Just a little snippet. I'm working with puppet, and foreman. Im working through the Pro Puppet book from APress. In the first section, they have me create a sudo module, which will pull /etc/sudoers from a puppet file bucket, and put it in place on the agent. I was running into the following error.
[root@kstest DEV ~]# puppet agent --test info: Caching catalog for kstest.dev. info: Applying configuration version '1377612144' err: /File[/etc/sudoers]: Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/files /common/sudo/etc/sudoers Could not retrieve file metadata for puppet://masterofpuppet.dev/files/common/sudo/etc /sudoers: Error 400 on SERVER: Not authorized to call find on /file_metadata/files/common/sudo/etc/sudoers at /etc/puppet/environments/development/modules/sudo/manifests/init.pp:19 notice: Finished catalog run in 0.40 seconds
I did a little digging online, and found two things.
1. I needed to allow access in /etc/puppet/fileserver.conf. It ended up like this:
[files] path /var/lib/puppet/files allow *
Which is wide open, I'll be reigning that in later.
However, there was a second piece to the puzzle. And that's in the file_metadata path above. I found a thread on Puppet-users mailing list regarding the problem. It came down to adding another block to /etc/puppet/auth.conf that looks like this:
path ~ ^/file_(metadata|content)/files/ auth yes allow 192.168.0.0/16
I added this right below the definition for the path /file, so it looks like this:
# unconditionally allow access to all file services # which means in practice that fileserver.conf will # still be used path /file allow * path ~ ^/file_(metadata|content)/files/ auth yes allow 192.168.0.0/16
I also ended up resetting permissions on /var/lib/puppet/files to puppet:puppet.
This did the trick! No restart of puppetmasterd required btw, it must be read on the fly.