Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Florian Klink commented on PUP-7667 Re: puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set I don't use puppet anymore, so can't check again, sorry. If you can't reproduce it anymore, feel free to close this issue. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.19928.1597908600031%40Atlassian.JIRA.
Jira (PUP-8048) puppet / facter fails randomly in low memory situations
Title: Message Title Florian Klink commented on PUP-8048 Re: puppet / facter fails randomly in low memory situations Running facter --debug alone doesn't fail, and shows a value for operatingsystem. Doing the initial puppet run fails reproducible on a VM with 128MB RAM. Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8048) puppet / facter fails randomly in low memory situations
Title: Message Title
Florian Klink created an issue
Puppet / PUP-8048
puppet / facter fails randomly in low memory situations
Issue Type:
Bug
Assignee:
Unassigned
Created:
2017/10/13 7:39 AM
Priority:
Normal
Reporter:
Florian Klink
I accidentially created a VM with only 128MB RAM. Puppet run looks like this:
{{Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Error: Could not autoload puppet/provider/service/init: undefined method `downcase' for nil:NilClass Error: Could not autoload puppet/provider/service/openbsd: Could not autoload puppet/provider/service/init: undefined method `downcase' for nil:NilClass Error: Could not retrieve local facts: Could not autoload puppet/provider/service/openbsd: Could not autoload puppet/provider/service/init: undefined method `downcase' for nil:NilClass Error: Failed to apply catalog: Could not retrieve local facts: Could not autoload puppet/provider/service/openbsd: Could not autoload puppet/provider/service/init: undefined method `downcase' for nil:NilClass}}
This is due to Facter.value(:operatingsystem) being NilClass. When running with --debug, I see a lot of the following messages:Debug: Facter: value for is still nil
It took me a while to find out the puppet run succeeds with more memory just fine. I didn't see any OOM-Killings in dmesg. Of course, it might be not supported/advised to run puppet on such low memory, but I'd still expect puppet to somehow fail in a better way… This might boil down to facter failing in weird ways, puppet not noticing that, or something in between.
puppet-4.8.2-5 on Debian Stretch with packages provided by Debian directly.
Jira (PUP-5645) Can't install gems on Arch Linux
Title: Message Title Florian Klink commented on PUP-5645 Re: Can't install gems on Arch Linux PR #5560 got closed in favor of https://github.com/puppetlabs/puppet/pull/5051. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2313) Package resources should use $title rather than $name to determine uniqueness
Title: Message Title Florian Klink commented on PUP-2313 Re: Package resources should use $title rather than $name to determine uniqueness I tested today on puppet 4.8., resources with the same $name set, but different $title variable still fail. This is especially confusing, as the docs write about uniqueness of $title, but not $name: Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Cannot alias Foo::Bar[title2] to ["name"] at /etc/puppet/code/environments/production/modules/foo/manifests/bar.pp:83; resource ["Foo::Bar", "name"] already declared at /etc/puppet/code/environments/production/modules/foo/manifests/baz.pp:83 on node $node
Jira (PUP-7472) unable to have puppet master listen on both IPv4 and IPv6
Title: Message Title Florian Klink commented on PUP-7472 Re: unable to have puppet master listen on both IPv4 and IPv6 I added a PR in https://github.com/puppetlabs/puppet/pull/6039 to listen on both IPv4 and IPv6 by default (should be default anyways). What do you plan to use instead of WEBrick? Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Florian Klink commented on PUP-7667 Re: puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set I still think it's wrong ignoring a FQDN set in /etc/hostname. By looking at facters code for 'fqdn', it will only muble-jumble with /etc/resolv.conf, it the hostname is not already full-qualified: https://github.com/puppetlabs/facter/blob/d53ef63aab6d73f11e9f647aca59dee36ad479af/lib/src/facts/posix/networking_resolver.cc#L60 So IMHO, default_certname should simply also use facter's fqdn value. For hosts without a fqdn set in /etc/hostname, this shouldn't change things at all (as it will still combine /etc/resolv.conf as before, but this will then be done in facter). Of course, this would still be something for a major release, as it will change behaviour for hosts with a FQDN set in /etc/hostname if different from a domain set in /etc/resolv.conf, but it will still make things much more consistent. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7472) unable to have puppet master listen on both IPv4 and IPv6
