[PUP-5584] Cached catalogs are loaded using the agent's string locale which can result in corrupted data Created: 2015/12/07 Updated: 2019/04/04 Resolved: 2016/01/20
|Affects Version/s:||PUP 3.8.4, PUP 4.2.3|
|Fix Version/s:||PUP 4.3.2|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Attachments:||Screenshot 2015-12-07 15.23.05.png chocolatey.config.erb|
|Epic Link:||Unicode Encodings|
|Sprint:||Client 2016-01-13, Client 2016-01-27|
|CS Frequency:||3 - 25-50% of Customers|
|CS Severity:||4 - Major|
|CS Business Value:||4 - $$$$$|
|CS Impact:|| This impacts the use of cached catalogs on windows, making them potentially destructive. If this is not resolved it will have future impacts on the proposed funtionality of direct puppet which relies on cached catalogs.
The behavior seen by users is that the initial puppet run works as expected, but if the following run uses a cached catalog it may cause misconfiguration. This is particularly bad in the Application Orchestration/Direct Puppet scenario because the initial deploy appears to work but then 30 minutes later the follow-up checkin uses the cached catalog and only then does this problem surface.
|Release Notes:||Bug Fix|
|Release Notes Summary:||When a catalog contained inlined file content (typically from a template) with non-ASCII unicode characters, those characters could be corrupted when the agent used a cached catalog. This has been resolved for the JSON cache.|
If a cached catalog is applied, which contains a file resource that used the content parameter, and that content begins with a byte-order mark, the character will be rendered as garbage text when that cached catalog is applied on Windows.
This does not occur during normal master-agent puppet runs, only when applying a cached catalog, and only on Windows.
Download the attached ERB file. If you view it with vim -b chocolatey.confg you will see <feff> at the beginning, indicating the byte-order mark.
Use the template with a file resource, and deploy it to a Windows System, in any location.
View the file and it will appear normally.
Now, apply the cached catalog, either by disabling the puppet master and performing a puppet run (note that --test disables the use of cached catalogs), or via puppet apply C:\ProgramData\PuppetLabs\puppet\var\client_data\catalog\<certname>.json replacing <certname> with the test node's actual certname.
Note the junk characters at the beginning.
Tested with a CentOS 6.6 master running PE 3.8.3 (Puppet 3.8.4) and a Windows Server 2012 agent running PE 3.8.3. I also tested with both the 64 and 32 bit clients.
The current workaround would be to disable cached catalogs. I'm also working on an additional workaround that would not require this, using concat to retrieve the first part of the file via the source parameter, to avoid storing the BOM in the catalog.
Note: This is not a PE bug. I did my testing with PE, but this is not a PE-specific bug, as far as I can tell. It deals with generic Puppet functionality only. E.g. cached catalogs on Windows.
|Comment by Zee Alexander [ 2015/12/07 ]|
I'll test to see if this still affects 2015.2.3 shortly.
Edit: Confirmed, this does affect 2015.2.3 / Puppet 4.
|Comment by Charlie Sharpsteen [ 2015/12/09 ]|
This issue isn't specific to Windows and occurs on Linux as well. Basically, what is happening is that when the puppet agent loads a cached catalog from disk, it assigns a string encoding equal to whatever locale Ruby's Encoding.default_external is set to. This usually isn't noticeable on Linux because the server and agents are likely using the same locale and both likely using UTF-8. Windows agents are likely to be using a different locale than a Linux master. For example, my 2012 R2 box lists "IBM 437" as the default encoding:
IBM 437 is backwards-compatible with ASCII but not UTF-8. Therefore any UTF-8 content produced by the master will be garbled if rendered as IBM 437.
Add the following file resource to site.pp:
Run puppet agent -t. The correct contents should appear in /tmp/test.
For a Windows agent, run puppet agent -t --use_cached_catalog. For a POSIX agent, shift the locale into ISO-8859-1 (or other non-UTF8 locale listed by locale -a) by running LC_ALL=en_GB.iso88591 puppet agent -t --use_cached_catalog. The contents of /tmp/test will be replaced with corrupted text.
|Comment by Zee Alexander [ 2015/12/09 ]|
Charlie Sharpsteen would it be appropriate to update the bug description to more accurately reflect the issue/conditions under what it occurs, given your last comment? As things stand it might be misleading if you didn't read the comments.
|Comment by Josh Cooper [ 2016/01/19 ]|
Couple of notes about what Branan Riley and I talked about leading up to merging this.
On *nix with an alternate encoding:
We should file a separate ticket to ensure data read from settings files is converted to UTF-8 when read in.
|Comment by Eric Thompson [ 2016/01/20 ]|
validated on ubuntu12.04 at stable SHA: 49af8b004d8341e2f690b6629d42f043e0aa8b8a