[PUP-10157] Observe server_list for CA requests Created: 2019/12/03  Updated: 2020/01/13  Resolved: 2019/12/11

Status: Resolved
Project: Puppet
Component/s: None
Affects Version/s: PUP 6.11.0
Fix Version/s: PUP 6.12.0

Type: Bug Priority: Normal
Reporter: Josh Cooper Assignee: Melissa Stone
Resolution: Fixed Votes: 0
Labels: resolved-issue-added
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Template: PUP Bug Template
Epic Link: Agent HTTP
Team: Coremunity
Sprint: Platform Core KANBAN
Method Found: Needs Assessment
Release Notes: Bug Fix
Release Notes Summary: The ca service now observes the ServerList resolver when attempting to resolve routes. Previously we were only using SRV Records or the server/ca_server setting to find this information.
QA Risk Assessment: Needs Assessment


puppet does not observe the server_list setting when making CA requests. This is a regression introduced in https://tickets.puppetlabs.com/browse/PUP-10040 as it wasn't apparent that Puppet::Rest::Routes called Puppet::Util::Connection.determine_server to set the @default_server.

We need to enable the server_list resolver such that:

  1. If we successfully resolved the CA server/port once in a session, then we should always reuse that same server/port
  2. Next if SRV records are enabled, we should try to connect to each entry. If that fails, fallback to #3
  3. Next if server_list is set and ca_server is not set explicitly (so inherits server), we should try each server/port combo. If the list is exhausted, raise an error.
  4. Next fallback to ca_server setting which defaults to server. If that fails, fallback to #5
  5. Raise no more routes to try

Note we are preserving the old behavior of "if the server list is exhausted, raise an error" instead of falling back to settings.

Comment by Josh Cooper [ 2019/12/10 ]

Merged to master inĀ https://github.com/puppetlabs/puppet/commit/e36a82e8f620a3e846a97c18d3d0bb6076812fce

Comment by Josh Cooper [ 2019/12/10 ]

Melissa Stone can you add release notes?

Comment by Melissa Stone [ 2019/12/11 ]

This has passed ci as a part of puppet-agent

Generated at Sat Sep 26 15:49:07 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.