Jira (PUP-7322) Cannot obtain a source that uses http with basic web auth

2 views
Skip to first unread message

Shaun Martin (JIRA)

unread,
Mar 8, 2017, 4:03:04 PM3/8/17
to puppe...@googlegroups.com
Shaun Martin created an issue
 
Puppet / Bug PUP-7322
Cannot obtain a source that uses http with basic web auth
Issue Type: Bug Bug
Affects Versions: PUP 4.8.2
Assignee: Unassigned
Components: Puppet Server
Created: 2017/03/08 1:02 PM
Priority: Major Major
Reporter: Shaun Martin

When I try and access a source from a simple apache server using basic authentication with .htaccess and .htpassword puppet does not retrieve the source.

Below is output of me running the puppet agent -t with the error. I then show I use that exact same URL to try and retrieve the file and it works while puppet failed.

[root@smartin-test opt]# puppet agent -t
 
Info: Using configured environment 'production'
 
Info: Retrieving pluginfacts
 
Info: Retrieving plugin
 
Info: Loading facts
 
Info: Caching catalog for smartin-test
 
Info: Applying configuration version '1489003424'
 
Notice: /Stage[main]/Phr_uploads/Exec[ead-wait]/returns: executed successfully
 
Error: /Stage[main]/Phr_uploads/File[/opt/tomcat-uploads/webapps/ead/WEB-INF/web.xml]: Could not evaluate: Could not retrieve information from environment production source(s) http://serv-foreman:P...@172.16.120.155:81/dev/smartin-test/uploads/ead.xml
 
Notice: /Stage[main]/Phr_uploads/Exec[qapthr36-wait]/returns: executed successfully
 
Error: /Stage[main]/Phr_uploads/File[/opt/tomcat-uploads/webapps/qapthr36/WEB-INF/web.xml]: Could not evaluate: Could not retrieve information from environment production source(s) http://serv-foreman:P...@172.16.120.155:81/dev/smartin-test/uploads/qapthr36.xml
 
Info: Class[Phr_uploads]: Unscheduling all events on Class[Phr_uploads]
 
Notice: Applied catalog in 304.80 seconds
 
[root@smartin-test opt]# wget http://serv-foreman:P...@172.16.120.155:81/dev/smartin-test/uploads/qapthr36.xml
 
--2017-03-08 20:17:31--  http://serv-foreman:*password*@172.16.120.155:81/dev/smartin-test/uploads/qapthr36.xml
 
Connecting to 172.16.120.155:81... connected.
 
HTTP request sent, awaiting response... 401 Unauthorized
 
Connecting to 172.16.120.155:81... connected.
 
HTTP request sent, awaiting response... 200 OK
 
Length: 3549 (3.5K) [text/xml]
 
Saving to: 'qapthr36.xml'
 
 
 
100%[======================================================================================================================================================================================================================>] 3,549       --.-K/s   in 0s
 
 
 
2017-03-08 20:17:32 (13.1 MB/s) - 'qapthr36.xml' saved [3549/3549]
 
 
 
[root@smartin-test opt]#

These are my access and error logs from apache during the attempt from puppet and wget.

10.101.1.187 - - [08/Mar/2017:14:44:43 -0600] "HEAD /dev/smartin-test/uploads/ead.xml HTTP/1.1" 401 - "-" "Ruby"
 
10.101.1.187 - - [08/Mar/2017:14:44:43 -0600] "HEAD /dev/smartin-test/uploads/ead.xml HTTP/1.1" 401 - "-" "Ruby"
 
10.101.1.187 - - [08/Mar/2017:14:44:53 -0600] "HEAD /dev/smartin-test/uploads/qapthr36.xml HTTP/1.1" 401 - "-" "Ruby"
 
10.101.1.187 - - [08/Mar/2017:14:44:54 -0600] "HEAD /dev/smartin-test/uploads/qapthr36.xml HTTP/1.1" 401 - "-" "Ruby"
 
10.101.1.187 - - [08/Mar/2017:14:47:26 -0600] "GET /dev/smartin-test/uploads/qapthr36.xml HTTP/1.1" 401 381 "-" "Wget/1.14 (linux-gnu)"
 
10.101.1.187 - serv-foreman [08/Mar/2017:14:47:26 -0600] "GET /dev/smartin-test/uploads/qapthr36.xml HTTP/1.1" 200 3549 "-" "Wget/1.14 (linux-gnu)"

You can see the wget tried, got the 401 and then sent the request with authentication and got the file. You can see puppet just gets the 401 and never tries with the authentication provided.

