I've seen mention of this error in several places, with different causes. So before I posted here, I attempted to resolve this on my own.
I corrected the change from puppet:///files to puppet:/// in my manifests *.pp files. No changes were made to the auth.conf file, and I did note in the ChangeLog that: Auth.conf differentiates between names and IPs – There’s a new allow_ip keyword > in auth.conf if you want to permit IP addresses. (PR991) But I see no mention of that on the docs page at http://docs.puppetlabs.com/guides/rest_auth_conf.html. Our auth.conf is simple, and basically has either "allow $1" or "allow *" both which appear to still be valid in 3.0. Here's an example, a simple example, an ntp.conf file: class ntp-client { file { "/etc/ntp.conf": owner => root, group => root, mode => 644, source => "puppet:///etc/ntp.conf", require => [ Package["ntp"] ], notify => Service["ntpd"], } package { "ntp": ensure => latest, } service { "ntpd": ensure => running, hasrestart => true, subscribe => File["/etc/ntp.conf"], } } # ntp-client The error I'm seeing in the puppet.log, on the client system: Oct 1 20:02:28 test-fms puppet-agent[11062]: Starting Puppet client > version 2.7.17 > Oct 1 20:02:31 test-fms puppet-agent[11062]: > (/Stage[main]/Ntp-client/File[/etc/ntp.conf]) Could not evaluate: Error 400 > on SERVER: Not authorized to call find on /file_metadata/etc/ntp.conf Could > not retrieve file metadata for puppet:///etc/ntp.conf: Error 400 on SERVER: > Not authorized to call find on /file_metadata/etc/ntp.conf at > /etc/puppet/manifests/classes/ntp-client.pp:10 The permissions from /etc/puppet/files are correct: -rw-r--r--. 1 puppet puppet 446 Mar 31 2011 etc/ntp.conf The client puppet.conf file doesn't have any custom references other than the basics. [main] > server = ourpuppet.server.com > vardir = /var/lib/puppet > logdir = /var/log/puppet > rundir = /var/run/puppet > ssldir = $vardir/ssl > [agent] > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > syslogfacility = local4 > report = true > listen = true I ran puppet master in verbose mode and got these diagnostics: Starting Puppet master version 3.0.0 Info: access[^/catalog/([^/]+)$]: allowing 'method' find Info: access[^/catalog/([^/]+)$]: allowing $1 access Info: access[/certificate_revocation_list/ca]: allowing 'method' find Info: access[/certificate_revocation_list/ca]: allowing * access Info: access[/report]: allowing 'method' save Info: access[/report]: allowing * access Info: access[/file]: allowing * access Info: access[/certificate/ca]: adding authentication no Info: access[/certificate/ca]: allowing 'method' find Info: access[/certificate/ca]: allowing * access Info: access[/certificate/]: adding authentication no Info: access[/certificate/]: allowing 'method' find Info: access[/certificate/]: allowing * access Info: access[/certificate_request]: adding authentication no Info: access[/certificate_request]: allowing 'method' find Info: access[/certificate_request]: allowing 'method' save Info: access[/certificate_request]: allowing * access Info: access[/]: adding authentication any Info: Inserting default '~ ^/node/([^/]+)$' (auth true) ACL Info: Inserting default '/status' (auth true) ACL Warning: Host is missing hostname and/or domain: one-host.ourdomain.com Compiled catalog for one-host.ourdomain.com in environment production in 1.16 seconds Info: mount[files]: allowing 10.101.0.0/24 access Error: Error parsing fileserver configuration: wrong number of arguments (3 for 1); using old configuration Error: Not authorized to call find on /file_metadata/etc/ntp.conf Error: Not authorized to call find on /file_metadata/etc/sudoers Error: Not authorized to call find on /file_metadata/files/etc/ssh/ssh_known_hosts Error: Not authorized to call find on /file_metadata/files/etc/ssh/sshd_config Error: Not authorized to call find on /file_metadata/etc/puppet/namespaceauth.conf Error: Not authorized to call find on /file_metadata/etc/puppet/puppet.conf.agent Error: Not authorized to call find on /file_metadata/etc/puppet/auth.conf Error: Not authorized to call find on /file_metadata/etc/resolv.conf.test I reviewed the docs at http://docs.puppetlabs.com/guides/file_serving.html and our config looks fine. Reading through the issue at http://projects.puppetlabs.com/issues/16667, I'm not clear what the fix actually is. But, our config has been unaltered. We have unused modules in the /etc/puppet/modules directory, where most of the little stuff has been in /etc/puppet/manifests, referenced in site.pp by: import "classes/*" > import "nodes.pp" And it's worked thus far. In the example above, with ntp-client, it's just a simple little ntp-client.pp file that references a file that should be transfered, nothing more. So I don't see how or why that wouldn't work as-is. The error above: Error: Error parsing fileserver configuration: wrong number of arguments (3 > for 1); using old configuration Doesn't make any sense to me, as our config seems to be in line with the docs: The fileserver.conf file is pretty simple: [files] > path /etc/puppet/files > allow 10.101.0.0/24 > allow 10.103.0.0/24 In the log above, clearly the connection is authorized. Info: mount[files]: allowing 10.101.0.0/24 access I'm not sure of the reference to the error "Warning: Host is missing hostname and/or domain" as it's clearly a FQHN (yes, I edited it here). So I'm pretty stumped here. Our only other option is to just downgrade back to 2.7.x and wait for these issues to get worked out. Any pointers would be appreciated. Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/RuqTerxKHxMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
