Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6259

File resource no_proxy behavior is ignored

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Fix
    • Affects Version/s: PUP 4.4.1
    • Fix Version/s: None
    • Component/s: Types and Providers
    • Labels:
      None
    • Environment:

      Running puppet-agent-1.4.1 on CentOS 7.

    • Template:

      Description

      I have a file resource:

      file {'/var/opt/foo/client.config':
        ensure  => present,
        mode    => '0644',
        owner   => 'root',
        group   => 'root',
        source  => 'https://files.internal/client.config',
        require => File['/var/opt/foo'],
        replace => false
      }
      

      In my machine environment, I have the following env vars set globally:

      http_proxy="http://172.22.252.1:8080
      https_proxy="http://172.22.252.1:8080
      no_proxy=127.0.0.1,localhost,.internal
      

      When Puppet tries to reach out to https://files.internal/client.config, I get:

      Error: /Stage[main]/Module::Blah/File[/var/opt/foo/client.config]: Could not evaluate: Could not retrieve file metadata for https://files.internal/client.config: SSL_connect returned=1 errno=0 state=error: certificate verify failed
      

      After enabling http_debug, I noticed that despite no_proxy having .internal in it, Net::HTTP wanted to toss it through the proxy anyways, so my internal proxy was getting in the way (and presenting its untrusted MITM cert so that it could tell me that internal hosts cant be proxied). According to the Ruby 2.1.8 Docs, Net::HTTP::Proxy has been deprecated and proxy settings just specified in Net::HTTP.new. Updating lib/puppet/util/http_proxy.rb with the new initializer seemed to fix the issue.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            patcable Patrick Cable
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support