Title: Message Title Florian Klink commented on PUP-7472 Re: unable to have puppet master listen on both IPv4 and IPv6 I can confirm. Setting bindaddress = * will make puppetmaster listen on both IPv4 and IPv6. Do you plan to change something in how this is passed down to WEBrick, or change documentation regarding dual-stacked deployments? Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title
Florian Klink created an issue
Puppet / PUP-7667
puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Issue Type:
Bug
Assignee:
Unassigned
Created:
2017/06/15 3:08 AM
Environment:
Debian 9 (stretch) amd64 puppet-4.8.2-5, facter 2.4.6-1 from Debian Package Repository
Priority:
Normal
Reporter:
Florian Klink
When adding a new node which has a FQDN set in /etc/hostname, the generated CSR on puppet agent doesn't include the FQDN, as long as no DNS search domain is set. This makes things weird, as a second CSR will be generated when network is set up properly and the DNS domain suddenly appears:
This might be due to facter not showing the FQDN correctly, but I'm unsure whether puppet agents derives the csr name from facter or not.
{{root@puppettest:~# cat /etc/hostname puppettest.mydomain.com
root@puppettest:~# facter hostname puppettest root@puppettest:~# facter fqdn puppettest
root@puppettest:~# puppet agent --server puppet.mydomain.com --waitforcert 10 -t --verbose Info: Creating a new SSL key for puppettest Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppettest Info: Certificate Request fingerprint (SHA256): F5:09:15:AD:A1:2A:F2:85:9E:A1:65:C9:23:9F:A4:16:50:36:89:8A:06:6F:FC:45:4F:6D:00:E9:1D:BA:25:C0 Info: Caching certificate for ca Notice: Did not receive certificate}}
Jira (FACT-1617) facter does not detect systemd-nspawn virtualization
Title: Message Title Florian Klink commented on FACT-1617 Re: facter does not detect systemd-nspawn virtualization I'm currently running systemd 232, facter inside the container is 2.4.6. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7472) unable to have puppet master listen on both IPv4 and IPv6
Title: Message Title Florian Klink commented on PUP-7472 Re: unable to have puppet master listen on both IPv4 and IPv6 Yes, the debian puppet-master package. The puppet-master-passenger package is not installed. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7472) unable to have puppet master listen on both IPv4 and IPv6
Title: Message Title Florian Klink commented on PUP-7472 Re: unable to have puppet master listen on both IPv4 and IPv6 This was done on a Debian Stretch, by using the packages provided there. It seems like /lib/systemd/system/puppet-master.service starts /usr/bin/puppet master, which looks like bin/puppet the git repository. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7472) unable to have puppet master listen on both IPv4 and IPv6
Title: Message Title
Florian Klink created an issue
Puppet / PUP-7472
unable to have puppet master listen on both IPv4 and IPv6
Issue Type:
Bug
Affects Versions:
PUP 4.8.2
Assignee:
Unassigned
Created:
2017/04/26 8:36 AM
Priority:
Major
Reporter:
Florian Klink
I'd like have Puppet being dual-stacked, so I did set bindaddress = :: in my puppet.conf, as suggested in "Learning Puppet 4: A Guide to Configuration Management and Automation"/ "IPv6 Dual-Stack Puppet Master" (Page 309 in Google Books), also described here.
This should make the puppet master listen on both IPv4 and IPv6.
When running the puppet master, netstat -anl|grep 8140 shows the following: tcp6 0 0 :::8140 :::* LISTEN
I can connect via IPv6: curl -k 'https://[::]:8140/puppet/v3/' {"message":"Bad Request: The indirection name must be purely alphanumeric, not ''","issue_kind":"RUNTIME_ERROR"}
But connecting via IPv4 fails: curl -k 'https://127.0.0.1:8140/puppet/v3/' curl: (7) Failed to connect to 127.0.0.1 port 8140: Connection refused
So the socket does not seem to be listening under IPv4, contrary to the docs.
