Hey Spencer,
> Are you pushing reports into puppetdb or only into foreman?
Ok so I missed that. Sorry dude. And yeah as you point out I originally had
reports only going to foreman. But I changed the puppet.conf to this:
[root@puppet:/etc/puppet] #egrep -i "reports|storeconfigs" puppet.conf
reports = foreman puppetdb
storeconfigs = true
storeconfigs_backend = puppetdb
I wasn't sure if this was supposed to be comma dlimeted or space. I tried
using a space between the two.
And so far no change.
http://puppetboard.jokefire.com/
thanks
On Thu, Oct 9, 2014 at 3:38 PM, Spencer Krum <[email protected]> wrote:
> Are you pushing reports into puppetdb or only into foreman?
>
> On Thu, Oct 9, 2014 at 12:29 PM, Tim Dunphy <[email protected]> wrote:
>
>> Hey Daniele,
>>
>> Thanks for your feedback! And especially your suggestion to forego SSL
>> since I'm running puppetb and puppetboard on the same host.
>>
>> Anyway, here's my jetty.ini file from puppetdb:
>>
>> [root@puppet:/etc/puppetdb/conf.d] #cat jetty.ini | grep -v '#'
>> [jetty]
>>
>> port = 8082
>>
>>
>>
>> ssl-host = 216.120.250.140
>>
>> ssl-port = 8081
>>
>> ssl-key = /etc/puppetdb/ssl/private.pem
>>
>> ssl-cert = /etc/puppetdb/ssl/public.pem
>>
>> ssl-ca-cert = /etc/puppetdb/ssl/ca.pem
>>
>> And I set my settings.py to what you suggested:
>>
>> [root@puppet:/etc/puppetdb/conf.d] #cat /var/www/puppetboard/settings.py
>> PUPPETDB_HOST = 'localhost'
>> PUPPETDB_PORT = 8082
>> PUPPETDB_TIMEOUT = 60
>>
>> And look at that!!!
>>
>> http://puppetboard.jokefire.com/
>>
>> The puppetboard started filling in with data. However, all my nodes are
>> showing up as 'unreported'.
>>
>> Which is odd because I am also running foreman on the same machine. And
>> if I look there, foreman is claiming that all my nodes have reported in.
>>
>> Could I now be having an issue with the puppetdb itself?
>>
>> if so I don't see anything telling in the puppetdb logs:
>>
>> [root@puppet:/etc/puppetdb/conf.d] #tail -f
>> /var/log/puppetdb/puppetdb.log
>> 2014-10-09 15:27:29,822 INFO [c.p.p.command]
>> [833e757a-929b-4e7d-9f4b-82728e0e1659] [replace catalog]
>> ldap02.jokefire.com
>> 2014-10-09 15:27:31,362 INFO [c.p.p.command]
>> [4b4c50ab-8437-4f8f-917a-138e6c97d464] [replace catalog]
>> mail.jokefire.com
>> 2014-10-09 15:27:46,117 INFO [c.p.p.command]
>> [20bf87fc-2a1b-4a30-8877-0273439b8620] [replace facts]
>> monitor.jokefire.com
>> 2014-10-09 15:27:48,468 INFO [c.p.p.command]
>> [6714cdd3-64a1-49e7-b69c-575680e7fe9d] [replace catalog]
>> monitor.jokefire.com
>> 2014-10-09 15:27:53,481 INFO [c.p.p.command]
>> [0d3b94a2-2013-479c-bf7a-d3dc6d04bdae] [replace facts]
>> ldap02.jokefire.com
>> 2014-10-09 15:27:55,420 INFO [c.p.p.command]
>> [a5d7e16c-ef1f-469b-9a57-a1bb5fa7f884] [replace catalog]
>> ldap02.jokefire.com
>> 2014-10-09 15:28:05,156 INFO [c.p.p.command]
>> [4c677d3a-7b74-48ca-9c02-51884b8aa7cb] [replace facts]
>> monitor.jokefire.com
>> 2014-10-09 15:28:07,418 INFO [c.p.p.command]
>> [80aa84a3-bbfe-4900-85ae-7727b5a6fb4f] [replace catalog]
>> monitor.jokefire.com
>> 2014-10-09 15:28:15,070 INFO [c.p.p.command]
>> [58fc68ac-3535-4dbf-bad1-574de9ed7247] [replace facts]
>> ldap02.jokefire.com
>> 2014-10-09 15:28:16,462 INFO [c.p.p.command]
>> [20695d20-19da-42b3-a5cb-ed933dda3cb3] [replace catalog]
>> ldap02.jokefire.com
>>
>>
>> Thanks for your help! Looks as if we are making some progress here!
