Issue #22752 has been reported by Zachary Stern.
----------------------------------------
Bug #22752: Namevar over 1024 characters is not caught and results in invalid
yaml with accompanying errors
https://projects.puppetlabs.com/issues/22752
* Author: Zachary Stern
* Status: Unreviewed
* Priority: Normal
* Assignee:
* Category:
* Target version:
* Affected Puppet version:
* Keywords: customer
* Branch:
----------------------------------------
Puppet resources with namevars over 1024 characters result in the generation of
invalid yaml.
For example, this nonsense resource:
ssh_authorized_key {
'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff':
ensure => present,
user => 'root',
type => 'rsa',
key => 'foo',
}
Results in the following:
[root@pe-301-master pe-301-master.puppetdebug.vlan]# puppet agent --test
...
Info: Applying configuration version '1380664174'
Notice:
/Stage[main]//Ssh_authorized_key[ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff]/ensure:
created
Info: Creating state file /var/opt/lib/pe-puppet/state/state.yaml
Notice: Finished catalog run in 8.37 seconds
Error: Could not send report: Error 400 on SERVER: (<unknown>): could
not find expected ':' while scanning a simple key at line 1314 column 5
All future runs are prevented at that point, until you remove the state.yaml
file:
[root@pe-301-master pe-301-master.puppetdebug.vlan]# puppet agent --test
Error: Could not run Puppet configuration client: (<unknown>): could
not find expected ':' while scanning a simple key at line 441 column 3
Error: Could not run: can't convert Puppet::Util::Log into Integer
and then:
root@pe-301-master pe-301-master.puppetdebug.vlan]# rm
/var/opt/lib/pe-puppet/state/state.yaml
rm: remove regular file `/var/opt/lib/pe-puppet/state/state.yaml'? y
[root@pe-301-master pe-301-master.puppetdebug.vlan]#
/opt/puppet/bin/puppet agent --test
Info: Retrieving plugin
Info: Loading facts in
/opt/puppet/share/puppet/modules/stdlib/lib/facter/pe_version.rb
Info: Loading facts in
/opt/puppet/share/puppet/modules/stdlib/lib/facter/facter_dot_d.rb
Info: Loading facts in
/opt/puppet/share/puppet/modules/stdlib/lib/facter/puppet_vardir.rb
Info: Loading facts in
/opt/puppet/share/puppet/modules/stdlib/lib/facter/root_home.rb
…
Info: Caching catalog for pe-301-master.puppetdebug.vlan
Info: Applying configuration version '1380664174'
Info: Creating state file /var/opt/lib/pe-puppet/state/state.yaml
Notice: Finished catalog run in 17.62 seconds
Error: Could not send report: Error 400 on SERVER: (<unknown>): could
not find expected ':' while scanning a simple key at line 1302 column 5
While obviously having a 1024+ character namevar is a bad idea, it shouldn't be
SO bad that it prevents all future puppet runs from proceeding.
Note: The namevar actually needs to be slightly less than 1024 chars to trigger
this, since it ends up padded a bit in the yaml key, and then breaks 1024, even
if the namevar itself isn't quite 1024 chars.
One real-world example of this is that the pe_accounts module we supply with PE
has defined types that generate ssh trusted key resources, with the ssh keys
themselves as the namevars. This results in very long namevars in some cases,
with the above problem.
The issue is that the namevar gets set as the key of a hash in, for example,
state.yaml, and the YAML spec restricts hash key length to 1024 chars.
This appears to have not been enforced in Ruby 1.8.7, but is in 1.9.3, and is
now affecting users.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/groups/opt_out.
