fileserver.conf -- files not serving

121 views
Skip to first unread message

Peter Berghold

unread,
Jul 27, 2015, 2:58:31 PM7/27/15
to puppet-users
Hi there,

I am trying to keep Puppet modules in sync between Puppet masters in an environment where SSH is being blocked between the masters (long story there, corporate security rules), Git and other such are not an option but I can use port 8140 between them.

So I set up a fileserver.conf like thus:

[data]
  path=/data
  allow *

and added this to the auth.conf file:

path ~ ^/file_(metadata|content)s?/data/
auth yes
allow *

and one of the classes managing this looks like:
class puppet::master::classdir {
  include puppet::params
  $src_uri = 'puppet:///data/puppet-modules'

  file { '/data/puppet-modules':
    source  => $src_uri,
    owner   => root,
    group   => root,
    mode    => '0755',
    recurse => true
  }
}

and when the Puppet agent runs I see this:

Error: /Stage[main]/Puppet::Master::Classdir/File[/data/puppet-modules]: Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Not authorized to call search on /file_metadata/data/puppet-modules with {:recurse=>true, :checksum_type=>"md5", :links=>"manage"}
Error: /Stage[main]/Puppet::Master::Classdir/File[/data/puppet-modules]: Could not evaluate: Could not retrieve file metadata for puppet:///data/puppet-modules: Error 400 on SERVER: Not authorized to call find on /file_metadata/data/puppet-modules with {:source_permissions=>"use", :links=>"manage"}
Wrapped exception:
Error 400 on SERVER: Not authorized to call find on /file_metadata/data/puppet-modules with {:source_permissions=>"use", :links=>"manage"}


OK.. so what am I missing here? 

Jonathan Gazeley

unread,
Jul 28, 2015, 10:25:46 AM7/28/15
to puppet...@googlegroups.com
You could consider running SSH or rsync on port 8140...

Cheers,
Jonathan
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAArvnv0V2GxEh_6kVB54VWf11MrX7LN5javu9ipL5T6r40kVaw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Peter Berghold

unread,
Jul 28, 2015, 11:44:36 AM7/28/15
to puppet...@googlegroups.com

Wouldn't thar collide with the Puppet master process listening on 8140?


To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55B790D7.2030807%40bristol.ac.uk.

Peter Berghold

unread,
Jul 28, 2015, 1:08:16 PM7/28/15
to puppet...@googlegroups.com
Solved it.  Had to play with /etc/puppet/auth.conf to get it to work.  I've published a blog page about it. http://puppet-blog.berghold.net/?p=28#more-28

Reply all
Reply to author
Forward
0 new messages