Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9213

Puppet agent should indicate which HTTP timeout has expired

    Details

    • Type: Improvement
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: PUP 5.5.6, PUP 6.0.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:
    • Epic Link:
    • Team:
      Coremunity
    • Sprint:
      Coremunity Hopper
    • QA Risk Assessment:
      Needs Assessment

      Description

      The Puppet agent has two configurable timeouts for HTTP connections:

      • http_connect_timeout: The amount of time allowed for the connection to start.
      • http_read_timeout: The maximum amount of time allowed between reading blocks of data in the server's response.

      The first timeout is usually tripped if a network issue is causing handshake packets to be dropped. The second timeout is usually tripped by an overloaded Puppet Server. However, we use the Ruby Timeout exception's generic "execution expired" message which does not indicate which timeout was hit. Having this information available in the error message would enable users to choose appropriate debugging methods.

      Reproduction Case

      • Install the puppet-agent package on CentOS 7:

      rpm -Uvh http://yum.puppetlabs.com/puppet6/puppet-release-el-7.noarch.rpm
      yum install -y puppet-agent
      

      • Add a firewall rule to drop inbound packets for port 8140:

      iptables -A INPUT -p tcp --dport 8140 -j DROP
      

      • Run the puppet agent against localhost with a reduced connection timeout:

      /opt/puppetlabs/bin/puppet agent -t --http_connect_timeout 5s --server localhost
      

      Outcome

      Puppet agent's first HTTP connection fails with a generic "execution expired" message:

      # /opt/puppetlabs/bin/puppet agent -t --http_connect_timeout 5s --server localhost
      Info: Creating a new SSL key for o8nyrzjogl8gnjf.delivery.puppetlabs.net
      Error: Could not request certificate: execution expired
      Exiting; failed to retrieve certificate and waitforcert is disabled
      [root@o8nyrzjogl8gnjf ~]# rpm -Uvh http://yum.puppetlabs.com/puppet6/pup
      

      Expected Outcome

      The error message should indicate that a connection timeout was triggered instead of a read timeout.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              chuck Charlie Sharpsteen
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:

                Zendesk Support