Ask Your Question
0

how to fix fresh install ERROR 400 not authorized to call search on /file_metadata/pe_modules

asked 2015-01-28 06:56:19 -0500

Matos64 gravatar image

Hi,

I am running RHEL 6.5 (clean install) and have installed puppet enterprise 3.7.1 Everything went ok during installation except running the puppet master agent (last bit of the installation process).

The agent run fails with the error below:

Level err

Message Failed to generate additional resources using 'evalgenerate': Error 400 on SERVER: Not authorized to call search on /filemetadata/pemodules with {:links=>"manage", :recurse=>true, :checksumtype=>"md5"}

Source /Stage[main]/Puppetenterprise::Profile::Master/File[/opt/puppet/share/puppetenterprise/pe_modules]

File /opt/puppet/share/puppet/modules/puppet_enterprise/manifests/profile/master.pp

Line 177

I have already added the lines below to the auth.conf file but I am still having the same error.

path /file_metadata auth any allow *

This is a clean VM with no internet access where I just installed puppet enterprise 3.7.1 (Monolithic installation)

Thanks,

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-02-02 10:59:14 -0500

camlow325 gravatar image

This likely is a file permissions issue.

The [pe_modules] mount in your "/etc/puppetlabs/puppet/fileserver.conf" file is likely defined after installation as:

[pe_modules]
path /opt/puppet/share/installer/modules
allow *

In order for an agent run to succeed, the "/opt/puppet/share/installer/modules" directory would need to be readable by the user that the Puppet Server master runs -- pe-puppet. Up to the 3.7.1 release of Puppet Enterprise, the permissions on the "/opt/puppet/share/installer/modules" directory were not explicitly set during installation and so if you have a more restrictive default umask that forbids "Other/World" users from reading the directory, you could encounter the "Not authorized to call search" error during agent runs.

In order for agent runs to succeed, the permissions on the directory should be:

# ls -dl /opt/puppet/share/installer/modules/
drwxr-xr-x 2 root root 4096 Jan 28 13:39 modules

Another sign that this may be permissions related is if you see a message like the following appear in the /var/log/pe-puppetserver/puppetserver.log file during the first agent run after the pe-puppetserver service is first started:

2015-01-16 11:33:37,516 ERROR [puppet-server] Puppet Removing mount "pe_modules": /opt/puppet/share/installer/modules is not readable

If this is the problem, try granting o+rx to "/opt/puppet/share/installer/modules", restart the Puppet Server service (service pe-puppetserver restart), and perform another agent run to see if the problem is still present.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-01-28 06:56:19 -0500

Seen: 2,804 times

Last updated: Feb 02 '15