[Puppet Users] issuse with Puppet Not authorized

Tue, 19 Jul 2016 21:45:11 -0700 

environment:
[root@client1 puppet]# more /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 
localhost6.localdomain6
192.168.80.28   master.mylab.com  master
192.168.80.27   db.mylab.com db
192.168.80.29   client1.mylab.com  client1

auth.conf & fileserver.conf on master
[root@master puppet]# cat auth.conf 
path ~ ^/puppet/v3/catalog/([^/]+)$
method find
auth yes
allow $1

path ~ ^/puppet/v3/node/([^/]+)$
method find
auth yes
allow $1

path /puppet-ca/v1/certificate_revocation_list/ca
method find
auth yes
allow *

path ~ ^/puppet/v3/report/([^/]+)$
method save
auth yes
allow $1

path /puppet/v3/file
auth yes
allow *

path /puppet-ca/v1/certificate/ca
method find
auth any
allow *

path /puppet-ca/v1/certificate/
method find
auth any
allow *

path /puppet-ca/v1/certificate_request
method find, save
auth any
allow *

path /puppet/v3/environments
method find
auth yes
allow *

path /puppet/v3/environment
method find
auth yes
allow pe-internal-orchestrator

path /puppet/v3/status
method find
auth any
allow *

path /puppet/v3/facts
method find, search
auth any
allow pe-internal-dashboard

path /puppet/v3/resource_type
method find, search
auth yes
allow pe-internal-dashboard, pe-internal-classifier, 
pe-internal-orchestrator

path /
auth any

path /file_metadata/files
auth any
allow *
[root@master puppet]# cat fileserver.conf
[pe_packages]
path /opt/puppetlabs/server/data/packages/public
allow *
[pe_modules]
path /opt/puppetlabs/server/share/installer/modules
allow *
[smb_config]
path /usr/local/samba/etc
allow *

site.pp
pwd
/etc/puppetlabs/puppet/production/manifests
[root@master manifests]# more site.pp
$puppetserver = 'master.mylab.com'
node 'master.mylab.com'{
  include  motd
}
node 'client1.mylab.com'{
  include  cr_file,rpcbind_nfs_start,start_smb
}

init.pp
[root@master manifests]# pwd
/etc/puppetlabs/puppet/modules/start_smb/manifests
[root@master manifests]# more init.pp
class start_smb{
file {  
   "/usr/local/samba/etc/smb.conf":  
   source => "puppet://$puppetserver/files/smb.conf",  
   group => root,  
   owner => root,  
   mode => '0644'
}   

exec {  
      "nmb start":  
       path => ["/usr/bin", "/usr/sbin", "/bin", 
"/sbin","/usr/local/samba/sbin","/usr/local/samba/bin"],  
       command  => "/usr/local/samba/sbin/nmbd -D",  
       subscribe => File["/usr/local/samba/etc/smb.conf"],  
       refreshonly => true  
     }  
exec {  
      "smb start":  
       path => ["/usr/bin", "/usr/sbin", "/bin", 
"/sbin","/usr/local/samba/sbin","/usr/local/samba/bin"],  
       command  => "/usr/local/samba/sbin/smbd -D",  
       subscribe => File["/usr/local/samba/etc/smb.conf"],  
       refreshonly => true  
     }  
}


files directory
[root@master puppet]# ls -l files
total 8
-rwxrwxrwx 1 pe-puppet pe-puppet 7934 Jul 20 02:12 smb.conf
[root@master puppet]# ls -ld files
drwxr-xr-x 2 pe-puppet pe-puppet 4096 Jul 20 02:12 files

the error was indicate when the client sync with master
2016-07-20 03:08:10,638 INFO  [qtp2111722343-62] [puppetserver] Puppet 
'store_report' command for client1.mylab.com submitted to PuppetDB with 
UUID abe54050-128d-447f-9742-def31e6a77a2
2016-07-20 03:08:11,332 INFO  [qtp2111722343-65] [puppetserver] Puppet 
Caching node for client1.mylab.com
2016-07-20 03:08:12,055 INFO  [qtp2111722343-63] [puppetserver] Puppet 
'replace_facts' command for client1.mylab.com submitted to PuppetDB with 
UUID e03abc15-4d1b-4a43-b9c8-43452d09a06f
2016-07-20 03:08:12,240 INFO  [qtp2111722343-63] [puppetserver] Puppet 
Caching node for client1.mylab.com
2016-07-20 03:08:13,546 INFO  [qtp2111722343-63] [puppetserver] Puppet 
Compiled catalog for client1.mylab.com in environment production in 1.28 
seconds
2016-07-20 03:08:13,546 INFO  [qtp2111722343-63] [puppetserver] Puppet 
Caching catalog for client1.mylab.com
2016-07-20 03:08:13,737 INFO  [qtp2111722343-63] [puppetserver] Puppet 
'replace_catalog' command for client1.mylab.com submitted to PuppetDB with 
UUID 893942c0-b32b-4864-9231-b00f0ce5fb34
2016-07-20 03:08:15,838 ERROR [qtp2111722343-62] [puppetserver] Puppet Not 
authorized to call find on /file_metadata/files/smb.conf with 
{:rest=>"files/smb.conf", :links=>"manage", :checksum_type=>"md5", 
:source_permissions=>"ignore"}
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:308:in
 
`check_authorization'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:324:in
 
`prepare'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:184:in
 
`find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:132:in
 
`do_find'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:48:in
 
`call'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in 
`override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:240:in `override'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/api/indirected_routes.rb:47:in
 
`call'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:82:in 
`process'
org/jruby/RubyArray.java:1613:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:81:in 
`process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:87:in 
`process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/route.rb:87:in 
`process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:60:in
 
`process'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler/around_profiler.rb:58:in
 
`profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/profiler.rb:51:in 
`profile'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/handler.rb:58:in
 
`process'
file:/opt/puppetlabs/server/apps/puppetserver/puppet-server-release.jar!/puppetserver-lib/puppet/server/master.rb:42:in
 
`handleRequest'
Puppet$$Server$$Master_76685231.gen:13:in `handleRequest'
request_handler_core.clj:281:in `invoke'
jruby_request.clj:47:in `invoke'
jruby_request.clj:29:in `invoke'
request_handler_service.clj:38:in `handle_request'
request_handler.clj:3:in `invoke'
request_handler.clj:3:in `invoke'
core.clj:2493:in `invoke'
ring_middleware.clj:281:in `invoke'
core.clj:249:in `invoke'
core.clj:294:in `invoke'
core.clj:128:in `invoke'
core.clj:134:in `invoke'
ringutils.clj:86:in `invoke'
master_core.clj:416:in `invoke'
ring.clj:21:in `invoke'
ring.clj:12:in `invoke'
comidi.clj:249:in `invoke'
http.clj:152:in `invoke'
http.clj:152:in `invoke'
http.clj:148:in `invoke'
comidi.clj:336:in `invoke'
jetty9_core.clj:424:in `invoke'
normalized_uri_helpers.clj:80:in `invoke'

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cd93edbd-c3c1-41a9-ad6e-f8928845a170%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to