Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2977

v4/catalog endpoint returns incorrect data for compiler when run against compiler

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: API
    • Labels:
    • Template:
      PUP Bug Template
    • Team:
      Froyo
    • Method Found:
      Needs Assessment
    • Zendesk Ticket IDs:
      42946
    • Zendesk Ticket Count:
      1
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 2019.8.4
      Puppet Server Version: 2019.8.4
      OS Name/Version: EL 7

      Describe your issue in as much detail as possible…

      If the v4/catalog endpoint on a compiler is used to generate a catalog for a compiler node, it returns an incorrect catalog. Specifically, the catalog will contain resources that should be confined to a primary server. This causes CD4PE's impact analysis to return false positives for compilers.

      Describe steps to reproduce…

      Use the API to send a catalog compilation request to the compiler for the catalog of the compiler and note that PE primary server related classes are in the returned catalog.

      # cat catalog-gen-from-compiler.sh
      #!/bin/bash
      curl -s -X POST --cacert $(puppet config print localcacert) https://pe-201984-compiler.puppetdebug.vlan:8140/puppet/v4/catalog -d '{ "certname": "pe-201984-compiler.puppetdebug.vlan", "persistence": { "facts": false, "catalog": false }, "environment": "production", "options": {"prefer_requested_environment": true, "capture_logs": true } }' -H "Content-Type: application/json" -H "X-Authentication: $(cat ~/.puppetlabs/token)" | python -m json.tool 
      # ./catalog-gen-from-compiler.sh | grep -c puppet_enterprise::master::code_manager
      58
      

      Running the exact same thing against the primary does not result in these extra classes being included:

      # cat catalog-gen-from-primary.sh
      #!/bin/bash
      curl -s -X POST --cacert $(puppet config print localcacert) https://pe-201984-primary.puppetdebug.vlan:8140/puppet/v4/catalog -d '{ "certname": "pe-201984-compiler.puppetdebug.vlan", "persistence": { "facts": false, "catalog": false }, "environment": "production", "options": {"prefer_requested_environment": true, "capture_logs": true } }' -H "Content-Type: application/json" -H "X-Authentication: $(cat ~/.puppetlabs/token)" | python -m json.tool
      # ./catalog-gen-from-primary.sh | grep -c puppet_enterprise::master::code_manager
      0
      

      Desired Behavior:

      The catalog generated by a compiler should be the same as a catalog compiled by a primary server.

      Actual Behavior:

      The catalog generated by a compiler appears to include additional class data.

      The key appears to be the pe_compile_master() function at https://github.com/puppetlabs/puppet-enterprise-modules/blob/main/modules/puppet_enterprise/lib/puppet/parser/functions/pe_compile_master.rb#L38. When the v4/catalog endpoint is used in this way, that function will return false even when the target is actually a compiler. This causes the extra classes to get pulled in.

      The v4/catalog endpoint is used by CD4PE for impact analysis. The incorrect catalog contents being returned causes false positives to show up in reports for compilers when a compiler is used for the impact analysis workload, which is the recommended configuration.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              adam.bottchen Adam Bottchen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:

                  Zendesk Support