GNet Solutions » FreeBSD Administration

I recently migrated my puppet master node and when I joined a puppet node to the puppet master node I got an error that prevented anything from being pulled from the puppet master server. Here is the error I got:

err: /Stage[main]/Puppetclient/File[/etc/puppet/puppet.conf]: Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/etc/puppet/puppet.conf.client with {:links=>"manage"} Could not retrieve file metadata for puppet:///files/etc/puppet/puppet.conf.client: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/etc/puppet/puppet.conf.client with {:links=>"manage"} at /usr/local/etc/puppet/manifests/classes/puppetClient.pp:15

As it turns out there is a known bug in puppet 3 that causes a breakage in the fileserver parser. luckily there was a workaround for this:

• In fileserver.conf:
  Put the name of your mount point, the path, and an allow * directive.
  

  [files]
    path /etc/puppet/files
    allow *
  

• In auth.conf:
  Use a regular expression path to match both the file_metadata and file_content endpoints followed by the name of your custom mount point. Then, use any combination of allow and allow_ip directives to control access.
  

  path ~ ^/file_(metadata|content)/files/
  auth yes
  allow /^(.+\.)?example.com$/
  allow_ip 192.168.100.0/24
  

Effect:

This fully re-implements the previous behavior of the following fileserver.conf:

[files]
  path /etc/puppet/files
  allow *.example.com
  allow 192.168.100.0/24

It does this by:

• Allowing any request to fulfill fileserver.conf’s requirements…
• …but using auth.conf to ensure that only authorized requests ever reach fileserver.conf.

Once I made the changes, the errors went away and the puppet nodes started connecting to the puppet master in a normal manner.

Resources¶

• http://projects.puppetlabs.com/issues/16686