Issue #3669 has been updated by Josh Cooper.
So, just to document some decisions we've reconfirmed: 1. The functionality is enabled by default, otherwise, it's not zero conf. The behavior can be disabled by setting the following on the agent: use_srv_records=false 1. SRV lookups are chatty, partly because a new Puppet::Network::Resolver is created for every REST terminus method called, e.g. find. And sometimes the same method is called multiple times for a single request. I would have thought the OS would cache SRV lookups in the same way that it caches A records, but this does not appear to be the case. The output below shows the agent trying to find the ca certificate and in the process issuing 3 SRV lookups: <pre> $ sudo tcpdump -i en1 'udp port 53' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes 17:02:53.490502 IP puppetmaster.31993 > imana.puppetlabs.lan.domain: 32207+ SRV? _x-puppet-ca._tcp.perlninja.com. (49) 17:02:53.536354 IP imana.puppetlabs.lan.domain > puppetmaster.31993: 32207 1/1/0 CNAME jacob.ath.cx. (136) 17:02:53.539332 IP puppetmaster.11017 > imana.puppetlabs.lan.domain: 45795+ SRV? _x-puppet._tcp.perlninja.com. (46) 17:02:53.554410 IP imana.puppetlabs.lan.domain > puppetmaster.11017: 45795 1/0/0 SRV sfa-5.perlninja.com.:8140 20 0 (85) 17:02:53.558851 IP puppetmaster.57268 > imana.puppetlabs.lan.domain: 46337+ AAAA? jacob.ath.cx. (30) 17:02:53.637247 IP imana.puppetlabs.lan.domain > puppetmaster.57268: 46337 0/1/0 (91) 17:02:53.891668 IP puppetmaster.58364 > imana.puppetlabs.lan.domain: 64554+ A? jacob.ath.cx. (30) 17:02:53.944065 IP imana.puppetlabs.lan.domain > puppetmaster.58364: 64554 1/0/0 A 50.53.17.227 (46) 17:02:54.049313 IP puppetmaster.64864 > imana.puppetlabs.lan.domain: 15898+ PTR? 1.100.168.192.in-addr.arpa. (44) 17:02:54.050980 IP imana.puppetlabs.lan.domain > puppetmaster.64864: 15898* 1/0/0 PTR imana.puppetlabs.lan. (78) 17:02:54.737792 IP puppetmaster.16716 > imana.puppetlabs.lan.domain: 18454+ SRV? _x-puppet-ca._tcp.perlninja.com. (49) 17:02:54.753520 IP imana.puppetlabs.lan.domain > puppetmaster.16716: 18454 1/1/0 CNAME jacob.ath.cx. (136) 17:02:54.755431 IP puppetmaster.39986 > imana.puppetlabs.lan.domain: 17417+ SRV? _x-puppet._tcp.perlninja.com. (46) 17:02:54.771359 IP imana.puppetlabs.lan.domain > puppetmaster.39986: 17417 1/0/0 SRV sfa-5.perlninja.com.:8140 20 0 (85) 17:02:55.155234 IP puppetmaster.17065 > imana.puppetlabs.lan.domain: 64870+ SRV? _x-puppet-ca._tcp.perlninja.com. (49) 17:02:55.198347 IP imana.puppetlabs.lan.domain > puppetmaster.17065: 64870 1/1/0 CNAME jacob.ath.cx. (136) 17:02:55.200282 IP puppetmaster.37872 > imana.puppetlabs.lan.domain: 56142+ SRV? _x-puppet._tcp.perlninja.com. (46) 17:02:55.215672 IP imana.puppetlabs.lan.domain > puppetmaster.37872: 56142 1/0/0 SRV sfa-5.perlninja.com.:8140 20 0 (85) </pre> This does mean that within a single transaction, the agent could connect to different file servers. If this becomes an issue, we can investigate creating one resolver per request or per transaction (somewhat analogous to load-balancer affinity/stickyness) ---------------------------------------- Feature #3669: Make puppet honor DNS SRV records https://projects.puppetlabs.com/issues/3669 Author: Martin Marcher Status: In Topic Branch Pending Review Priority: Normal Assignee: Jacob Helwig Category: Target version: Telly Affected Puppet version: development Keywords: Branch: https://github.com/jhelwig/puppet/tree/ticket/master/3669-make-puppet-honor-DNS-SRV-records I'd like to be able to define where puppet looks for the master server. I propose the following: By default try in the following order: 1. Look for a "_x-puppet._tcp.example.com" SRV record (or any name that you think is appropriate, but keep it a SRV record) 2. For backwards compatibility, if no SRV record is present look for puppet.example.com as a fallback or any value that is configured in the puppet config file Reasoning: A System Administrator can easily spread out the load over multiple puppet servers in this way or define some split horizon which answers with the "correct" hostname to use as a puppet master. Thanks, Martin -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
