Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
PUP 6.11.0
-
None
-
Coremunity
-
Platform Core KANBAN
-
Needs Assessment
-
Bug Fix
-
The ca service now observes the ServerList resolver when attempting to resolve routes. Previously we were only using SRV Records or the server/ca_server setting to find this information.
-
Needs Assessment
Description
puppet does not observe the server_list setting when making CA requests. This is a regression introduced in https://tickets.puppetlabs.com/browse/PUP-10040 as it wasn't apparent that Puppet::Rest::Routes called Puppet::Util::Connection.determine_server to set the @default_server.
We need to enable the server_list resolver such that:
- If we successfully resolved the CA server/port once in a session, then we should always reuse that same server/port
- Next if SRV records are enabled, we should try to connect to each entry. If that fails, fallback to #3
- Next if server_list is set and ca_server is not set explicitly (so inherits server), we should try each server/port combo. If the list is exhausted, raise an error.
- Next fallback to ca_server setting which defaults to server. If that fails, fallback to #5
- Raise no more routes to try
Note we are preserving the old behavior of "if the server list is exhausted, raise an error" instead of falling back to settings.