Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2434

Flexible catalog compilation

    XMLWordPrintable

Details

    • Epic
    • Status: Closed
    • Normal
    • Resolution: Done
    • None
    • SERVER 6.3.0
    • None
    • None
    • Flexible catalog compilation
    • Hide

      See details in PE-25621 and PE-25714.

      Show
      See details in PE-25621 and PE-25714.
    • Froyo
    • Done
    • New Feature
    • Hide
      Puppet Server now has a new endpoint for catalog retrieval that allows many more options than the previous endpoint. This endpoint is controlled by tk-auth, and by default is not generally accessible. It is intended for use by other puppet services (like CD4PE). For details on the API, see https://github.com/puppetlabs/puppetserver/blob/master/documentation/puppet-api/v4/catalog.markdown.
      Show
      Puppet Server now has a new endpoint for catalog retrieval that allows many more options than the previous endpoint. This endpoint is controlled by tk-auth, and by default is not generally accessible. It is intended for use by other puppet services (like CD4PE). For details on the API, see https://github.com/puppetlabs/puppetserver/blob/master/documentation/puppet-api/v4/catalog.markdown .
    • Needs Assessment

    Description

      Puppet Server currently only has one endpoint for requesting a catalog. This endpoint requires that the requester be requesting their own catalog, i.e. that the name on cert used to authenticate the request match the name of the node for which the catalog is being compiled. It also does not allow the caller to specify what happens with reports or facts.

      As we expand our portfolio, the need has arisen for an endpoint that allows requesting catalogs for other nodes. For example, CD4PE needs to request catalogs for arbitrary node names as part of Impact Analysis, and managing network devices requires a "proxy agent" to make catalog requests on the behalf of the devices being managed.

      We want to create a new catalog endpoint that allows certain entities to request catalogs for arbitrary nodes. In the case of CD4PE, this would probably be controlled via an RBAC permission (see PE-25566), which for device management it would be locked down to the proxy agent's cert.

      In order to service both of these use cases, this endpoint needs to be able to control whether or not reports and facts are saved to PuppetDB (CD4PE does not want this, Network Automation does), and under what name to save them. It also needs the ability to allow environments to be specified as part of the request, as an alternative to going through the classifier.

      This endpoint might also enable us to create a CLI tool satisfying PUP-9055, that calls this endpoint on the backend.

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. PUP-9055 Compile catalogs on demand with user-specified facts

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              maggie Maggie Dreyer
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support