I have also tested removing .htaccess and .htpassword and the file can be retrieved.

This looks like sources with http authentication are not functioning correctly. I also brought this topic up in the freenode IRC channel and was asked to file a ticket.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)
Atlassian logo

Moses Mendoza (JIRA)

unread,
Mar 8, 2017, 4:29:03 PM3/8/17
to puppe...@googlegroups.com
Moses Mendoza commented on Bug PUP-7322
 
Re: Cannot obtain a source that uses http with basic web auth

hi Shaun Martin. Thanks for filing. Would you mind adding a simple manifest reproducing the bug for you?

Shaun Martin (JIRA)

unread,
Mar 8, 2017, 5:07:02 PM3/8/17
to puppe...@googlegroups.com
Shaun Martin commented on Bug PUP-7322

Sure here is a simple example tested and fails as well.

class phr_uploads (
 
  $config_env = 'dev',
 
  $web_xml_source = "http://serv-foreman:PW@$serverip:81/$config_env/$hostname/uploads",
 
  $customer = 'ead',
 
)
 
{
 
 
 
file { "/root/web.xml":
 
  ensure => file,
 
  replace => true,
 
  source => "$web_xml_source/$customer.xml",
 
  require => Exec["$customer-wait"],
 
  group => "$tomcat_instance_name",
 
  owner  => "$tomcat_instance_name",
 
}
 
 
 
}

Shaun Martin (JIRA)

unread,
Mar 8, 2017, 5:42:02 PM3/8/17
to puppe...@googlegroups.com
Shaun Martin commented on Bug PUP-7322

Moses Mendoza you tagged the wrong person in your response, confused the hell out of me.

Moses Mendoza (JIRA)

unread,
Mar 10, 2017, 11:05:02 AM3/10/17
to puppe...@googlegroups.com
Moses Mendoza commented on Bug PUP-7322

Oops sorry

Eric Delaney (JIRA)

unread,
Mar 10, 2017, 6:50:03 PM3/10/17
to puppe...@googlegroups.com
Eric Delaney updated an issue
 
Change By: Eric Delaney
Team: Agent
Sprint: Agent Triage

Geoff Nichols (JIRA)

unread,
Mar 11, 2017, 1:11:02 AM3/11/17
to puppe...@googlegroups.com
Geoff Nichols updated an issue
Change By: Geoff Nichols
Sprint: Agent  Triage  Accepted

Geoff Nichols (JIRA)

unread,
Apr 5, 2017, 1:07:09 AM4/5/17
to puppe...@googlegroups.com
Geoff Nichols updated an issue
Change By: Geoff Nichols
Sprint: Agent Accepted

Moses Mendoza (JIRA)

unread,
May 17, 2017, 2:45:03 PM5/17/17
to puppe...@googlegroups.com
Moses Mendoza updated an issue
Change By: Moses Mendoza
Labels: triaged

Josh Cooper (JIRA)

unread,
Mar 15, 2018, 1:30:03 AM3/15/18
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-7322
 
Re: Cannot obtain a source that uses http with basic web auth

Issues are related, but not exactly the same.
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Josh Cooper (Jira)

unread,
May 19, 2020, 2:41:03 PM5/19/20
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-7322

My comment above about "not exactly the same" is because wget handles basic authentication differently than puppet. Wget initially doesn't send any credentials, but when challenged with 401, it sends credentials with the resubmitted request. Puppet on the other handle always sends credentials if specified in its options hash. That said, the ability to specify credentials in the URL and have puppet use them was filed in an early ticket PUP-6916, so I'm going to close this as a duplicate.
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages