因此,我已经使用 puppet 有一段时间了,并且我已经设法设置了我的 site.pp 文件,并且当我手动运行 puppet 时,它按照我想要的方式工作,而且我开始着手解决客户端/服务器问题。
我在我的开发箱上运行一个小型虚拟机,它正在尝试与主箱上的 puppetmasterd 同步,但出现了问题。
首先 - 插件/事实同步似乎根本不起作用 - 我尝试过开放更多 auth.conf,但我觉得我离向全世界公开我的配置已经很近了。节点的事实似乎根本不存在。
我尝试查看有关如何正确设置的官方文档,但我觉得其中大部分内容都是在 0.25.0 之前编写的。有人知道如何调试此特定问题的根源吗?
这些是我在错误日志中看到的错误:
Sep 16 22:12:59 support puppetmasterd[2800]: Not authorized to call search on /file_metadata/facts with {:ignore=>[".svn", "CVS"], :links=>"manage", :recurse=>true}
Sep 16 22:12:59 support puppetmasterd[2800]: Not authorized to call find on /file_metadata/facts
Sep 16 22:13:00 support puppetmasterd[2800]: Host is missing hostname and/or domain: **hostname of my virtual host's NAT gateway**
Sep 16 22:24:43 test puppetd[3841]: Retrieving plugin
Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
Sep 16 22:24:43 test puppetd[3841]: Finishing transaction -609701378 with 0 changes
Sep 16 22:24:43 test puppetd[3841]: Fact syncing is deprecated as of 0.25 -- use 'pluginsync' instead
Sep 16 22:24:43 test puppetd[3841]: Retrieving fact
Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
Sep 16 22:24:43 test puppetd[3841]: (/File[/var/lib/puppet/facts]) Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Not authorized to call search on /file_metadata/facts with {:ignore=>[".svn", "CVS"], :links=>"manage", :recurse=>true}
Sep 16 22:24:43 test puppetd[3841]: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s'
Sep 16 22:24:43 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
Sep 16 22:24:44 test puppetd[3841]: (/File[/var/lib/puppet/facts]) Failed to retrieve current state of resource: Error 400 on SERVER: Not authorized to call find on /file_metadata/facts Could not retrieve file metadata for puppet://..fqdn../facts: Error 400 on SERVER: Not authorized to call find on /file_metadata/facts
Sep 16 22:24:44 test puppetd[3841]: Finishing transaction -610061128 with 0 changes
Sep 16 22:24:45 test puppetd[3841]: Format s not supported for Puppet::Resource::Catalog; has not implemented method 'from_s'
Sep 16 22:24:45 test puppetd[3841]: Puppet::Network::Format[json]: false value when expecting true
客户端上的 puppet.conf
[main]
server=**fqdn of puppetmasterd**
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=true
node_name=cert
certname=**fqdn of client**
服务器上的 puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
pluginsync=true
[puppetmasterd]
templatedir=/var/lib/puppet/templates
storeconfigs = true
dbadapter = mysql
dbuser = puppet
dbpassword = **password**
dbserver = localhost
dbsocket = /var/run/mysqld/mysqld.sock
服务器上的 fileserver.conf
[files]
path /etc/puppet/files
allow *
[modules]
allow *
[plugins]
allow *
服务器上的 auth.conf
path ~ ^/catalog/([^/]+)$
method find
allow *
path /certificate_revocation_list/ca
method find
allow *
path /report
method save
allow *
path /file_metadata
auth any
allow *
path /file
allow *
path /certificate/ca
auth no
method find
allow *
path /certificate/
auth no
method find
allow *
path /certificate_request
auth no
method find, save
allow *
path /
auth yes
allow *
答案1
首先,删除factsync、fact_sync和plugin_sync—— 它们要么不是必需的,要么拼写错误。其次,auth.conf是不必要的 —— 我的 0.25 设置根本找不到auth.conf。我真的认为你把它复杂化了。如果你修复了主机/证书名称问题(按照你的其他问题)并使用fileserver.conf你在那里找到的 ,它应该可以正常工作。
有一件事可能会让您感到困惑,那就是文件服务器在尝试访问不存在的文件服务器模块时会给出 400 错误(例如/facts在您的日志消息中),而不是 404 错误,这让我一开始就感到困惑。按照我上面建议的那样关闭 factsync(并且,由于它已被弃用并且是一个非常糟糕的主意,所以不会有什么坏处)无论如何都会消除这些错误。