Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10106

no_proxy does not exclude hosts whose FQDN matches based on suffix

    Details

    • Template:
      PUP Bug Template
    • Agent OS:
      CentOS 7
    • Master OS:
      CentOS 7
    • Epic Link:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Puppet will bypass the http proxy if the `no_proxy` environment variable or puppet setting is a suffix of the destination server FQDN. Previously puppet would only bypass the proxy if `no_proxy` had a leading wildcard (*.example.com) or dot (.example.com).
      Show
      Puppet will bypass the http proxy if the `no_proxy` environment variable or puppet setting is a suffix of the destination server FQDN. Previously puppet would only bypass the proxy if `no_proxy` had a leading wildcard (*.example.com) or dot (.example.com).
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 5.5.17
      Puppet Server Version: 5.3.10
      OS Name/Version: CentOS 7

      Original Summary Since update to puppet 5.5.17 puppetdb forge module cannot connect to puppetdb

      Since the update to puppet agent 5.5.17 the puppetdb forge module is using the configured proxy server and ignoring the no_proxy setting when trying to validate the connection to puppetdb.  This worked properly on 5.5.16. 

      My environment proxy settings are:

      http_proxy=http://ottinstall.ls.cbn:3128
      ftp_proxy=http://ottinstall.ls.cbn:3128
      https_proxy=http://ottinstall.ls.cbn:3128
      no_proxy=ls.cbn, localhost, puppet, 127.0.0.1
      

      My puppetdb server is: https://glycon.ls.cbn:8081

      Desired Behavior: 

      Respect the no_proxy value ls.cbn and not proxy connections to https://glycon.ls.cbn:8018

      Actual Behavior:

      opening connection to ottinstall.ls.cbn:3128...
      opened
      <- "CONNECT glycon.ls.cbn:8081 HTTP/1.1\r\nHost: glycon.ls.cbn:8081\r\n\r\n"
      -> "HTTP/1.1 403 Forbidden\r\n"
      -> "Server: squid/3.5.20\r\n"
      -> "Mime-Version: 1.0\r\n"
      -> "Date: Sat, 19 Oct 2019 18:46:40 GMT\r\n"
      -> "Content-Type: text/html;charset=utf-8\r\n"
      -> "Content-Length: 3448\r\n"
      -> "X-Squid-Error: ERR_ACCESS_DENIED 0\r\n"
      -> "Vary: Accept-Language\r\n"
      -> "Content-Language: en\r\n"
      -> "X-Cache: MISS from ottinstall.ls.cbn\r\n"
      -> "X-Cache-Lookup: NONE from ottinstall.ls.cbn:80\r\n"
      -> "Via: 1.1 ottinstall.ls.cbn (squid/3.5.20)\r\n"
      -> "Connection: keep-alive\r\n"
      -> "\r\n"
      Conn close because of connect error 403 "Forbidden"
      Notice: Unable to connect to puppetdb server (https://glycon.ls.cbn:8081): 403 "Forbidden"
      

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                josh Josh Cooper
                Reporter:
                tparker@cbnco.com Tom Parker
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support