> Hi,
>
> I have been using func 0.24 for awhile with puppet and no problems and decided to upgrade to the latest offered from epel, 0.28. After updating I cannot get even a ping response from the func client on the master.
>
> A func ping results in [FAILED], and running a module like command results in:
> ('func.lsu.edu',
> ['REMOTE_ERROR',
> 'xmlrpclib.Fault',
> "<Fault 1: 'func.minion.codes.AccessToMethodDenied:'>"])
>
> The debug logs look like:
>
> 2011-05-23 15:26:24,453 - DEBUG - Loading func.overlord.modules.utils.utils module
> 2011-05-23 15:26:24,454 - WARNING - Could not load module
> 2011-05-23 15:26:24,454 - WARNING - ['Traceback (most recent call last):\n', ' File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108, in load_modules\n blip = __import__("%s%s" % ( mod_dir,mod_imp_name), globals(), locals(), [mod_imp_name])\n', 'ValueError: Empty module name\n']
> 2011-05-23 15:26:24,455 - DEBUG - Loading func.overlord.modules.copyfile.copyfile module
> 2011-05-23 15:26:24,541 - DEBUG - cn: func.lsu.edu sub_hash: 952665255
> 2011-05-23 15:26:24,543 - DEBUG - current acls {u'ca--1304069296': ['*', 'foo']}
> 2011-05-23 15:26:24,543 - DEBUG - hostkey func.lsu.edu-952665255
Hi Jason,
I've been probably hit by the very same problem.. The short story is
that your overlord node is not sending the right cert to identify
himself to minion.
To fix, I had to change in /etc/func/overlord.conf
#cert_file = /var/lib/puppet/ssl/certs/puppet.example.org.pem
#key_file = /var/lib/puppet/ssl/private_keys/puppet.example.org.pem
cert_file = /var/lib/puppet/ssl/certs/ca.pem
key_file = /var/lib/puppet/ssl/ca/ca_key.pem
It seems that instruction to setup Puppet/Func integration are inaccurate.
Logging problem: IMHO funcd should report authorization problem
nicely. This is how it looks now:
==> func/func.log <==
2011-06-10 13:03:26,804 - DEBUG - cn: puppet.example.org sub_hash: 710746128
2011-06-10 13:03:26,806 - DEBUG - current acls {u'ca-2990898000': ['*', 'foo']}
2011-06-10 13:03:26,806 - DEBUG - hostkey puppet.example.org-710746128
After some head-scratching I figured out that this means "Incoming
overlord cert has hash 710746128, expected cert (from implicit acl) is
2990898000".
This page was great help, btw (https://fedorahosted.org/func/wiki/FuncSecurity)
Logging on client side could be also improved. Not even on DEBUG level
you can see the response from remote end (for ping).
(desperate, I had to decrypt the session in wireshark)
> 2011-05-23 15:26:24,454 - WARNING - Could not load module
> 2011-05-23 15:26:24,454 - WARNING - ['Traceback (most recent call last):\n', ' File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108,
This WARN is totally unrelated..
Then func is walking over files to load, he will come to entry
/usr/lib/python2.4/site-packages/func/overlord/modules/__init__.py
After some processing and stripping __init__.py, he will try to execute..
import func.overlord.modules. # <-- notice the dot
.. and bomb out. That warning should be harmless.
System: RHEL5.6/Fedora14, func 0.28
Regards,
BranoZ
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
