Hey Daniele, Thanks for your feedback! And especially your suggestion to forego SSL since I'm running puppetb and puppetboard on the same host.
Anyway, here's my jetty.ini file from puppetdb: [root@puppet:/etc/puppetdb/conf.d] #cat jetty.ini | grep -v '#' [jetty] port = 8082 ssl-host = 216.120.250.140 ssl-port = 8081 ssl-key = /etc/puppetdb/ssl/private.pem ssl-cert = /etc/puppetdb/ssl/public.pem ssl-ca-cert = /etc/puppetdb/ssl/ca.pem And I set my settings.py to what you suggested: [root@puppet:/etc/puppetdb/conf.d] #cat /var/www/puppetboard/settings.py PUPPETDB_HOST = 'localhost' PUPPETDB_PORT = 8082 PUPPETDB_TIMEOUT = 60 And look at that!!! http://puppetboard.jokefire.com/ The puppetboard started filling in with data. However, all my nodes are showing up as 'unreported'. Which is odd because I am also running foreman on the same machine. And if I look there, foreman is claiming that all my nodes have reported in. Could I now be having an issue with the puppetdb itself? if so I don't see anything telling in the puppetdb logs: [root@puppet:/etc/puppetdb/conf.d] #tail -f /var/log/puppetdb/puppetdb.log 2014-10-09 15:27:29,822 INFO [c.p.p.command] [833e757a-929b-4e7d-9f4b-82728e0e1659] [replace catalog] ldap02.jokefire.com 2014-10-09 15:27:31,362 INFO [c.p.p.command] [4b4c50ab-8437-4f8f-917a-138e6c97d464] [replace catalog] mail.jokefire.com 2014-10-09 15:27:46,117 INFO [c.p.p.command] [20bf87fc-2a1b-4a30-8877-0273439b8620] [replace facts] monitor.jokefire.com 2014-10-09 15:27:48,468 INFO [c.p.p.command] [6714cdd3-64a1-49e7-b69c-575680e7fe9d] [replace catalog] monitor.jokefire.com 2014-10-09 15:27:53,481 INFO [c.p.p.command] [0d3b94a2-2013-479c-bf7a-d3dc6d04bdae] [replace facts] ldap02.jokefire.com 2014-10-09 15:27:55,420 INFO [c.p.p.command] [a5d7e16c-ef1f-469b-9a57-a1bb5fa7f884] [replace catalog] ldap02.jokefire.com 2014-10-09 15:28:05,156 INFO [c.p.p.command] [4c677d3a-7b74-48ca-9c02-51884b8aa7cb] [replace facts] monitor.jokefire.com 2014-10-09 15:28:07,418 INFO [c.p.p.command] [80aa84a3-bbfe-4900-85ae-7727b5a6fb4f] [replace catalog] monitor.jokefire.com 2014-10-09 15:28:15,070 INFO [c.p.p.command] [58fc68ac-3535-4dbf-bad1-574de9ed7247] [replace facts] ldap02.jokefire.com 2014-10-09 15:28:16,462 INFO [c.p.p.command] [20695d20-19da-42b3-a5cb-ed933dda3cb3] [replace catalog] ldap02.jokefire.com Thanks for your help! Looks as if we are making some progress here! Tim On Thu, Oct 9, 2014 at 2:36 PM, Daniele Sluijters < [email protected]> wrote: > Hey, > > I think I know what's going on here. You've, dutifully, told Puppetboard > that it needs to validate the server certificate that PuppetDB is > presenting you with (PUPPETDB_SSL_VERIFY) when you setup a connection. > However, I'm betting your OS trust-store does not include a copy of the > Puppet Master CA, the one that handed out PuppetDB's server certificate. > > What you need to do is change PUPPETDB_SSL_VERIFY from True to > /var/lib/puppet/ssl/ca/ca.pem (I think that's the path). What also is > slightly weird is that you have defined PUPPETDB_KEY and PUPPETDB_CERT > twice, the latter having it set to None which I'm guessing is what > Puppetboard ends up picking. > > However, since your PuppetDB and Puppetboard are hosted on the same > machine you can forgo the whole SSL debacle and use a local, plain > connection instead. Since this traffic will never leave the host people > would need to be logged in to your master to intercept it. Your settings.py > then looks like this: > > PUPPETDB_HOST = 'localhost' > PUPPETDB_PORT = 8080 > PUPPETDB_TIMEOUT = 60 > > Once that works for you don't forget to change the LOGLEVEL back to 'info'. > > -- > Daniele Sluijters > > On Thursday, 9 October 2014 09:24:08 UTC-7, bluethundr wrote: > >> Hi Daniel, >> >> Thanks for getting back to me. >> >> This doesn't look like a configuration error with regard to Puppetboard >>> but one with regard to Apache. These lines: configuration error: >>> couldn't perform authentication. AuthType not set!: /static/js/lists.js, >>> referer: http://puppetboard.jokefire.com/ aren't generated by >>> Puppetboard, it has no concept of authentication and AuthType is an Apache >>> thing. >>> My bet is the "Require all granted" line. From what I can gleam from >>> http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require it >>> would require a few more settings, AuthType, AuthName, AuthBasicProvider, >>> AuthUserFile and AuthGroupFile. >>> Until you have authentication set up, replace that Require line with: >>> >>> Order deny,allow >>> Allow from all >> >> >> >> Ok so I changed my apache config to this: >> >> <VirtualHost *:80> >> ServerName puppetboard.jokefire.com >> WSGIDaemonProcess puppetboard user=apache group=apache threads=5 >> WSGIScriptAlias / /var/www/puppetboard/wsgi.py >> ErrorLog /var/log/httpd/puppetboard_error_log >> CustomLog /var/log/httpd/puppetboard_access_log combined >> >> Alias /static /usr/lib/python2.6/site-packages/puppetboard/static >> >> <Directory /usr/lib/python2.6/site-packages/puppetboard/static> >> WSGIProcessGroup puppetboard >> WSGIApplicationGroup %{GLOBAL} >> * Order deny,allow* >> * Allow from all* >> </Directory> >> </VirtualHost> >> >> >> I also changed the directory and contents to be readable by apache: >> >> [root@puppet:/etc/httpd/conf.d] #ls -ld /usr/lib/python2.6/site- >> packages/puppetboard/static/ >> drwxr-xr-x. 4 apache apache 4096 Oct 8 12:47 /usr/lib/python2.6/site- >> packages/puppetboard/static/ >> >> I still get the error: >> >> http://puppetboard.jokefire.com/ >> >> >> I missed the part where this actually still works but then throws the >>> PuppetDB connection issues. >>> * How did you install Puppetboard, with this module: https://forge. >>> puppetlabs.com/nibalizer/puppetboard? >>> >> >> I did it via python pip install. I tried using the puppet module >> initially. But it threw a bunch of dependency errors on my system. So >> rather than try to wrestle with those I decided to to try a pip install >> which went ok. >> >> >>> * Are Puppetboard and PuppetDB running on the same machine? >>> >> >> Yes! They are. >> >> >>> * Can you show me your settings.py as documented here: >>> https://github.com/nedap/puppetboard#settings >> >> >> >> Sure! Here you go. >> >> [root@puppet:~] #cat /var/www/puppetboard/settings.py >> PUPPETDB_HOST = 'puppet.jokefire.com' >> PUPPETDB_PORT = 8081 >> PUPPETDB_KEY = '/etc/puppetdb/ssl/private.pem' >> PUPPETDB_CERT = '/etc/puppetdb/ssl/public.pem' >> PUPPETDB_SSL_VERIFY = True >> PUPPETDB_KEY = None >> PUPPETDB_CERT = None >> PUPPETDB_TIMEOUT = 60 >> DEV_LISTEN_HOST = '127.0.0.1' >> DEV_LISTEN_PORT = 5000 >> UNRESPONSIVE_HOURS = 2 >> ENABLE_QUERY = True >> LOGLEVEL = 'debug' >> >> I also tried the PUPPET_HOST with the IP of the machine, and with >> 0.0.0.0. None of that seemed to make any difference! >> >> Thanks again for getting back to me on this. >> >> Tim >> >> >> >> >> >> On Thu, Oct 9, 2014 at 12:10 PM, Daniele Sluijters <[email protected] >> > wrote: >> >>> Hi, >>> >>> I missed the part where this actually still works but then throws the >>> PuppetDB connection issues. >>> >>> * How did you install Puppetboard, with this module: https://forge. >>> puppetlabs.com/nibalizer/puppetboard? >>> * Are Puppetboard and PuppetDB running on the same machine? >>> * Can you show me your settings.py as documented here: >>> https://github.com/nedap/puppetboard#settings >>> >>> -- >>> Daniele Sluijters >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/puppet-users/09357b9c-d898-4a55-b0b8-c82254d52c9a% >>> 40googlegroups.com >>> <https://groups.google.com/d/msgid/puppet-users/09357b9c-d898-4a55-b0b8-c82254d52c9a%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> GPG me!! >> >> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/9af260d1-be30-41fc-a672-9300b45e62fe%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/9af260d1-be30-41fc-a672-9300b45e62fe%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOZy0emsep1fCpvjX58vhBytJooNopVv%3D2ivz8emOzO4mAqHsg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
