I want to manage the contents of the carbon.conf file using Augeas from Puppet. I have used Augeas before in Puppet for managing an xml file and that worked great.
However this time when the puppet catalog is applied, nothing happens to the carbon.conf file. There is also no error in the log.
Here's my code in the puppet manifest file:
augeas { 'cache config':
notify => Service[carbon-cache],
incl => '/opt/graphite/conf/carbon.conf',
context => '/cache',
lens => 'Carbon.lns',
changes => [
"set UDP_RECEIVER_PORT 2013",
"set LINE_RECEIVER_PORT 2013",
"set PICKLE_RECEIVER_PORT 2014",
];
}
And in the debug log I can see the following:
Debug: Augeas[cache config](provider=augeas): Opening augeas with root /, lens path /var/lib/puppet/lib/augeas/lenses, flags 64
Debug: Augeas[cache config](provider=augeas): Augeas version 1.0.0 is installed
Debug: Augeas[cache config](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[cache config](provider=augeas): sending command 'set' with params ["/cache/UDP_RECEIVER_PORT", "2013"]
Debug: Augeas[cache config](provider=augeas): sending command 'set' with params ["/cache/LINE_RECEIVER_PORT", "2013"]
Debug: Augeas[cache config](provider=augeas): sending command 'set' with params ["/cache/PICKLE_RECEIVER_PORT", "2014"]
Debug: Augeas[cache config](provider=augeas): Skipping because no files were changed
Debug: Augeas[cache config](provider=augeas): Closed the augeas connection
What am I missing here?
I also noticed that when using augtool from the command line the ls /files/ command only lists the following folders
augtool> ls /files/
etc/ = (none)
usr/ = (none)
boot/ = (none)
I would also expect to see /opt here...
Context needs to contain the full path to the base node you want for relative paths. In your case, I'm guessing you want context to be /files/opt/graphite/conf/carbon.conf/cache
Related
I am trying to install jdk rpm via Puppet. I have tried lot of manifests but none of them working.
At this moment, I have manifest like this
class java {
#file {' Java 8 rpm file':
#source => 'puppet:///modules/java/jdk-8u161-linux-x64.rpm',
#}
package { 'jdk-8u161-linux-x64.rpm':
ensure => 'present',
provider => 'rpm',
source => '/etc/puppetlabs/code/environments/production/modules/java/jdk-8u161-linux-x64.rpm',
}
}
And I am getting below error
[root#sahasraarchi ~]# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for sahasraarchi.devmac.com
Info: Applying configuration version '1517758835'
Error: Execution of '/usr/bin/rpm -i /etc/puppetlabs/code/environments/production/modules/java/jdk-8u161-linux-x64.rpm' returned 1: error: open of /etc/puppetlabs/code/environments/production/modules/java/jdk-8u161-linux-x64.rpm failed: No such file or directory
Error: /Stage[main]/Java/Package[jdk-8u161-linux-x64.rpm]/ensure: change from absent to present failed: Execution of '/usr/bin/rpm -i /etc/puppetlabs/code/environments/production/modules/java/jdk-8u161-linux-x64.rpm' returned 1: error: open of /etc/puppetlabs/code/environments/production/modules/java/jdk-8u161-linux-x64.rpm failed: No such file or directory
Notice: Applied catalog in 2.01 seconds
[root#sahasraarchi ~]#
Seems I have missed basic point here. Source at package attribute is always referring the address on Puppet-agent. i.e to where file copying to remote machine before its getting installed.
class java {
file {' /tmp/jdk-8u161-linux-x64.rpm':
source => 'puppet:///modules/java/jdk-8u161-linux-x64.rpm',
}
package { 'jdk-8u161-linux-x64.rpm':
ensure => 'present',
provider => 'rpm',
source => '/tmp/jdk-8u161-linux-x64.rpm',
require => File["/tmp/jdk-8u161-linux-x64.rpm"],
}
}
Will install the rpm at Puppet-agent.
