puppet 6.12.0 → 6.17.0

data/lib/puppet/agent.rb

@@ -43,6 +43,7 @@ class Puppet::Agent
     end
 
     result = nil
+    wait_for_lock_deadline = nil
     block_run = Puppet::Application.controlled_run do
       splay client_options.fetch :splay, Puppet[:splay]
       result = run_in_fork(should_fork) do
@@ -60,16 +61,29 @@ class Puppet::Agent
               end
             end
           rescue Puppet::LockError
-            Puppet.notice _("Run of %{client_class} already in progress; skipping  (%{lockfile_path} exists)") % { client_class: client_class, lockfile_path: lockfile_path }
-            return
+            now = Time.now.to_i
+            wait_for_lock_deadline ||= now + Puppet[:maxwaitforlock]
+
+            if Puppet[:waitforlock] < 1
+              Puppet.notice _("Run of %{client_class} already in progress; skipping  (%{lockfile_path} exists)") % { client_class: client_class, lockfile_path: lockfile_path }
+              nil
+            elsif now >= wait_for_lock_deadline
+              Puppet.notice _("Exiting now because the maxwaitforlock timeout has been exceeded.")
+              nil
+            else
+              Puppet.info _("Another puppet instance is already running; --waitforlock flag used, waiting for running instance to finish.")
+              Puppet.info _("Will try again in %{time} seconds.") % {time: Puppet[:waitforlock]}
+              sleep Puppet[:waitforlock]
+              retry
+            end
           rescue RunTimeoutError => detail
             Puppet.log_exception(detail, _("Execution of %{client_class} did not complete within %{runtimeout} seconds and was terminated.") %
               {client_class: client_class,
               runtimeout: Puppet[:runtimeout]})
-            return 1
+            nil
           rescue StandardError => detail
             Puppet.log_exception(detail, _("Could not run %{client_class}: %{detail}") % { client_class: client_class, detail: detail })
-            1
+            nil
           end
         end
       end
@@ -95,11 +109,9 @@ class Puppet::Agent
         atForkHandler.child
         $0 = _("puppet agent: applying configuration")
         begin
-          exit(yield)
-        rescue SystemExit
-          exit(-1)
+          exit(yield || 1)
         rescue NoMemoryError
-          exit(-2)
+          exit(254)
         end
       end
     ensure
@@ -107,12 +119,6 @@ class Puppet::Agent
     end
 
     exit_code = Process.waitpid2(child_pid)
-    case exit_code[1].exitstatus
-    when -1
-      raise SystemExit
-    when -2
-      raise NoMemoryError
-    end
     exit_code[1].exitstatus
   end
 

data/lib/puppet/application/agent.rb

@@ -39,6 +39,7 @@ class Puppet::Application::Agent < Puppet::Application
       :graph => true,
       :fingerprint => false,
       :sourceaddress => nil,
+      :start_time => Time.now,
     }.each do |opt,val|
       options[opt] = val
     end
@@ -90,7 +91,7 @@ puppet-agent(8) -- #{summary}
 
 SYNOPSIS
 --------
-Retrieves the client configuration from the puppet master and applies it to
+Retrieves the client configuration from the Puppet master and applies it to
 the local host.
 
 This service may be run as a daemon, run periodically using cron (or something
@@ -164,13 +165,15 @@ when signing certificates).
 only resources not tagged with the specified tags will be applied.
 Values must be comma-separated.
 
+
 OPTIONS
 -------
 
 Note that any Puppet setting that's valid in the configuration file is also a
 valid long argument. For example, 'server' is a valid setting, so you can
-specify '--server <servername>' as an argument. Boolean settings translate into
-'--setting' and '--no-setting' pairs.
+specify '--server <servername>' as an argument. Boolean settings accept a '--no-' 
+prefix to turn off a behavior, translating into '--setting' and '--no-setting' 
+pairs, such as `--daemonize` and `--no-daemonize`.
 
 See the configuration file documentation at
 https://puppet.com/docs/puppet/latest/configuration.html for the
@@ -237,15 +240,14 @@ generated by running puppet agent with '--genconfig'.
 * --enable:
   Enable working on the local system. This removes any lock file,
   causing 'puppet agent' to start managing the local system again
-  (although it will continue to use its normal scheduling, so it might
-  not start for another half hour).
+  However, it continues to use its normal scheduling, so it might
+  not start for another half hour.
 
   'puppet agent' exits after executing this.
   
