Jira (PUP-10106) no_proxy does not exclude hosts whose FQDN matches based on suffix

14 views
Skip to first unread message

Josh Cooper (JIRA)

unread,
Oct 28, 2019, 5:07:03 PM10/28/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
 
Puppet / Bug PUP-10106
no_proxy does not exclude hosts whose FQDN matches based on suffix
Change By: Josh Cooper
Summary: no_proxy does not exclude hosts whose FQDN matches based on su suffix
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Josh Cooper (JIRA)

unread,
Oct 28, 2019, 5:09:02 PM10/28/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
*Puppet Version: 5.5.17*
*Puppet Server Version: 5.3.10*
*OS Name/Version: CentOS 7*

 *Original Summary* Since update to puppet 5.5.17 puppetdb forge module cannot connect to puppetdb

Since the update to puppet agent 5.5.17 the puppetdb forge module is using the configured proxy server and ignoring the no_proxy setting when trying to validate the connection to puppetdb.  This worked properly on 5.5.16. 

My environment proxy settings are:

 * {noformat}
 http_proxy=http://ottinstall.ls.cbn:3128 *
* ftp_proxy=http://ottinstall.ls.cbn:3128 *
* https_proxy=http://ottinstall.ls.cbn:3128 *
* no_proxy=ls.cbn, localhost, puppet, 127.0.0.1 *
{noformat}

My puppetdb server is:  * {{ https://glycon.ls.cbn:8081 * }}

*Desired Behavior:* 

Respect the no_proxy value {{ ls.cbn }} and not proxy connections to {{ https://glycon.ls.cbn:8018 }}

*Actual Behavior:*
{noformat}
 opening connection to ottinstall.ls.cbn:3128...
opened
<- "CONNECT glycon.ls.cbn:8081 HTTP/1.1\r\nHost: glycon.ls.cbn:8081\r\n\r\n"
-> "HTTP/1.1 403 Forbidden\r\n"
-> "Server: squid/3.5.20\r\n"
-> "Mime-Version: 1.0\r\n"
-> "Date: Sat, 19 Oct 2019 18:46:40 GMT\r\n"
-> "Content-Type: text/html;charset=utf-8\r\n"
-> "Content-Length: 3448\r\n"
-> "X-Squid-Error: ERR_ACCESS_DENIED 0\r\n"
-> "Vary: Accept-Language\r\n"
-> "Content-Language: en\r\n"
-> "X-Cache: MISS from ottinstall.ls.cbn\r\n"
-> "X-Cache-Lookup: NONE from ottinstall.ls.cbn:80\r\n"
-> "Via: 1.1 ottinstall.ls.cbn (squid/3.5.20)\r\n"
-> "Connection: keep-alive\r\n"
-> "\r\n"
Conn close because of connect error 403 "Forbidden"
Notice: Unable to connect to puppetdb server (https://glycon.ls.cbn:8081): 403 "Forbidden"
{noformat}

Josh Cooper (JIRA)

unread,
Oct 28, 2019, 5:09:03 PM10/28/19
to puppe...@googlegroups.com
Josh Cooper assigned an issue to Josh Cooper
Change By: Josh Cooper
Assignee: Josh Cooper

Josh Cooper (JIRA)

unread,
Oct 28, 2019, 5:15:03 PM10/28/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Fix Version/s: PUP 6.11.0
Fix Version/s: PUP 6.4.5
Fix Version/s: PUP 5.5.18

Josh Cooper (JIRA)

unread,
Oct 30, 2019, 2:23:03 AM10/30/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Sprint: Coremunity Hopper Platform Core KANBAN

Josh Cooper (JIRA)

unread,
Nov 8, 2019, 3:44:02 PM11/8/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Release Notes Summary: Puppet will bypass the http proxy if the `no_proxy` environment variable or puppet setting is a suffix of the destination server FQDN. Previously puppet would only bypass the proxy if `no_proxy` had a leading wildcard (*.example.com) or dot (.example.com).
Release Notes: Bug Fix

Josh Cooper (JIRA)

unread,
Nov 9, 2019, 12:49:04 PM11/9/19
to puppe...@googlegroups.com

Heston Hoffman (JIRA)

unread,
Nov 15, 2019, 6:43:03 PM11/15/19
to puppe...@googlegroups.com
Heston Hoffman updated an issue
 
Change By: Heston Hoffman
Labels: resolved-issue-added
Reply all
Reply to author
Forward
0 new messages