Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8094

Lookup ignores environment from the classifier when using rule with trusted facts

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: In Progress
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:
      PUP Bug Template
    • Acceptance Criteria:
      Hide

      Lookup will honor the environment set in the classifier when assigning nodes to an environment group using trusted facts.

      Lookup uses facts from the fact terminus (when looking up for the local host this uses facter, when looking up another node this typically uses puppetdb). If a fact file is specified, then facts are merged/override. If there are no cached facts and no fact file is specified then error.

      Lookup retrieves the node from the node terminus (typically classifier) passing in all of the facts including trusted information.

      When the --compile option is omitted, remove classes from the node so that we don't regress on PUP-8502.

      Show
      Lookup will honor the environment set in the classifier when assigning nodes to an environment group using trusted facts. Lookup uses facts from the fact terminus (when looking up for the local host this uses facter, when looking up another node this typically uses puppetdb). If a fact file is specified, then facts are merged/override. If there are no cached facts and no fact file is specified then error. Lookup retrieves the node from the node terminus (typically classifier) passing in all of the facts including trusted information. When the --compile option is omitted, remove classes from the node so that we don't regress on PUP-8502 .
    • Team:
      Night's Watch
    • Story Points:
      5
    • Sprint:
      NW - 2021-10-20, NW - 2021-11-03
    • Method Found:
      Customer Feedback
    • CS Priority:
      Reviewed
    • QA Risk Assessment:
      Needs Assessment

      Description

      I have 2 environments, production and acceptance.

      I have an environment group for Acceptance:

      node_group { 'Acceptance Environment':
        ensure               => 'present',
        environment          => 'acceptance',
        id                   => '539f71ae-50d3-42f6-8201-289dba160ba5',
        override_environment => 'true',
        parent               => 'Production environment',
        rule                 => ['and',
        ['~',
          ['trusted', 'extensions', 'pp_role'],
          'agent']],
      }
      

      'Production Environment' node group has not been modified.

      When I run puppet agent in a node with pp_role = agent, I confirm that it is using the right environment:

      [root@10-32-175-131 ~]# puppet agent -t
      Notice: Local environment: 'production' doesn't match server specified node environment 'acceptance', switching agent to 'acceptance'.
      

      Yet when I try to do a lookup for that node, the data retrieved is from Production:

      puppet lookup --node 10-32-175-131.rfc1918.puppetlabs.net message --explain
      Searching for "message"
        Global Data Provider (hiera configuration version 5)
          Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
          Hierarchy entry "Classifier Configuration Data"
            No such key: "message"
        Environment Data Provider (hiera configuration version 5)
          Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"
          Hierarchy entry "Per-node data"
      

      If I pin the node to the "Acceptance Environment" group, I get the right output for lookup:

      node_group { 'Acceptance Environment':
        ensure               => 'present',
        environment          => 'acceptance',
        id                   => '539f71ae-50d3-42f6-8201-289dba160ba5',
        override_environment => 'true',
        parent               => 'Production environment',
        rule                 => ['or',
        ['and',
          ['~',
            ['trusted', 'extensions', 'pp_role'],
            'agent']],
        ['=', 'name', '10-32-175-131.rfc1918.puppetlabs.net']],
      }
      

      root@10-32-175-155.rfc1918.puppetlabs.net /root> puppet lookup --node 10-32-175-131.rfc1918.puppetlabs.net message --explain
      Searching for "message"
        Global Data Provider (hiera configuration version 5)
          Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
          Hierarchy entry "Classifier Configuration Data"
            No such key: "message"
        Environment Data Provider (hiera configuration version 5)
          Using configuration "/etc/puppetlabs/code/environments/acceptance/hiera.yaml"
      

      Found the issue in LTS, reproduced in 2017.3.0.

      EDIT: A rule created with an out-of-the-box fact like domain honors the environment. A rule created with a trusted fact defaults to production. A mix of trusted + normal fact, like trusted.extensions.pp_role + domain defaults to production.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              victor.bobosila Victor Bobosila
              Reporter:
              laura.macchi Laura Macchi
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support