 *  --evaltrace:
   Logs each resource as it is being evaluated. This allows you to interactively see exactly what is being done. (This is a Puppet setting, and can go in puppet.conf. Note the special 'no-' prefix for boolean settings on the command line.)
 
-
 * --fingerprint:
   Display the current certificate or certificate signing request
   fingerprint and then exit. Use the '--digest' option to change the
@@ -256,7 +258,9 @@ generated by running puppet agent with '--genconfig'.
 
 * --job-id:
   Attach the specified job id to the catalog request and the report used for
-  this agent run. This option only works when '--onetime' is used.
+  this agent run. This option only works when '--onetime' is used.  When using
+  Puppet Enterprise this flag should not be used as the orchestrator sets the
+  job-id for you and it must be unique.
 
 * --logdest:
   Where to send log messages. Choose between 'syslog' (the POSIX syslog
@@ -278,7 +282,7 @@ generated by running puppet agent with '--genconfig'.
 
 * --noop:
   Use 'noop' mode where the daemon runs in a no-op or dry-run mode. This
-  is useful for seeing what changes Puppet will make without actually
+  is useful for seeing what changes Puppet would make without actually
   executing the changes.
   (This is a Puppet setting, and can go in puppet.conf. Note the special 'no-'
   prefix for boolean settings on the command line.)
@@ -302,8 +306,6 @@ generated by running puppet agent with '--genconfig'.
 * --trace
   Prints stack traces on some errors. (This is a Puppet setting, and can go in puppet.conf. Note the special 'no-' prefix for boolean settings on the command line.)
 
-
-
 * --verbose:
   Turn on verbose reporting.
 
@@ -317,8 +319,7 @@ generated by running puppet agent with '--genconfig'.
   it to sign a certificate request. This is useful for the initial setup
   of a puppet client. You can turn off waiting for certificates by
   specifying a time of 0.
-  (This is a Puppet setting, and can go in puppet.conf. Note the special 'no-'
-  prefix for boolean settings on the command line.)
+  (This is a Puppet setting, and can go in puppet.conf.)
 
 
 EXAMPLE
@@ -364,8 +365,17 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
       daemon.set_signal_traps
 
       log_config if Puppet[:daemonize]
-      
-      Puppet.override(ssl_context: wait_for_certificates) do
+
+      # run ssl state machine, waiting if needed
+      ssl_context = wait_for_certificates
+
+      # Each application is responsible for pushing loaders onto the context.
+      # Use the current environment that has already been established, though
+      # it may change later during the configurer run.
+      env = Puppet.lookup(:current_environment)
+      Puppet.override(ssl_context: ssl_context,
+                      current_environment: env,
+                      loaders: Puppet::Pops::Loaders.new(env, true)) do
         if Puppet[:onetime]
           onetime(daemon)
         else
@@ -407,7 +417,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
 
   def onetime(daemon)
     begin
-      exitstatus = daemon.agent.run(:job_id => options[:job_id])
+      exitstatus = daemon.agent.run({:job_id => options[:job_id], :start_time => options[:start_time]})
     rescue => detail
       Puppet.log_exception(detail)
     end
@@ -490,9 +500,8 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
   end
 
   def daemonize_process_when(should_daemonize)
-    daemon = Puppet::Daemon.new(Puppet::Util::Pidlock.new(Puppet[:pidfile]))
+    daemon = Puppet::Daemon.new(@agent, Puppet::Util::Pidlock.new(Puppet[:pidfile]))
     daemon.argv = @argv
-    daemon.agent = @agent
 
     daemon.daemonize if should_daemonize
 

data/lib/puppet/application/describe.rb

@@ -67,13 +67,15 @@ class TypeDoc
     @types.keys.sort_by(&:to_s).each do |name|
       type = @types[name]
       s = type.doc.gsub(/\s+/, " ")
-      n = s.index(". ")
-      if n.nil?
+      if s.empty?
         s = ".. no documentation .."
-      elsif n > 45
-        s = s[0, 45] + " ..."
       else
-        s = s[0, n]
+        n = s.index(".") || s.length
+        if n > 45
+          s = s[0, 45] + " ..."
+        else
+          s = s[0, n]
+        end
       end
       printf "%-15s - %s\n", name, s
     end

data/lib/puppet/application/device.rb

@@ -194,7 +194,7 @@ you can specify '--server ' as an argument.
 
 * --resource:
   Displays a resource state as Puppet code, roughly equivalent to
-  `puppet resource`.  Can be filterd by title. Requires --target be specified.
+  `puppet resource`.  Can be filtered by title. Requires --target be specified.
 
