Issue #6576 has been reported by Cameron Braid.
----------------------------------------
Bug #6576: err: Not authorized to call find on /file_metadata/test/README
https://projects.puppetlabs.com/issues/6576
Author: Cameron Braid
Status: Unreviewed
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version:
Keywords:
Branch:
I have a very basic setup to test out puppet.
Running on ubuntu 10.10
puppetmaster and puppet are on the same host
puppet.conf :
<pre>
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
</pre>
puppetd.conf
<pre>
[puppetd]
logdir = /var/log/puppet
vardir = /var/lib/puppet
rundir = /var/run
</pre>
auth.conf
(none)
fileserver.conf
<pre>
# This file consists of arbitrarily named sections/modules
# defining where files are served from and to whom
# Define a section 'files'
# Adapt the allow/deny settings to your needs. Order
# for allow/deny does not matter, allow always takes precedence
# over deny
[files]
path /etc/puppet/files
allow *
# allow *.example.com
# deny *.evil.example.com
# allow 192.168.0.0/24
[plugins]
# allow *.example.com
# deny *.evil.example.com
# allow 192.168.0.0/24
</pre>
site.pp
<pre>
node "HOSTNAME" {
file { "/tmp":
source => "puppet:///test/README"
}
}
</pre>
puppetmaster log (puppetmasterd --trace --debug --no-daemonize) :
<pre>
debug: Failed to load library 'rubygems' for feature 'rubygems'
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does
not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows
is missing
debug: /File[/var/lib/puppet/yaml]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/bucket]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/reports]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/ssl/certs/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/private_keys/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/private_keys]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/server_data]: Autorequiring File[/var/lib/puppet]
debug: /File[/etc/puppet/fileserver.conf]: Autorequiring File[/etc/puppet]
debug: /File[/etc/puppet/manifests/site.pp]: Autorequiring
File[/etc/puppet/manifests]
debug: /File[/var/log/puppet/masterhttp.log]: Autorequiring
File[/var/log/puppet]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/etc/puppet/manifests]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 70037161179920
debug: /File[/var/lib/puppet/ssl/ca/requests]: Autorequiring
File[/var/lib/puppet/ssl/ca]
debug: /File[/var/lib/puppet/ssl/ca/ca_pub.pem]: Autorequiring
File[/var/lib/puppet/ssl/ca]
debug: /File[/var/lib/puppet/ssl/ca/signed]: Autorequiring
File[/var/lib/puppet/ssl/ca]
debug: /File[/var/lib/puppet/ssl/ca/ca_key.pem]: Autorequiring
File[/var/lib/puppet/ssl/ca]
debug: /File[/var/lib/puppet/ssl/ca/ca_crl.pem]: Autorequiring
File[/var/lib/puppet/ssl/ca]
debug: /File[/var/lib/puppet/ssl/ca/private]: Autorequiring
File[/var/lib/puppet/ssl/ca]
debug: /File[/var/lib/puppet/ssl/ca/inventory.txt]: Autorequiring
File[/var/lib/puppet/ssl/ca]
debug: /File[/var/lib/puppet/ssl/ca/serial]: Autorequiring
File[/var/lib/puppet/ssl/ca]
debug: /File[/var/lib/puppet/ssl/ca/private/ca.pass]: Autorequiring
File[/var/lib/puppet/ssl/ca/private]
debug: /File[/var/lib/puppet/ssl/ca/ca_crt.pem]: Autorequiring
File[/var/lib/puppet/ssl/ca]
debug: Finishing transaction 70037161339580
debug: Using cached certificate for ca
debug: Using cached certificate for ca
debug: Using cached certificate for HOSTNAME
notice: Starting Puppet master version 2.6.6
info: mount[files]: allowing * access
debug: No modules mount given; autocreating with default permissions
debug: No path given for plugins mount; creating a special PluginMount
debug: Finishing transaction 70037159732260
