Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@puppet:/etc/puppet# cat puppet.conf
- [master]
- storeconfigs = true
- dbadapter = mysql
- dbuser = puppet
- dbpassword = pupp3t
- dbserver = localhost
- dbsocket = /var/run/mysqld/mysqld.sock
- [main]
- logdir=/var/log/puppet
- vardir=/var/lib/puppet
- ssldir=/var/lib/puppet/ssl
- rundir=/var/run/puppet
- # facter!!!
- factpath=$vardir/lib/facter
- templatedir=$confdir/templates
- confdir=/var/puppet
- root@puppet:/etc/puppet# cat fileserver.conf
- # This file consists of arbitrarily named sections/modules
- # defining where files are served from and to whom
- # Define a section 'files'
- # Adapt the allow/deny settings to your needs. Order
- # for allow/deny does not matter, allow always takes precedence
- # over deny
- [files]
- path /var/puppet/files
- # allow *.abacho.net.local
- # allow *.myhammer.intra
- # allow 192.168.0.0/16
- # allow 10.0.0.0/8
- allow *
- [plugins]
- # allow *.example.com
- # deny *.evil.example.com
- allow *
- [modules]
- allow *
- root@puppet:/etc/puppet# cat auth.conf
- # This is an example auth.conf file, it mimics the puppetmasterd defaults
- #
- # The ACL are checked in order of appearance in this file.
- #
- # Supported syntax:
- # This file supports two different syntax depending on how
- # you want to express the ACL.
- #
- # Path syntax (the one used below):
- # ---------------------------------
- # path /path/to/resource
- # [environment envlist]
- # [method methodlist]
- # [auth[enthicated] {yes|no|on|off|any}]
- # allow [host|ip|*]
- # deny [host|ip]
- #
- # The path is matched as a prefix. That is /file match at
- # the same time /file_metadat and /file_content.
- #
- # Regex syntax:
- # -------------
- # This one is differenciated from the path one by a '~'
- #
- # path ~ regex
- # [environment envlist]
- # [method methodlist]
- # [auth[enthicated] {yes|no|on|off|any}]
- # allow [host|ip|*]
- # deny [host|ip]
- #
- # The regex syntax is the same as ruby ones.
- #
- # Ex:
- # path ~ .pp$
- # will match every resource ending in .pp (manifests files for instance)
- #
- # path ~ ^/path/to/resource
- # is essentially equivalent to path /path/to/resource
- #
- # environment:: restrict an ACL to a specific set of environments
- # method:: restrict an ACL to a specific set of methods
- # auth:: restrict an ACL to an authenticated or unauthenticated request
- # the default when unspecified is to restrict the ACL to authenticated requests
- # (ie exactly as if auth yes was present).
- #
- ### Authenticated ACL - those applies only when the client
- ### has a valid certificate and is thus authenticated
- # allow nodes to retrieve their own catalog (ie their configuration)
- path ~ ^/catalog/([^/]+)$
- method find
- allow $1
- # allow all nodes to access the certificates services
- path /certificate_revocation_list/ca
- method find
- allow *
- # allow all nodes to store their reports
- path /report
- method save
- allow *
- # inconditionnally allow access to all files services
- # which means in practice that fileserver.conf will
- # still be used
- path /file
- allow *
- ### Unauthenticated ACL, for clients for which the current master doesn't
- ### have a valid certificate
- # allow access to the master CA
- path /certificate/ca
- auth no
- method find
- allow *
- path /certificate/
- auth no
- method find
- allow *
- path /certificate_request
- auth no
- method find, save
- allow *
- path /file_metadata
- auth any
- allow *
- path /file
- allow *
- # this one is not stricly necessary, but it has the merit
- # to show the default policy which is deny everything else
- path /
- auth any
- root@puppet:/etc/puppet# ls -la /var/puppet/files
- insgesamt 0
- drwxr-xr-x 3 puppet puppet 41 28. Apr 10:29 .
- drwxr-xr-x 7 root root 75 28. Apr 09:23 ..