 * --target:
   Target a specific device/certificate in the device.conf. Doing so will perform a
@@ -259,7 +259,7 @@ Licensed under the Apache 2.0 License
         end
       end
       devices.collect do |devicename,device|
-        pool = Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout])
+        pool = Puppet.runtime[:http].pool
         Puppet.override(:http_pool => pool) do
           # TODO when we drop support for ruby < 2.5 we can remove the extra block here
           begin

data/lib/puppet/application/filebucket.rb

@@ -69,6 +69,19 @@ running as a user with valid Puppet certificates. Alternatively, you can
 use your local file bucket by specifying '--local', or by specifying
 '--bucket' with a local path.
 
+> **Note**: Enabling and using the backup option, and by extension the 
+  filebucket resource, requires appropriate planning and management to ensure 
+  that sufficient disk space is available for the file backups. Generally, you 
+  can implement this using one of the following two options:
+  - Use a `find` command and `crontab` entry to retain only the last X days 
+  of file backups. For example: 
+
+  ```shell
+  find /opt/puppetlabs/server/data/puppetserver/bucket -type f -mtime +45 -atime +45 -print0 | xargs -0 rm
+  ```
+
+  - Restrict the directory to a maximum size after which the oldest items are removed.
+
 
 OPTIONS
 -------
@@ -108,7 +121,7 @@ configuration options can also be generated by running puppet with
   by default.
 
 * --server_list:
-  A list of comma seperated servers; only the first entry is used for file storage.
+  A list of comma separated servers; only the first entry is used for file storage.
   This setting takes precidence over `server`.
 
 * --server:
@@ -279,7 +292,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
       Puppet::Log.level = :info
     end
 
-      exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
+    exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
 
     require 'puppet/file_bucket/dipper'
     begin
@@ -287,19 +300,10 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
         path = options[:bucket] || Puppet[:clientbucketdir]
         @client = Puppet::FileBucket::Dipper.new(:Path => path)
       else
-        if Puppet[:server_list] && !Puppet[:server_list].empty?
-          server = Puppet[:server_list].first
-          #TRANSLATORS 'server_list' is the name of a setting and should not be translated
-          Puppet.debug _("Selected server from first entry of the `server_list` setting: %{server}:%{port}") % {server: server[0], port: server[1]}
-          @client = Puppet::FileBucket::Dipper.new(
-            :Server => server[0],
-            :Port => server[1]
-          )
-        else
-          #TRANSLATORS 'server' is the name of a setting and should not be translated
-          Puppet.debug _("Selected server from the `server` setting: %{server}") % {server: Puppet[:server]}
-          @client = Puppet::FileBucket::Dipper.new(:Server => Puppet[:server])
-        end
+        session = Puppet.lookup(:http_session)
+        api = session.route_to(:puppet)
+
+        @client = Puppet::FileBucket::Dipper.new(Server: api.url.host, Port: api.url.port)
       end
     rescue => detail
       Puppet.log_exception(detail)

data/lib/puppet/application/plugin.rb

@@ -1,3 +1,4 @@
 require 'puppet/application/face_base'
 class Puppet::Application::Plugin < Puppet::Application::FaceBase
+  environment_mode :not_required
 end

data/lib/puppet/application/resource.rb

@@ -5,7 +5,7 @@ class Puppet::Application::Resource < Puppet::Application
   attr_accessor :host, :extra_params
 
   def preinit
-    @extra_params = []
+    @extra_params = [:provider]
   end
 
   option("--debug","-d")

data/lib/puppet/application/ssl.rb

@@ -28,7 +28,7 @@ OPTIONS
 -------
 
 * --help:
-  Print this help messsge.
+  Print this help message.
 
 * --verbose:
   Print extra information.
@@ -90,7 +90,7 @@ HELP
     @cert_provider = Puppet::X509::CertProvider.new
     @ssl_provider = Puppet::SSL::SSLProvider.new
     @machine = Puppet::SSL::StateMachine.new
-    @session = Puppet.runtime['http'].create_session
+    @session = Puppet.runtime[:http].create_session
   end
 
   def setup_logs
@@ -182,7 +182,7 @@ HELP
     route = create_route(ssl_context)
     Puppet.info _("Downloading certificate '%{name}' from %{url}") % { name: Puppet[:certname], url: route.url }
 
