Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2977

v4/catalog endpoint returns incorrect data for compiler when run against compiler



    • Bug
    • Status: Accepted
    • Normal
    • Resolution: Unresolved
    • None
    • None
    • API
    • 42946
    • 1
    • Needs Assessment


      Puppet Version: 2019.8.4
      Puppet Server Version: 2019.8.4
      OS Name/Version: EL 7

      Describe your issue in as much detail as possible…

      If the v4/catalog endpoint on a compiler is used to generate a catalog for a compiler node, it returns an incorrect catalog. Specifically, the catalog will contain resources that should be confined to a primary server. This causes CD4PE's impact analysis to return false positives for compilers.

      Describe steps to reproduce…

      Use the API to send a catalog compilation request to the compiler for the catalog of the compiler and note that PE primary server related classes are in the returned catalog.

      # cat catalog-gen-from-compiler.sh
      curl -s -X POST --cacert $(puppet config print localcacert) https://pe-201984-compiler.puppetdebug.vlan:8140/puppet/v4/catalog -d '{ "certname": "pe-201984-compiler.puppetdebug.vlan", "persistence": { "facts": false, "catalog": false }, "environment": "production", "options": {"prefer_requested_environment": true, "capture_logs": true } }' -H "Content-Type: application/json" -H "X-Authentication: $(cat ~/.puppetlabs/token)" | python -m json.tool 
      # ./catalog-gen-from-compiler.sh | grep -c puppet_enterprise::master::code_manager

      Running the exact same thing against the primary does not result in these extra classes being included:

      # cat catalog-gen-from-primary.sh
      curl -s -X POST --cacert $(puppet config print localcacert) https://pe-201984-primary.puppetdebug.vlan:8140/puppet/v4/catalog -d '{ "certname": "pe-201984-compiler.puppetdebug.vlan", "persistence": { "facts": false, "catalog": false }, "environment": "production", "options": {"prefer_requested_environment": true, "capture_logs": true } }' -H "Content-Type: application/json" -H "X-Authentication: $(cat ~/.puppetlabs/token)" | python -m json.tool
      # ./catalog-gen-from-primary.sh | grep -c puppet_enterprise::master::code_manager

      Desired Behavior:

      The catalog generated by a compiler should be the same as a catalog compiled by a primary server.

      Actual Behavior:

      The catalog generated by a compiler appears to include additional class data.

      The key appears to be the pe_compile_master() function at https://github.com/puppetlabs/puppet-enterprise-modules/blob/main/modules/puppet_enterprise/lib/puppet/parser/functions/pe_compile_master.rb#L38. When the v4/catalog endpoint is used in this way, that function will return false even when the target is actually a compiler. This causes the extra classes to get pulled in.

      The v4/catalog endpoint is used by CD4PE for impact analysis. The incorrect catalog contents being returned causes false positives to show up in reports for compilers when a compiler is used for the impact analysis workload, which is the recommended configuration.


        Issue Links



              Unassigned Unassigned
              adam.bottchen Adam Bottchen
              0 Vote for this issue
              2 Start watching this issue



                Zendesk Support