Page MenuHomePhabricator

GeoIP Puppet Module Fails in Labs
Closed, ResolvedPublic

Description

Error I'm getting on flow1 wrt GeoIP module...
err: /Stage[main]/Geoip::Data::Puppet/File[/usr/share/GeoIP]: Failed to
generate additional resources using 'eval_generate: Error 400 on SERVER:
Not authorized to call search on /file_metadata/volatile/GeoIP with
{:recurse=>true, :checksum_type=>"md5", :links=>"manage"}
err: /Stage[main]/Geoip::Data::Puppet/File[/usr/share/GeoIP]: Could not
evaluate: Error 400 on SERVER: Not authorized to call find on
/file_metadata/volatile/GeoIP Could not retrieve file metadata for
puppet:///volatile/GeoIP: Error 400 on SERVER: Not authorized to call find
on /file_metadata/volatile/GeoIP at
/etc/puppet/modules/geoip/manifests/data/puppet.pp:22
It's referencing
class geoip::data::puppet(
$source = 'puppet:///volatile/GeoIP',
$data_directory = '/usr/share/GeoIP',
)
It seems that it cannot do a recursive file copy from the volatile storage??
Any guidance here?
Cheers,
Joel

Details

Reference
rt6638

Event Timeline

rtimport raised the priority of this task from to Medium.Dec 18 2014, 1:48 AM
rtimport set Reference to rt6638.

On Tue Jan 14 19:19:11 2014, jkrauska wrote:

Error I'm getting on flow1 wrt GeoIP module...

I'm having trouble even testing the current setup:
root@flow1:/etc/puppet# puppetd -tv Exiting; no certificate found and
waitforcert is disabled
Where did you get the 400 exactly?

Status changed from 'new' to 'open' by RT_System

sorry.
flow1 is hosed...
I tried to go from role::puppet::self to normal and I think that's a dead
end.
Building a flow2 later today.
But I did find geoip:data:lite (or something similar worked for lite geoip..
(base issue seemed to be accessing the volatile store from labs??)
I will try to recreate for you.
Cheers,
J
On Wed, Jan 15, 2014 at 8:35 AM, Marc-André Pelletier via RT <
<ops-requests at wikimedia>

I'm having trouble even testing the current setup:

root@flow1:/etc/puppet# puppetd -tv Exiting; no certificate found and
waitforcert is disabled
Where did you get the 400 exactly?

Faidon, will geoip::data::puppet work in labs? Probaby not, right?
If not, you Joel, you probably want to include:
geoip::bin
geoip::data::package
Those would be the easiest for a simple geoip setup.

On Mon, Jan 27, 2014 at 09:46:00PM +0000, Andrew Otto via RT wrote:

Faidon, will geoip::data::puppet work in labs? Probaby not, right?

It's supposed to. It needs someone to fix it, I suspect just
wrong/inconsistent Labs puppetmaster config with regards to the
fileserver. I encouraged Joel to fill this ticket so that the Labs
people can have a look :)

On Tue Jan 28 10:39:23 2014, faidon wrote:

On Mon, Jan 27, 2014 at 09:46:00PM +0000, Andrew Otto via RT wrote:

Faidon, will geoip::data::puppet work in labs? Probaby not, right?

It's supposed to. It needs someone to fix it, I suspect just
wrong/inconsistent Labs puppetmaster config with regards to the
fileserver. I encouraged Joel to fill this ticket so that the Labs
people can have a look :)

I am giving this to Marc as he's point person for labs.

This might be fixed now. See:
https://gerrit.wikimedia.org/r/#/c/121677/

On Wed Apr 16 12:51:33 2014, aotto wrote:

This might be fixed now. See:

https://gerrit.wikimedia.org/r/#/c/121677/

Hashar confirms it works now, closing.

Status changed from 'open' to 'resolved' by ariel

Hmm.. but today in 2020, when putting deployment_server role on a fresh cloud VPS instance on stretch:

Error: /Stage[main]/Geoip::Data::Puppet/File[/usr/share/GeoIP]: Failed to generate additional resources using 'eval_generate': Error 500 on SERVER: Server Error: Permission denied @ rb_sysopen - /var/lib/puppet/volatile/GeoIP/.geoipupdate.lock

And that "include puppet::self::geoip" does not seem to exist anymore.

Searching for that made me find this old ticket. And it's not public. It is under WMF-NDA only because it's an RT import.

I would like to make it public.

Ran into the same issue again today. Any concerns about making it public?

Dzahn changed the visibility from "WMF-NDA (Project)" to "Public (No Login Required)".May 7 2020, 9:22 AM
Dzahn changed the edit policy from "WMF-NDA (Project)" to "All Users".

I wonder if modules/puppetmaster/manifests/geoip.pp's file { $geoip_destdir: should set owner/groups. Right now:

root@cloud-puppetmaster-03:~# ls -lh /var/lib/puppet/volatile
total 8.0K
drwxr-xr-x 2 root root   4.0K Apr  5  2019 GeoIP
drwxr-x--- 2 root puppet 4.0K Apr  5  2019 misc

Although come the thought of it, those permissions should let puppet access it?