Hello there I must be blind because i just can''t find what i''m looking for anywhere: 1) file_metadata - i get stacks and stacks of messages telling me: Jun 21 07:49:46 tangelo puppetmasterd[29585]: Could not find file_metadata for ''modules/redhat-monit/service_groups/etc/monit.d/ logging.logCluster'' Jun 21 07:49:46 tangelo puppetmasterd[29585]: Could not find file_metadata for ''modules/redhat-monit/service_groups/etc/monit.d/ crond.logCluster'' Jun 21 07:49:46 tangelo puppetmasterd[29416]: Could not find file_metadata for ''modules/shared-ntp_conf/service_groups/ntp.conf.'' Jun 21 07:49:46 tangelo puppetmasterd[29585]: Could not find file_metadata for ''modules/redhat-monit/service_groups/etc/monit.d/ sysctl.logCluster'' This appears to be mostly for files that do not exist because in a lot of my configurations i tell puppet to deploy the first available of three files: modules/<module name>/files/nodes/<filename>.$fqdn modules/<module name>/files/service_groups/<filename>.$service_group modules/<module name>/files/<filename> I''m guessing this is puppet''s way of telling me i''m asking for something that doesn''t exist. Is there a way to disable this noise? (short of creating files i don''t want/need). This used to fail quietly, which was good. The reason i did this was because someone (I thought Luke ?) said this drop through was a feature ... If there is an alternate way, I''m all ears. 2) searching for information on this i found references on auth.conf which (because i deploy an RPM) is generated for me. However it is a default file, and i''d love to know what to put in it. I can''t find any documentation on the subject. Anyone have a link for me to look at please? Cheers chakkerz -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Jun 20, 2010, at 2:57 PM, chakkerz wrote:> 2) searching for information on this i found references on auth.conf > which (because i deploy an RPM) is generated for me. However it is a > default file, and i''d love to know what to put in it. I can''t find any > documentation on the subject. Anyone have a link for me to look at > please? >The default auth.conf that comes with Ubuntu is pretty simple. Every client can see every file in every module. I''m guessing that yours is similar. If you don''t want every client to see every file in every module, you might want to change auth.conf. The example auth.conf that came with Ubuntu is 2.3k and very well commented. Would posting that help? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> The example auth.conf that came with Ubuntu is 2.3k and very well commented. Would posting that help?If you''ve got one handy, yes :) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Jun 20, 2010, at 5:56 PM, chakkerz wrote:>> The example auth.conf that came with Ubuntu is 2.3k and very well commented. Would posting that help? > > If you''ve got one handy, yes :) ># This is an example auth.conf file, it mimics the puppetmasterd defaults # # The ACL are checked in order of appearance in this file. # # Supported syntax: # This file supports two different syntax depending on how # you want to express the ACL. # # Path syntax (the one used below): # --------------------------------- # path /path/to/resource # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The path is matched as a prefix. That is /file match at # the same time /file_metadat and /file_content. # # Regex syntax: # ------------- # This one is differenciated from the path one by a ''~'' # # path ~ regex # [environment envlist] # [method methodlist] # [auth[enthicated] {yes|no|on|off|any}] # allow [host|ip|*] # deny [host|ip] # # The regex syntax is the same as ruby ones. # # Ex: # path ~ .pp$ # will match every resource ending in .pp (manifests files for instance) # # path ~ ^/path/to/resource # is essentially equivalent to path /path/to/resource # # environment:: restrict an ACL to a specific set of environments # method:: restrict an ACL to a specific set of methods # auth:: restrict an ACL to an authenticated or unauthenticated request # the default when unspecified is to restrict the ACL to authenticated requests # (ie exactly as if auth yes was present). # ### Authenticated ACL - those applies only when the client ### has a valid certificate and is thus authenticated # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn''t ### have a valid certificate # allow access to the master CA path /certificate/ca auth no method find allow * path /certificate/ auth no method find allow * path /certificate_request auth no method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.