I spent more time on this then I'd like to admit. After fussing around with fileserver.conf and auth.conf for too long I started playing with the path of the files being served. Once I added /modules/ to the path, everything began to work as it did prior to going to 3.
So, a very broken BEFORE example: class motd { file { "/etc/motd": ensure => present, source => "puppet:///motd/motd", } } and very working AFTER example: class motd { file { "/etc/motd": ensure => present, source => "puppet:///modules/motd/motd", } } Hope this helps someone out there on the internuts. -Russ On Monday, October 1, 2012 5:48:25 PM UTC-7, Forrie wrote: > > I've seen mention of this error in several places, with different causes. > So before I posted here, I attempted to resolve this on my own. > > I corrected the change from puppet:///files to puppet:/// in my manifests > *.pp files. > > No changes were made to the auth.conf file, and I did note in the > ChangeLog that: > > Auth.conf differentiates between names and IPs – There’s a new allow_ip > keyword >> in auth.conf if you want to permit IP addresses. (PR991) > > > But I see no mention of that on the docs page at > http://docs.puppetlabs.com/guides/rest_auth_conf.html. > > Our auth.conf is simple, and basically has either "allow $1" or "allow *" > both which appear to still be valid in 3.0. > > Here's an example, a simple example, an ntp.conf file: > > class ntp-client { > file { "/etc/ntp.conf": > owner => root, > group => root, > mode => 644, > source => "puppet:///etc/ntp.conf", > require => [ Package["ntp"] ], > notify => Service["ntpd"], > } > package { "ntp": > ensure => latest, > } > service { "ntpd": > ensure => running, > hasrestart => true, > subscribe => File["/etc/ntp.conf"], > } > } # ntp-client > > > The error I'm seeing in the puppet.log, on the client system: > > > Oct 1 20:02:28 test-fms puppet-agent[11062]: Starting Puppet client >> version 2.7.17 >> Oct 1 20:02:31 test-fms puppet-agent[11062]: >> (/Stage[main]/Ntp-client/File[/etc/ntp.conf]) Could not evaluate: Error 400 >> on SERVER: Not authorized to call find on /file_metadata/etc/ntp.conf Could >> not retrieve file metadata for puppet:///etc/ntp.conf: Error 400 on SERVER: >> Not authorized to call find on /file_metadata/etc/ntp.conf at >> /etc/puppet/manifests/classes/ntp-client.pp:10 > > > > The permissions from /etc/puppet/files are correct: > > -rw-r--r--. 1 puppet puppet 446 Mar 31 2011 etc/ntp.conf > > > The client puppet.conf file doesn't have any custom references other than > the basics. > > [main] >> server = ourpuppet.server.com >> vardir = /var/lib/puppet >> logdir = /var/log/puppet >> rundir = /var/run/puppet >> ssldir = $vardir/ssl >> [agent] >> classfile = $vardir/classes.txt >> localconfig = $vardir/localconfig >> syslogfacility = local4 >> report = true >> listen = true > > > I ran puppet master in verbose mode and got these diagnostics: > > Starting Puppet master version 3.0.0 > Info: access[^/catalog/([^/]+)$]: allowing 'method' find > Info: access[^/catalog/([^/]+)$]: allowing $1 access > Info: access[/certificate_revocation_list/ca]: allowing 'method' find > Info: access[/certificate_revocation_list/ca]: allowing * access > Info: access[/report]: allowing 'method' save > Info: access[/report]: allowing * access > Info: access[/file]: allowing * access > Info: access[/certificate/ca]: adding authentication no > Info: access[/certificate/ca]: allowing 'method' find > Info: access[/certificate/ca]: allowing * access > Info: access[/certificate/]: adding authentication no > Info: access[/certificate/]: allowing 'method' find > Info: access[/certificate/]: allowing * access > Info: access[/certificate_request]: adding authentication no > Info: access[/certificate_request]: allowing 'method' find > Info: access[/certificate_request]: allowing 'method' save > Info: access[/certificate_request]: allowing * access > Info: access[/]: adding authentication any > Info: Inserting default '~ ^/node/([^/]+)$' (auth true) ACL > Info: Inserting default '/status' (auth true) ACL > Warning: Host is missing hostname and/or domain: one-host.ourdomain.com > Compiled catalog for one-host.ourdomain.com in environment production in > 1.16 seconds > Info: mount[files]: allowing 10.101.0.0/24 access > Error: Error parsing fileserver configuration: wrong number of arguments > (3 for 1); using old configuration > Error: Not authorized to call find on /file_metadata/etc/ntp.conf > Error: Not authorized to call find on /file_metadata/etc/sudoers > Error: Not authorized to call find on > /file_metadata/files/etc/ssh/ssh_known_hosts > Error: Not authorized to call find on > /file_metadata/files/etc/ssh/sshd_config > Error: Not authorized to call find on > /file_metadata/etc/puppet/namespaceauth.conf > Error: Not authorized to call find on > /file_metadata/etc/puppet/puppet.conf.agent > Error: Not authorized to call find on /file_metadata/etc/puppet/auth.conf > Error: Not authorized to call find on /file_metadata/etc/resolv.conf.test > > I reviewed the docs at http://docs.puppetlabs.com/guides/file_serving.htmland > our config looks fine. > > Reading through the issue at http://projects.puppetlabs.com/issues/16667, > I'm not clear what the fix actually is. But, our config has been > unaltered. We have unused modules in the /etc/puppet/modules directory, > where most of the little stuff has been in /etc/puppet/manifests, > referenced in site.pp by: > > import "classes/*" >> import "nodes.pp" > > > And it's worked thus far. > > In the example above, with ntp-client, it's just a simple little > ntp-client.pp file that references a file that should be transfered, > nothing more. So I don't see how or why that wouldn't work as-is. > > The error above: > > Error: Error parsing fileserver configuration: wrong number of arguments >> (3 for 1); using old configuration > > > Doesn't make any sense to me, as our config seems to be in line with the > docs: > > The fileserver.conf file is pretty simple: > > [files] >> path /etc/puppet/files >> allow 10.101.0.0/24 >> allow 10.103.0.0/24 > > > > In the log above, clearly the connection is authorized. > > Info: mount[files]: allowing 10.101.0.0/24 access > > > I'm not sure of the reference to the error "Warning: Host is missing > hostname and/or domain" as it's clearly a FQHN (yes, I edited it here). > > So I'm pretty stumped here. Our only other option is to just downgrade > back to 2.7.x and wait for these issues to get worked out. > > Any pointers would be appreciated. > > > Thanks. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/PkOBcDZ-NM0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.