Hi Tim, the agent wants to fetch the file > puppet:///modules/bacula/monitor1/monitor1.mydomain.com.crt
But on the Master you are shooing us a file with the name: > environments/production/modules/bacula/files/monitor1: > total 8.0K > -rw-r--r--. 1 puppet puppet 2.0K Jun 16 21:53 monitor1.jokefire.com.crt > -rw-r--r--. 1 puppet puppet 3.2K Jun 16 21:53 monitor1.jokefire.com.key mydomain.com <-> jokefire.com Is this copy-n-paste or does the filename and the source name not match? Best, Martin On 17 Jun 2015, at 04:20, Tim Dunphy <[email protected]> wrote: > Hi all, > > I've setup a puppet module to install and keep the bacula backup system > running on a number of systems. > > > Part of the formula I've come up with is to transfer an SSL cert/key pair to > each host that uses the module. So that bacula can work over TLS. > > I have this defined in my bacula config manifest: > > file { "/etc/pki/tls/private/${::hostname}.mydomain.com.key": > notify => Service["bacula-fd"], > owner => "bacula", > group => "bacula", > mode => 0400, > require => Package["bacula-client","bacula-common"], > source => > "puppet:///modules/bacula/${::hostname}/${::hostname}.mydomain.com.key", > > } > > file { "/etc/pki/tls/certs/${::hostname}.mydomain.com.crt": > notify => Service["bacula-fd"], > owner => "bacula", > group => "bacula", > mode => 0400, > require => Package["bacula-client","bacula-common"], > source => > "puppet:///modules/bacula/${::hostname}/${::hostname}.mydomain.com.crt", > > } > > > > This has been working perfectly fine for a while now. But only on SOME hosts > that were recently added I'm getting permission denied errors on the keypairs > that I'm trying to send over. > > > Error: > /Stage[main]/Bacula::Config/File[/etc/pki/tls/certs/monitor1.mydomain.com.crt]: > Could not evaluate: Could not retrieve information from environment > production source(s) > puppet:///modules/bacula/monitor1/monitor1.mydomain.com.crt > Error: > /Stage[main]/Bacula::Config/File[/etc/pki/tls/private/monitor1.mydomain.com.key]: > Could not evaluate: Could not retrieve information from environment > production source(s) > puppet:///modules/bacula/monitor1/monitor1.mydomain.com.key > > And this is the weird part! All of the directories that I'm transferring keys > and certs from have identical ownership and permissions for both the working > and the non working hosts! > > This is a directory listing of certs and keys that does NOT work: > > environments/production/modules/bacula/files/monitor1: > total 8.0K > -rw-r--r--. 1 puppet puppet 2.0K Jun 16 21:53 monitor1.jokefire.com.crt > -rw-r--r--. 1 puppet puppet 3.2K Jun 16 21:53 monitor1.jokefire.com.key > > > And this is a listing from a directory containing certs and keys that DOES > work: > > environments/production/modules/bacula/files/logs: > total 8.0K > -rw-r--r--. 1 puppet puppet 1.9K Apr 23 22:14 logs.jokefire.com.crt > -rw-r--r--. 1 puppet puppet 3.2K Apr 23 22:14 logs.jokefire.com.key > > And these are permissions on the directories themselves: > > drwxr-xr-x. 2 puppet puppet 62 Jun 16 22:13 > environments/production/modules/bacula/files/logs > drwxr-xr-x. 2 puppet puppet 70 Jun 16 22:14 > environments/production/modules/bacula/files/monitor1 > > Trouble is I can tell no difference between the working and non working > directories. > > If I run puppet with the bacula module on the monitor1 host, I get the > error. If I run puppet with the bacula module on the logs host, everything > works fine! > > I'm just wondering what I may be missing that could get rid of that error! > > Thanks, > Tim > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAOZy0ekwcGN%2B609_K0pS6-zm%2B5tEpCpqkx_LHHmrhCk0cb-MsQ%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/487BF260-444D-4985-A118-FA20095A8CB2%40gmail.com. For more options, visit https://groups.google.com/d/optout.