-    x509 = route.get_certificate(Puppet[:certname], ssl_context: ssl_context)
+    _, x509 = route.get_certificate(Puppet[:certname], ssl_context: ssl_context)
     cert = OpenSSL::X509::Certificate.new(x509)
     Puppet.notice _("Downloaded certificate '%{name}' with fingerprint %{fingerprint}") % { name: Puppet[:certname], fingerprint: fingerprint(cert) }
 
@@ -226,7 +226,7 @@ HELP
       begin
         ssl_context = @machine.ensure_ca_certificates
         route = create_route(ssl_context)
-        cert = route.get_certificate(certname, ssl_context: ssl_context)
+        _, cert = route.get_certificate(certname, ssl_context: ssl_context)
       rescue Puppet::HTTP::ResponseError => e
         if e.response.code.to_i != 404
           raise Puppet::Error.new(_("Failed to connect to the CA to determine if certificate %{certname} has been cleaned") % { certname: certname }, e)

data/lib/puppet/configurer.rb

@@ -1,7 +1,5 @@
 # The client for interacting with the puppetmaster config server.
-require 'sync'
 require 'timeout'
-require 'puppet/network/http_pool'
 require 'puppet/util'
 require 'securerandom'
 #require 'puppet/parser/script_compiler'
@@ -65,7 +63,7 @@ class Puppet::Configurer
   end
 
   # Get the remote catalog, yo.  Returns nil if no catalog can be found.
-  def retrieve_catalog(query_options)
+  def retrieve_catalog(facts, query_options)
     query_options ||= {}
     result = retrieve_catalog_from_cache(query_options) if Puppet[:use_cached_catalog]
     if result
@@ -73,7 +71,7 @@ class Puppet::Configurer
 
       Puppet.info _("Using cached catalog from environment '%{environment}'") % { environment: result.environment }
     else
-      result = retrieve_new_catalog(query_options)
+      result = retrieve_new_catalog(facts, query_options)
 
       if !result
         if !Puppet[:usecacheonfailure]
@@ -100,12 +98,11 @@ class Puppet::Configurer
   end
 
   # Convert a plain resource catalog into our full host catalog.
-  def convert_catalog(result, duration, options = {})
+  def convert_catalog(result, duration, facts, options = {})
     catalog = nil
 
     catalog_conversion_time = thinmark do
       # Will mutate the result and replace all Deferred values with resolved values
-      facts = options[:convert_with_facts]
       if facts
         Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result)
       end
@@ -134,6 +131,7 @@ class Puppet::Configurer
     end
 
     facts_hash = {}
+    facts = nil
     if Puppet::Resource::Catalog.indirection.terminus_class == :rest
       # This is a bit complicated.  We need the serialized and escaped facts,
       # and we need to know which format they're encoded in.  Thus, we
@@ -142,15 +140,14 @@ class Puppet::Configurer
       # facts_for_uploading may set Puppet[:node_name_value] as a side effect
       facter_time = thinmark do
         facts = find_facts
-        options[:convert_with_facts] =  facts
         facts_hash = encode_facts(facts) # encode for uploading # was: facts_for_uploading
       end
       options[:report].add_times(:fact_generation, facter_time) if options[:report]
     end
-    facts_hash
+    [facts_hash, facts]
   end
 
-  def prepare_and_retrieve_catalog(cached_catalog, options, query_options)
+  def prepare_and_retrieve_catalog(cached_catalog, facts, options, query_options)
     # set report host name now that we have the fact
     options[:report].host = Puppet[:node_name_value]
 
@@ -166,7 +163,7 @@ class Puppet::Configurer
     catalog = cached_catalog || options[:catalog]
     unless catalog
       # retrieve_catalog returns resource catalog
-      catalog = retrieve_catalog(query_options)
+      catalog = retrieve_catalog(facts, query_options)
       Puppet.err _("Could not retrieve catalog; skipping run") unless catalog
     end
     catalog
@@ -197,12 +194,12 @@ class Puppet::Configurer
   # This just passes any options on to the catalog,
   # which accepts :tags and :ignoreschedules.
   def run(options = {})
-    pool = Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout])
+    pool = Puppet.runtime[:http].pool
     # We create the report pre-populated with default settings for
     # environment and transaction_uuid very early, this is to ensure
     # they are sent regardless of any catalog compilation failures or
     # exceptions.
-    options[:report] ||= Puppet::Transaction::Report.new(nil, @environment, @transaction_uuid, @job_id)
+    options[:report] ||= Puppet::Transaction::Report.new(nil, @environment, @transaction_uuid, @job_id, options[:start_time] || Time.now)
     report = options[:report]
     init_storage
 
