>
> mydomain.com <-> jokefire.com
> Is this copy-n-paste or does the filename and the source name not match?
Yah, this was a mistake on my part in trying to obscure the domain name. LOL
Sorry about that. But in fact mydomain.com == jokefire.com
Here's the actual definition:
file { "/etc/pki/tls/private/${::hostname}.jokefire.com.key":
notify => Service["bacula-fd"],
owner => "bacula",
group => "bacula",
mode => 0400,
require => Package["bacula-client","bacula-common"],
source =>
"puppet:///modules/bacula/${::hostname}/${::hostname}.jokefire.com.key",
}
file { "/etc/pki/tls/certs/${::hostname}.jokefire.com.crt":
notify => Service["bacula-fd"],
owner => "bacula",
group => "bacula",
mode => 0400,
require => Package["bacula-client","bacula-common"],
source =>
"puppet:///modules/bacula/${::hostname}/${::hostname}.jokefire.com.crt",
}
And the files and directories with ownership/permissions shown:
[root@puppet:/etc/puppet] #ls -lh
environments/production/modules/bacula/files/{logs,monitor1}
environments/production/modules/bacula/files/logs:
total 8.0K
-rw-r--r--. 1 puppet puppet 1.9K Apr 23 22:14 logs.jokefire.com.crt
-rw-r--r--. 1 puppet puppet 3.2K Apr 23 22:14 logs.jokefire.com.key
environments/production/modules/bacula/files/monitor1:
total 8.0K
-rw-r--r--. 1 puppet puppet 2.0K Jun 16 21:53 monitor1.jokefire.com.crt
-rw-r--r--. 1 puppet puppet 3.2K Jun 16 21:53 monitor1.jokefire.com.key
[root@puppet:/etc/puppet] #ls -ld
environments/production/modules/bacula/files/{logs,monitor1}
drwxr-xr-x. 2 puppet puppet 62 Jun 16 22:13
environments/production/modules/bacula/files/logs
drwxr-xr-x. 2 puppet puppet 70 Jun 16 22:14
environments/production/modules/bacula/files/monitor1
And this is the error I'm getting on the monitor1 host:
Error:
/Stage[main]/Bacula::Config/File[/etc/pki/tls/certs/monitor1.jokefire.com.crt]:
Could not evaluate: Could not retrieve information from environment
production source(s)
puppet:///modules/bacula/monitor1/monitor1.jokefire.com.crt
Error:
/Stage[main]/Bacula::Config/File[/etc/pki/tls/private/monitor1.jokefire.com.key]:
Could not evaluate: Could not retrieve information from environment
production source(s)
puppet:///modules/bacula/monitor1/monitor1.jokefire.com.key
But, paradoxically, the logs host (which is also shown above) works fine.
Same formula in the config manifest, different directories but same
permissions on the source files, yet only one fails! This just isn't making
any sense to me.
Puppet should be able to select the correct directory name to pull from for
the monitor1 host based on the $hostname fact just as it does for the logs
host.
Any thoughts?
Thanks,
Tim
On Wed, Jun 17, 2015 at 3:18 AM, Martin Alfke <[email protected]> wrote:
> Hi Tim,
>
> the agent wants to fetch the file
> > puppet:///modules/bacula/monitor1/monitor1.mydomain.com.crt
>
> But on the Master you are shooing us a file with the name:
> > environments/production/modules/bacula/files/monitor1:
> > total 8.0K
> > -rw-r--r--. 1 puppet puppet 2.0K Jun 16 21:53 monitor1.jokefire.com.crt
> > -rw-r--r--. 1 puppet puppet 3.2K Jun 16 21:53 monitor1.jokefire.com.key
>
> mydomain.com <-> jokefire.com
>
> Is this copy-n-paste or does the filename and the source name not match?
>
> Best,
> Martin
>
>
> On 17 Jun 2015, at 04:20, Tim Dunphy <[email protected]> wrote:
>
> > Hi all,
> >
> > I've setup a puppet module to install and keep the bacula backup system
> running on a number of systems.
> >
> >
> > Part of the formula I've come up with is to transfer an SSL cert/key
> pair to each host that uses the module. So that bacula can work over TLS.
> >
> > I have this defined in my bacula config manifest:
> >
> > file { "/etc/pki/tls/private/${::hostname}.mydomain.com.key":
> > notify => Service["bacula-fd"],
> > owner => "bacula",
> > group => "bacula",
> > mode => 0400,
> > require => Package["bacula-client","bacula-common"],
> > source =>
> "puppet:///modules/bacula/${::hostname}/${::hostname}.mydomain.com.key",
> >
> > }
> >
> > file { "/etc/pki/tls/certs/${::hostname}.mydomain.com.crt":
> > notify => Service["bacula-fd"],
> > owner => "bacula",
> > group => "bacula",
> > mode => 0400,
> > require => Package["bacula-client","bacula-common"],
> > source =>
> "puppet:///modules/bacula/${::hostname}/${::hostname}.mydomain.com.crt",
> >
> > }
> >
> >
> >
> > This has been working perfectly fine for a while now. But only on SOME
> hosts that were recently added I'm getting permission denied errors on the
> keypairs that I'm trying to send over.
> >
> >
> > Error:
> /Stage[main]/Bacula::Config/File[/etc/pki/tls/certs/monitor1.mydomain.com.crt]:
> Could not evaluate: Could not retrieve information from environment
> production source(s)
> puppet:///modules/bacula/monitor1/monitor1.mydomain.com.crt
> > Error:
> /Stage[main]/Bacula::Config/File[/etc/pki/tls/private/monitor1.mydomain.com.key]:
> Could not evaluate: Could not retrieve information from environment
> production source(s)
> puppet:///modules/bacula/monitor1/monitor1.mydomain.com.key
> >
> > And this is the weird part! All of the directories that I'm transferring
> keys and certs from have identical ownership and permissions for both the
> working and the non working hosts!
> >
> > This is a directory listing of certs and keys that does NOT work:
> >
> > environments/production/modules/bacula/files/monitor1:
> > total 8.0K
> > -rw-r--r--. 1 puppet puppet 2.0K Jun 16 21:53 monitor1.jokefire.com.crt
> > -rw-r--r--. 1 puppet puppet 3.2K Jun 16 21:53 monitor1.jokefire.com.key
> >
> >
> > And this is a listing from a directory containing certs and keys that
> DOES work:
> >
> > environments/production/modules/bacula/files/logs:
> > total 8.0K
> > -rw-r--r--. 1 puppet puppet 1.9K Apr 23 22:14 logs.jokefire.com.crt
> > -rw-r--r--. 1 puppet puppet 3.2K Apr 23 22:14 logs.jokefire.com.key
> >
> > And these are permissions on the directories themselves:
> >
> > drwxr-xr-x. 2 puppet puppet 62 Jun 16 22:13
> environments/production/modules/bacula/files/logs
> > drwxr-xr-x. 2 puppet puppet 70 Jun 16 22:14
> environments/production/modules/bacula/files/monitor1
> >
> > Trouble is I can tell no difference between the working and non working
> directories.
> >
> > If I run puppet with the bacula module on the monitor1 host, I get the
> error. If I run puppet with the bacula module on the logs host, everything
> works fine!
> >
> > I'm just wondering what I may be missing that could get rid of that
> error!
> >
> > Thanks,
> > Tim
> > --
> > GPG me!!
> >
> > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected].
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAOZy0ekwcGN%2B609_K0pS6-zm%2B5tEpCpqkx_LHHmrhCk0cb-MsQ%40mail.gmail.com
> .
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/487BF260-444D-4985-A118-FA20095A8CB2%40gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOZy0enBBTX32s3iu9o-pp-yehofb%3DwxQ2ppuGMFC%2BS5cwzrPQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