>> Tim
>>
>>
>>
>>
>> On Thu, Oct 9, 2014 at 2:36 PM, Daniele Sluijters <
>> [email protected]> wrote:
>>
>>> Hey,
>>>
>>> I think I know what's going on here. You've, dutifully, told Puppetboard
>>> that it needs to validate the server certificate that PuppetDB is
>>> presenting you with (PUPPETDB_SSL_VERIFY) when you setup a connection.
>>> However, I'm betting your OS trust-store does not include a copy of the
>>> Puppet Master CA, the one that handed out PuppetDB's server certificate.
>>>
>>> What you need to do is change PUPPETDB_SSL_VERIFY from True to
>>> /var/lib/puppet/ssl/ca/ca.pem (I think that's the path). What also is
>>> slightly weird is that you have defined PUPPETDB_KEY and PUPPETDB_CERT
>>> twice, the latter having it set to None which I'm guessing is what
>>> Puppetboard ends up picking.
>>>
>>> However, since your PuppetDB and Puppetboard are hosted on the same
>>> machine you can forgo the whole SSL debacle and use a local, plain
>>> connection instead. Since this traffic will never leave the host people
>>> would need to be logged in to your master to intercept it. Your settings.py
>>> then looks like this:
>>>
>>> PUPPETDB_HOST = 'localhost'
>>> PUPPETDB_PORT = 8080
>>> PUPPETDB_TIMEOUT = 60
>>>
>>> Once that works for you don't forget to change the LOGLEVEL back to
>>> 'info'.
>>>
>>> --
>>> Daniele Sluijters
>>>
>>> On Thursday, 9 October 2014 09:24:08 UTC-7, bluethundr wrote:
>>>
>>>> Hi Daniel,
>>>>
>>>> Thanks for getting back to me.
>>>>
>>>> This doesn't look like a configuration error with regard to Puppetboard
>>>>> but one with regard to Apache. These lines: configuration error:
>>>>> couldn't perform authentication. AuthType not set!: /static/js/lists.js,
>>>>> referer: http://puppetboard.jokefire.com/ aren't generated by
>>>>> Puppetboard, it has no concept of authentication and AuthType is an Apache
>>>>> thing.
>>>>> My bet is the "Require all granted" line. From what I can gleam from
>>>>> http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require it
>>>>> would require a few more settings, AuthType, AuthName, AuthBasicProvider,
>>>>> AuthUserFile and AuthGroupFile.
>>>>> Until you have authentication set up, replace that Require line with:
>>>>>
>>>>> Order deny,allow
>>>>> Allow from all
>>>>
>>>>
>>>>
>>>> Ok so I changed my apache config to this:
>>>>
>>>> <VirtualHost *:80>
>>>> ServerName puppetboard.jokefire.com
>>>> WSGIDaemonProcess puppetboard user=apache group=apache threads=5
>>>> WSGIScriptAlias / /var/www/puppetboard/wsgi.py
>>>> ErrorLog /var/log/httpd/puppetboard_error_log
>>>> CustomLog /var/log/httpd/puppetboard_access_log combined
>>>>
>>>> Alias /static /usr/lib/python2.6/site-packages/puppetboard/static
>>>>
>>>> <Directory /usr/lib/python2.6/site-packages/puppetboard/static>
>>>> WSGIProcessGroup puppetboard
>>>> WSGIApplicationGroup %{GLOBAL}
>>>> * Order deny,allow*
>>>> * Allow from all*
>>>> </Directory>
>>>> </VirtualHost>
>>>>
>>>>
>>>> I also changed the directory and contents to be readable by apache:
>>>>
>>>> [root@puppet:/etc/httpd/conf.d] #ls -ld /usr/lib/python2.6/site-
>>>> packages/puppetboard/static/
>>>> drwxr-xr-x. 4 apache apache 4096 Oct 8 12:47 /usr/lib/python2.6/site-
>>>> packages/puppetboard/static/
>>>>
>>>> I still get the error:
>>>>
>>>> http://puppetboard.jokefire.com/
>>>>
>>>>
>>>> I missed the part where this actually still works but then throws the
>>>>> PuppetDB connection issues.
>>>>> * How did you install Puppetboard, with this module: https://forge.
>>>>> puppetlabs.com/nibalizer/puppetboard?
>>>>>
>>>>
>>>> I did it via python pip install. I tried using the puppet module
>>>> initially. But it threw a bunch of dependency errors on my system. So
>>>> rather than try to wrestle with those I decided to to try a pip install
>>>> which went ok.
>>>>
>>>>
>>>>> * Are Puppetboard and PuppetDB running on the same machine?
>>>>>
>>>>
>>>> Yes! They are.
>>>>
>>>>
>>>>> * Can you show me your settings.py as documented here:
>>>>> https://github.com/nedap/puppetboard#settings
>>>>
>>>>
>>>>
>>>> Sure! Here you go.
>>>>
>>>> [root@puppet:~] #cat /var/www/puppetboard/settings.py
>>>> PUPPETDB_HOST = 'puppet.jokefire.com'
>>>> PUPPETDB_PORT = 8081
>>>> PUPPETDB_KEY = '/etc/puppetdb/ssl/private.pem'
>>>> PUPPETDB_CERT = '/etc/puppetdb/ssl/public.pem'
>>>> PUPPETDB_SSL_VERIFY = True
>>>> PUPPETDB_KEY = None
>>>> PUPPETDB_CERT = None
>>>> PUPPETDB_TIMEOUT = 60
>>>> DEV_LISTEN_HOST = '127.0.0.1'
>>>> DEV_LISTEN_PORT = 5000
>>>> UNRESPONSIVE_HOURS = 2
>>>> ENABLE_QUERY = True
>>>> LOGLEVEL = 'debug'
>>>>
>>>> I also tried the PUPPET_HOST with the IP of the machine, and with
>>>> 0.0.0.0. None of that seemed to make any difference!
>>>>
>>>> Thanks again for getting back to me on this.
>>>>
>>>> Tim
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Oct 9, 2014 at 12:10 PM, Daniele Sluijters <
>>>> [email protected]> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I missed the part where this actually still works but then throws the
>>>>> PuppetDB connection issues.
>>>>>
>>>>> * How did you install Puppetboard, with this module: https://forge.
>>>>> puppetlabs.com/nibalizer/puppetboard?
>>>>> * Are Puppetboard and PuppetDB running on the same machine?
>>>>> * Can you show me your settings.py as documented here:
>>>>> https://github.com/nedap/puppetboard#settings
>>>>>
>>>>> --
>>>>> Daniele Sluijters
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Puppet Users" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>>> msgid/puppet-users/09357b9c-d898-4a55-b0b8-c82254d52c9a%
>>>>> 40googlegroups.com
>>>>> <https://groups.google.com/d/msgid/puppet-users/09357b9c-d898-4a55-b0b8-c82254d52c9a%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> GPG me!!
>>>>
>>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>>>>
>>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/9af260d1-be30-41fc-a672-9300b45e62fe%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/9af260d1-be30-41fc-a672-9300b45e62fe%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> GPG me!!
>>
>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/CAOZy0emsep1fCpvjX58vhBytJooNopVv%3D2ivz8emOzO4mAqHsg%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAOZy0emsep1fCpvjX58vhBytJooNopVv%3D2ivz8emOzO4mAqHsg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Spencer Krum
> (619)-980-7820
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CADt6FWMMHSCVsVBsR2CLE4Kb9ZDdfCBWOjHyAW6x%2BuWsyyVcMw%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CADt6FWMMHSCVsVBsR2CLE4Kb9ZDdfCBWOjHyAW6x%2BuWsyyVcMw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOZy0e%3D8_LA7w5VzcC69N9iUgrGTkunfdZy29zfE_vTC82jJ3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
