Uploaded image for project: 'Facter'
  1. Facter
  2. FACT-3082

Regression: Runs with Puppet 6.25.0 take +2 minutes on non-EC2 VMs

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • FACT 3.14.20
    • FACT 3.14.21
    • Facter 3
    • Night's Watch
    • NW - 2021-10-20
    • Needs Assessment
    • Bug Fix
    • Fix a regression where the AWS IMDSv2 endpoint was not called with the correct session and request timeouts, causing Facter to use a default timeout of 2 minutes.
    • Needs Assessment

    Description

      After upgrading from agent 6.24.0 to 6.25.0 and hence to facter version:

      3.14.20 (commit 28fd6cc7adae74c7748502e4d18d34f75be92f93)

      all our Puppet runs on non-EC2 VMs take +2 minutes spent in the fact collection phase. Debug logging reveals:

      Debug: Facter: executing command: /opt/puppetlabs/puppet/bin/virt-what
      		 
      Debug: Facter: kvm
      		 
      Debug: Facter: completed processing output: closing child pipes.
      		 
      Debug: Facter: process exited with status code 0.
      		 
      Debug: Facter: fact "is_virtual" has resolved to true.
      		 
      Debug: Facter: fact "virtual" has resolved to "kvm".
      		 
      Debug: Facter: not running under a Azure instance.
      		 
      Debug: Facter: resolving EC2 facts.
      		 
      Debug: Facter: requesting IMDSv2 token at http://169.254.169.254/latest/api/token.
      		 
      Debug: Facter: requesting http://169.254.169.254/latest/api/token.
      		 
      Debug: Facter: Trying 169.254.169.254:80...
      		 
      Debug: Facter: connect to 169.254.169.254 port 80 failed: Connection timed out
      		 
      Debug: Facter: Failed to connect to 169.254.169.254 port 80: Connection timed out
      		 
      Debug: Facter: Closing connection 0
      		 
      Debug: Facter: EC2 IMDSv2 endpoint is unavailable
      		 
      Debug: Facter: querying EC2 instance metadata at http://169.254.169.254/latest/meta-data/.
      		 
      Debug: Facter: requesting http://169.254.169.254/latest/meta-data/.
      		 
      Debug: Facter: Trying 169.254.169.254:80...
      		 
      Debug: Facter: Connection timed out after 600 milliseconds
      		 
      Debug: Facter: Closing connection 1
      		 
      Debug: Facter: EC2 facts are unavailable: not running under an EC2 instance or EC2 is not responding in a timely manner.

      Checking the IMDSv2 endpoint introduces a timeout of 2 minutes, and is the culprit here. Probably introduced by activating IMSDv2 checking by default:
      https://github.com/puppetlabs/facter/commit/8c323415a59025232fc06e1dc5853e10c5ee8a32

      For the EC2 instance metadata check, a timeout of 600 ms is used, which is far more bearable.

      Would it be possible to add a bearable timeout also for the IMDSv2 check?

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. FACT-3088 EC2 token hangs for minutes on non-AWS machines

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              olifre Oliver Freyermuth
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support