puppet

puppet: katalog problemów

Dodaj komentarz

Katalog prostych błędów:

Contents

Not authorized to call find on /file_metadata

Objaw błędu:

root@ziutus:~# puppet agent --test
info: Caching catalog for gateway.linuxexpert.pl
info: Applying configuration version '1337761550'
err: /Stage[main]/Aliases/File[/etc/aliases]: Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/aliases/etc/aliases Could not retrieve file metadata for puppet:///files/aliases/etc/aliases: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/aliases/etc/aliases at /etc/puppet/modules/aliases/manifests/init.pp:8
notice: /Stage[main]/Aliases/Exec[newaliases]: Dependency File[/etc/aliases] has failures: true
warning: /Stage[main]/Aliases/Exec[newaliases]: Skipping because of failed dependencies
notice: Finished catalog run in 0.64 seconds

Rozwiązanie:
Musisz zezwolić klientowi na pobieranie plików, sprawdź plik /etc/puppet/fileserver.conf:

root@server:/etc/puppet# egrep -v "^$|^#" fileserver.conf
[files]
  path /etc/puppet/files
  allow 192.168.10.0/24
[plugins]

Could not retrieve catalog from remote server … did not match server certificate

Oct 18 12:17:12 ziutusBig puppet-agent[6429]: Could not retrieve catalog from remote server: Server hostname 'puppetmaster.lab2.unix4you.net' did not match server certificate; expected ziutusbig

Masz jedno z kilku rozwiązań (poszukaj w google). Najszybszym jest wskazanie serwera którego chcesz użyć, np.

root@ziutusBig:~# puppet agent test --server ziutusBig
root@ziutusBig:~#

Wiecej http://www.masterzen.fr/2010/11/14/puppet-ssl-explained/

Problem z certyfikatem serwera, zmiana certyfikatu serwera

Sprawdzamy nazwę certyfikatu 

root@master puppet]# puppet master --configprint certname
master.netgear.com

Ręcznie ustawiamy nazwę serwera

W pliku /etc/puppet/puppet.conf podajemy nazwę do certifikatu oraz alternatywne nazwy DNS:

    certname = puppetmaster.lab3.linuxexpert.pl
    dns_alt_names = pupptmaster.lab3.linuxexpert.pl

Generujemy nowy certifikat

Zatrzymujemy serwer:

[root@master puppet]# /etc/init.d/puppetmaster stop
Stopping puppetmaster:                                     [  OK  ]

Kasujemy stare certyfikaty:

[root@master puppet]# find $(puppet master --configprint ssldir) -name "$(puppet master --configprint certname).pem" -delete

Generujemy nowe certyfikaty:

[root@master puppet]# puppet master --no-daemonize --verbose
Info: Creating a new SSL key for puppetmaster.lab3.linuxexpert.pl
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetmaster.lab3.linuxexpert.pl
Info: Certificate Request fingerprint (SHA256): F8:22:D4:B4:2B:37:BC:B6:65:CB:E1:0E:43:AF:07:14:46:09:71:BD:F4:B4:9E:8F:DA:B8:30:37:87:0E:BA:6B
Notice: puppetmaster.lab3.linuxexpert.pl has a waiting certificate request
Notice: Signed certificate request for puppetmaster.lab3.linuxexpert.pl
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster.lab3.linuxexpert.pl at '/var/lib/puppet/ssl/ca/requests/puppetmaster.lab3.linuxexpert.pl.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster.lab3.linuxexpert.pl at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.lab3.linuxexpert.pl.pem'
Notice: Starting Puppet master version 3.6.2

^CNotice: Caught INT; calling stop

Startujemy ponownie serwer:

[root@master puppet]# /etc/init.d/puppetmaster start
Starting puppetmaster:                                     [  OK  ]

Testujemy połączenie:

[root@master puppet]# puppet agent --test --server puppetmaster.lab3.linuxexpert.pl
Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetmaster.lab3.linuxexpert.pl
Info: Applying configuration version '1404378871'
Notice: Finished catalog run in 0.08 seconds

Podobne

Dodaj komentarz