所以,我玩 puppet 已经有一段时间了,当我手动运行 puppet 时,我已经成功地设置了我的 site.pp 文件并按照我想要的方式工作,我开始继续前进找出客户端/服务器问题。
我在我的开发盒上运行一个小虚拟机,它试图与我的主盒上的 puppetmasterd 同步,但有问题。
首先 - 插件/事实同步似乎根本不起作用 - 我已经尝试打开更多的 auth.conf,但我觉得我正危险地接近将我的配置暴露给全世界。该节点的事实似乎不存在。
我已经尝试查看有关如何正确设置的官方文档,但我感觉大部分内容是在 0.25.0 之前编写的。有人对调试这个特定问题的根源有任何想法吗?
这些是我在错误日志中看到的错误:
Sep 16 22:12:59 support puppetmasterd[2800]: Not authorized to call search on /file_metadata/facts with {:ignore=>[".svn", "CVS"], :links=>"manage", :recurse=>true}
Sep 16 22:12:59 support puppetmasterd[2800]: Not authorized to call find on /file_metadata/facts
Sep 16 22:13:00 support puppetmasterd[2800]: Host is missing hostname and/or domain: **hostname of my virtual host's NAT gateway**
Sep 16 22:24:43 test puppetd[3841]: Retrieving plugin
Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
Sep 16 22:24:43 test puppetd[3841]: Finishing transaction -609701378 with 0 changes
Sep 16 22:24:43 test puppetd[3841]: Fact syncing is deprecated as of 0.25 -- use 'pluginsync' instead
Sep 16 22:24:43 test puppetd[3841]: Retrieving fact
Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
Sep 16 22:24:43 test puppetd[3841]: (/File[/var/lib/puppet/facts]) Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Not authorized to call search on /file_metadata/facts with {:ignore=>[".svn", "CVS"], :links=>"manage", :recurse=>true}
Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
Sep 16 22:24:44 test puppetd[3841]: (/File[/var/lib/puppet/facts]) Failed to retrieve current state of resource: Error 400 on SERVER: Not authorized to call find on /file_metadata/facts Could not retrieve file metadata for puppet://..fqdn../facts: Error 400 on SERVER: Not authorized to call find on /file_metadata/facts
Sep 16 22:24:44 test puppetd[3841]: Finishing transaction -610061128 with 0 changes
Sep 16 22:24:45 test puppetd[3841]: Format s not supported for Puppet::Resource::Catalog; has not implemented method 'from_s'
Sep 16 22:24:45 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
客户端上的 puppet.conf
[main]
server=**fqdn of puppetmasterd**
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=true
node_name=cert
certname=**fqdn of client**
服务器上的 puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=true
[puppetmasterd]
templatedir=/var/lib/puppet/templates
storeconfigs = true
dbadapter = mysql
dbuser = puppet
dbpassword = **password**
dbserver = localhost
dbsocket = /var/run/mysqld/mysqld.sock
服务器上的 fileserver.conf
[files]
path /etc/puppet/files
allow *
[modules]
allow *
[plugins]
allow *
服务器上的 auth.conf
path ~ ^/catalog/([^/]+)$
method find
allow *
path /certificate_revocation_list/ca
method find
allow *
path /report
method save
allow *
path /file_metadata
auth any
allow *
path /file
allow *
path /certificate/ca
auth no
method find
allow *
path /certificate/
auth no
method find
allow *
path /certificate_request
auth no
method find, save
allow *
path /
auth yes
allow *
首先,去掉
factsync,fact_sync和plugin_sync-- 它们要么不是必需的,要么拼写错误。其次,auth.conf这是不必要的——我的 0.25 设置没有auth.conf任何地方可以找到。我真的认为你过于复杂了。如果您修复您的主机/证书名称问题(根据您的其他问题)并使用fileserver.conf您所拥有的,它应该可以正常工作。可能会让您感到困惑的一件事是文件服务器尝试访问不存在的文件服务器模块(例如
/facts在您的日志消息中)而不是 404 时会给出 400 秒,这首先让我感到困惑。按照我上面的建议关闭 factsync (并且,因为它已被弃用并且是一个非常糟糕的主意,所以不会受到伤害)无论如何都会摆脱这些错误。