Bug #382
Problems Connecting Puppets to Puppet Master After Upgrade
Description
I recently migrated my puppet master node and when I joined a puppet node to the puppet master node I got an error that prevented anything from being pulled from the puppet master server. Here is the error I got:
As it turns out there is a known bug in puppet 3 that causes a breakage in the fileserver parser. luckily there was a workaround for this:err: /Stage[main]/Puppetclient/File[/etc/puppet/puppet.conf]: Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/etc/puppet/puppet.conf.client with {:links=>"manage"} Could not retrieve file metadata for puppet:///files/etc/puppet/puppet.conf.client: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/etc/puppet/puppet.conf.client with {:links=>"manage"} at /usr/local/etc/puppet/manifests/classes/puppetClient.pp:15
- In fileserver.conf:
Put the name of your mount point, the path, and an allow * directive.[files] path /etc/puppet/files allow *
- In auth.conf:
Use a regular expression path to match both the file_metadata and file_content endpoints followed by the name of your custom mount point. Then, use any combination of allow and allow_ip directives to control access.path ~ ^/file_(metadata|content)/files/ auth yes allow /^(.+\.)?example.com$/ allow_ip 192.168.100.0/24
Effect:
This fully re-implements the previous behavior of the following fileserver.conf:
[files] path /etc/puppet/files allow *.example.com allow 192.168.100.0/24It does this by:
- Allowing any request to fulfill fileserver.conf’s requirements…
- …but using auth.conf to ensure that only authorized requests ever reach fileserver.conf.
Once I made the changes, the errors went away and the puppet nodes started connecting to the puppet master in a normal manner.
Resources¶
Updated by Daniel Curtis about 9 years ago
- Project changed from 90 to FreeBSD Administration
- Category set to Automated Server Management
- Target version set to FreeBSD 9