This is the code I have in my puppetmaster
class mediawiki {
$phpmysql = $osfamily ? {
'redhat' => 'php-mysql',
'debian' => 'php5-mysql',
default => 'php-mysql',
}
package { $phpmysql:
ensure => 'present',
}
if $osfamily == 'redhat' {
package {'php-xml':
ensure => 'present',
}
}
class { '::apache':
docroot => '/var/www/html',
mpm_module => 'prefork',
subscribe => Package[$phpmysql],
}
class { '::apache::mod::php': }
vcsrepo {'/var/www/html':
ensure => 'present',
provider => 'git',
source => "https://github.com/wikimedia/mediawiki.git",
revision => 'REL1_23',
}
And when I execute puppet agent with debug enabled as below
puppet agent --debug --verbose --no-daemonize --onetime
I could see that CentOS and Ubuntu puppet agents are sending request to Git in different ways and for Ubuntu I am able to pull the code from Git but for CentOS its failing with wrong revision number as below
Error: /Stage[main]/Mediawiki/Vcsrepo[/var/www/html]: Could not evaluate: Execution of '/usr/bin/git rev-parse HEAD' returned 128: fatal: ambiguous argument 'HEAD': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions
HEAD
CentOS Debug Log
Debug: /Stage[main]/Linux/File[/info.txt]: The container Class[Linux] will propagate my refresh event
Debug: /Stage[main]/Mediawiki/File[/var/www/html/index.html]: Nothing to manage: no ensure and the resource doesn't exist
Debug: Executing '/usr/bin/git config --get remote.origin.url'
Debug: Executing '/usr/bin/git remote'
Debug: Executing '/usr/bin/git config --get remote.origin.url'
Debug: Executing '/usr/bin/git fetch origin'
Debug: Executing '/usr/bin/git fetch --tags origin'
Debug: Executing '/usr/bin/git rev-parse HEAD'
Error: /Stage[main]/Mediawiki/Vcsrepo[/var/www/html]: Could not evaluate: Execution of '/usr/bin/git rev-parse HEAD' returned 128: fatal: ambiguous argument 'HEAD': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions
HEAD
Ubuntu Debug Log
Debug: /Stage[main]/Mediawiki/File[/var/www/html/index.html]: Nothing to manage: no ensure and the resource doesn't exist
Debug: Executing '/usr/bin/git config --get remote.origin.url'
Debug: Executing '/usr/bin/git remote'
Debug: Executing '/usr/bin/git config --get remote.origin.url'
Debug: Executing '/usr/bin/git fetch origin'
Debug: Executing '/usr/bin/git fetch --tags origin'
Debug: Executing '/usr/bin/git rev-parse HEAD'
Debug: Executing '/usr/bin/git tag -l'
Debug: Executing '/usr/bin/git branch -a'
Debug: Executing '/usr/bin/git rev-parse REL1_23'
Dont know why CentOS looking it differently.
Thank you.
My internet connection broken while trying for my first checkout with git into /var/www/html directory and from 2nd attempt onward I have received that error.
I have removed complete /var/www/html with
rm -rf /var/www/html
and issued
puppet agent --verbose --no-daemonize --onetime
and its worked fine.
Trying out puppet-acl module on Windows Server 2016, Preview5. I'm getting the weirdest error on the second puppet run. If i remove the trnsactionstore.yaml file, and re-run the puppet agent, the behavior is repeatable. Im running puppet4 with latest agent version.
This is my codeblock
acl { "c:/temp":
permissions => [
{ identity => 'Administrator', rights => ['full'] },
{ identity => 'Users', rights => ['read','execute'] }
],
}
This is the output from the puppet-run.
PS C:\ProgramData\PuppetLabs\puppet\cache\state> puppet agent -t
Info: Using configured environment 'local'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for opslowebf02n02.local
Error: Transaction store file C:/ProgramData/PuppetLabs/puppet/cache/state/transactionstore.yaml is corrupt (wrong number of arguments (0 for 1..2)); replacing
Error: Transaction state file C:/ProgramData/PuppetLabs/puppet/cache/state/transactionstore.yaml is valid YAML but not returning a hash. Check the file for corruption, or remove it before continuing.
