所以,我已经玩了一段时间了,我已经设法让我的site.pp文件设置和工作方式我想要的时候,我手动运行木偶,我开始继续前进找出客户端/服务器的问题。
我正在我的开发盒上运行一个小虚拟机,试图与我的主箱上的puppetmasterd同步,但有问题。
首先 – 插件/事实同步似乎根本没有工作 – 我试图打开更多的auth.conf,但我觉得我越来越危险地接近我的configuration暴露给全世界。 节点的事实似乎并不存在。
我试着看官方文档如何正确设置,但我感觉大部分是写在0.25.0之前。 任何人都有任何想法来debugging这个特定问题的来源?
这些是我在错误日志中看到的错误:
Sep 16 22:12:59 support puppetmasterd[2800]: Not authorized to call search on /file_metadata/facts with {:ignore=>[".svn", "CVS"], :links=>"manage", :recurse=>true} Sep 16 22:12:59 support puppetmasterd[2800]: Not authorized to call find on /file_metadata/facts Sep 16 22:13:00 support puppetmasterd[2800]: Host is missing hostname and/or domain: **hostname of my virtual host's NAT gateway** Sep 16 22:24:43 test puppetd[3841]: Retrieving plugin Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s' Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true Sep 16 22:24:43 test puppetd[3841]: Finishing transaction -609701378 with 0 changes Sep 16 22:24:43 test puppetd[3841]: Fact syncing is deprecated as of 0.25 -- use 'pluginsync' instead Sep 16 22:24:43 test puppetd[3841]: Retrieving fact Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s' Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true Sep 16 22:24:43 test puppetd[3841]: (/File[/var/lib/puppet/facts]) Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Not authorized to call search on /file_metadata/facts with {:ignore=>[".svn", "CVS"], :links=>"manage", :recurse=>true} Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s' Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true Sep 16 22:24:44 test puppetd[3841]: (/File[/var/lib/puppet/facts]) Failed to retrieve current state of resource: Error 400 on SERVER: Not authorized to call find on /file_metadata/facts Could not retrieve file metadata for puppet://..fqdn../facts: Error 400 on SERVER: Not authorized to call find on /file_metadata/facts Sep 16 22:24:44 test puppetd[3841]: Finishing transaction -610061128 with 0 changes Sep 16 22:24:45 test puppetd[3841]: Format s not supported for Puppet::Resource::Catalog; has not implemented method 'from_s' Sep 16 22:24:45 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true 客户端上的puppet.conf
[main] server=**fqdn of puppetmasterd** logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true node_name=cert certname=**fqdn of client**
服务器上的puppet.conf
[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true [puppetmasterd] templatedir=/var/lib/puppet/templates storeconfigs = true dbadapter = mysql dbuser = puppet dbpassword = **password** dbserver = localhost dbsocket = /var/run/mysqld/mysqld.sock
服务器上的fileserver.conf
[files] path /etc/puppet/files allow * [modules] allow * [plugins] allow *
服务器上的auth.conf
path ~ ^/catalog/([^/]+)$ method find allow * path /certificate_revocation_list/ca method find allow * path /report method save allow * path /file_metadata auth any allow * path /file allow * path /certificate/ca auth no method find allow * path /certificate/ auth no method find allow * path /certificate_request auth no method find, save allow * path / auth yes allow *
首先,摆脱factsync , fact_sync和plugin_sync – 他们都不是要求或拼错。 其次, auth.conf是不必要的 – 我的0.25设置没有任何地方auth.conf被发现。 我真的觉得你太过于复杂了。 如果你修复你的主机/证书名称问题(根据你的其他问题),并使用你已经到达的fileserver.conf ,应该没问题。
有一件事情可能会让你感到沮丧的是,文件服务器提供了400秒的尝试访问不存在的文件服务器模块(如日志消息中的/facts ),而不是404,这首先引起我的兴趣。 按照我上面提到的closures事实同步(并且,由于它已经被弃用,并且一个非常糟糕的主意,不会受到伤害),无论如何都将会消除这些错误。