@@ -211,13 +208,9 @@ class Puppet::Configurer
     completed = nil
     begin
       Puppet.override(:http_pool => pool) do
-
         # Skip failover logic if the server_list setting is empty
-        if Puppet.settings[:server_list].nil? || Puppet.settings[:server_list].empty?
-          do_failover = false
-        else
-          do_failover = true
-        end
+        do_failover = Puppet.settings[:server_list] && !Puppet.settings[:server_list].empty?
+
         # When we are passed a catalog, that means we're in apply
         # mode. We shouldn't try to do any failover in that case.
         if options[:catalog].nil? && do_failover
@@ -225,8 +218,6 @@ class Puppet::Configurer
           if server.nil?
             raise Puppet::Error, _("Could not select a functional puppet master from server_list: '%{server_list}'") % { server_list: Puppet.settings.value(:server_list, Puppet[:environment].to_sym, true) }
           else
-            #TRANSLATORS 'server_list' is the name of a setting and should not be translated
-            Puppet.debug _("Selected puppet server from the `server_list` setting: %{server}:%{port}") % { server: server, port: port }
             report.master_used = "#{server}:#{port}"
           end
           Puppet.override(server: server, serverport: port) do
@@ -244,9 +235,13 @@ class Puppet::Configurer
   end
 
   def run_internal(options)
-    start = Time.now
     report = options[:report]
 
+    if options[:start_time]
+      startup_time = Time.now - options[:start_time]
+      report.add_times(:startup_time, startup_time)
+    end
+
     # If a cached catalog is explicitly requested, attempt to retrieve it. Skip the node request,
     # don't pluginsync and switch to the catalog's environment if we successfully retrieve it.
     if Puppet[:use_cached_catalog]
@@ -274,7 +269,7 @@ class Puppet::Configurer
 
     begin
       unless Puppet[:node_name_fact].empty?
-        query_options = get_facts(options)
+        query_options, facts = get_facts(options)
       end
 
       configured_environment = Puppet[:environment] if Puppet.settings.set_by_config?(:environment)
@@ -307,6 +302,16 @@ class Puppet::Configurer
               @environment = node.environment.to_s
               report.environment = @environment
               query_options = nil
+              facts = nil
+
+              new_env = Puppet::Node::Environment.remote(@environment)
+              Puppet.push_context(
+                {
+                  current_environment: new_env,
+                  loaders: Puppet::Pops::Loaders.new(new_env, true)
+                },
+                "Local node environment #{@environment} for configurer transaction"
+              )
             else
               Puppet.info _("Using configured environment '%{env}'") % { env: @environment }
             end
@@ -317,25 +322,24 @@ class Puppet::Configurer
         end
       end
 
-      current_environment = Puppet.lookup(:current_environment)
-      if current_environment.name == @environment.intern
-        local_node_environment = current_environment
-      else
-        local_node_environment = Puppet::Node::Environment.create(@environment,
-                                         current_environment.modulepath,
-                                         current_environment.manifest,
-                                         current_environment.config_version)
+      # This is to maintain compatibility with anyone using this class
+      # aside from agent, apply, device.
+      unless Puppet.lookup(:loaders) { nil }
+        new_env = Puppet::Node::Environment.remote(@environment)
+        Puppet.push_context(
+          {
+            current_environment: new_env,
+            loaders: Puppet::Pops::Loaders.new(new_env, true)
+          },
+          "Local node environment #{@environment} for configurer transaction"
+        )
       end
-      Puppet.push_context({
-        :current_environment => local_node_environment, 
-        :loaders => Puppet::Pops::Loaders.new(local_node_environment, true)
-      }, "Local node environment for configurer transaction")
 
-      query_options = get_facts(options) unless query_options
+      query_options, facts = get_facts(options) unless query_options
       query_options[:configured_environment] = configured_environment
       options[:convert_for_node] = node
 
-      catalog = prepare_and_retrieve_catalog(cached_catalog, options, query_options)
+      catalog = prepare_and_retrieve_catalog(cached_catalog, facts, options, query_options)
       unless catalog
         return nil
       end
@@ -358,11 +362,11 @@ class Puppet::Configurer
         @environment = catalog.environment
         report.environment = @environment
 
-        query_options = get_facts(options)
+        query_options, facts = get_facts(options)
         query_options[:configured_environment] = configured_environment
 