Info: Applying configuration version '1471436916'
Notice: /Stage[main]/platform_base_system::Role::Windows/Exec[check-powershell-exection-policy]/returns: executed successfully
Notice: /Stage[main]/configs_iis::Profile::Default/Exec[check-iis-global-anonymous-authentication]/returns: executed successfully
Notice: Applied catalog in 7.42 seconds
In the transactionstore.yaml file, this is the error section:
Acl[c:/temp]:
parameters:
permissions:
system_value:
- !ruby/hash:Puppet::Type::Acl::Ace {}
- !ruby/hash:Puppet::Type::Acl::Ace {}
inherit_parent_permissions:
system_value: :true
This has been resolved by dowwngrading the puppet agent to 4.5.3.
Behavior of the 4.6.0 version must have changed.
With 4.5.3 i still see the error in the logfile, but the puppetrun does not fail
I'll try to talk to the people at puppet about this.
Acl[c:/temp]:
parameters:
permissions:
system_value:
- !ruby/hash:Puppet::Type::Acl::Ace {}
- !ruby/hash:Puppet::Type::Acl::Ace {}
inherit_parent_permissions:
system_value: :true
This is being tracked as https://tickets.puppetlabs.com/browse/PUP-6629. It's almost coincidental that you created https://tickets.puppetlabs.com/browse/PUP-6630 right afterwards.
I'm running puppet 2.7.26 because that's what the redhat package provides.
I'm trying to serve files that are NOT stored within any puppet modules. The files are maintained in another location on the puppet server, and that is where I need to serve them from.
I have this in my /etc/puppet/fileserver.conf
[files]
path /var/www/cobbler/pub
allow *
And then I have a class file like this:
class etchostfile
(
$hostfile /* declare that this class has one parameter */
)
{
File
{
owner => 'root',
group => 'root',
mode => '0644',
}
file { $hostfile :
ensure => file,
source => "puppet:///files/hosts-${hostfile}.txt",
path => '/root/hosts',
}
}
But when my node calls
class { 'etchostfile' :
hostfile => foo,
}
I get this error
err: /Stage[main]/Etchostfile/File[foo]: Could not evaluate: Error 400
on SERVER: Not authorized to call find on
/file_metadata/files/hosts-foo.txt with {:links=>"manage"} Could not
retrieve file metadata for puppet:///files/hosts-foo.txt: Error 400 on
SERVER: Not authorized to call find on
/file_metadata/files/hosts-foo.txt with {:links=>"manage"} at
/etc/puppet/modules/etchostfile/manifests/init.pp:27
This post
https://viewsby.wordpress.com/2013/04/05/puppet-error-400-on-server-not-authorized-to-call-find/
indicates that this is all I need to do. But I must be missing something.
UPDATE
When I run the master in debug mode, I get no error.
