Issue #2128 has been updated by Jeff McCune.
Status changed from Merged - Pending Release to Accepted
# Reopened - authstore.rb issue #
I believe I've found a potential authstore.rb issue related to this tickets
that blocks it from fully working.
The certificate the customer I'm working with is using doesn't look like a
traditional FQDN. It contains a simple alpha string with a hypen. e.g.
"foo-jeffrey"
Here's what I'm seeing. The error the agent gets is:
<pre>
err: Invalid pattern i-XXXXXXXX::dev2-jeff-01.int.ec2.acme.com
</pre>
<pre>
Breakpoint 1 at
/usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb:224/usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb:224
@name,@exact,@length,@pattern = *case value
(rdb:4) l
[219, 228] in /usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb
219 # It should be:
220 # IP =
"#{IPv4}|#{IPv6_full}|(#{IPv6_partial}#{IPv4})".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
221 # but ruby's ipaddr lib doesn't support the hybrid format
222 IP =
"#{IPv4}|#{IPv6_full}".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
223 def parse(value)
=> 224 @name,@exact,@length,@pattern = *case value
225 when /^(?:#{IP})\/(\d+)$/ #
12.34.56.78/24, a001:b002::efff/120, c444:1000:2000::9:192.168.0.1/112
226 [:ip,:inexact,$1.to_i,IPAddr.new(value)]
227 when /^(#{IP})$/ #
10.20.30.40,
228 [:ip,:exact,nil,IPAddr.new(value)]
(rdb:4) value
*** Unknown command: "value". Try "help".
(rdb:4) irb
irb(allow: ):001:0> value
=> "foo-jeffrey"
</pre>
This foo-jeffrey does match the final conditional of:
<pre>
241 when /^\w[-.@\w]*$/ # ?
Just like a host name but allow '@'s and ending '.'s
=> 242 [:opaque,:exact,nil,[value]]
243 else
</pre>
But then the parse() code path is re-entered:
<pre>
[219, 228] in /usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb
219 # It should be:
220 # IP =
"#{IPv4}|#{IPv6_full}|(#{IPv6_partial}#{IPv4})".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
221 # but ruby's ipaddr lib doesn't support the hybrid format
222 IP =
"#{IPv4}|#{IPv6_full}".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
223 def parse(value)
=> 224 @name,@exact,@length,@pattern = *case value
225 when /^(?:#{IP})\/(\d+)$/ #
12.34.56.78/24, a001:b002::efff/120, c444:1000:2000::9:192.168.0.1/112
226 [:ip,:inexact,$1.to_i,IPAddr.new(value)]
227 when /^(#{IP})$/ #
10.20.30.40,
228 [:ip,:exact,nil,IPAddr.new(value)]
(rdb:4) e value
"$1"
</pre>
So this seems to be OK, (My agent has timed out while I stepped through this.)
On the _next_ puppet run, I get a different value that matches the node_name
and not the cert_name:
<pre>
Breakpoint 1 at
/usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb:224/usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb:224
@name,@exact,@length,@pattern = *case value
(rdb:18) l
[219, 228] in /usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb
219 # It should be:
220 # IP =
"#{IPv4}|#{IPv6_full}|(#{IPv6_partial}#{IPv4})".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
221 # but ruby's ipaddr lib doesn't support the hybrid format
222 IP =
"#{IPv4}|#{IPv6_full}".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
223 def parse(value)
=> 224 @name,@exact,@length,@pattern = *case value
225 when /^(?:#{IP})\/(\d+)$/ #
12.34.56.78/24, a001:b002::efff/120, c444:1000:2000::9:192.168.0.1/112
226 [:ip,:inexact,$1.to_i,IPAddr.new(value)]
227 when /^(#{IP})$/ #
10.20.30.40,
228 [:ip,:exact,nil,IPAddr.new(value)]
(rdb:18) e value
"i-XXXXXXXX::dev2-jeff-01.int.ec2.acme.com"
</pre>
This pattern drops into the exception case:
<pre>
(rdb:18) n
/usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb:244
raise AuthStoreError, "Invalid pattern #{value}"
(rdb:18) l =
[239, 248] in /usr/lib/ruby/site_ruby/1.8/puppet/network/authstore.rb
239 when /\$\d+/ # a
backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2
240 [:dynamic,:exact,nil,munge_name(value)]
241 when /^\w[-.@\w]*$/ # ?
Just like a host name but allow '@'s and ending '.'s
242 [:opaque,:exact,nil,[value]]
243 else
=> 244 raise AuthStoreError, "Invalid pattern #{value}"
245 end
246 end
247 end
248 end
(rdb:18)
</pre>
----------------------------------------
Feature #2128: Allow arbitrary fact as node_name identifier
https://projects.puppetlabs.com/issues/2128
Author: Bill Bartlett
Status: Accepted
Priority: High
Assignee: Nick Lewis
Category: node
Target version: 2.6.x
Affected Puppet version: 0.24.7
Keywords:
Branch:
Currently, the only fact available as a node_name identifier is the hostname.
I would like to have the capability of having any fact be the node_name
identifier.
Use Case:
The reason this discussion came about is EC2. When an EC2 node is brought up,
the hostname is not known. If we were to have a large, auto-scaling
infrastructure, it is currently very difficult (impossible?) to automate
bringing these EC2 nodes into puppet.
One possible solution is to allow any fact as a node_name, and then for each
particular EC2 instance type that one would need scaling (apache, memcache,
mysql all come to mind among many others), the AMI would be customized with a
custom fact. An example could be a fact called "hostclass" that would then be
set to "ec2_apache", "ec2_memcache", or similar. This allows the auto-created
machine, which we would otherwise be unable to differentiate from any other EC2
node, access to puppet in an automated way.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
