I have reconfigured my puppet (v3.6.2) server (RHEL 7.1) into supporting environments as shown below.
/etc/puppet puppet.conf auth.conf environments Project_A modules manifests/site.pp environment.conf Project_B modules manifests/site.pp environment.conf the environment.conf files consist of
modulepath=/etc/puppet/environments/$environment/modules manifest=/etc/puppet/environments/$environment/manifests/site.pp the site.pp file for each environment consists of
include 'nodes.pp' include 'selinux.pp' include 'check_mode.pp' $puppetserver=<SERVER> Package { allow_virtual=>true, } on an agent when I run the command
puppet agent --no-daemonize --trace --debug --noop --verbose I get the error
Error: Could not retrieve catalog from remote server: Error 400 on server: Could not find class nodes for <'SERVER'> on <'SERVER'>
in /var/log/puppet/masterhttp.log i get the error
[2015-09-09 15:43:12] <'IP'> - - [2015/09/09:15:43:12 AEST] "POST /Project_A/catalog/<'SERVER'> HTTP/1.1 400 21
Each agent has the same configuration as when puppet had a single environment with the addition of 'environment = 'PROJECT_A'
If I change nodes.pp in site.pp from include to import import 'nodes.pp' the error changes to
Error: Could not retrieve catalog from remote server: Error 400 on server: Could not find class selinux.pp for <'SERVER'> on <'SERVER'>
This same structure work correctly when puppet was configured for a single environment. Under the single environment everything was configured as such:
/etc/puppet puppet.conf auth.conf environments modules manifests/site.pp I suspect that I may need to modify my auth.conf file but am at a loss as to what changes are required. Currently the file is the default configuration.
I have tried adding
path /environments allow * with no joy
and have added to fileserver.conf
path /etc/puppet/environments allow * again with no joy.
for the record the master puppet.conf file is
[main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl always_cache_features = true server = <'PUPPET SERVER'> environmentpath = $confdir/environments [master] ca = true dns_alt_names = <'SAN DNS ENTRIES'> certname = <'PUPPET MASTER'> ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY environment = master [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig environment = Project_A The agents use the same configuration file without the [master]
Can anyone see where I have made a mistake in my configuration.
UPDATE: I have started the puppetmaster in debug mode and from an agent tried to connect to the server. In the debug output this is what has made me suspect that it is auth.conf
Notice: Starting Pppet master version 3.6.2 Debug: Routes Registered Debug: Route /^\/v2\.0/ Debug: Route /.*/ Debug: Evaluating match for Route /^\/v2\.0/ Debug: Did not match path ("/Project_A/node/<SERVER A>") Debug: Evaluating match for Route /.*/ Info: access[^/catalog/([^/]+)$]: allowing 'method' find Info: access[^/catalog/([^/]+)$]: allowing $1 access Info: access[^/node/([^/]+)$]: allowing 'method' find Info: access[^/node/([^/]+)$]: allowing $1 access Info: access[/certificate_revocation_list/ca]: allowing 'method' find Info: access[/certificate_revocation_list/ca]: allowing * access Info: access[/^/report/([^/]+)$]: allowing 'method' save Info: access[/^/report/([^/]+)$]: allowing $1 access Info: access[/file]: allowing * access Info: access[/certificate/ca]: adding authentication any Info: access[/certificate/ca]: adding 'method' find Info: access[/certificate/ca]: adding * access Info: access[/certificate/]: adding authentication any Info: access[/certificate/]: adding 'method' find Info: access[/certificate/]: adding * access Info: access[/certificate_request]: adding authentication any Info: access[/certificate_request]: adding 'method' find Info: access[/certificate_request]: adding 'method' save Info: access[/certificate_request]: adding * access Info: access[/v2.0/environments]: adding 'method' find Info: access[/v2.0/environments]: adding * access Info: access[/]: adding authentication any Info: Inserting dfault '/status' (auth true) ACL Info: Caching node for <SERVER A> Debug: Failed to load library 'msgpack' for feature 'msgpack' Debug: Puppet::Network::Format [msgpack]: feature msgpack is missing Debug: node supports formats: pson b64_zlib_yaml yaml raw Debug: Routes Register: Debug: Routes /^\/v2\.0/ Debug: Route /.*/ Debug: Evaluating match for Route /^\/v2\.0/ Debug: Did not match path ("/Project_A/file_metadatas/plugins") Debug: Evaluating match for Route /.*/ UPDATE:
I have sort of got this working.
After rereading the puppetlabs docs on environments it states that there has to be an environment called production. I have thus created
/etc/puppet/environments/production | modules | manifests | environment.conf This is configured the same as the other environments although the dirs currently have no files within them.
The agent remains the same.
Now when I run the agent it runs without errors. The only thing is that it is collecting information from the puppet root /etc/puppet/modules & /etc/puppet/manifests and while the agent runs doesn't do anything if the host isn't defined in /etc/puppet/manifests/site.pp.
In the puppetmaster debug output all references to the host are defined as Project_A and there is the log entry
Notice: Compiled catalog for <'SERVER_A'> in environment Project_A in 0.00 seconds
From the agent
Notice: /Stage/[main]/ntp::Config/File[/etc/ntp.conf]/content: content changed '{md5}<md5sum>' to '{md5}<md5sum>' Info: /Stage/[main]/ntp::Config/File[/etc/ntp.conf]: Scheduling refresh of Service{ntpd} So in summary.
The client is being recognised as belonging to environment 'Project_A' on the master. Despite being configured to use the path /etc/puppet/environments/$environment/{modules|manifests/site.pp} in the 'Project_A' environment.conf file.
Is actually using /etc/puppet/{modules|manifests/site.pp}
