Error I'm getting on flow1 wrt GeoIP module...
err: /Stage[main]/Geoip::Data::Puppet/File[/usr/share/GeoIP]: Failed to
generate additional resources using 'eval_generate: Error 400 on SERVER:
Not authorized to call search on /file_metadata/volatile/GeoIP with
{:recurse=>true, :checksum_type=>"md5", :links=>"manage"}
err: /Stage[main]/Geoip::Data::Puppet/File[/usr/share/GeoIP]: Could not
evaluate: Error 400 on SERVER: Not authorized to call find on
/file_metadata/volatile/GeoIP Could not retrieve file metadata for
puppet:///volatile/GeoIP: Error 400 on SERVER: Not authorized to call find
on /file_metadata/volatile/GeoIP at
/etc/puppet/modules/geoip/manifests/data/puppet.pp:22
It's referencing
class geoip::data::puppet(
$source = 'puppet:///volatile/GeoIP',
$data_directory = '/usr/share/GeoIP',
)
It seems that it cannot do a recursive file copy from the volatile storage??
Any guidance here?
Cheers,
Joel
Description
Details
- Reference
- rt6638
Event Timeline
On Tue Jan 14 19:19:11 2014, jkrauska wrote:
Error I'm getting on flow1 wrt GeoIP module...
I'm having trouble even testing the current setup:
root@flow1:/etc/puppet# puppetd -tv Exiting; no certificate found and
waitforcert is disabled
Where did you get the 400 exactly?
sorry.
flow1 is hosed...
I tried to go from role::puppet::self to normal and I think that's a dead
end.
Building a flow2 later today.
But I did find geoip:data:lite (or something similar worked for lite geoip..
(base issue seemed to be accessing the volatile store from labs??)
I will try to recreate for you.
Cheers,
J
On Wed, Jan 15, 2014 at 8:35 AM, Marc-André Pelletier via RT <
<ops-requests at wikimedia>
I'm having trouble even testing the current setup:
root@flow1:/etc/puppet# puppetd -tv Exiting; no certificate found and
waitforcert is disabled
Where did you get the 400 exactly?
Faidon, will geoip::data::puppet work in labs? Probaby not, right?
If not, you Joel, you probably want to include:
geoip::bin
geoip::data::package
Those would be the easiest for a simple geoip setup.
On Mon, Jan 27, 2014 at 09:46:00PM +0000, Andrew Otto via RT wrote:
Faidon, will geoip::data::puppet work in labs? Probaby not, right?
It's supposed to. It needs someone to fix it, I suspect just
wrong/inconsistent Labs puppetmaster config with regards to the
fileserver. I encouraged Joel to fill this ticket so that the Labs
people can have a look :)
On Tue Jan 28 10:39:23 2014, faidon wrote:
On Mon, Jan 27, 2014 at 09:46:00PM +0000, Andrew Otto via RT wrote:
Faidon, will geoip::data::puppet work in labs? Probaby not, right?
It's supposed to. It needs someone to fix it, I suspect just
wrong/inconsistent Labs puppetmaster config with regards to the
fileserver. I encouraged Joel to fill this ticket so that the Labs
people can have a look :)
I am giving this to Marc as he's point person for labs.
On Wed Apr 16 12:51:33 2014, aotto wrote:
This might be fixed now. See:
Hashar confirms it works now, closing.
Hmm.. but today in 2020, when putting deployment_server role on a fresh cloud VPS instance on stretch:
Error: /Stage[main]/Geoip::Data::Puppet/File[/usr/share/GeoIP]: Failed to generate additional resources using 'eval_generate': Error 500 on SERVER: Server Error: Permission denied @ rb_sysopen - /var/lib/puppet/volatile/GeoIP/.geoipupdate.lock
And that "include puppet::self::geoip" does not seem to exist anymore.
Searching for that made me find this old ticket. And it's not public. It is under WMF-NDA only because it's an RT import.
I would like to make it public.
Mentioned in SAL (#wikimedia-cloud) [2020-05-07T09:24:09Z] <mutante> - cloud puppetmasters still affected by https://phabricator.wikimedia.org/T83447#5807825
I wonder if modules/puppetmaster/manifests/geoip.pp's file { $geoip_destdir: should set owner/groups. Right now:
root@cloud-puppetmaster-03:~# ls -lh /var/lib/puppet/volatile total 8.0K drwxr-xr-x 2 root root 4.0K Apr 5 2019 GeoIP drwxr-x--- 2 root puppet 4.0K Apr 5 2019 misc
Although come the thought of it, those permissions should let puppet access it?