Puppet
puppet-dashboard:無法從庫存服務中檢索事實
我正在嘗試配置 puppet-dashboard,但遇到了 Inventory/facts 的問題:
Could not retrieve facts from inventory service: 403 "Forbidden request: puppetmasterhostname(ip.address.was.here) access to /facts/agenthostname.example.com [find] at line 99 "在 puppet master 上的 /etc/puppet/auth.conf 中:
path /facts method find auth any allow *我重新啟動了 puppetmaster 和 puppet-dashboard,但仍然出現上述錯誤。任何想法或故障排除提示?
更新
我正在執行 puppet v2.7.13。根據要求,這是我的完整 /etc/puppet/auth.conf。其中大部分是配置中已經存在的預設值:
# allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 # allow nodes to retrieve their own node definition path ~ ^/node/([^/]+)$ method find allow $1 # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * # allow all nodes to store their reports path /report method save allow * # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file allow * ### Unauthenticated ACL, for clients for which the current master doesn't ### have a valid certificate; we allow authenticated users, too, because ### there isn't a great harm in letting that request through. # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * # this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any # Inventory path /facts method find auth any allow */etc/puppet/puppet.conf
[main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig [master] reports = store, http reporturl = http://puppetmasterhostname.example.com:3000/reports/upload facts_terminus = yaml storeconfigs = true storeconfigs_backend = puppetdb node_terminus = exec external_nodes = /usr/bin/env PUPPET_DASHBOARD_URL=http://localhost:3000 /opt/puppet-dashboard/bin/external_node
我的配置有以下…
path /facts auth any allow * path /fact auth any allow * path /facts_search allow *我想我也必須創建一個
namespaceauth.conf像這樣呼叫的空文件;touch /etc/puppet/namespaceauth.conf
我遇到了同樣的問題,發現第 99 行
/etc/puppet/auth.conf對應於以下內容:# this one is not stricly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any註釋掉
path /並auth any允許儀表板使用以下配置訪問庫存:path /facts auth yes method find, search allow dashboard…取自 http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html。
namespace.conf其他路徑對我來說不是必需的。