Hey Spencer,
> Are you pushing reports into puppetdb or only into foreman?
Ok so I missed that. Sorry dude. And yeah as you point out I originally had
reports only going to foreman. But I changed the puppet.conf to this:
[root@puppet:/etc/puppet] #egrep -i "reports|storeconfigs" puppet.conf
reports = foreman puppetdb
storeconfigs = true
storeconfigs_backend = puppetdb
I wasn't sure if this was supposed to be comma dlimeted or space. I tried
using a space between the two.
And so far no change.
http://puppetboard.jokefire.com/
thanks
On Thu, Oct 9, 2014 at 3:38 PM, Spencer Krum <krum.spen...@gmail.com> wrote:
> Are you pushing reports into puppetdb or only into foreman?
>
> On Thu, Oct 9, 2014 at 12:29 PM, Tim Dunphy <bluethu...@gmail.com> wrote:
>
>> Hey Daniele,
>>
>> Thanks for your feedback! And especially your suggestion to forego SSL
>> since I'm running puppetb and puppetboard on the same host.
>>
>> Anyway, here's my jetty.ini file from puppetdb:
>>
>> [root@puppet:/etc/puppetdb/conf.d] #cat jetty.ini | grep -v '#'
>> [jetty]
>>
>> port = 8082
>>
>>
>>
>> ssl-host = 216.120.250.140
>>
>> ssl-port = 8081
>>
>> ssl-key = /etc/puppetdb/ssl/private.pem
>>
>> ssl-cert = /etc/puppetdb/ssl/public.pem
>>
>> ssl-ca-cert = /etc/puppetdb/ssl/ca.pem
>>
>> And I set my settings.py to what you suggested:
>>
>> [root@puppet:/etc/puppetdb/conf.d] #cat /var/www/puppetboard/settings.py
>> PUPPETDB_HOST = 'localhost'
>> PUPPETDB_PORT = 8082
>> PUPPETDB_TIMEOUT = 60
>>
>> And look at that!!!
>>
>> http://puppetboard.jokefire.com/
>>
>> The puppetboard started filling in with data. However, all my nodes are
>> showing up as 'unreported'.
>>
>> Which is odd because I am also running foreman on the same machine. And
>> if I look there, foreman is claiming that all my nodes have reported in.
>>
>> Could I now be having an issue with the puppetdb itself?
>>
>> if so I don't see anything telling in the puppetdb logs:
>>
>> [root@puppet:/etc/puppetdb/conf.d] #tail -f
>> /var/log/puppetdb/puppetdb.log
>> 2014-10-09 15:27:29,822 INFO [c.p.p.command]
>> [833e757a-929b-4e7d-9f4b-82728e0e1659] [replace catalog]
>> ldap02.jokefire.com
>> 2014-10-09 15:27:31,362 INFO [c.p.p.command]
>> [4b4c50ab-8437-4f8f-917a-138e6c97d464] [replace catalog]
>> mail.jokefire.com
>> 2014-10-09 15:27:46,117 INFO [c.p.p.command]
>> [20bf87fc-2a1b-4a30-8877-0273439b8620] [replace facts]
>> monitor.jokefire.com
>> 2014-10-09 15:27:48,468 INFO [c.p.p.command]
>> [6714cdd3-64a1-49e7-b69c-575680e7fe9d] [replace catalog]
>> monitor.jokefire.com
>> 2014-10-09 15:27:53,481 INFO [c.p.p.command]
>> [0d3b94a2-2013-479c-bf7a-d3dc6d04bdae] [replace facts]
>> ldap02.jokefire.com
>> 2014-10-09 15:27:55,420 INFO [c.p.p.command]
>> [a5d7e16c-ef1f-469b-9a57-a1bb5fa7f884] [replace catalog]
>> ldap02.jokefire.com
>> 2014-10-09 15:28:05,156 INFO [c.p.p.command]
>> [4c677d3a-7b74-48ca-9c02-51884b8aa7cb] [replace facts]
>> monitor.jokefire.com
>> 2014-10-09 15:28:07,418 INFO [c.p.p.command]
>> [80aa84a3-bbfe-4900-85ae-7727b5a6fb4f] [replace catalog]
>> monitor.jokefire.com
>> 2014-10-09 15:28:15,070 INFO [c.p.p.command]
>> [58fc68ac-3535-4dbf-bad1-574de9ed7247] [replace facts]
>> ldap02.jokefire.com
>> 2014-10-09 15:28:16,462 INFO [c.p.p.command]
>> [20695d20-19da-42b3-a5cb-ed933dda3cb3] [replace catalog]
>> ldap02.jokefire.com
>>
>>
>> Thanks for your help! Looks as if we are making some progress here!
>> Tim
>>
>>
>>
>>
>> On Thu, Oct 9, 2014 at 2:36 PM, Daniele Sluijters <
>> daniele.sluijt...@gmail.com> wrote:
>>
>>> Hey,
>>>
>>> I think I know what's going on here. You've, dutifully, told Puppetboard
>>> that it needs to validate the server certificate that PuppetDB is
>>> presenting you with (PUPPETDB_SSL_VERIFY) when you setup a connection.
>>> However, I'm betting your OS trust-store does not include a copy of the
>>> Puppet Master CA, the one that handed out PuppetDB's server certificate.
>>>
>>> What you need to do is change PUPPETDB_SSL_VERIFY from True to
>>> /var/lib/puppet/ssl/ca/ca.pem (I think that's the path). What also is
>>> slightly weird is that you have defined PUPPETDB_KEY and PUPPETDB_CERT
>>> twice, the latter having it set to None which I'm guessing is what
>>> Puppetboard ends up picking.
>>>
>>> However, since your PuppetDB and Puppetboard are hosted on the same
>>> machine you can forgo the whole SSL debacle and use a local, plain
>>> connection instead. Since this traffic will never leave the host people
>>> would need to be logged in to your master to intercept it. Your settings.py
>>> then looks like this:
>>>
>>> PUPPETDB_HOST = 'localhost'
>>> PUPPETDB_PORT = 8080
>>> PUPPETDB_TIMEOUT = 60
>>>
>>> Once that works for you don't forget to change the LOGLEVEL back to
>>> 'info'.
>>>
>>> --
>>> Daniele Sluijters
>>>
>>> On Thursday, 9 October 2014 09:24:08 UTC-7, bluethundr wrote:
>>>
>>>> Hi Daniel,
>>>>
>>>> Thanks for getting back to me.
>>>>
>>>> This doesn't look like a configuration error with regard to Puppetboard
>>>>> but one with regard to Apache. These lines: configuration error:
>>>>> couldn't perform authentication. AuthType not set!: /static/js/lists.js,
>>>>> referer: http://puppetboard.jokefire.com/ aren't generated by
>>>>> Puppetboard, it has no concept of authentication and AuthType is an Apache
>>>>> thing.
>>>>> My bet is the "Require all granted" line. From what I can gleam from
>>>>> http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require it
>>>>> would require a few more settings, AuthType, AuthName, AuthBasicProvider,
>>>>> AuthUserFile and AuthGroupFile.
>>>>> Until you have authentication set up, replace that Require line with:
>>>>>
>>>>> Order deny,allow
>>>>> Allow from all
>>>>
>>>>
>>>>
>>>> Ok so I changed my apache config to this:
>>>>
>>>> <VirtualHost *:80>
>>>> ServerName puppetboard.jokefire.com
>>>> WSGIDaemonProcess puppetboard user=apache group=apache threads=5
>>>> WSGIScriptAlias / /var/www/puppetboard/wsgi.py
>>>> ErrorLog /var/log/httpd/puppetboard_error_log
>>>> CustomLog /var/log/httpd/puppetboard_access_log combined
>>>>
>>>> Alias /static /usr/lib/python2.6/site-packages/puppetboard/static
>>>>
>>>> <Directory /usr/lib/python2.6/site-packages/puppetboard/static>
>>>> WSGIProcessGroup puppetboard
>>>> WSGIApplicationGroup %{GLOBAL}
>>>> * Order deny,allow*
>>>> * Allow from all*
>>>> </Directory>
>>>> </VirtualHost>
>>>>
>>>>
>>>> I also changed the directory and contents to be readable by apache:
>>>>
>>>> [root@puppet:/etc/httpd/conf.d] #ls -ld /usr/lib/python2.6/site-
>>>> packages/puppetboard/static/
>>>> drwxr-xr-x. 4 apache apache 4096 Oct 8 12:47 /usr/lib/python2.6/site-
>>>> packages/puppetboard/static/
>>>>
>>>> I still get the error:
>>>>
>>>> http://puppetboard.jokefire.com/
>>>>
>>>>
>>>> I missed the part where this actually still works but then throws the
>>>>> PuppetDB connection issues.
>>>>> * How did you install Puppetboard, with this module: https://forge.
>>>>> puppetlabs.com/nibalizer/puppetboard?
>>>>>
>>>>
>>>> I did it via python pip install. I tried using the puppet module
>>>> initially. But it threw a bunch of dependency errors on my system. So
>>>> rather than try to wrestle with those I decided to to try a pip install
>>>> which went ok.
>>>>
>>>>
>>>>> * Are Puppetboard and PuppetDB running on the same machine?
>>>>>
>>>>
>>>> Yes! They are.
>>>>
>>>>
>>>>> * Can you show me your settings.py as documented here:
>>>>> https://github.com/nedap/puppetboard#settings
>>>>
>>>>
>>>>
>>>> Sure! Here you go.
>>>>
>>>> [root@puppet:~] #cat /var/www/puppetboard/settings.py
>>>> PUPPETDB_HOST = 'puppet.jokefire.com'
>>>> PUPPETDB_PORT = 8081
>>>> PUPPETDB_KEY = '/etc/puppetdb/ssl/private.pem'
>>>> PUPPETDB_CERT = '/etc/puppetdb/ssl/public.pem'
>>>> PUPPETDB_SSL_VERIFY = True
>>>> PUPPETDB_KEY = None
>>>> PUPPETDB_CERT = None
>>>> PUPPETDB_TIMEOUT = 60
>>>> DEV_LISTEN_HOST = '127.0.0.1'
>>>> DEV_LISTEN_PORT = 5000
>>>> UNRESPONSIVE_HOURS = 2
>>>> ENABLE_QUERY = True
>>>> LOGLEVEL = 'debug'
>>>>
>>>> I also tried the PUPPET_HOST with the IP of the machine, and with
>>>> 0.0.0.0. None of that seemed to make any difference!
>>>>
>>>> Thanks again for getting back to me on this.
>>>>
>>>> Tim
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Oct 9, 2014 at 12:10 PM, Daniele Sluijters <
>>>> daniele....@gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I missed the part where this actually still works but then throws the
>>>>> PuppetDB connection issues.
>>>>>
>>>>> * How did you install Puppetboard, with this module: https://forge.
>>>>> puppetlabs.com/nibalizer/puppetboard?
>>>>> * Are Puppetboard and PuppetDB running on the same machine?
>>>>> * Can you show me your settings.py as documented here:
>>>>> https://github.com/nedap/puppetboard#settings
>>>>>
>>>>> --
>>>>> Daniele Sluijters
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Puppet Users" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to puppet-users...@googlegroups.com.
>>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>>> msgid/puppet-users/09357b9c-d898-4a55-b0b8-c82254d52c9a%
>>>>> 40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/puppet-users/09357b9c-d898-4a55-b0b8-c82254d52c9a%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> GPG me!!
>>>>
>>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>>>>
>>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/9af260d1-be30-41fc-a672-9300b45e62fe%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/9af260d1-be30-41fc-a672-9300b45e62fe%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> GPG me!!
>>
>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/CAOZy0emsep1fCpvjX58vhBytJooNopVv%3D2ivz8emOzO4mAqHsg%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAOZy0emsep1fCpvjX58vhBytJooNopVv%3D2ivz8emOzO4mAqHsg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Spencer Krum
> (619)-980-7820
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CADt6FWMMHSCVsVBsR2CLE4Kb9ZDdfCBWOjHyAW6x%2BuWsyyVcMw%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CADt6FWMMHSCVsVBsR2CLE4Kb9ZDdfCBWOjHyAW6x%2BuWsyyVcMw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOZy0e%3D8_LA7w5VzcC69N9iUgrGTkunfdZy29zfE_vTC82jJ3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
