So, I've been playing with puppet for a while now, and I have managed to get my site.pp file setup and working the way I want it to when I run puppet manually against it, and I'm starting to move on to figuring out the client/server issues.
I'm running a little virtual machine on my dev box that is trying to sync with puppetmasterd on my main box but there are problems.
First of all - plugin/fact syncing doesn't seem to be working at all - I've tried opening up more of auth.conf, but I feel I'm getting dangerously close to exposing my configurations to the whole world. The facts for the node just don't seem to exist.
I've tried looking at the official documentation on how to set this up properly, but I get the feeling most of it is written pre 0.25.0. Anyone out there have any ideas for debugging the source of this particular problem?
These are the errors I'm seeing in the error log:
Sep 16 22:12:59 support puppetmasterd[2800]: Not authorized to call search on /file_metadata/facts with {:ignore=>[".svn", "CVS"], :links=>"manage", :recurse=>true}
Sep 16 22:12:59 support puppetmasterd[2800]: Not authorized to call find on /file_metadata/facts
Sep 16 22:13:00 support puppetmasterd[2800]: Host is missing hostname and/or domain: **hostname of my virtual host's NAT gateway**
Sep 16 22:24:43 test puppetd[3841]: Retrieving plugin
Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
Sep 16 22:24:43 test puppetd[3841]: Finishing transaction -609701378 with 0 changes
Sep 16 22:24:43 test puppetd[3841]: Fact syncing is deprecated as of 0.25 -- use 'pluginsync' instead
Sep 16 22:24:43 test puppetd[3841]: Retrieving fact
Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
Sep 16 22:24:43 test puppetd[3841]: (/File[/var/lib/puppet/facts]) Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Not authorized to call search on /file_metadata/facts with {:ignore=>[".svn", "CVS"], :links=>"manage", :recurse=>true}
Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
Sep 16 22:24:44 test puppetd[3841]: (/File[/var/lib/puppet/facts]) Failed to retrieve current state of resource: Error 400 on SERVER: Not authorized to call find on /file_metadata/facts Could not retrieve file metadata for puppet://..fqdn../facts: Error 400 on SERVER: Not authorized to call find on /file_metadata/facts
Sep 16 22:24:44 test puppetd[3841]: Finishing transaction -610061128 with 0 changes
Sep 16 22:24:45 test puppetd[3841]: Format s not supported for Puppet::Resource::Catalog; has not implemented method 'from_s'
Sep 16 22:24:45 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
puppet.conf on client
[main]
server=**fqdn of puppetmasterd**
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=true
node_name=cert
certname=**fqdn of client**
puppet.conf on server
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=true
[puppetmasterd]
templatedir=/var/lib/puppet/templates
storeconfigs = true
dbadapter = mysql
dbuser = puppet
dbpassword = **password**
dbserver = localhost
dbsocket = /var/run/mysqld/mysqld.sock
fileserver.conf on server
[files]
path /etc/puppet/files
allow *
[modules]
allow *
[plugins]
allow *
auth.conf on server
path ~ ^/catalog/([^/]+)$
method find
allow *
path /certificate_revocation_list/ca
method find
allow *
path /report
method save
allow *
path /file_metadata
auth any
allow *
path /file
allow *
path /certificate/ca
auth no
method find
allow *
path /certificate/
auth no
method find
allow *
path /certificate_request
auth no
method find, save
allow *
path /
auth yes
allow *
First off, get rid of
factsync
,fact_sync
, andplugin_sync
-- they're all either not required or misspelt. Second,auth.conf
is unnecessary -- my 0.25 setups don't have anauth.conf
anywhere to be found. I really think you're overcomplicating it. If you fix up your host/cert name issues (as per your other question) and use thefileserver.conf
you've got there, it should work out OK.One thing that is likely to trip you up is that the fileserver gives out 400s for attempts to access fileserver modules that don't exist (like
/facts
in your log messages) rather than 404s, which caught me at first. Turning off factsync as I suggested above (and, since it's deprecated and a really bad idea, doesn't hurt) will get rid of those errors anyway.