Puppet 5.5.16 and prior had a long standing bug that prevented the agent from using a proxy when the HTTP_PROXY environment variable or http_proxy_host puppet setting were defined. This issue, and number of other http proxy issues, were fixed in 5.5.17, 6.4.4 and 6.8.0, so the agent now correctly observes those variables/settings. However, it means puppet may try to use an http proxy when connecting to the puppetserver.
In many environments, an http proxy is configured to only allow connections from internal hosts to external hosts, and it will reject any attempt to "reflect" off of the proxy from an internal host to another internal host. In these environments, puppet agents may no longer be able to connect to its puppetserver after upgrading to 5.5.17, 6.4.4 or 6.8.0+. And since the agent can't get a catalog, you can't use puppet to remedy the issue. If you are upgrading to 5.5.17, 6.4.4 or 6.8.x, make sure to add the FQDN of the puppetserver to the NO_PROXY environment variable or no_proxy puppet setting *before* upgrading. Due to https://tickets.puppetlabs.com/browse/PUP-9990 the puppetserver's FQDN must be specified, as opposed to a domain. The ability to specify a domain was fixed in 6.9.0 and will be backported to 5.5.x and 6.4.x in https://tickets.puppetlabs.com/browse/PUP-10112. If upgrading to 6.9.0 or greater, you can specify a dotted domain for the puppetserver, e.g. no_proxy=localhost,.example.com, and/or the puppetserver FQDN. However, don't use wildcards (*.example.com) or "bare" domains ( example.com) as puppet and ruby do not consistently handle them. See https://tickets.puppetlabs.com/browse/PUP-10106, which will be fixed in the next set of releases. Josh -- Josh Cooper | Software Engineer j...@puppet.com | @coopjn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97ukSDfAN0fJH1CAz%2BhYS7zYN5hBcqyJW%2BqXfZiV5ogN7tA%40mail.gmail.com.
