Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9990

no_proxy config setting is overridden by http_proxy environment variable

    Details

    • Template:
      PUP Bug Template
    • Agent OS:
      CentOS 6
    • Master OS:
      CentOS 7
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Method Found:
      Customer Feedback
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Fixes a bug where puppet would attempt to use a proxy specified in the HTTP_PROXY environment variable, even though Puppet[:no_proxy] said to bypass the proxy.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 6.8.0
      Puppet Server Version: 6.5.0
      OS Name/Version: CentOS 6/7

      I'm seeing puppet-agent fail to respect the no_proxy setting when defined in the config file. Having checked the diff that merged this support into 6.8.0, I've added some debug logging to identify the code path being taken, and it correctly determines a proxy should be bypassed, but then tries to use the proxy to connect to the puppetserver anyway, which is blocked by local policy

      Desired Behavior:

      Puppet agent should respect the no_proxy setting in puppet.conf

      Actual Behavior:

      puppet agent --test --server_list master1 --noop
      # Lots of debug output omitted
      Debug: LOCAL Using settings no_proxy 10.0.0.0/8,example.com,*.example.com,local,*.local,127.0.0.1,localhost,master1,master2
      Debug: LOCAL not using proxy because destination (?-mix:^master1$) matched a no_proxy entry for master1
      Debug: LOCAL not using proxy because no_proxy? returned True
      Debug: Starting connection for https://master1:8140
      Debug: Unable to connect to server from server_list setting: 403 "Forbidden"
      Error: Could not run Puppet configuration client: Could not select a functional puppet master from server_list: 'master1'
      # 403 Forbidden is coming from local webproxy
      

      (hostnames and actual value of no_proxy obfuscated. Lines containing LOCAL are local modifications to the puppet code to expose the behaviour).

      I only see this happen when the no_proxy setting is being read from puppet.conf. If no_proxy is set as env var, it properly bypasses the proxy for the unqualified hostname which matches the no_proxy value.

      It feels like puppet agent is not using the proxy settings from puppet.conf at all. It does all the work to decide whether it should and that answer isn't respected by the thing that actually makes the requests to the puppetserver

        Attachments

          Activity

            People

            • Assignee:
              josh Josh Cooper
              Reporter:
              broberts Ben Roberts
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support