Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Negative lookahead regex issue on node definition #9483

Open
Cuthbert286 opened this issue Sep 24, 2024 · 2 comments
Open

Negative lookahead regex issue on node definition #9483

Cuthbert286 opened this issue Sep 24, 2024 · 2 comments
Labels
bug Something isn't working triaged Jira issue has been created for this

Comments

@Cuthbert286
Copy link

Describe the Bug

When upgrading to Puppet Server version 8.6.3, certain node regex patterns stop functioning correctly. Specifically, regex patterns that use negative lookahead (?!) no longer match nodes as expected. Instead, the Puppet agent throws an error when attempting to retrieve the catalog.

Expected Behavior

The regex patterns should continue to match nodes as defined, including those using negative lookahead assertions, and the catalog should be successfully retrieved.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Upgrade to Puppet Server version 8.6.3 on a Debian 12 (Bookworm) system.
  2. Use a node block with a regex pattern that includes negative lookahead, such as:
    node /^aws-server\d{2}-(af|ap|ca|eu|me|sa|us)-(central|(north|south)?(east|west)?)-\d(?!\.test)/
  3. Attempt to classify a node matching this pattern, e.g., aws-server01-us-west-1.domain.com (which should match) and aws-server01-us-west-1.test.domain.com (which should not match).
  4. Observe that the Puppet agent on the node that should match (e.g., aws-server01-us-west-1.domain.com) throws the following error:
    Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Cannot find definition Node on node aws-server01-us-west-1.domain.com

Environment

  • Version 8.6.3
  • Platform Debian 12 (Bookworm)

Additional Context

This issue only seems to occur after upgrading to Puppet Server 8.6.3. Previous versions did not experience this problem. The issue appears related to the handling of negative lookahead (?!) within the regex engine used by Puppet Server.
@Cuthbert286 Cuthbert286 added the bug Something isn't working label Sep 24, 2024
@joshcooper
Copy link
Contributor

This is a regression introduced by #9420 as puppetserver calls puppet as a library when compiling the catalog.

It works when using puppet 8.8.1

# cat /etc/puppetlabs/code/environments/production/manifests/site.pp 
node /^aws-server\d{2}-(af|ap|ca|eu|me|sa|us)-(central|(north|south)?(east|west)?)-\d(?!\.test)/ {
  notify { "matched": }
}

node default {
  notify { "no match": }
}

# puppet --version
8.8.1

# puppet agent -t --certname aws-server01-us-west-1.test.domain.com --ssldir /tmp/aws-server01-us-west-1.test.domain.com
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: Requesting catalog from folksy-dystopia:8140 (10.16.112.127)
Notice: Catalog compiled by folksy-dystopia
Info: Caching catalog for aws-server01-us-west-1.test.domain.com
Info: Applying configuration version '1727201731'
Notice: no match
Notice: /Stage[main]/Main/Node[default]/Notify[no match]/message: defined 'message' as 'no match'
Notice: Applied catalog in 0.01 seconds

# puppet agent -t --certname aws-server01-us-west-1.domain.com --ssldir /tmp/aws-server01-us-west-1.domain.com
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: Requesting catalog from folksy-dystopia:8140 (10.16.112.127)
Notice: Catalog compiled by folksy-dystopia
Info: Caching catalog for aws-server01-us-west-1.domain.com
Info: Applying configuration version '1727201737'
Notice: matched
Notice: /Stage[main]/Main/Node[__node_regexp__aws-serverd2-afapcaeumesaus-centralnorthsoutheastwest-d.test]/Notify[matched]/message: defined 'message' as 'matched'
Notice: Applied catalog in 0.01 seconds

But not with 8.9.0

# yum install puppet-agent-8.9.0
...
Upgraded:
  puppet-agent-8.9.0-1.el8.x86_64

# systemctl reload puppetserver

# puppet agent -t --certname aws-server01-us-west-1.test.domain.com --ssldir /tmp/aws-server01-us-west-1.test.domain.com
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: Requesting catalog from folksy-dystopia:8140 (10.16.112.127)
Notice: Catalog compiled by folksy-dystopia
Info: Caching catalog for aws-server01-us-west-1.test.domain.com
Info: Applying configuration version '1727201856'
Notice: no match
Notice: /Stage[main]/Main/Node[default]/Notify[no match]/message: defined 'message' as 'no match'
Notice: Applied catalog in 0.01 seconds

# puppet agent -t --certname aws-server01-us-west-1.domain.com --ssldir /tmp/aws-server01-us-west-1.domain.com
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: Requesting catalog from folksy-dystopia:8140 (10.16.112.127)
Notice: Catalog compiled by folksy-dystopia
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Cannot find definition Node on node aws-server01-us-west-1.domain.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

The server's log contains

024-09-24T11:17:42.678-07:00 ERROR [qtp1804702662-152] [puppetserver] Puppet Cannot find definition Node on node aws-server01-us-west-1.domain.com
2024-09-24T11:17:42.680-07:00 ERROR [qtp1804702662-152] [puppetserver] Puppet Server Error: Cannot find definition Node on node aws-server01-us-west-1.domain.com
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/errors.rb:159:in `fail'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:80:in `block in evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:59:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:53:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/resource.rb:75:in `evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:227:in `evaluate_ast_node'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:136:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:59:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:53:in `profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:136:in `block in compile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:64:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:288:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/parser/compiler.rb:125:in `compile'

@joshcooper joshcooper transferred this issue from puppetlabs/puppetserver Sep 24, 2024
@joshcooper joshcooper added the triaged Jira issue has been created for this label Oct 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 3, 2024

Migrated issue to PUP-12081

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triaged Jira issue has been created for this
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshcooper @Cuthbert286