[PUP-6031] static catalogs do not copy source host and port to content_uri Created: 2016/03/09 Updated: 2016/03/17 Resolved: 2016/03/10
|Fix Version/s:||PUP 4.4.0|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Epic Link:||(Burnside) Direct Puppet: Client Static Catalog|
|Release Notes:||Not Needed|
|Release Notes Summary:||Bug fix for unreleased feature.|
If you define a file resource with a source parameter:
Then the content_uri omits the host and port:
which can cause the agent to retrieve the file from a different host/port than was originally specified.
We should preserve the host and port. The reason we don't is because we call CGI.escape which corrupts the URI.
|Comment by Josh Cooper [ 2016/03/10 ]|
One way to verify this is to specify an alternate file server in the manifest, and use a reverse proxy to ensure the agent uses the specified host and port when retrieving file content. On the agent, add a hosts file entry for myfileserver whose IP matches that of the master:
On the master, create a manifest like:
On the master wipe out the ssl directory and generate a cert whose dns alt names contains both the normal FQDN and myfileserver:
Run the agent, send the client CSR, sign the CSR on the master.
Run the agent with --debug and verify it tries to connect to myfileserver, but fails to connect:
Install socat on the master and configure it to forward traffic from port 8888 to port 8140:
Run the agent and it should download the file content: