Puppet users - Oct 2007 - Puppet ldapnodes issue

I am attempting to move our test puppet installation from looking for node
information in a manifest to LDAP.  I followed the instructions at:
https://reductivelabs.com/trac/puppet/wiki/LdapNodes and was able to get the
puppet schema loaded into our LDAP.

I can now query LDAP and modify/load data without any issues using the OpenLDAP
tools.

e.g.
ldapsearch -h ldapdev1.domain.com -x -b''dc=puppet''

returns the following information...

# extended LDIF
#
# LDAPv3
# base <dc=puppet> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# puppet
dn: dc=puppet
dc: puppet
objectClass: organization
objectClass: dcObject
o:: UHVwcGV0IFRlc3QgRGF0YWJhc2UgICAgICAgICAgICAgICAgICAgICAgIA=description:
Puppet Test Database

# Hosts, puppet
dn: ou=Hosts,dc=puppet
objectClass: organizationalUnit
objectClass: top
ou: Hosts

# basenode, Hosts, puppet
dn: cn=basenode,ou=Hosts,dc=puppet
objectClass: device
objectClass: ipHost
objectClass: puppetClient
objectClass: top
cn: basenode
ipHostNumber: 192.168.0.1
description: The base node
puppetclass: baseclass

# testserver, Hosts, puppet
dn: cn=testserver,ou=Hosts,dc=puppet
objectClass: device
objectClass: ipHost
objectClass: puppetClient
objectClass: top
cn: testserver
ipHostNumber: 192.168.0.50
description: My test server
l: dc1
puppetclass: testing
puppetclass: solaris

# cmclient2.domain.com, Hosts, puppet
dn: cn=cmclient2.domain.com,ou=Hosts,dc=puppet
objectClass: device
objectClass: ipHost
objectClass: puppetClient
objectClass: top
cn: cmclient2.domain.com
ipHostNumber: 192.168.1.1 
description: puppet testing 2
l: statcomp
puppetclass: test
puppetclass: solaris
puppetclass: solaris10
puppetclass: statcomp
puppetclass: solariszone

# sink.domain.com, Hosts, puppet
dn: cn=sink.domain.com,ou=Hosts,dc=puppet
objectClass: device
objectClass: ipHost
objectClass: puppetClient
objectClass: top
cn: sink.domain.com
ipHostNumber: 192.168.1.2
description:: Q05DIFdpa2kgYW5kIFJUIGJveCAl: statcomp
puppetclass: default
puppetclass: test
puppetclass: solaris
puppetclass: solaris10
puppetclass: statcomp

# search result
search: 2
result: 0 Success


I then tried to modify puppet.conf to point to LDAP using the following lines:

ldapserver = ldapdev1.domain.com
ldapbase = dc=puppet
ldapnodes = true

I restarted puppermasterd, but now I am getting this error on the puppermaster
host as well as the puppet client host.

err: Could not find sink.domain.com with names sink.domain.com, sink

I pasted relavent debug information from the puppetmasterd and puppetd at:
http://pastie.caboo.se/105918

Has anyone seen this problem before or have any suggestions?

Thanks,
Thomas

[*snip*]


I then tried to modify puppet.conf to point to LDAP using the following lines:

ldapserver = ldapdev1.domain.com
ldapbase = dc=puppet
ldapnodes = true

I restarted puppermasterd, but now I am getting this error on the puppermaster
host as well as the puppet client host.

err: Could not find sink.domain.com with names sink.domain.com, sink

I pasted relavent debug information from the puppetmasterd and puppetd at:
http://pastie.caboo.se/105918

Has anyone seen this problem before or have any suggestions?

So in a recent upgrade to 0.23.2 I''ve seen this issue.  The
''fix'' for me was to migrate the puppetmaster configuration
from puppet.conf to puppetmasterd.conf, e.g.:

[puppetmaster]
        vardir = /foo/var/lib/puppet
        logdir = /foo/log/puppet
        rundir = /foo,/var/run/puppet
        ssldir = /foo/conf/puppet/ssl
        confdir = /foo/conf/puppet
        manifest = /foo/conf/puppet/manifests/site.pp
        masterport = 8140

[ldap]
        ldapnodes = true
        ldapserver = ldap.powerset.com
        ldapbase = ou=hostData,o=production

Once I did that, ldap storage for my nodes worked again.  I didn''t see
this with my prior install of 0.23.1

Cheers,
Ryan


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On Oct 10, 2007, at 4:59 PM, Thomas Underhill wrote:
> I restarted puppermasterd, but now I am getting this error on the  
> puppermaster host as well as the puppet client host.
>
> err: Could not find sink.domain.com with names sink.domain.com, sink
>
> I pasted relavent debug information from the puppetmasterd and  
> puppetd at: http://pastie.caboo.se/105918
>
> Has anyone seen this problem before or have any suggestions?
What do your ldap logs say?  Are you sure the master is talking to  
ldap?  If so, what queries is it making?

  --
  I don''t deserve this award, but I have arthritis and I don''t
deserve
  that either.    -- Jack Benny
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

On Oct 10, 2007, at 5:05 PM, Ryan Dooley wrote:
> So in a recent upgrade to 0.23.2 I’ve seen this issue.  The ‘fix’  
> for me was to migrate the puppetmaster configuration from  
> puppet.conf to puppetmasterd.conf, e.g.:
>
> [puppetmaster]
>         vardir = /foo/var/lib/puppet
>         logdir = /foo/log/puppet
>         rundir = /foo,/var/run/puppet
>         ssldir = /foo/conf/puppet/ssl
>         confdir = /foo/conf/puppet
>         manifest = /foo/conf/puppet/manifests/site.pp
>         masterport = 8140
>
> [ldap]
>         ldapnodes = true
>         ldapserver = ldap.powerset.com
>         ldapbase = ou=hostData,o=production
>
> Once I did that, ldap storage for my nodes worked again.  I didn’t  
> see this with my prior install of 0.23.1
The only section names that work in puppet.conf are ''main'' and
the
executable names.

If you want ldap info in your puppet.conf, it should be in the  
''puppetmaster'' section.

  --
  Learning is not attained by chance, it must be sought for with  
ardor and
  attended to with diligence.      -- Abigail Adams
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com

Yo,

The only section names that work in puppet.conf are ''main'' and
the
executable names.

If you want ldap info in your puppet.conf, it should be in the
''puppetmaster'' section.

Sigh, I typo''d myself ( [puppetmasterd] not [puppetmaster] ).

It''s not Monday still by chance right? :-)  Thanks for the clue-by-4.

Cheers,
Ryan


_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On Wed, Oct 10, 2007 at 05:43:18PM -0500, Luke Kanies wrote:
*snip
> 
> The only section names that work in puppet.conf are
''main'' and the
> executable names.
> 
> If you want ldap info in your puppet.conf, it should be in the  
> ''puppetmaster'' section.
Interesting, I moved the ldap directives from the [ldap] section to
[puppetmaster] and now I am getting these errors which help to explain the
problem.  We were using a puppet.conf that was generated by puppet and that had
the various section names such as [ldap] already in it.

notice: Starting Puppet server version 0.23.0
debug: Allowing authenticated client sink.domain.edu(x.x.x.x) access to
puppetmaster.freshness
debug: Allowing authenticated client sink.domain.edu(x.x.x.x) access to
puppetmaster.getconfig
debug: Our client is remote
notice: Could not set up LDAP Connection: Missing ruby/ldap libraries
notice: Could not set up LDAP Connection: Missing ruby/ldap libraries
info: Skipping ldap source; no ldap connection
notice: Could not set up LDAP Connection: Missing ruby/ldap libraries
info: Skipping ldap source; no ldap connection
notice: Could not set up LDAP Connection: Missing ruby/ldap libraries
info: Skipping ldap source; no ldap connection
err: Could not find sink.domain.edu with names sink.domain.edu, sink

I will head over to the Ruby/LDAP page and grab these libraries.  Thanks for the
info Luke.

-Thomas