Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8094

Lookup ignores environment from the classifier when using rule with trusted facts

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • PUP 7.13.0, PUP 6.26.0
    • None
    • Hide

      Lookup will honor the environment set in the classifier when assigning nodes to an environment group using trusted facts.

      Lookup uses facts from the fact terminus (when looking up for the local host this uses facter, when looking up another node this typically uses puppetdb). If a fact file is specified, then facts are merged/override. If there are no cached facts and no fact file is specified then error.

      Lookup retrieves the node from the node terminus (typically classifier) passing in all of the facts including trusted information.

      When the --compile option is omitted, remove classes from the node so that we don't regress on PUP-8502.

      Show
      Lookup will honor the environment set in the classifier when assigning nodes to an environment group using trusted facts. Lookup uses facts from the fact terminus (when looking up for the local host this uses facter, when looking up another node this typically uses puppetdb). If a fact file is specified, then facts are merged/override. If there are no cached facts and no fact file is specified then error. Lookup retrieves the node from the node terminus (typically classifier) passing in all of the facts including trusted information. When the --compile option is omitted, remove classes from the node so that we don't regress on PUP-8502 .
    • Night's Watch
    • 5
    • NW - 2021-10-20, NW - 2021-11-03, NW - 2021-11-17, NW - 2021-12-06
    • Customer Feedback
    • Reviewed
    • Bug Fix
    • Fix an issue where trusted facts couldn't be used as rules for classification. This was fixed by gathering the trusted facts from the puppetdb query result, and overriding the trusted facts context.
    • Needs Assessment

    Description

      I have 2 environments, production and acceptance.

      I have an environment group for Acceptance:

      node_group { 'Acceptance Environment':
      		 
        ensure               => 'present',
      		 
        environment          => 'acceptance',
      		 
        id                   => '539f71ae-50d3-42f6-8201-289dba160ba5',
      		 
        override_environment => 'true',
      		 
        parent               => 'Production environment',
      		 
        rule                 => ['and',
      		 
        ['~',
      		 
          ['trusted', 'extensions', 'pp_role'],
      		 
          'agent']],
      		 
      }

      'Production Environment' node group has not been modified.

      When I run puppet agent in a node with pp_role = agent, I confirm that it is using the right environment:

      [root@10-32-175-131 ~]# puppet agent -t
      		 
      Notice: Local environment: 'production' doesn't match server specified node environment 'acceptance', switching agent to 'acceptance'.

      Yet when I try to do a lookup for that node, the data retrieved is from Production:

      puppet lookup --node 10-32-175-131.rfc1918.puppetlabs.net message --explain
      		 
      Searching for "message"
      		 
        Global Data Provider (hiera configuration version 5)
      		 
          Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
      		 
          Hierarchy entry "Classifier Configuration Data"
      		 
            No such key: "message"
      		 
        Environment Data Provider (hiera configuration version 5)
      		 
          Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"
      		 
          Hierarchy entry "Per-node data"

      If I pin the node to the "Acceptance Environment" group, I get the right output for lookup:

      node_group { 'Acceptance Environment':
      		 
        ensure               => 'present',
      		 
        environment          => 'acceptance',
      		 
        id                   => '539f71ae-50d3-42f6-8201-289dba160ba5',
      		 
        override_environment => 'true',
      		 
        parent               => 'Production environment',
      		 
        rule                 => ['or',
      		 
        ['and',
      		 
          ['~',
      		 
            ['trusted', 'extensions', 'pp_role'],
      		 
            'agent']],
      		 
        ['=', 'name', '10-32-175-131.rfc1918.puppetlabs.net']],
      		 
      }


      root@10-32-175-155.rfc1918.puppetlabs.net /root> puppet lookup --node 10-32-175-131.rfc1918.puppetlabs.net message --explain
      		 
      Searching for "message"
      		 
        Global Data Provider (hiera configuration version 5)
      		 
          Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
      		 
          Hierarchy entry "Classifier Configuration Data"
      		 
            No such key: "message"
      		 
        Environment Data Provider (hiera configuration version 5)
      		 
          Using configuration "/etc/puppetlabs/code/environments/acceptance/hiera.yaml"

      Found the issue in LTS, reproduced in 2017.3.0.

      EDIT: A rule created with an out-of-the-box fact like domain honors the environment. A rule created with a trusted fact defaults to production. A mix of trusted + normal fact, like trusted.extensions.pp_role + domain defaults to production.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. PUP-8539 Hiera trusted fact lookup

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. PUP-7479 ENC-enforced environment makes `puppet lookup` environment simulation difficult

          • Major - Major loss of function.
          • Resolved
          is caused by

          Bug - A problem which impairs or prevents the functions of the product. PUP-8502 Puppet lookup always includes classes from the ENC

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. PUP-9207 puppet lookup --compile returns incorrect results when trusted facts define environment

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. PUP-8220 Verify trusted facts are overridden consistently

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. PUP-6400 lookup cli has no way to set arbitrary scope values

          • Low - Minor problems or easily worked around.
          • Accepted
          mentioned in

          Page Loading...

          Page Loading...

          Activity

            People

              victor.bobosila Victor Bobosila
              laura.macchi Laura Macchi
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support