Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9213

Puppet agent should indicate which HTTP timeout has expired


    • Type: Improvement
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: PUP 5.5.6, PUP 6.0.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:
    • Epic Link:
    • Team:
    • Sprint:
      Coremunity Hopper
    • QA Risk Assessment:
      Needs Assessment


      The Puppet agent has two configurable timeouts for HTTP connections:

      • http_connect_timeout: The amount of time allowed for the connection to start.
      • http_read_timeout: The maximum amount of time allowed between reading blocks of data in the server's response.

      The first timeout is usually tripped if a network issue is causing handshake packets to be dropped. The second timeout is usually tripped by an overloaded Puppet Server. However, we use the Ruby Timeout exception's generic "execution expired" message which does not indicate which timeout was hit. Having this information available in the error message would enable users to choose appropriate debugging methods.

      Reproduction Case

      • Install the puppet-agent package on CentOS 7:

      rpm -Uvh http://yum.puppetlabs.com/puppet6/puppet-release-el-7.noarch.rpm
      yum install -y puppet-agent

      • Add a firewall rule to drop inbound packets for port 8140:

      iptables -A INPUT -p tcp --dport 8140 -j DROP

      • Run the puppet agent against localhost with a reduced connection timeout:

      /opt/puppetlabs/bin/puppet agent -t --http_connect_timeout 5s --server localhost


      Puppet agent's first HTTP connection fails with a generic "execution expired" message:

      # /opt/puppetlabs/bin/puppet agent -t --http_connect_timeout 5s --server localhost
      Info: Creating a new SSL key for o8nyrzjogl8gnjf.delivery.puppetlabs.net
      Error: Could not request certificate: execution expired
      Exiting; failed to retrieve certificate and waitforcert is disabled
      [root@o8nyrzjogl8gnjf ~]# rpm -Uvh http://yum.puppetlabs.com/puppet6/pup

      Expected Outcome

      The error message should indicate that a connection timeout was triggered instead of a read timeout.




            • Assignee:
              chuck Charlie Sharpsteen
            • Votes:
              1 Vote for this issue
              5 Start watching this issue


              • Created:

                Zendesk Support