puppet8-lookup considers clientcert to be a legacy fact #9564
Description
Describe the Bug
Running the puppet-lookup command with cached facts (not from PuppetDB) fails because only the clientcert fact is overridden.
Expected Behavior
puppet-lookup needs to accept the clientcert fact, because removing it breaks the $trusted Hash.
Steps to Reproduce
- Run puppet-agent (by default, legacy facts are not calculated).
puppet-lookupon the server fails with "When overriding any of the hostname,domain,fqdn,clientcert facts given via the --facts flag, they must all be overridden."[[email protected]]# puppet lookup --compile --facts <(jq '.values' /opt/puppetlabs/server/data/puppetserver/server_data/facts/puppet8-master-03.gridka.de.json) gitlab_ci_runner::runners Error: Could not run: When overriding any of the hostname,domain,fqdn,clientcert facts with /dev/fd/63 given via the --facts flag, they must all be overridden. [root@puppet8-master-03 ~]# jq '.values | {hostname,domain,fqdn,clientcert}' /opt/puppetlabs/server/data/puppetserver/server_data/facts/puppet8-master-03.gridka.de.json { "hostname": null, "domain": null, "fqdn": null, "clientcert": "puppet8-master-03.gridka.de" }
puppet-lookupwithoutclientcertfact avoids the error, but also breaks$trusted[root@puppet8-master-03 ~]# puppet lookup --compile --facts <(jq '.values | del(.clientcert)' /opt/puppetlabs/server/data/puppetserver/server_data/facts/puppet8-master-03.gridka.de.json) 'trusted' Error: Could not run: Evaluation Error: Error while evaluating a Function Call, pick(): must receive at least one non empty value (file: /etc/puppetlabs/code/environments/puppet8/modules/bmc_config/manifests/init.pp, line: 32, column: 25) [root@puppet8-master-03 ~]# sed -n '32 p' /etc/puppetlabs/code/environments/puppet8/modules/bmc_config/manifests/init.pp String $icinga_name = pick(fact('icinga_name'), $trusted['certname']),
Environment
- Puppetserver v8.6.2
- Puppet agent v8.8.1
- Hiera v5
- RedHat 9.6 (Plow)
Additional Context
puppet-lookupconsidersclientcertto be a legacy fact, while it is no real core-fact for facter, legacy or not.- We don't use PuppetDB as fact cache, because that takes up too much disk resources while it serves no use-case for us (before this).