- -rw-r--r-- 1 puppet puppet 0 28. Apr 10:29 puppet.testfile
- drwxr-xr-x 3 puppet puppet 20 28. Apr 09:26 zabbix
- root@puppet:/etc/puppet# cat /var/puppet/modules/myh_puppet_test/manifests/init.pp
- # init.pp
- #
- # Modul zur Bereitstellung / Konfiguration des ssh-client /-daemon
- #
- # Features:
- # - Check / Installation des openssh-server package
- # - Anpassung von /etc/sshd_config
- # - Austausch der RSA host keys zwischen den puppet clients
- # - Bereitstellung von /root/.ssh/authorized_keys
- # - ForwardAgent aktivieren
- #
- # created: 28.12.2010 by schoenebeck@my-hammer.de
- class myh_puppet_test {
- file {
- "/root/puppettestfile2":
- path => "/root/puppettestfile3",
- owner => root,
- group => root,
- mode => 644,
- content => template("myh_puppet_test/puppettestfile.erb"),
- ensure => present,
- }
- file {
- "/tmp/puppet.testfile":
- source => "puppet:///files/puppet.testfile",
- }
- }
- Logging on Client:
- Apr 28 14:21:02 brandenburgdb last message repeated 18 times
- Apr 28 15:00:17 brandenburgdb puppet-agent[31973]: Reopening log files
- Apr 28 15:00:17 brandenburgdb puppet-agent[31973]: Starting Puppet client version 2.6.7
- Apr 28 15:00:25 brandenburgdb puppet-agent[31973]: (/Stage[main]/Myh_puppet_test/File[/tmp/puppet.testfile]) Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/puppet.testfile Could not retrieve file metadata for puppet:///files/puppet.testfile: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/puppet.testfile at /var/puppet/modules/myh_puppet_test/manifests/init.pp:31
- Apr 28 15:00:25 brandenburgdb puppet-agent[31973]: Finished catalog run in 0.25 seconds
- Debugoutput on Client:
- [root@brandenburgdb ~]# /usr/sbin/puppetd --onetime --no-daemonize --verbose --debug --trace
- debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist
- debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
- debug: Puppet::Type::User::ProviderLdap: true value when expecting false
- debug: Puppet::Type::User::ProviderPw: file pw does not exist
- debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing
- debug: Failed to load library 'ldap' for feature 'ldap'
- debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
- debug: /File[/var/lib/puppet/ssl/certs/brandenburgdb.abacho.net.local.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
- debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/ssl/private_keys/brandenburgdb.abacho.net.local.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
- debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
- debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state]
- debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
- debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/ssl/public_keys/brandenburgdb.abacho.net.local.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
- debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
- debug: Finishing transaction 23577754084260
- debug: /File[/var/lib/puppet/ssl/public_keys/brandenburgdb.abacho.net.local.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
- debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
- debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/ssl/private_keys/brandenburgdb.abacho.net.local.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
- debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/ssl/certs/brandenburgdb.abacho.net.local.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
- debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
- debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
- debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
- debug: Finishing transaction 23577754392820
- debug: Using cached certificate for ca
- debug: Using cached certificate for brandenburgdb.abacho.net.local
- debug: Finishing transaction 23577753930120
- debug: Loaded state in 0.00 seconds
- debug: Using cached certificate for ca
- debug: Using cached certificate for brandenburgdb.abacho.net.local
- debug: Using cached certificate_revocation_list for ca
- debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw yaml; using pson
- info: Caching catalog for brandenburgdb.abacho.net.local
- debug: Creating default schedules
- debug: Loaded state in 0.00 seconds
- info: Applying configuration version '1303991202'
- debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson
- /usr/lib/ruby/site_ruby/1.8/puppet/parameter.rb:171:in `fail'
- /usr/lib/ruby/site_ruby/1.8/puppet/type/file/source.rb:153:in `init_metadata'
- /usr/lib/ruby/site_ruby/1.8/puppet/type/file/source.rb:145:in `each'
- /usr/lib/ruby/site_ruby/1.8/puppet/type/file/source.rb:145:in `init_metadata'
- /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `send'
- /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `cached_value'
- /usr/lib/ruby/1.8/monitor.rb:238:in `synchronize'
- /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:98:in `cached_value'
- /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `metadata'
- /usr/lib/ruby/site_ruby/1.8/puppet/type/file/source.rb:109:in `copy_source_values'
- /usr/lib/ruby/site_ruby/1.8/puppet/type/file.rb:624:in `retrieve'
- /usr/lib/ruby/site_ruby/1.8/puppet/type.rb:703:in `retrieve_resource'
- /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:32:in `perform_changes'
- /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:133:in `evaluate'
- /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:48:in `apply'
- /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:113:in `eval_children_and_apply_resource'
- /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:91:in `eval_resource'
- /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:142:in `evaluate'
- /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:429:in `thinmark'
- /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
- /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
- /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:428:in `thinmark'
- /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:141:in `evaluate'
- /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `each'
- /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:134:in `evaluate'
- /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:144:in `apply'
- /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:150:in `run'
- /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:193:in `benchmark'
- /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
- /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime'
- /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:192:in `benchmark'
- /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:149:in `run'
- /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run'
- /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock'
- /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run'
- /usr/lib/ruby/1.8/sync.rb:229:in `synchronize'
- /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run'
- /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:103:in `with_client'
- /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:37:in `run'
- /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:171:in `call'
- /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:171:in `controlled_run'
- /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:35:in `run'
- /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:114:in `onetime'
- /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:88:in `run_command'
- /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
- /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:410:in `exit_on_fail'
- /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
- /usr/sbin/puppetd:4
- err: /Stage[main]/Myh_puppet_test/File[/tmp/puppet.testfile]: Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/puppet.testfile Could not retrieve file metadata for puppet:///files/puppet.testfile: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/puppet.testfile at /var/puppet/modules/myh_puppet_test/manifests/init.pp:31
- debug: Finishing transaction 23577752927260
- debug: Storing state
- debug: Stored state in 0.01 seconds
- notice: Finished catalog run in 0.09 seconds
Add Comment
Please, Sign In to add comment