdy (Jira)

unread,

Feb 10, 2022, 12:03:03 PM2/10/22

to puppe...@googlegroups.com

Nate McCurdy updated an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:	Nate McCurdy

Notice: Environment 'fake' not found on server, skipping initial pluginsync.

<- "POST /puppet/v3/catalog/agent7.vagrant?environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\n{noformat}

*
** This puts unneeded load on the Puppetserver while it compiles a catalog.
* The server responds with a 200, which is odd considering the environment doesn't exist.
**
{noformat}-> "HTTP/1.1 200 OK\r\n"
-> "Date: Mon, 31 Jan 2022 21:47:28 GMT\r\n"
-> "Content-Type: application/vnd.puppet.rich+json; charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n" {noformat}

* The agent then switches to the "production" environment. Supposedly Apparently because it's server-specified is "production" . But in my case the external node classifier (ENC) is NOT specifying any environment at all.

**
{noformat}Notice: Local environment: 'fake' doesn't match server specified environment 'production', restarting agent run with environment 'production' {noformat}

* Here's my ENC script used for testing:
**
{code:bash}#!/bin/bash
cat <<EOF
---
class: {}
parameters: {}
EOF {code}

* The agent then does pluginsync against the production environment and follows up with another catalog request, this time against production.
**
{noformat}<- "POST /puppet/v3/catalog/agent7.vagrant?environment=production HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/vnd.puppet.rich+json, application/json, text/pson\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\nContent-Length: 25797\r\n\r\n" {noformat}

* This puts even more unnecessary load on the Puppetserver.

*With {{--strict_environment_mode:}}*
* The agent again gets the 404 from file_metadatas but for some reason it still requests a catalog from the server.
**

{noformat}[root@agent7 ~]# puppet agent -t --environment fake --http_debug --strict_environment_mode
Info: Using environment 'fake'

opening connection to server7.vagrant:8140...
opened
starting SSL for server7.vagrant:8140...
SSL established, protocol: TLSv1.3, cipher: TLS_AES_128_GCM_SHA256
<- "GET /puppet/v3/file_metadatas/plugins?recurse=false&links=manage&checksum_type=sha256&source_permissions=ignore&environment=fake HTTP/1.1\r\nX-Puppet-Version: 7.14.0\r\nUser-Agent: Puppet/7.14.0 Ruby/2.7.5-p203 (x86_64-linux)\r\nAccept: application/json, text/pson\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nHost: server7.vagrant:8140\r\n\r\n"
-> "HTTP/1.1 404 Not Found\r\n"
-> "Date: Mon, 31 Jan 2022 22:03:16 GMT\r\n"
-> "Content-Type: application/json;charset=utf-8\r\n"
-> "X-Puppet-Version: 7.14.0\r\n"
-> "Content-Length: 87\r\n"
-> "\r\n"
reading 87 bytes...
-> "{\"message\":\"Not Found: Could not find environment 'fake'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
read 87 bytes
Conn keep-alive

Notice: Environment 'fake' not found on server, skipping initial pluginsync.

Add Comment

Nate McCurdy (Jira)

unread,

Feb 10, 2022, 12:20:01 PM2/10/22

to puppe...@googlegroups.com

Nate McCurdy commented on

PUP-11440

Re: No option to fail fast when agent-specified environment does not exist

Having strict mode abort early sounds good to me.

But switching to the "production" environment by default in the non-strict mode is still a bit concerning to me.

In a setup where there is no server-specified environment, how can we be sure that "production" is the correct one to fall back to? For example, if a chunk of nodes normally run against a canary environment (e.g. -E canary) then want to run against a feature branch but a human typos the name, that node will then revert to production for a run rather than the usual canary environment.

We don't currently see this auto-switching behavior in our systems that are running 6.19.1. When did that make it in to Puppet?

I see that we should start using strict mode to guard against this problem, but I'm not sure when we need to and when we can. Is that a Puppet 7 only feature?

Add Comment

Josh Cooper (Jira)

unread,

Feb 15, 2022, 3:19:03 PM2/15/22

to puppe...@googlegroups.com

Josh Cooper commented on

PUP-11440

Re: No option to fail fast when agent-specified environment does not exist

But switching to the "production" environment by default in the non-strict mode is still a bit concerning to me.

Note this only occurs if the agent requests an environment that doesn't exist on the server.

how can we be sure that "production" is the correct one to fall back to?

Technically, the server will instruct the agent to fallback to Puppet[:environment] as configured on the server, which will typically be "production". Note the agent may go through several "hops" until it converges on the correct environment. In other words, "production" is just a stepping stone to get to the correct environment in the same way that a newly provisioned agent does (or if you delete the agent's cache directory).

We don't currently see this auto-switching behavior in our systems that are running 6.19.1

The change was introduced in ~~PUP-6802~~. Previously if the agent requested a non-existent environment, the entire run failed, even when the ENC was controlling the environment. Worst case, agents are configured to use an environment in puppet.conf and you delete the environment from the server. Then every agent is stuck and you can't use puppet to fix itself. So you have to bolt/ssh to every agent node and delete the setting.

Now (after ~~PUP-6802~~) when server-specified environments are used, the ENC is given an opportunity to redirect the agent to the correct environment. So agents are self-healing. When agent-specified environment are used, the server tells the agent to fallback (as described above). When the agent receives a catalog (compiled in production), it will abort the run when "strict_environment_mode" is set. However, when this bug is fixed, the agent will fail early, because it knows the environment doesn't exist on the server so there's no point in requesting a catalog.

Is that a Puppet 7 only feature?

~~PUP-6802~~ was fixed in both 6 and 7 streams. You can use the "strict_environment_mode" option/setting in both streams as it's been around for a long time. And it really should be used in cases where you're wanting to use agent-specified environments. Otherwise you can't really guarantee which environment was used to compile the catalog.

Add Comment

Josh Cooper (Jira)

unread,

Feb 15, 2022, 3:30:02 PM2/15/22

to puppe...@googlegroups.com

Josh Cooper updated an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:

Josh Cooper

Acceptance Criteria:

When using "strict_environment_mode=true", if the agent requests an environment that doesn't exist on the server, then the agent should fail the run without pluginsyncing or requesting a catalog. This is true for both server and agent specified environments.

Previously the agent skipped pluginsync, requested a catalog, the server redirected the agent to "production" and the agent compared the catalog's environment with the environment it requested. If those were mismatched it failed the run, but it was "too late".

Add Comment

Josh Cooper (Jira)

unread,

Feb 16, 2022, 11:47:02 AM2/16/22

to puppe...@googlegroups.com

Josh Cooper updated an issue

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:	Josh Cooper
Fix Version/s:	PUP 7.15.0
Fix Version/s:	PUP 6.27.0

Add Comment

Christopher Thorn (Jira)

unread,

Feb 22, 2022, 3:47:02 PM2/22/22

to puppe...@googlegroups.com

Christopher Thorn assigned an issue to Christopher Thorn

Puppet /

PUP-11440

No option to fail fast when agent-specified environment does not exist

Change By:	Christopher Thorn
Assignee:	Christopher Thorn

Add Comment

Nate McCurdy (Jira)

unread,

Feb 22, 2022, 3:58:02 PM2/22/22

to puppe...@googlegroups.com

Nate McCurdy commented on

PUP-11440

Re: No option to fail fast when agent-specified environment does not exist

Ah, thank you josh; your responses make sense, and I see now how ~~PUP-6802~~ does help agents to self-heal.

I'm also definitely going to start using strict_environment_mode for our agent-specified environment hosts (after this current bug gets fixed, that is).