info: Inserting default '~ ^/catalog/([^/]+)$'(auth) acl because
/etc/puppet/auth.conf doesn't exist
info: Inserting default '/file'(non-auth) acl because /etc/puppet/auth.conf
doesn't exist
info: Inserting default '/certificate_revocation_list/ca'(auth) acl because
/etc/puppet/auth.conf doesn't exist
info: Inserting default '/report'(auth) acl because /etc/puppet/auth.conf
doesn't exist
info: Inserting default '/certificate/ca'(non-auth) acl because
/etc/puppet/auth.conf doesn't exist
info: Inserting default '/certificate/'(non-auth) acl because
/etc/puppet/auth.conf doesn't exist
info: Inserting default '/certificate_request'(non-auth) acl because
/etc/puppet/auth.conf doesn't exist
info: Inserting default '/status'(auth) acl because /etc/puppet/auth.conf
doesn't exist
info: Expiring the node cache of HOSTNAME
info: Not using expired node for HOSTNAME from cache; expired at Fri Mar 04
02:30:42 +1000 2011
info: Caching node for HOSTNAME
notice: Compiled catalog for HOSTNAME in environment production in 0.02 seconds
info: mount[files]: allowing * access
/usr/lib/ruby/1.8/puppet/indirector/indirection.rb:286:in `check_authorization'
/usr/lib/ruby/1.8/puppet/indirector/indirection.rb:302:in `prepare'
/usr/lib/ruby/1.8/puppet/indirector/indirection.rb:181:in `find'
/usr/lib/ruby/1.8/puppet/indirector.rb:50:in `find'
/usr/lib/ruby/1.8/puppet/network/http/handler.rb:101:in `do_find'
/usr/lib/ruby/1.8/puppet/network/http/handler.rb:68:in `send'
/usr/lib/ruby/1.8/puppet/network/http/handler.rb:68:in `process'
/usr/lib/ruby/1.8/puppet/network/http/webrick/rest.rb:24:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
/usr/lib/ruby/1.8/puppet/network/http/webrick.rb:45:in `listen'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
/usr/lib/ruby/1.8/puppet/network/http/webrick.rb:42:in `listen'
/usr/lib/ruby/1.8/puppet/network/http/webrick.rb:41:in `initialize'
/usr/lib/ruby/1.8/puppet/network/http/webrick.rb:41:in `new'
/usr/lib/ruby/1.8/puppet/network/http/webrick.rb:41:in `listen'
/usr/lib/ruby/1.8/puppet/network/http/webrick.rb:38:in `synchronize'
/usr/lib/ruby/1.8/puppet/network/http/webrick.rb:38:in `listen'
/usr/lib/ruby/1.8/puppet/network/server.rb:127:in `listen'
/usr/lib/ruby/1.8/puppet/network/server.rb:142:in `start'
/usr/lib/ruby/1.8/puppet/daemon.rb:124:in `start'
/usr/lib/ruby/1.8/puppet/application/master.rb:114:in `main'
/usr/lib/ruby/1.8/puppet/application/master.rb:46:in `run_command'
/usr/lib/ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/1.8/puppet/application.rb:410:in `exit_on_fail'
/usr/lib/ruby/1.8/puppet/application.rb:304:in `run'
/usr/sbin/puppetmasterd:4
err: Not authorized to call find on /file_metadata/test/README
</pre>
puppet log (puppetd --verbose --trace --debug --logdest console --no-daemonize
--onetime) :
<pre>
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does
not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Failed to load library 'rubygems' for feature 'rubygems'
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows
is missing
debug: /File[/var/lib/puppet/ssl/public_keys/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state/classes.txt]: Autorequiring
File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring
File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring
File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/private_keys/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 70177756593000
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/public_keys/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/private_keys/HOSTNAME.pem]: Autorequiring
File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 70177755776440
debug: Using cached certificate for ca
