I spent more time on this then I'd like to admit. After fussing around with
fileserver.conf and auth.conf for too long I started playing with the path
of the files being served. Once I added /modules/ to the path, everything
began to work as it did prior to going to 3.
So, a very broken BEFORE example:
class motd {
file { "/etc/motd":
ensure => present,
source => "puppet:///motd/motd",
}
}
and very working AFTER example:
class motd {
file { "/etc/motd":
ensure => present,
source => "puppet:///modules/motd/motd",
}
}
Hope this helps someone out there on the internuts.
-Russ
On Monday, October 1, 2012 5:48:25 PM UTC-7, Forrie wrote:
>
> I've seen mention of this error in several places, with different causes.
> So before I posted here, I attempted to resolve this on my own.
>
> I corrected the change from puppet:///files to puppet:/// in my manifests
> *.pp files.
>
> No changes were made to the auth.conf file, and I did note in the
> ChangeLog that:
>
> Auth.conf differentiates between names and IPs – There’s a new allow_ip
> keyword
>> in auth.conf if you want to permit IP addresses. (PR991)
>
>
> But I see no mention of that on the docs page at
> http://docs.puppetlabs.com/guides/rest_auth_conf.html.
>
> Our auth.conf is simple, and basically has either "allow $1" or "allow *"
> both which appear to still be valid in 3.0.
>
> Here's an example, a simple example, an ntp.conf file:
>
> class ntp-client {
> file { "/etc/ntp.conf":
> owner => root,
> group => root,
> mode => 644,
> source => "puppet:///etc/ntp.conf",
> require => [ Package["ntp"] ],
> notify => Service["ntpd"],
> }
> package { "ntp":
> ensure => latest,
> }
> service { "ntpd":
> ensure => running,
> hasrestart => true,
> subscribe => File["/etc/ntp.conf"],
> }
> } # ntp-client
>
>
> The error I'm seeing in the puppet.log, on the client system:
>
>
> Oct 1 20:02:28 test-fms puppet-agent[11062]: Starting Puppet client
>> version 2.7.17
>> Oct 1 20:02:31 test-fms puppet-agent[11062]:
>> (/Stage[main]/Ntp-client/File[/etc/ntp.conf]) Could not evaluate: Error 400
>> on SERVER: Not authorized to call find on /file_metadata/etc/ntp.conf Could
>> not retrieve file metadata for puppet:///etc/ntp.conf: Error 400 on SERVER:
>> Not authorized to call find on /file_metadata/etc/ntp.conf at
>> /etc/puppet/manifests/classes/ntp-client.pp:10
>
>
>
> The permissions from /etc/puppet/files are correct:
>
> -rw-r--r--. 1 puppet puppet 446 Mar 31 2011 etc/ntp.conf
>
>
> The client puppet.conf file doesn't have any custom references other than
> the basics.
>
> [main]
>> server = ourpuppet.server.com
>> vardir = /var/lib/puppet
>> logdir = /var/log/puppet
>> rundir = /var/run/puppet
>> ssldir = $vardir/ssl
>> [agent]
>> classfile = $vardir/classes.txt
>> localconfig = $vardir/localconfig
>> syslogfacility = local4
>> report = true
>> listen = true
>
>
> I ran puppet master in verbose mode and got these diagnostics:
>
> Starting Puppet master version 3.0.0
> Info: access[^/catalog/([^/]+)$]: allowing 'method' find
> Info: access[^/catalog/([^/]+)$]: allowing $1 access
> Info: access[/certificate_revocation_list/ca]: allowing 'method' find
> Info: access[/certificate_revocation_list/ca]: allowing * access
> Info: access[/report]: allowing 'method' save
> Info: access[/report]: allowing * access
> Info: access[/file]: allowing * access
> Info: access[/certificate/ca]: adding authentication no
> Info: access[/certificate/ca]: allowing 'method' find
> Info: access[/certificate/ca]: allowing * access
> Info: access[/certificate/]: adding authentication no
> Info: access[/certificate/]: allowing 'method' find
> Info: access[/certificate/]: allowing * access
> Info: access[/certificate_request]: adding authentication no
> Info: access[/certificate_request]: allowing 'method' find
> Info: access[/certificate_request]: allowing 'method' save
> Info: access[/certificate_request]: allowing * access
> Info: access[/]: adding authentication any
> Info: Inserting default '~ ^/node/([^/]+)$' (auth true) ACL
> Info: Inserting default '/status' (auth true) ACL
> Warning: Host is missing hostname and/or domain: one-host.ourdomain.com
> Compiled catalog for one-host.ourdomain.com in environment production in
> 1.16 seconds
> Info: mount[files]: allowing 10.101.0.0/24 access
> Error: Error parsing fileserver configuration: wrong number of arguments
> (3 for 1); using old configuration
> Error: Not authorized to call find on /file_metadata/etc/ntp.conf
> Error: Not authorized to call find on /file_metadata/etc/sudoers
> Error: Not authorized to call find on
> /file_metadata/files/etc/ssh/ssh_known_hosts
> Error: Not authorized to call find on
> /file_metadata/files/etc/ssh/sshd_config
> Error: Not authorized to call find on
> /file_metadata/etc/puppet/namespaceauth.conf
> Error: Not authorized to call find on
> /file_metadata/etc/puppet/puppet.conf.agent
> Error: Not authorized to call find on /file_metadata/etc/puppet/auth.conf
> Error: Not authorized to call find on /file_metadata/etc/resolv.conf.test
>
> I reviewed the docs at http://docs.puppetlabs.com/guides/file_serving.htmland
> our config looks fine.
>
> Reading through the issue at http://projects.puppetlabs.com/issues/16667,
> I'm not clear what the fix actually is. But, our config has been
> unaltered. We have unused modules in the /etc/puppet/modules directory,
> where most of the little stuff has been in /etc/puppet/manifests,
> referenced in site.pp by:
>
> import "classes/*"
>> import "nodes.pp"
>
>
> And it's worked thus far.
>
> In the example above, with ntp-client, it's just a simple little
> ntp-client.pp file that references a file that should be transfered,
> nothing more. So I don't see how or why that wouldn't work as-is.
>
> The error above:
>
> Error: Error parsing fileserver configuration: wrong number of arguments
>> (3 for 1); using old configuration
>
>
> Doesn't make any sense to me, as our config seems to be in line with the
> docs:
>
> The fileserver.conf file is pretty simple:
>
> [files]
>> path /etc/puppet/files
>> allow 10.101.0.0/24
>> allow 10.103.0.0/24
>
>
>
> In the log above, clearly the connection is authorized.
>
> Info: mount[files]: allowing 10.101.0.0/24 access
>
>
> I'm not sure of the reference to the error "Warning: Host is missing
> hostname and/or domain" as it's clearly a FQHN (yes, I edited it here).
>
> So I'm pretty stumped here. Our only other option is to just downgrade
> back to 2.7.x and wait for these issues to get worked out.
>
> Any pointers would be appreciated.
>
>
> Thanks.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/PkOBcDZ-NM0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