Additionally, it's not possible to bind to two different addresses (:: and 0.0.0.0), so it currently simply isn't possible to start puppet listening both on IPv4 and Ipv6.
Jira (FACT-1617) facter does not detect systemd-nspawn virtualization
Title: Message Title Florian Klink updated an issue Facter / FACT-1617 facter does not detect systemd-nspawn virtualization Change By: Florian Klink facter seems to be unable to detect being run inside a systemd-nspawn container:`facter virtual` returns `physical`, `facter is_virtual` returns false.I digged a bit into [virtualization_resolver.cc|https://github.com/puppetlabs/facter/blob/master/lib/src/facts/linux/virtualization_resolver.cc#L106], it seems like facter is currently only guessing the container type (virtualization_resolver::get_cgroup_vm) by peeking into `/proc/1/cgroup`, but it's more complex than that.Probably facter should orientate more on the [detect_container() method|https://github.com/systemd/systemd/blob/master/src/basic/virt.c#L395] from systemd, to make the detection less error-prone. We could even use `systemd-detect-virt` if present. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (FACT-1617) facter does not detect systemd-nspawn virtualization
Title: Message Title Florian Klink created an issue Facter / FACT-1617 facter does not detect systemd-nspawn virtualization Issue Type: Bug Assignee: Unassigned Created: 2017/04/25 4:11 PM Priority: Normal Reporter: Florian Klink facter seems to be unable to detect being run inside a systemd-nspawn container: `facter virtual` returns `physical`, `facter is_virtual` returns false. I digged a bit into virtualization_resolver.cc, it seems like facter is currently only guessing the container type (virtualization_resolver::get_cgroup_vm) by peeking into `/proc/1/cgroup`, but it's more complex than that. Probably facter should orientate more on the detect_container() method from systemd, to make the detection less error-prone. Add Comment
Jira (PUP-7129) Use systemd service provider for Debian 9 (Stretch)
Title: Message Title Florian Klink updated an issue Puppet / PUP-7129 Use systemd service provider for Debian 9 (Stretch) Change By: Florian Klink Summary: Use systemd service provider for Debian 9 ( Strech Stretch ) Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5645) Can't install gems on Arch Linux
Title: Message Title Florian Klink commented on PUP-5645 Re: Can't install gems on Arch Linux I took a look at this. It seems like `gem` doesn't like being called without a ENV['HOME'] set. By hacking a `unless name == "HOME"` into https://github.com/puppetlabs/puppet/blob/4.3.2/lib/puppet/util/execution.rb#L294, the gem command runs again. To fix, one could possibly run the execute() method with a custom environment which still contains the HOME variable. I added a PR https://github.com/puppetlabs/puppet/pull/5560 (probably in a hacky way, but it's a start) Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7129) Use systemd service provider for Debian 9 (Strech)
Title: Message Title Florian Klink commented on PUP-7129 Re: Use systemd service provider for Debian 9 (Strech) Pull request: https://github.com/puppetlabs/puppet/pull/5546 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7129) Use systemd service provider for Debian 9 (Strech)
Title: Message Title
Florian Klink created an issue
Puppet / PUP-7129
Use systemd service provider for Debian 9 (Strech)
Issue Type:
Improvement
Affects Versions:
PUP 4.8.1
Assignee:
Florian Klink
Components:
Types and Providers
Created:
2017/01/25 3:34 AM
Priority:
Normal
Reporter:
Florian Klink
Currently, the 'service' provider gets confused on a Debian 9 (stretch) (updated from Debian Jessie), when trying to restart services:
Notice: /Stage[main]/Base::Ssh/File[/etc/ssh/sshd_config]/content: content changed '{md5}6c77ef6f38ca76a455809562c7f0a9a7' to '{md5}2f0a7d2e3d7cf30c3ba9eeff6af29189'
Info: /Stage[main]/Base::Ssh/File[/etc/ssh/sshd_config]: Scheduling refresh of Service[sshd]
