Katalog prostych błędów:
Not authorized to call find on /file_metadata
Objaw błędu:
root@ziutus:~# puppet agent --test info: Caching catalog for gateway.linuxexpert.pl info: Applying configuration version '1337761550' err: /Stage[main]/Aliases/File[/etc/aliases]: Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/aliases/etc/aliases Could not retrieve file metadata for puppet:///files/aliases/etc/aliases: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/aliases/etc/aliases at /etc/puppet/modules/aliases/manifests/init.pp:8 notice: /Stage[main]/Aliases/Exec[newaliases]: Dependency File[/etc/aliases] has failures: true warning: /Stage[main]/Aliases/Exec[newaliases]: Skipping because of failed dependencies notice: Finished catalog run in 0.64 seconds
Rozwiązanie:
Musisz zezwolić klientowi na pobieranie plików, sprawdź plik /etc/puppet/fileserver.conf:
root@server:/etc/puppet# egrep -v "^$|^#" fileserver.conf [files] path /etc/puppet/files allow 192.168.10.0/24 [plugins]
Could not retrieve catalog from remote server … did not match server certificate
Oct 18 12:17:12 ziutusBig puppet-agent[6429]: Could not retrieve catalog from remote server: Server hostname 'puppetmaster.lab2.unix4you.net' did not match server certificate; expected ziutusbig
Masz jedno z kilku rozwiązań (poszukaj w google). Najszybszym jest wskazanie serwera którego chcesz użyć, np.
root@ziutusBig:~# puppet agent test --server ziutusBig root@ziutusBig:~#
Wiecej http://www.masterzen.fr/2010/11/14/puppet-ssl-explained/
Problem z certyfikatem serwera, zmiana certyfikatu serwera
Sprawdzamy nazwę certyfikatu
root@master puppet]# puppet master --configprint certname master.netgear.com
Ręcznie ustawiamy nazwę serwera
W pliku /etc/puppet/puppet.conf podajemy nazwę do certifikatu oraz alternatywne nazwy DNS:
certname = puppetmaster.lab3.linuxexpert.pl dns_alt_names = pupptmaster.lab3.linuxexpert.pl
Generujemy nowy certifikat
Zatrzymujemy serwer:
[root@master puppet]# /etc/init.d/puppetmaster stop Stopping puppetmaster: [ OK ]
Kasujemy stare certyfikaty:
[root@master puppet]# find $(puppet master --configprint ssldir) -name "$(puppet master --configprint certname).pem" -delete
Generujemy nowe certyfikaty:
[root@master puppet]# puppet master --no-daemonize --verbose Info: Creating a new SSL key for puppetmaster.lab3.linuxexpert.pl Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppetmaster.lab3.linuxexpert.pl Info: Certificate Request fingerprint (SHA256): F8:22:D4:B4:2B:37:BC:B6:65:CB:E1:0E:43:AF:07:14:46:09:71:BD:F4:B4:9E:8F:DA:B8:30:37:87:0E:BA:6B Notice: puppetmaster.lab3.linuxexpert.pl has a waiting certificate request Notice: Signed certificate request for puppetmaster.lab3.linuxexpert.pl Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster.lab3.linuxexpert.pl at '/var/lib/puppet/ssl/ca/requests/puppetmaster.lab3.linuxexpert.pl.pem' Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster.lab3.linuxexpert.pl at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.lab3.linuxexpert.pl.pem' Notice: Starting Puppet master version 3.6.2 ^CNotice: Caught INT; calling stop
Startujemy ponownie serwer:
[root@master puppet]# /etc/init.d/puppetmaster start Starting puppetmaster: [ OK ]
Testujemy połączenie:
[root@master puppet]# puppet agent --test --server puppetmaster.lab3.linuxexpert.pl Info: Caching certificate_revocation_list for ca Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for puppetmaster.lab3.linuxexpert.pl Info: Applying configuration version '1404378871' Notice: Finished catalog run in 0.08 seconds