Issue #3910 has been updated by Daniel Pittman.
R.I. Pienaar wrote: > Nigel Kersten wrote: > > > > * agent requests catalog with environment "A". > > * agent pluginsyncs with environment "A" > > * server notes the mismatch as it is assigning environment "B" > > why do we get this far before doing something about it? Because one of the explicit promises is that the fact data will have been stored in the inventory service and through any other "write somewhere" terminus by the time the ENC is invoked for a node. Since we have a strict RPC model in the agent/master interaction, and fact submission necessarily gets a catalog back, we are obliged to follow through and compile - since we can't store facts without getting facts, and getting facts forces a compile and new catalog. > Actually pluginsync happens first, so just redirect to the right environment > then already before the catalog enters the picture ...and because of the promise about the facts, we can't just ask the ENC here either. ---------------------------------------- Bug #3910: Server is not authoritative over client environment when specified in an ENC https://projects.puppetlabs.com/issues/3910#change-56657 Author: Nigel Kersten Status: Merged - Pending Release Priority: Urgent Assignee: Patrick Carlisle Category: plumbing Target version: Telly Affected Puppet version: 0.25.4 Keywords: Branch: https://github.com/puppetlabs/puppet/pull/569 See: http://groups.google.com/group/puppet-dev/browse_thread/thread/b609965e377392ec To summarize, when the client specifies one environment and the classifier specifies another, classes are evaluated from the server-specified environment, and yet files are retrieved from the client-specified environment. 3 environments defined, each with a single class "base". */etc/puppet/puppet.conf* <pre> <...snip...> [one] modulepath = /etc/puppet/environments/one/modules [two] modulepath = /etc/puppet/environments/two/modules [three] modulepath = /etc/puppet/environments/three/modules </pre> */etc/puppet/environments/one/modules/base/manifests/init.pp* <pre> class base { notify { "hardwired one": } notify { "variable $environment": } file { "/tmp/environment_test": source => "puppet:///base/tester", } } </pre> */etc/puppet/environments/two/modules/base/manifests/init.pp* <pre> class base { notify { "hardwired two": } notify { "variable $environment": } file { "/tmp/environment_test": source => "puppet:///base/tester", } } </pre> */etc/puppet/environments/three/modules/base/manifests/init.pp* <pre> class base { notify { "hardwired three": } notify { "variable $environment": } file { "/tmp/environment_test": source => "puppet:///base/tester", } } </pre> <pre> $ cat /etc/puppet/environments/{one,two,three}/modules/base/files/tester one two three </pre> Right? So we have two notify resources and a file resource. - The "hardwired" notify is to illustrate which class is being loaded. - The "variable" notify is to illustrate what $environment evaluates to in the manifests. - The file source is to illustrate which file is being sourced. I also have an external node classifier that always returns this: <pre> --- classes: - base environment: one </pre> So our classifier always includes base, and always sets the environment. I then invoke a puppet run on a client, specifying the environment to be *different* to the classifier. Between all of these runs I delete cached client yaml info on the server. (find /var/puppet/yaml -type f -delete) <pre> # puppetd -t --environment two notice: hardwired one notice: //base/Notify[hardwired one]/message: defined 'message' as 'hardwired one' notice: variable two notice: //base/Notify[variable two]/message: defined 'message' as 'variable two' notice: Finished catalog run in 0.18 seconds # cat /tmp/environment_test two </pre> *So we have the class being evaluated in environment "one", but the file being sourced coming from environment "two" ! *And less importantly, $environment evaluates to "two". * * Now, to throw the big spanner in the works.... we try not specifying an environment at all. <pre> # puppetd -t notice: hardwired one notice: //base/Notify[hardwired one]/message: defined 'message' as 'hardwired one' notice: variable production notice: //base/Notify[variable production]/message: defined 'message' as 'variable production' err: //base/File[/tmp/environment_test]: Failed to retrieve current state of resource: Error 400 on SERVER: Not authorized to call find on /file_metadata/base/tester Could not retrieve file metadata for puppet:///base/tester: Error 400 on SERVER: Not authorized to call find on /file_metadata/base/tester at /etc/puppet/environments/one/modules/base/manifests/init.pp:6 notice: Finished catalog run in 0.08 seconds </pre> As we don't have an environment "production" defined at all, the server tries to read the metadata from a non-existent environment and fails. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
