Skip to content

[Bug]: Centralized filebucket not working properly #367

New issue
New issue
Open
#368
Open
[Bug]: Centralized filebucket not working properly#367
#368
Labels
bugSomething isn't working
@mdechiaro

Description

@mdechiaro
mdechiaro
opened on Mar 12, 2026

Is this a critical security issue?

  • This is not a security issue.

Describe the Bug

I originally posted this Issue to puppetlabs, but have
since migrated to Openvox, so opening another issue here.

Here is the documentation
for setting up centralized filebuckets, however it does not appear to work properly.

After setting up filebucket resource in site.pp, the filebuckets are still stored with the puppetserver that compiled the catalog, instead of being sent to the location configured in the filebucket resource.

Expected Behavior

I expect the configured filebucket resource to get these files, instead of the puppetserver that compiled the catalog.

Steps to Reproduce

Steps to reproduce:

  1. Configure remote filebucket. This should be a separate puppetserver than the one compiling the catalog for the agent. I used PuppetCA puppetserver for this example.
# site.pp

filebucket { 'puppetca':
  server => 'puppetca.hostname.com',
  path   => false,
}

File {
  backup => 'puppetca',
}
  1. Verify auth.conf permissions on puppetserver are correct
auth.conf
        {
            # Allow nodes to access all file_bucket_files.  Note that access for
            # the 'delete' method is forbidden by Puppet regardless of the
            # configuration of this rule.
            match-request: {
                path: "/puppet/v3/file_bucket_file"
                type: path
                method: [get, head, post, put]
            }
            allow: "*"
            sort-order: 500
            name: "puppetlabs file bucket file"
        },
  1. Make a local change to a managed file on the agent side, then run Puppet
    agent to have it revert it back.
Info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppetca with sum 0969e80061625526e4e611e8cd6e43e3ead5a2b87071e6393249c72e0f7765c5
  1. Check the location of the file. It will not be sent to the location configured in filebucket resource. Instead, it will reside on the puppetserver that compiled the catalog.

Environment

Version 8.25.0
Platform Ubuntu 24.04 and RHEL8

Additional Context

I have a remote branch that includes a fix. I used Claude to help assist how the filebucket code works, and find a solution to the problem.

Relevant log output

No errors in the logs, and this issue appears to silently fail.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions