Puppet users - Feb 2011 - fileserver "Could not retrieve information from source(s)"

I have a fileserver mountpoint configured. I use modules for
everything else, but these files are part of other software installed
on this server (Eucalyptus CLC). I''m using puppet to manage
distributions of x509 certs to the nodes, so I wish to pull the certs
from their original directory. I suppose I could fall back to using a
symlink to the directory from a module/files dir.
Anyway, I''d be happier getting this to work.

My fileserver.conf looks like;

[varlibeuca]
path /var/lib/eucalyptus
allow 10.20.40.0/24

When the master starts, I see;

info: mount[varlibeuca]: allowing 10.20.40.0/24 access

Which leads me to believe it likes the conf file.
When I run the agent on a machine with IP of 10.20.40.2 (the master is
10.20.40.1), I see;

err: /Stage[main]/Certs/Euca_cert[node_cert]/File[/var/lib/eucalyptus/
keys/node-cert.pem]: Could not evaluate: Could not retrieve
information from source(s) puppet://puppet/varlibeuca/keys/node-cert.pem
at /etc/puppet/modules/certs/manifests/init.pp:6

and 2 other similar errors. And, on the server, I see;
info: File does not exist or is not accessible: /var/lib/eucalyptus/
keys/node-pk.pem
info: Could not find file_metadata for
''varlibeuca/keys/node-pk.pem''

Here''s the module init.pp that refers to the mountpoint;
define euca_cert($file) {
  file { "/var/lib/eucalyptus/keys/$file":
    source => "puppet://puppet/varlibeuca/keys/$file",
    owner => ''root'',
    group => ''root'',
  }
}

class certs {
  file { ''/var/lib/eucalyptus/keys'':
    ensure => directory,
    owner => ''root'',
    group => ''root'',
  }
  euca_cert { cloud_cert: file => ''cloud-cert.pem'' }
  euca_cert { node_cert: file => ''node-cert.pem'' }
  euca_cert { node_pk: file => ''node-pk.pem'' }
}

I''ve used the server name to be explicit, though I think I can get
away without it. (puppet is defined as 10.20.40.1 in the /etc/hosts
file on the .2 machine)

From all I''ve seen, I think I''m doing it right, though with
changes in
other areas of puppet, I''m never sure the docs I''m seeing are
for the
current version. I''m running 2.6.4.

Any thoughts?

Thanks,
David

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi David,

The source URL you have used in your define:

puppet://puppet/varlibeuca/keys/$file

Implies its trying to get the file from the following path on the
puppet master (server with hostname puppet):

/etc/puppet/modules/varlibeuca/files/keys/$file

Is this how you have laid our your pem files on the puppetmaster? ie.

/etc/puppet/modules/varlibeuca/files/keys/cloud-cert.pem
/etc/puppet/modules/varlibeuca/files/keys/node-cert.pem
/etc/puppet/modules/varlibeuca/files/keys/node-pk.pem

ken.

On Feb 19, 2:47 pm, David <dkavan...@gmail.com>
wrote:
> I have a fileserver mountpoint configured. I use modules for
> everything else, but these files are part of other software installed
> on this server (Eucalyptus CLC). I''m using puppet to manage
> distributions of x509 certs to the nodes, so I wish to pull the certs
> from their original directory. I suppose I could fall back to using a
> symlink to the directory from a module/files dir.
> Anyway, I''d be happier getting this to work.
>
> My fileserver.conf looks like;
>
> [varlibeuca]
> path /var/lib/eucalyptus
> allow 10.20.40.0/24
>
> When the master starts, I see;
>
> info: mount[varlibeuca]: allowing 10.20.40.0/24 access
>
> Which leads me to believe it likes the conf file.
> When I run the agent on a machine with IP of 10.20.40.2 (the master is
> 10.20.40.1), I see;
>
> err: /Stage[main]/Certs/Euca_cert[node_cert]/File[/var/lib/eucalyptus/
> keys/node-cert.pem]: Could not evaluate: Could not retrieve
> information from source(s) puppet://puppet/varlibeuca/keys/node-cert.pem
> at /etc/puppet/modules/certs/manifests/init.pp:6
>
> and 2 other similar errors. And, on the server, I see;
> info: File does not exist or is not accessible: /var/lib/eucalyptus/
> keys/node-pk.pem
> info: Could not find file_metadata for
''varlibeuca/keys/node-pk.pem''
>
> Here''s the module init.pp that refers to the mountpoint;
> define euca_cert($file) {
>   file { "/var/lib/eucalyptus/keys/$file":
>     source => "puppet://puppet/varlibeuca/keys/$file",
>     owner => ''root'',
>     group => ''root'',
>   }
>
> }
>
> class certs {
>   file { ''/var/lib/eucalyptus/keys'':
>     ensure => directory,
>     owner => ''root'',
>     group => ''root'',
>   }
>   euca_cert { cloud_cert: file => ''cloud-cert.pem'' }
>   euca_cert { node_cert: file => ''node-cert.pem'' }
>   euca_cert { node_pk: file => ''node-pk.pem'' }
>
> }
>
> I''ve used the server name to be explicit, though I think I can get
> away without it. (puppet is defined as 10.20.40.1 in the /etc/hosts
> file on the .2 machine)
>
> From all I''ve seen, I think I''m doing it right, though
with changes in
> other areas of puppet, I''m never sure the docs I''m seeing
are for the
> current version. I''m running 2.6.4.
>
> Any thoughts?
>
> Thanks,
> David
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

No. The mount defines varlibeuca as being /var/lib/eucalyptus
What''s the proper URL for getting at the fileserver mount?
That''s maybe what
was elusive in the docs I was able to find.
When the master reports this error:
info: File does not exist or is not accessible:
/var/lib/eucalyptus/keys/node-pk.pem
I think that means it actually found the right path. Here''s the file it
should be trying to read;
-rw-r--r-- 1 eucalyptus eucalyptus 1679 Sep  3 10:49
/var/lib/eucalyptus/keys/node-pk.pem


David

On Sat, Feb 19, 2011 at 11:43 AM, Ken Barber <ken@bob.sh> wrote:
> Hi David,
>
> The source URL you have used in your define:
>
> puppet://puppet/varlibeuca/keys/$file
>
> Implies its trying to get the file from the following path on the
> puppet master (server with hostname puppet):
>
> /etc/puppet/modules/varlibeuca/files/keys/$file
>
> Is this how you have laid our your pem files on the puppetmaster? ie.
>
> /etc/puppet/modules/varlibeuca/files/keys/cloud-cert.pem
> /etc/puppet/modules/varlibeuca/files/keys/node-cert.pem
> /etc/puppet/modules/varlibeuca/files/keys/node-pk.pem
>
> ken.
>
> On Feb 19, 2:47 pm, David <dkavan...@gmail.com> wrote:
> > I have a fileserver mountpoint configured. I use modules for
> > everything else, but these files are part of other software installed
> > on this server (Eucalyptus CLC). I''m using puppet to manage
> > distributions of x509 certs to the nodes, so I wish to pull the certs
> > from their original directory. I suppose I could fall back to using a
> > symlink to the directory from a module/files dir.
> > Anyway, I''d be happier getting this to work.
> >
> > My fileserver.conf looks like;
> >
> > [varlibeuca]
> > path /var/lib/eucalyptus
> > allow 10.20.40.0/24
> >
> > When the master starts, I see;
> >
> > info: mount[varlibeuca]: allowing 10.20.40.0/24 access
> >
> > Which leads me to believe it likes the conf file.
> > When I run the agent on a machine with IP of 10.20.40.2 (the master is
> > 10.20.40.1), I see;
> >
> > err: /Stage[main]/Certs/Euca_cert[node_cert]/File[/var/lib/eucalyptus/
> > keys/node-cert.pem]: Could not evaluate: Could not retrieve
> > information from source(s)
puppet://puppet/varlibeuca/keys/node-cert.pem
> > at /etc/puppet/modules/certs/manifests/init.pp:6
> >
> > and 2 other similar errors. And, on the server, I see;
> > info: File does not exist or is not accessible: /var/lib/eucalyptus/
> > keys/node-pk.pem
> > info: Could not find file_metadata for
''varlibeuca/keys/node-pk.pem''
> >
> > Here''s the module init.pp that refers to the mountpoint;
> > define euca_cert($file) {
> >   file { "/var/lib/eucalyptus/keys/$file":
> >     source => "puppet://puppet/varlibeuca/keys/$file",
> >     owner => ''root'',
> >     group => ''root'',
> >   }
> >
> > }
> >
> > class certs {
> >   file { ''/var/lib/eucalyptus/keys'':
> >     ensure => directory,
> >     owner => ''root'',
> >     group => ''root'',
> >   }
> >   euca_cert { cloud_cert: file =>
''cloud-cert.pem'' }
> >   euca_cert { node_cert: file => ''node-cert.pem''
}
> >   euca_cert { node_pk: file => ''node-pk.pem'' }
> >
> > }
> >
> > I''ve used the server name to be explicit, though I think I
can get
> > away without it. (puppet is defined as 10.20.40.1 in the /etc/hosts
> > file on the .2 machine)
> >
> > From all I''ve seen, I think I''m doing it right,
though with changes in
> > other areas of puppet, I''m never sure the docs I''m
seeing are for the
> > current version. I''m running 2.6.4.
> >
> > Any thoughts?
> >
> > Thanks,
> > David
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I understand now. So I managed to set this up and make it work.

So on the puppetmaster I have in /etc/puppet/fileserver.conf:

[foo]
path /tmp/fileserver
allow *

And on the puppetmaster I have content in /tmp/fileserver as so:

root@puppet1:/etc/puppet# ls -la /tmp/fileserver/
total 8
drwxr-xr-x  2 root root 4096 Feb 19 18:42 .
drwxrwxrwt 12 root root 4096 Feb 19 18:46 ..
-rw-r--r--  1 root root    0 Feb 19 18:42 foo

And in my site.pp for the host I have:

node "foo" {
  ...

  class foo {
    file {"/tmp/foo":
      source => "puppet:///foo/foo",
    }
  }
  include foo

}

And I get:

root@foo:/etc/puppet# puppetd -t --tags foo
info: Retrieving plugin
info: Caching catalog for foo
info: Applying configuration version ''1298141201''
notice: /Stage[main]/Foo/File[/tmp/foo]/ensure: defined content as
''{md5}d41d8cd98f00b204e9800998ecf8427e''
notice: Finished catalog run in 1.52 seconds

So this actually works for me. Is there anything there that doesn''t
fit what you''ve done? The location of this /var/lib/eucalyptus stuff
is on your puppetmaster right?

ken.

On Feb 19, 5:55 pm, David Kavanagh <dkavan...@gmail.com>
wrote:
> No. The mount defines varlibeuca as being /var/lib/eucalyptus
> What''s the proper URL for getting at the fileserver mount?
That''s maybe what
> was elusive in the docs I was able to find.
> When the master reports this error:
> info: File does not exist or is not accessible:
> /var/lib/eucalyptus/keys/node-pk.pem
> I think that means it actually found the right path. Here''s the
file it
> should be trying to read;
> -rw-r--r-- 1 eucalyptus eucalyptus 1679 Sep  3 10:49
> /var/lib/eucalyptus/keys/node-pk.pem
>
> David
>
>
>
>
>
>
>
> On Sat, Feb 19, 2011 at 11:43 AM, Ken Barber <k...@bob.sh> wrote:
> > Hi David,
>
> > The source URL you have used in your define:
>
> > puppet://puppet/varlibeuca/keys/$file
>
> > Implies its trying to get the file from the following path on the
> > puppet master (server with hostname puppet):
>
> > /etc/puppet/modules/varlibeuca/files/keys/$file
>
> > Is this how you have laid our your pem files on the puppetmaster? ie.
>
> > /etc/puppet/modules/varlibeuca/files/keys/cloud-cert.pem
> > /etc/puppet/modules/varlibeuca/files/keys/node-cert.pem
> > /etc/puppet/modules/varlibeuca/files/keys/node-pk.pem
>
> > ken.
>
> > On Feb 19, 2:47 pm, David <dkavan...@gmail.com> wrote:
> > > I have a fileserver mountpoint configured. I use modules for
> > > everything else, but these files are part of other software
installed
> > > on this server (Eucalyptus CLC). I''m using puppet to
manage
> > > distributions of x509 certs to the nodes, so I wish to pull the
certs
> > > from their original directory. I suppose I could fall back to
using a
> > > symlink to the directory from a module/files dir.
> > > Anyway, I''d be happier getting this to work.
>
> > > My fileserver.conf looks like;
>
> > > [varlibeuca]
> > > path /var/lib/eucalyptus
> > > allow 10.20.40.0/24
>
> > > When the master starts, I see;
>
> > > info: mount[varlibeuca]: allowing 10.20.40.0/24 access
>
> > > Which leads me to believe it likes the conf file.
> > > When I run the agent on a machine with IP of 10.20.40.2 (the
master is
> > > 10.20.40.1), I see;
>
> > > err:
/Stage[main]/Certs/Euca_cert[node_cert]/File[/var/lib/eucalyptus/
> > > keys/node-cert.pem]: Could not evaluate: Could not retrieve
> > > information from source(s)
puppet://puppet/varlibeuca/keys/node-cert.pem
> > > at /etc/puppet/modules/certs/manifests/init.pp:6
>
> > > and 2 other similar errors. And, on the server, I see;
> > > info: File does not exist or is not accessible:
/var/lib/eucalyptus/
> > > keys/node-pk.pem
> > > info: Could not find file_metadata for
''varlibeuca/keys/node-pk.pem''
>
> > > Here''s the module init.pp that refers to the mountpoint;
> > > define euca_cert($file) {
> > >   file { "/var/lib/eucalyptus/keys/$file":
> > >     source =>
"puppet://puppet/varlibeuca/keys/$file",
> > >     owner => ''root'',
> > >     group => ''root'',
> > >   }
>
> > > }
>
> > > class certs {
> > >   file { ''/var/lib/eucalyptus/keys'':
> > >     ensure => directory,
> > >     owner => ''root'',
> > >     group => ''root'',
> > >   }
> > >   euca_cert { cloud_cert: file =>
''cloud-cert.pem'' }
> > >   euca_cert { node_cert: file =>
''node-cert.pem'' }
> > >   euca_cert { node_pk: file => ''node-pk.pem''
}
>
> > > }
>
> > > I''ve used the server name to be explicit, though I think
I can get
> > > away without it. (puppet is defined as 10.20.40.1 in the
/etc/hosts
> > > file on the .2 machine)
>
> > > From all I''ve seen, I think I''m doing it right,
though with changes in
> > > other areas of puppet, I''m never sure the docs
I''m seeing are for the
> > > current version. I''m running 2.6.4.
>
> > > Any thoughts?
>
> > > Thanks,
> > > David
>
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

> and 2 other similar errors. And, on the server, I see;
> info: File does not exist or is not accessible: /var/lib/eucalyptus/
> keys/node-pk.pem
> info: Could not find file_metadata for
''varlibeuca/keys/node-pk.pem''
Does this file in fact exist and are the permissions in each dir in its
path sufficient for puppet to access the files?

Regards,
Felix

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Sweet! It was a permissions problem. Just added rw to group and others. It
was on the keys subdir where the permissions weren''t open enough.
I''ll have
to think about a special keys group that puppet can belong to for better
certificate protection on the production servers.

Thanks,
David

On Mon, Feb 21, 2011 at 10:47 AM, Felix Frank <
felix.frank@alumni.tu-berlin.de> wrote:
> > and 2 other similar errors. And, on the server, I see;
> > info: File does not exist or is not accessible: /var/lib/eucalyptus/
> > keys/node-pk.pem
> > info: Could not find file_metadata for
''varlibeuca/keys/node-pk.pem''
>
> Does this file in fact exist and are the permissions in each dir in its
> path sufficient for puppet to access the files?
>
> Regards,
> Felix
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.