Puppet

Credits go to Nigel for finding and explaining this bug.

With a completely new environment:

/tmp/manifests/site.pp:

node mynode {
  include base
}

/tmp/modules/base/files/myfile.txt:

content here

/tmp/modules/base/manifests/init.pp:

class base {
  file { "/tmp/myfile.txt": source => "puppet:///base/myfile.txt" }
}

config:

[puppetmasterd]
environments=testing,production
manifestdir=/tmp/manifests/

[testing]
modulepath=/tmp/modules

run produces this error:

/Users/brice/devl/puppet/lib/puppet/indirector/indirection.rb:283:in `check_authorization'
/Users/brice/devl/puppet/lib/puppet/indirector/indirection.rb:299:in `prepare'
/Users/brice/devl/puppet/lib/puppet/indirector/indirection.rb:186:in `find'
/Users/brice/devl/puppet/lib/puppet/indirector.rb:51:in `find'
/Users/brice/devl/puppet/lib/puppet/network/http/handler.rb:97:in `do_find'
/Users/brice/devl/puppet/lib/puppet/network/http/handler.rb:66:in `send'
/Users/brice/devl/puppet/lib/puppet/network/http/handler.rb:66:in `process'
/Users/brice/devl/puppet/lib/puppet/network/http/webrick/rest.rb:23:in `service'
/opt/local/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/opt/local/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
/opt/local/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/opt/local/lib/ruby/1.8/webrick/server.rb:162:in `start'
/opt/local/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/opt/local/lib/ruby/1.8/webrick/server.rb:95:in `start'
/opt/local/lib/ruby/1.8/webrick/server.rb:92:in `each'
/opt/local/lib/ruby/1.8/webrick/server.rb:92:in `start'
/opt/local/lib/ruby/1.8/webrick/server.rb:23:in `start'
/opt/local/lib/ruby/1.8/webrick/server.rb:82:in `start'
/Users/brice/devl/puppet/lib/puppet/network/http/webrick.rb:40:in `listen'
/Users/brice/devl/puppet/lib/puppet/network/http/webrick.rb:40:in `initialize'
/Users/brice/devl/puppet/lib/puppet/network/http/webrick.rb:40:in `new'
/Users/brice/devl/puppet/lib/puppet/network/http/webrick.rb:40:in `listen'
/Users/brice/devl/puppet/lib/puppet/network/http/webrick.rb:37:in `synchronize'
/Users/brice/devl/puppet/lib/puppet/network/http/webrick.rb:37:in `listen'
/Users/brice/devl/puppet/lib/puppet/network/server.rb:131:in `listen'
/Users/brice/devl/puppet/lib/puppet/network/server.rb:146:in `start'
/Users/brice/devl/puppet/lib/puppet/daemon.rb:128:in `start'
/Users/brice/devl/puppet/lib/puppet/application/puppetmasterd.rb:96:in `main'
/Users/brice/devl/puppet/lib/puppet/application.rb:226:in `send'
/Users/brice/devl/puppet/lib/puppet/application.rb:226:in `run_command'
/Users/brice/devl/puppet/lib/puppet/application.rb:217:in `run'
sbin/puppetmasterd:66
err: Not authorized to call find on /file_metadata/test/myfile.txt

Explanation of the issue:

• when the web server gets the request, it creates an indirection request, filling attributes like ip or node from the HTTP request. To do this, all the interesting attributes are given in a hash (called options, see P::I::Request#new). Once the request is properly initialized the options hash doesn’t contain the ip or node information.
• the request is transmitted to the file_serving layer, which happily wants to use the node attribute to find environments. Unfortunately it fetches the node value from the request options, not the request itself (it even propagates the options hash all around the mounts). Since this node information is empty, puppet fails to find the proper mount point, and fails.

Possible solutions:

• In P::I::Request#set_attribute do not remove the attr from the hash. Instant reward: it fixes everything with a one liner (ok there’s another one-line to change :ipaddress to :ip in P::I::FileServer)

or

• Fix all the file_serving sub-system to transmit the whole request instead of only its “options”. This seems to me to be the best, except it might break the compatibility with the xmlrpc file serving?