The master responds thusly:
info: access[^/catalog/([^/]+)$]: allowing 'method' find
info: access[^/catalog/([^/]+)$]: allowing $1 access
info: access[^/node/([^/]+)$]: allowing 'method' find
info: access[^/node/([^/]+)$]: allowing $1 access
info: access[/certificate_revocation_list/ca]: allowing 'method' find
info: access[/certificate_revocation_list/ca]: allowing * access
info: access[^/report/([^/]+)$]: allowing 'method' save
info: access[^/report/([^/]+)$]: allowing $1 access
info: access[/file]: allowing * access
info: access[/certificate/ca]: adding authentication any
info: access[/certificate/ca]: allowing 'method' find
info: access[/certificate/ca]: allowing * access
info: access[/certificate/]: adding authentication any
info: access[/certificate/]: allowing 'method' find
info: access[/certificate/]: allowing * access
info: access[/certificate_request]: adding authentication any
info: access[/certificate_request]: allowing 'method' find
info: access[/certificate_request]: allowing 'method' save
info: access[/certificate_request]: allowing * access
info: access[/]: adding authentication any
info: Inserting default '/status' (auth true) ACL because none were found in '/etc/puppet/auth.conf'
info: Expiring the node cache of agent.redacted.com
info: Not using expired node for agent.redacted.com from cache; expired at Thu Aug 13 14:18:48 +0000 2015
info: Caching node for agent.redacted.com
debug: importing '/etc/puppet/modules/etchostfile/manifests/init.pp' in environment production
debug: Automatically imported etchostfile from etchostfile into production
debug: File[foo]: Adding default for selrange
debug: File[foo]: Adding default for group
debug: File[foo]: Adding default for seluser
debug: File[foo]: Adding default for selrole
debug: File[foo]: Adding default for owner
debug: File[foo]: Adding default for mode
debug: File[foo]: Adding default for seltype
notice: Compiled catalog for agent.redacted.com in environment production in 0.11 seconds
info: mount[files]: allowing * access
debug: Received report to process from agent.redacted.com
debug: Processing report from agent.redacted.com with processor Puppet::Reports::Store
and the agent responds thusly:
info: Caching catalog for agent.redacted.com
info: Applying configuration version '1439475588'
notice: /Stage[main]/Etchostfile/File[foo]/ensure: defined content as '{md5}75125a96a68a0ff0d42f91f10dca8336'
notice: Finished catalog run in 0.42 seconds
and the file is properly installed/updated.
So it works when the master is in debug mode, but it errors when the master is in standard (?) mode. I can go back and forth, in and out of debug mode at will, and it works every time in debug mode, and it fails every time in standard mode.
UPDATE 2
Running puppetmasterd from the command line, and everything works.
Running service puppetmaster start or /etc/init.d/puppetmaster start from the command line, and it fails. So at least I'm getting closer.
/etc/sysconfig/puppetmaster is entirely commented out. So as of now, I do not see any difference between just starting puppetmasterd and using the service script.
UPDATE 3
I think it's an SELinux problem.
With SELinux "enforcing" on the master, service puppetmaster restart, and I get the error.
I change SELinux to "Permissive" on the master, and I still get the error.
But now that SELinux is set to Permissive, if I service puppetmaster restart, my files get served properly.
But now that it's working, I set SELinux to Enforcing, and I get a different error:
err: /Stage[main]/Etchostfile/File[foo]: Could not evaluate: Could not
retrieve information from environment production source(s)
puppet:///files/hosts-foo.txt at
/etc/puppet/modules/etchostfile/manifests/init.pp:27
Then I do a service puppetmaster restart and I'm back to the original error.
So the situation changes depending on
how I started the service (puppetmasterd or service)
what SELinux was set to when I started the service
what SELinux is set to when the agent runs.
The closer I get, the more confused I get.
UPDATE 4
I think I found it. Once I started looking at SELinux, I found the policy changes I needed to make (allowing ruby/puppet to access cobbler files) and now it appears to be working...
This turned out to be an SELinux problem. I eventually found this error message
SELinux is preventing /usr/bin/ruby from read access
on the file /var/www/cobbler/pub/hosts-foo.txt .
which led me to the audit2allow rules I needed to apply to allow puppet to access my cobbler files.
I was getting this error with puppet server on ubuntu 20.
Error: /Stage[main]/Dvod_tocr/File[/install/wine-data.tar.gz]: Could not evaluate: Could not retrieve file metadata for puppet:///extra_files/wine-data.tar.gz: Error 500 on SERVER: Server Error: Not authorized to call find on /file_metadata/extra_files/wine-data.tar.gz with {:rest=>"extra_files/wine-data.tar.gz", :links=>"manage", :checksum_type=>"sha256", :source_permissions=>"ignore"}
My fileserver.conf file was in the wrong location. The correct location for this puppet version and on ubuntu 20 is /etc/puppetlabs/puppet/fileserver.conf
I'm trying to compile protocol buffers code using the maven protoc plugin and a protoc executable that I built inside Cygwin. I can't do this from Cygwin or from the Windows command line. Below is the output that I get when I run it in Windows, but the error is identical when running from Cygwin. I find this strange because if the issue was with path translation then I'd expect one of them to work. Is it possible that the fact that the executable was built with Cygwin's g++ could affect things? (To state the obvious, the directory in question does exist.)
Edit: I get the same error when I take maven out of the picture and just invoke protoc by hand.
Edit 2: I can fix this by invoking protoc by hand from Cygwin using relative or absolute paths (but tilde-expansion does not work). Invoking protoc by hand from Windows using relative or absolute paths continues to give the same error.
[DEBUG] (f) outputDirectory = c:\cygwin64\home\dan\code\server\protocol\target\generated-sources\protobuf\java
[DEBUG] (f) project = MavenProject: server:protocol:1.0-SNAPSHOT # c:\cygwin64\home\dan\code\server\protocol\pom.xml
[DEBUG] (f) protoSourceRoot = c:\cygwin64\home\dan\code\server\protocol\src\main\proto
[DEBUG] (f) protocPluginDirectory = c:\cygwin64\home\dan\code\server\protocol\target\protoc-plugins
[DEBUG] (f) remoteRepositories = [
id: central
url: https://repo.maven.apache.org/maven2
layout: default snapshots: [enabled => false, update => daily]
releases: [enabled => true, update => daily]
]
[DEBUG] (f) session = org.apache.maven.execution.MavenSession#24fb6a80
[DEBUG] (f) skip = false
[DEBUG] (f) staleMillis = 0
[DEBUG] (f) temporaryProtoFileDirectory = c:\cygwin64\home\dan\code\server\protocol\target\protoc-dependencies
[DEBUG] (f) writeDescriptorSet = false
[DEBUG] -- end configuration --
[WARNING] No 'protocExecutable' parameter is configured, using the default: 'protoc'
[DEBUG] Proto source root:
[DEBUG] c:\cygwin64\home\dan\code\server\protocol\src\main\proto
[DEBUG] [PROTOC] Executable:
[DEBUG] [PROTOC] protoc
[DEBUG] [PROTOC] Protobuf import paths:
[DEBUG] [PROTOC] c:\cygwin64\home\dan\code\server\protocol\src\main\proto [DEBUG] [PROTOC] Java output directory:
[DEBUG] [PROTOC] c:\cygwin64\home\dan\code\server\protocol\target\generated-sources\protobuf\java
[DEBUG] [PROTOC] Protobuf descriptors:
[DEBUG] [PROTOC] c:\cygwin64\home\dan\code\server\protocol\src\main\proto\message.proto
[DEBUG] [PROTOC] Command line options:
[DEBUG] [PROTOC]
--proto_path=c:\cygwin64\home\dan\code\server\protocol\src\main\proto
--java_out=c:\cygwin64\home\dan\code\server\protocol\target\generated-sources\protobuf\java
c:\cygwin64\home\dan\code\server\protocol\src\main\proto\message.proto
[INFO] Compiling 1 proto file(s) to c:\cygwin64\home\dan\code\server\protocol\target\generated-sources\protobuf\java
[ERROR] PROTOC FAILED: c: warning: directory does not exist. c:\cygwin64\home\dan\code\server\protocol\src\main\proto\message.proto: File does not reside within any path specified using --proto_path (or -I). You must specify a --proto_path which encompasses this file. Note that the proto_path must be an exact prefix of the .proto file names -- protoc is too dumb to figure out when two paths (e.g. absolute and relative) are equivalent (it's harder than you think).
Executables that you build using Cygwin will depend on the full Cygwin environment and will behave as Cygwin programs, regardless of how you execute them. That is, if you execute a Cygwin program from the non-Cygwin shell, it will still behave as a Cygwin program. Cygwin programs do not accept Windows-style paths that use backslashes an drive letters; you need to use e.g. /cygdrive/c/ instead of c:\.
In general, you should not attempt to use Cygwin-compiled command-line tools from a non-Cygwin shell. Instead, try building protoc using MSVC or MinGW, or use the pre-built Windows binaries that Google provides.