Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
None
-
Coremunity
-
Platform Core KANBAN
-
Needs Assessment
-
Bug Fix
-
If puppet tries to download file metadata from an HTTP(S) file source and the HEAD request results in HTTP 403 Forbidden or 405 Method Not Allowed, then it will fallback to a GET request with a 0 byte range.
-
Needs Assessment
Description
Trying to download a file from puppetserver using as an https source instead of puppet:// will fail because puppetserver does not allow HEAD requests. This is similar to PUP-6380. For example, given:
file { '/tmp/ca.pem': |
ensure => file, |
source => "https://${server_facts['servername']}:8140/puppet-ca/v1/certificate/ca?environment=production", |
}
|
The agent will fail:
$ puppet agent -t --http_debug
|
...
|
<- "HEAD /puppet-ca/v1/certificate/ca?environment=production HTTP/1.1\r\nX-Puppet-Version: 6.17.0\r\nUser-Agent: Puppet/6.17.0 Ruby/2.5.7-p206 (x86_64-darwin18)\r\nAccept: */*\r\nHost: dusty-haulage.delivery.puppetlabs.net:8140\r\n\r\n"
|
-> "HTTP/1.1 403 Forbidden\r\n"
|
-> "Date: Wed, 17 Jun 2020 18:39:03 GMT\r\n"
|
-> "X-Puppet-Version: 6.16.0\r\n"
|
-> "Content-Length: 103\r\n"
|
-> "\r\n"
|
Conn end_transport
|
Conn keep-alive
|
Error: /Stage[main]/Main/File[/tmp/puppetserver]: Could not evaluate: Could not retrieve information from environment production source(s) https://dusty-haulage.delivery.puppetlabs.net:8140/puppet-ca/v1/certificate/ca?environment=production
|
One possible solution is to sniff the response header and fallback to a partial GET request as is done for PUP-6380.