         # if we get here, ignore the cached catalog
-        catalog = prepare_and_retrieve_catalog(nil, options, query_options)
+        catalog = prepare_and_retrieve_catalog(nil, facts, options, query_options)
         return nil unless catalog
         tries += 1
       end
@@ -374,7 +378,7 @@ class Puppet::Configurer
       else
         # REMIND @duration is the time spent loading the last catalog, and doesn't
         # account for things like we failed to download and fell back to the cache
-        ral_catalog = convert_catalog(catalog, @duration, options)
+        ral_catalog = convert_catalog(catalog, @duration, facts, options)
 
         # If not noop, commit the cached resource catalog (not ral catalog). Ideally
         # we'd just copy the downloaded response body, instead of serializing the
@@ -410,7 +414,7 @@ class Puppet::Configurer
     end
 
     report.cached_catalog_status ||= @cached_catalog_status
-    report.add_times(:total, Time.now - start)
+    report.add_times(:total, Time.now - report.time)
     report.finalize_report
     Puppet::Util::Log.close(report)
     send_report(report)
@@ -419,21 +423,16 @@ class Puppet::Configurer
   private :run_internal
 
   def find_functional_server
-    Puppet.settings[:server_list].each do |server|
-      host = server[0]
-      port = server[1] || Puppet[:masterport]
-      begin
-        ssl_context = Puppet.lookup(:ssl_context)
-        http = Puppet::Network::HttpPool.connection(host, port.to_i, ssl_context: ssl_context)
-        response = http.get('/status/v1/simple/master')
-        return [host, port] if response.is_a?(Net::HTTPOK)
-
-        Puppet.debug(_("Puppet server %{host}:%{port} is unavailable: %{code} %{reason}") %
-                     { host: host, port: port, code: response.code, reason: response.message })
-      rescue => detail
-        #TRANSLATORS 'server_list' is the name of a setting and should not be translated
-        Puppet.debug _("Unable to connect to server from server_list setting: %{detail}") % {detail: detail}
-      end
+    begin
+      session = Puppet.lookup(:http_session)
+      service = session.route_to(:puppet)
+      return [service.url.host, service.url.port]
+    rescue Puppet::HTTP::ResponseError => e
+      Puppet.debug(_("Puppet server %{host}:%{port} is unavailable: %{code} %{reason}") %
+                   { host: e.response.url.host, port: e.response.url.port, code: e.response.code, reason: e.response.reason })
+    rescue => detail
+      #TRANSLATORS 'server_list' is the name of a setting and should not be translated
+      Puppet.debug _("Unable to connect to server from server_list setting: %{detail}") % {detail: detail}
     end
     [nil, nil]
   end
@@ -468,21 +467,17 @@ class Puppet::Configurer
     ::Facter.clear
     facts = find_facts
 
-    saved_fact_terminus = Puppet::Node::Facts.indirection.terminus_class
-    begin
-      Puppet::Node::Facts.indirection.terminus_class = :rest
+    client = Puppet.runtime[:http]
+    session = client.create_session
+    puppet = session.route_to(:puppet)
 
-      server = Puppet::Node::Facts::Rest.server
-      Puppet.info(_("Uploading facts for %{node} to %{server}") % {
-                    node: facts.name,
-                    server: server})
+    Puppet.info(_("Uploading facts for %{node} to %{server}") % {
+                  node: facts.name,
+                  server: puppet.url.hostname})
 
-      Puppet::Node::Facts.indirection.save(facts, nil, :environment => Puppet::Node::Environment.remote(@environment))
+    puppet.put_facts(facts.name, facts: facts, environment: Puppet.lookup(:current_environment).name.to_s)
 
-      return true
-    ensure
-      Puppet::Node::Facts.indirection.terminus_class = saved_fact_terminus
-    end
+    return true
   rescue => detail
     Puppet.log_exception(detail, _("Failed to submit facts: %{detail}") %
                                  { detail: detail })
@@ -521,7 +516,7 @@ class Puppet::Configurer
     return nil
   end
 
-  def retrieve_new_catalog(query_options)
+  def retrieve_new_catalog(facts, query_options)
     result = nil
     @duration = thinmark do
       result = Puppet::Resource::Catalog.indirection.find(
@@ -531,7 +526,8 @@ class Puppet::Configurer
           # don't update cache until after environment converges
           :ignore_cache_save => true,
           :environment       => Puppet::Node::Environment.remote(@environment),
-          :fail_on_404       => true
+          :fail_on_404       => true,
+          :facts_for_catalog => facts
         )
       )
     end