| I did a bit of digging into recent changes since 7.12.1, and I found that this change https://github.com/puppetlabs/puppet/pull/8789 from PUP-8094 is most likely related.
That change was part of the unreleased 7.13.0 tag. That change, which switches to using trusted information from the agent's cert when getting the node object for puppet lookup, creates a connection to the configured CA server to fetch the agent's cert. It's that connection that ultimately leads to the error in this ticket.
service = Puppet.runtime[:http] |
session = service.create_session |
cert = session.route_to(:ca) # <== This is where the error originates from. |
|
cert = cert.get_certificate(node) |
trusted = Puppet::Context::TrustedInformation.new(true, node, cert)
|
That patch looks like it assumes the user will always want to fetch trusted information from the agent's cert on the CA server. That the patch also adds a certificate setup step to the acceptance tests also implies that. I think that assumption can't be made though since there are legitimate reasons to run puppet lookup without having an agent<->server relationship or trusted information (e.g. debugging local code deploys for a puppet apply workflow with puppet lookup). |
