Are you pushing reports into puppetdb or only into foreman? On Thu, Oct 9, 2014 at 12:29 PM, Tim Dunphy <[email protected]> wrote:
> Hey Daniele, > > Thanks for your feedback! And especially your suggestion to forego SSL > since I'm running puppetb and puppetboard on the same host. > > Anyway, here's my jetty.ini file from puppetdb: > > [root@puppet:/etc/puppetdb/conf.d] #cat jetty.ini | grep -v '#' > [jetty] > > port = 8082 > > > > ssl-host = 216.120.250.140 > > ssl-port = 8081 > > ssl-key = /etc/puppetdb/ssl/private.pem > > ssl-cert = /etc/puppetdb/ssl/public.pem > > ssl-ca-cert = /etc/puppetdb/ssl/ca.pem > > And I set my settings.py to what you suggested: > > [root@puppet:/etc/puppetdb/conf.d] #cat /var/www/puppetboard/settings.py > PUPPETDB_HOST = 'localhost' > PUPPETDB_PORT = 8082 > PUPPETDB_TIMEOUT = 60 > > And look at that!!! > > http://puppetboard.jokefire.com/ > > The puppetboard started filling in with data. However, all my nodes are > showing up as 'unreported'. > > Which is odd because I am also running foreman on the same machine. And if > I look there, foreman is claiming that all my nodes have reported in. > > Could I now be having an issue with the puppetdb itself? > > if so I don't see anything telling in the puppetdb logs: > > [root@puppet:/etc/puppetdb/conf.d] #tail -f /var/log/puppetdb/puppetdb.log > 2014-10-09 15:27:29,822 INFO [c.p.p.command] > [833e757a-929b-4e7d-9f4b-82728e0e1659] [replace catalog] > ldap02.jokefire.com > 2014-10-09 15:27:31,362 INFO [c.p.p.command] > [4b4c50ab-8437-4f8f-917a-138e6c97d464] [replace catalog] mail.jokefire.com > 2014-10-09 15:27:46,117 INFO [c.p.p.command] > [20bf87fc-2a1b-4a30-8877-0273439b8620] [replace facts] > monitor.jokefire.com > 2014-10-09 15:27:48,468 INFO [c.p.p.command] > [6714cdd3-64a1-49e7-b69c-575680e7fe9d] [replace catalog] > monitor.jokefire.com > 2014-10-09 15:27:53,481 INFO [c.p.p.command] > [0d3b94a2-2013-479c-bf7a-d3dc6d04bdae] [replace facts] ldap02.jokefire.com > 2014-10-09 15:27:55,420 INFO [c.p.p.command] > [a5d7e16c-ef1f-469b-9a57-a1bb5fa7f884] [replace catalog] > ldap02.jokefire.com > 2014-10-09 15:28:05,156 INFO [c.p.p.command] > [4c677d3a-7b74-48ca-9c02-51884b8aa7cb] [replace facts] > monitor.jokefire.com > 2014-10-09 15:28:07,418 INFO [c.p.p.command] > [80aa84a3-bbfe-4900-85ae-7727b5a6fb4f] [replace catalog] > monitor.jokefire.com > 2014-10-09 15:28:15,070 INFO [c.p.p.command] > [58fc68ac-3535-4dbf-bad1-574de9ed7247] [replace facts] ldap02.jokefire.com > 2014-10-09 15:28:16,462 INFO [c.p.p.command] > [20695d20-19da-42b3-a5cb-ed933dda3cb3] [replace catalog] > ldap02.jokefire.com > > > Thanks for your help! Looks as if we are making some progress here! > Tim > > > > > On Thu, Oct 9, 2014 at 2:36 PM, Daniele Sluijters < > [email protected]> wrote: > >> Hey, >> >> I think I know what's going on here. You've, dutifully, told Puppetboard >> that it needs to validate the server certificate that PuppetDB is >> presenting you with (PUPPETDB_SSL_VERIFY) when you setup a connection. >> However, I'm betting your OS trust-store does not include a copy of the >> Puppet Master CA, the one that handed out PuppetDB's server certificate. >> >> What you need to do is change PUPPETDB_SSL_VERIFY from True to >> /var/lib/puppet/ssl/ca/ca.pem (I think that's the path). What also is >> slightly weird is that you have defined PUPPETDB_KEY and PUPPETDB_CERT >> twice, the latter having it set to None which I'm guessing is what >> Puppetboard ends up picking. >> >> However, since your PuppetDB and Puppetboard are hosted on the same >> machine you can forgo the whole SSL debacle and use a local, plain >> connection instead. Since this traffic will never leave the host people >> would need to be logged in to your master to intercept it. Your settings.py >> then looks like this: >> >> PUPPETDB_HOST = 'localhost' >> PUPPETDB_PORT = 8080 >> PUPPETDB_TIMEOUT = 60 >> >> Once that works for you don't forget to change the LOGLEVEL back to >> 'info'. >> >> -- >> Daniele Sluijters >> >> On Thursday, 9 October 2014 09:24:08 UTC-7, bluethundr wrote: >> >>> Hi Daniel, >>> >>> Thanks for getting back to me. >>> >>> This doesn't look like a configuration error with regard to Puppetboard >>>> but one with regard to Apache. These lines: configuration error: >>>> couldn't perform authentication. AuthType not set!: /static/js/lists.js, >>>> referer: http://puppetboard.jokefire.com/ aren't generated by >>>> Puppetboard, it has no concept of authentication and AuthType is an Apache >>>> thing. >>>> My bet is the "Require all granted" line. From what I can gleam from >>>> http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require it >>>> would require a few more settings, AuthType, AuthName, AuthBasicProvider, >>>> AuthUserFile and AuthGroupFile. >>>> Until you have authentication set up, replace that Require line with: >>>> >>>> Order deny,allow >>>> Allow from all >>> >>> >>> >>> Ok so I changed my apache config to this: >>> >>> <VirtualHost *:80> >>> ServerName puppetboard.jokefire.com >>> WSGIDaemonProcess puppetboard user=apache group=apache threads=5 >>> WSGIScriptAlias / /var/www/puppetboard/wsgi.py >>> ErrorLog /var/log/httpd/puppetboard_error_log >>> CustomLog /var/log/httpd/puppetboard_access_log combined >>> >>> Alias /static /usr/lib/python2.6/site-packages/puppetboard/static >>> >>> <Directory /usr/lib/python2.6/site-packages/puppetboard/static> >>> WSGIProcessGroup puppetboard >>> WSGIApplicationGroup %{GLOBAL} >>> * Order deny,allow* >>> * Allow from all* >>> </Directory> >>> </VirtualHost> >>> >>> >>> I also changed the directory and contents to be readable by apache: >>> >>> [root@puppet:/etc/httpd/conf.d] #ls -ld /usr/lib/python2.6/site- >>> packages/puppetboard/static/ >>> drwxr-xr-x. 4 apache apache 4096 Oct 8 12:47 /usr/lib/python2.6/site- >>> packages/puppetboard/static/ >>> >>> I still get the error: >>> >>> http://puppetboard.jokefire.com/ >>> >>> >>> I missed the part where this actually still works but then throws the >>>> PuppetDB connection issues. >>>> * How did you install Puppetboard, with this module: https://forge. >>>> puppetlabs.com/nibalizer/puppetboard? >>>> >>> >>> I did it via python pip install. I tried using the puppet module >>> initially. But it threw a bunch of dependency errors on my system. So >>> rather than try to wrestle with those I decided to to try a pip install >>> which went ok. >>> >>> >>>> * Are Puppetboard and PuppetDB running on the same machine? >>>> >>> >>> Yes! They are. >>> >>> >>>> * Can you show me your settings.py as documented here: >>>> https://github.com/nedap/puppetboard#settings >>> >>> >>> >>> Sure! Here you go. >>> >>> [root@puppet:~] #cat /var/www/puppetboard/settings.py >>> PUPPETDB_HOST = 'puppet.jokefire.com' >>> PUPPETDB_PORT = 8081 >>> PUPPETDB_KEY = '/etc/puppetdb/ssl/private.pem' >>> PUPPETDB_CERT = '/etc/puppetdb/ssl/public.pem' >>> PUPPETDB_SSL_VERIFY = True >>> PUPPETDB_KEY = None >>> PUPPETDB_CERT = None >>> PUPPETDB_TIMEOUT = 60 >>> DEV_LISTEN_HOST = '127.0.0.1' >>> DEV_LISTEN_PORT = 5000 >>> UNRESPONSIVE_HOURS = 2 >>> ENABLE_QUERY = True >>> LOGLEVEL = 'debug' >>> >>> I also tried the PUPPET_HOST with the IP of the machine, and with >>> 0.0.0.0. None of that seemed to make any difference! >>> >>> Thanks again for getting back to me on this. >>> >>> Tim >>> >>> >>> >>> >>> >>> On Thu, Oct 9, 2014 at 12:10 PM, Daniele Sluijters < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I missed the part where this actually still works but then throws the >>>> PuppetDB connection issues. >>>> >>>> * How did you install Puppetboard, with this module: https://forge. >>>> puppetlabs.com/nibalizer/puppetboard? >>>> * Are Puppetboard and PuppetDB running on the same machine? >>>> * Can you show me your settings.py as documented here: >>>> https://github.com/nedap/puppetboard#settings >>>> >>>> -- >>>> Daniele Sluijters >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/puppet-users/09357b9c-d898-4a55-b0b8-c82254d52c9a% >>>> 40googlegroups.com >>>> <https://groups.google.com/d/msgid/puppet-users/09357b9c-d898-4a55-b0b8-c82254d52c9a%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> GPG me!! >>> >>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/9af260d1-be30-41fc-a672-9300b45e62fe%40googlegroups.com >> <https://groups.google.com/d/msgid/puppet-users/9af260d1-be30-41fc-a672-9300b45e62fe%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAOZy0emsep1fCpvjX58vhBytJooNopVv%3D2ivz8emOzO4mAqHsg%40mail.gmail.com > <https://groups.google.com/d/msgid/puppet-users/CAOZy0emsep1fCpvjX58vhBytJooNopVv%3D2ivz8emOzO4mAqHsg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Spencer Krum (619)-980-7820 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADt6FWMMHSCVsVBsR2CLE4Kb9ZDdfCBWOjHyAW6x%2BuWsyyVcMw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
