Jira (PUP-2887) IPv6 failover using srv records doesn't work as expected

[Vladimir Kotal (JIRA)]

Vladimir Kotal commented on PUP-2887

Re: IPv6 failover using srv records doesn't work as expected Encountering the same on Solaris 11.3. The client has IPv4 and IPv6 addresses but broken IPv6 connectivity. What happens is this: {{# puppet agent --test --server=puppet.foo.cz Warning: Unable to fetch my node definition, but the agent run will continue: Warning: execution expired Info: Retrieving pluginfacts Error: Could not retrieve pluginfacts: execution expired Info: Retrieving plugin ... }} Ideally, the connect should be using something like Happy eyeballs algorithm (RFC 6555) so that it does not stall for too long. Add Comment

This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)

[Branan Riley (JIRA)]

Branan Riley updated an issue

Puppet / PUP-2887

IPv6 failover using srv records doesn't work as expected

Change By: Branan Riley Labels: IPv6 SRV  help_wanted

Add Comment

This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)

[Branan Riley (JIRA)]

Branan Riley commented on PUP-2887

Re: IPv6 failover using srv records doesn't work as expected We're unlikely to tackle this soon, but I'm leaving it open. PRs would be happily accepted.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-2887

IPv6 failover using srv records doesn't work as expected

Change By: Josh Cooper Labels: IPv6  SRV  help_wanted

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper assigned an issue to Unassigned

Puppet / PUP-2887 IPv6 failover using srv records doesn't work as expected

Change By: Josh Cooper Assignee: Kylo Ginsberg

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-2887 IPv6 failover using srv records doesn't work as expected

Change By: Josh Cooper Labels: IPv6 help_wanted  triaged

Add Comment

[Moses Mendoza (JIRA)]

Moses Mendoza updated an issue

Puppet / PUP-2887 IPv6 failover using srv records doesn't work as expected

Change By: Moses Mendoza Labels: IPv6 help_wanted  triaged

Add Comment

[Jacob Helwig (JIRA)]

Jacob Helwig updated an issue

Puppet / PUP-2887 IPv6 failover using srv records doesn't work as expected

Change By: Jacob Helwig Sub-team: Coremunity

Add Comment

This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db)

[Jorie Tappa (JIRA)]

Jorie Tappa updated an issue

Puppet / PUP-2887 IPv6 failover using srv records doesn't work as expected

Change By: Jorie Tappa Sprint: Coremunity Hopper

Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Josh Cooper (JIRA)]

Josh Cooper commented on PUP-2887

Re: IPv6 failover using srv records doesn't work as expected One difficulty with implementing happy eyeballs is that Net::HTTP only accepts a hostname or IP to connect to, and always performs SSL verification against that value. If we pass a hostname, then ruby looks up the ipv6 or v4 address, and uses the first one it can connect to. If we pass the IP address, then verification of the server's SSL cert will likely fail. I say likely because it's possible to add the server's IP address as a subject alt name, but that's not very common. To implement happy eyeballs we could either: call Net::HTTP.start with both the IP address (v4 or v6) and fqdn, where SSL verification happens against the latter. This would require an upstream ruby PR. override the SSL verification callback and do the post_connection_check ourselves.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-2887

IPv6 failover using srv records doesn't work as expected

Change By: Josh Cooper Component/s: Docs

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-2887 IPv6 failover using srv records doesn't work as expected

Change By: Josh Cooper Sprint: Coremunity Hopper

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-2887

Re: IPv6 failover using srv records doesn't work as expected See comment in https://tickets.puppetlabs.com/browse/PUP-10217?focusedCommentId=782565&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-782565 about how we're waiting for ruby to implement happy eyeballs.

Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)