debug: Using cached certificate for HOSTNAME
debug: Finishing transaction 70177755387900
debug: Loaded state in 0.00 seconds
debug: Using cached certificate for ca
debug: Using cached certificate for HOSTNAME
debug: Using cached certificate_revocation_list for ca
debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw yaml; using
pson
info: Caching catalog for HOSTNAME
debug: Creating default schedules
debug: Loaded state in 0.00 seconds
info: Applying configuration version '1299169902'
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml;
using pson
/usr/lib/ruby/1.8/puppet/parameter.rb:171:in `fail'
/usr/lib/ruby/1.8/puppet/type/file/source.rb:153:in `init_metadata'
/usr/lib/ruby/1.8/puppet/type/file/source.rb:145:in `each'
/usr/lib/ruby/1.8/puppet/type/file/source.rb:145:in `init_metadata'
/usr/lib/ruby/1.8/puppet/util/cacher.rb:106:in `send'
/usr/lib/ruby/1.8/puppet/util/cacher.rb:106:in `cached_value'
/usr/lib/ruby/1.8/monitor.rb:242:in `synchronize'
/usr/lib/ruby/1.8/puppet/util/cacher.rb:98:in `cached_value'
/usr/lib/ruby/1.8/puppet/util/cacher.rb:48:in `metadata'
/usr/lib/ruby/1.8/puppet/type/file/source.rb:109:in `copy_source_values'
/usr/lib/ruby/1.8/puppet/type/file.rb:622:in `retrieve'
/usr/lib/ruby/1.8/puppet/type.rb:703:in `retrieve_resource'
/usr/lib/ruby/1.8/puppet/transaction/resource_harness.rb:32:in `perform_changes'
/usr/lib/ruby/1.8/puppet/transaction/resource_harness.rb:133:in `evaluate'
/usr/lib/ruby/1.8/puppet/transaction.rb:48:in `apply'
/usr/lib/ruby/1.8/puppet/transaction.rb:113:in
`eval_children_and_apply_resource'
/usr/lib/ruby/1.8/puppet/transaction.rb:91:in `eval_resource'
/usr/lib/ruby/1.8/puppet/transaction.rb:142:in `evaluate'
/usr/lib/ruby/1.8/puppet/util.rb:424:in `thinmark'
/usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
/usr/lib/ruby/1.8/puppet/util.rb:423:in `thinmark'
/usr/lib/ruby/1.8/puppet/transaction.rb:141:in `evaluate'
/usr/lib/ruby/1.8/puppet/transaction.rb:134:in `each'
/usr/lib/ruby/1.8/puppet/transaction.rb:134:in `evaluate'
/usr/lib/ruby/1.8/puppet/resource/catalog.rb:144:in `apply'
/usr/lib/ruby/1.8/puppet/configurer.rb:150:in `run'
/usr/lib/ruby/1.8/puppet/util.rb:192:in `benchmark'
/usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
/usr/lib/ruby/1.8/puppet/util.rb:191:in `benchmark'
/usr/lib/ruby/1.8/puppet/configurer.rb:149:in `run'
/usr/lib/ruby/1.8/puppet/agent.rb:39:in `run'
/usr/lib/ruby/1.8/puppet/agent/locker.rb:21:in `lock'
/usr/lib/ruby/1.8/puppet/agent.rb:39:in `run'
/usr/lib/ruby/1.8/sync.rb:230:in `synchronize'
/usr/lib/ruby/1.8/puppet/agent.rb:39:in `run'
/usr/lib/ruby/1.8/puppet/agent.rb:103:in `with_client'
/usr/lib/ruby/1.8/puppet/agent.rb:37:in `run'
/usr/lib/ruby/1.8/puppet/application.rb:171:in `call'
/usr/lib/ruby/1.8/puppet/application.rb:171:in `controlled_run'
/usr/lib/ruby/1.8/puppet/agent.rb:35:in `run'
/usr/lib/ruby/1.8/puppet/application/agent.rb:114:in `onetime'
/usr/lib/ruby/1.8/puppet/application/agent.rb:88:in `run_command'
/usr/lib/ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/1.8/puppet/application.rb:410:in `exit_on_fail'
/usr/lib/ruby/1.8/puppet/application.rb:304:in `run'
/usr/sbin/puppetd:4
err: /Stage[main]//Node[HOSTNAME]/File[/tmp]: Could not evaluate: Error 400 on
SERVER: Not authorized to call find on /file_metadata/test/README Could not
retrieve file metadata for puppet:///test/README: Error 400 on SERVER: Not
authorized to call find on /file_metadata/test/README at
/etc/puppet/manifests/site.pp:4
debug: Finishing transaction 70177756220540
debug: Storing state
debug: Stored state in 0.01 seconds
notice: Finished catalog run in 0.04 seconds
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
