-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(PUP-11900) Notify when X-Puppet-Compiler-Name
header found
#9151
Conversation
398cb70
to
9594c58
Compare
lib/puppet/http/session.rb
Outdated
@@ -90,6 +90,9 @@ def process_response(response) | |||
site = Puppet::HTTP::Site.from_uri(response.url) | |||
@server_versions[site] = version | |||
end | |||
if (compiler = response['X-Puppet-Compiler-Name']) | |||
Puppet.notice("Catalog compiled by #{compiler}") | |||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking we'd only emit this in notice the post_catalog
method, otherwise, we could end up emitting this notice for requests unrelated to catalogs
puppet/lib/puppet/http/service/compiler.rb
Lines 115 to 123 in 03b3df3
response = @client.post( | |
with_base_url("/catalog/#{name}"), | |
body, | |
headers: headers, | |
# for legacy reasons we always send environment as a query parameter too | |
params: { environment: environment }, | |
) | |
process_response(response) |
And possibly the post_catalog4
method if it makes sense to do so?
puppet/lib/puppet/http/service/compiler.rb
Line 159 in 03b3df3
def post_catalog4(certname, persistence:, environment:, facts: nil, trusted_facts: nil, transaction_uuid: nil, job_id: nil, options: nil) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change in puppetserver only affects the v3 endpoint, so the v4 POST is not necessary yet. It makes sense to me that we would just emit the notice anytime we received the header, so any endpoint the agent uses that the puppetserver deems necessary to include that header would "just work". For example, if we did start using the v4 catalog endpoint for agent runs we would just have to make changes on the server side and not the agent.
Is it possible that someone adds that header in a response that is not the puppetserver? It seems the same level of vulnerability as the X-Puppet-Version
header. I'm not sure if process_response
is used for non-puppetserver requests...
This change will emit a notice when http traffic from a puppetserver sends the X-Puppet-Compiler-Name header; this should help for debugging purposes when troubleshooting compilation issues and several compilers are behind a load balancer.
9594c58
to
7d0cc29
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice, lgtm
Could you backport to 7.x too? |
This change will emit a notice when http traffic from a puppetserver sends the
X-Puppet-Compiler-Name
header; this should help for debugging purposes when troubleshooting compilation issues and several compilers are behind a load balancer.