Puppet:服务器上出现错误 400:权限被拒绝

tag-icon tag-icon puppet puppetmaster puppet-foreman
Puppet:服务器上出现错误 400:权限被拒绝

我想使用 DOCSF 模块(来自 github)。如果我尝试使用它,我会得到以下结果:

Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Permission denied - /etc/puppet/environments/production/modules/docsf/metadata.json
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://puppetmaster.example.com/pluginfacts: Error 400 on SERVER: Permission denied - /etc/puppet/environments/production/modules/docsf/metadata.json
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Permission denied - /etc/puppet/environments/production/modules/docsf/metadata.json
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppetmaster.example.com/plugins: Error 400 on SERVER: Permission denied - /etc/puppet/environments/production/modules/docsf/metadata.json
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Permission denied - /etc/puppet/environments/production/modules/docsf/metadata.json on node pp-testexample.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

这些是模块的文件权限:

-r--r--r--. 1 puppet root  734 24. Jun 2014  checksums.json
drwxrwxr-x. 3 puppet root   19 15. Sep 2015  lib
-r--r--r--. 1 puppet root  651 15. Sep 2015  LICENSE
drwxr-sr-x. 2 puppet root   71 15. Sep 2015  manifests
-r--r--r--. 1 puppet root  792 15. Sep 2015  metadata.json
-r--r--r--. 1 puppet root 2770 15. Sep 2015  README.md
drwxr-xr-x. 2 puppet root   27 15. Sep 2015  spec
drwxr-xr-x. 2 puppet root 4096 15. Sep 2015  templates
drwxr-xr-x. 2 puppet root   20 15. Sep 2015  tests

这是树:

├── checksums.json
├── lib
│   └── facter
│       └── configserver_firewall.rb
├── LICENSE
├── manifests
│   ├── init.pp
│   ├── params.pp
│   ├── postinit.pp
│   └── preinit.pp
├── metadata.json
├── README.md
├── spec
│   └── spec_helper.rb
├── templates
│   ├── conf.maldet.erb
│   ├── csf.allow.erb
│   ├── csf.conf.erb
│   ├── csf.fignore.erb
│   ├── csf.ignore.erb
│   └── csf.pignore.erb
└── tests
    └── init.pp

有任何想法吗?

答案1

另一个问题可能是 SELinux 策略。尝试对文件运行 restorcon。

restorcon -r /etc/puppet/文件/

答案2

puppet 模块内的文件需要0644最少。github 上有几个这样的例子:

https://tickets.puppetlabs.com/browse/FORGE-163

https://github.com/voxpupuli/puppet-collectd/issues/179

https://github.com/rodjek/librarian-puppet/issues/251

只需更改权限以匹配其他文件就可以了

相关内容