> Hi, > > I have been using func 0.24 for awhile with puppet and no problems and decided to upgrade to the latest offered from epel, 0.28. After updating I cannot get even a ping response from the func client on the master. > > A func ping results in [FAILED], and running a module like command results in: > ('func.lsu.edu', > ['REMOTE_ERROR', > 'xmlrpclib.Fault', > "<Fault 1: 'func.minion.codes.AccessToMethodDenied:'>"]) > > The debug logs look like: > > 2011-05-23 15:26:24,453 - DEBUG - Loading func.overlord.modules.utils.utils module > 2011-05-23 15:26:24,454 - WARNING - Could not load module > 2011-05-23 15:26:24,454 - WARNING - ['Traceback (most recent call last):\n', ' File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108, in load_modules\n blip = __import__("%s%s" % ( mod_dir,mod_imp_name), globals(), locals(), [mod_imp_name])\n', 'ValueError: Empty module name\n'] > 2011-05-23 15:26:24,455 - DEBUG - Loading func.overlord.modules.copyfile.copyfile module > 2011-05-23 15:26:24,541 - DEBUG - cn: func.lsu.edu sub_hash: 952665255 > 2011-05-23 15:26:24,543 - DEBUG - current acls {u'ca--1304069296': ['*', 'foo']} > 2011-05-23 15:26:24,543 - DEBUG - hostkey func.lsu.edu-952665255 Hi Jason, I've been probably hit by the very same problem.. The short story is that your overlord node is not sending the right cert to identify himself to minion. To fix, I had to change in /etc/func/overlord.conf #cert_file = /var/lib/puppet/ssl/certs/puppet.example.org.pem #key_file = /var/lib/puppet/ssl/private_keys/puppet.example.org.pem cert_file = /var/lib/puppet/ssl/certs/ca.pem key_file = /var/lib/puppet/ssl/ca/ca_key.pem It seems that instruction to setup Puppet/Func integration are inaccurate. Logging problem: IMHO funcd should report authorization problem nicely. This is how it looks now: ==> func/func.log <== 2011-06-10 13:03:26,804 - DEBUG - cn: puppet.example.org sub_hash: 710746128 2011-06-10 13:03:26,806 - DEBUG - current acls {u'ca-2990898000': ['*', 'foo']} 2011-06-10 13:03:26,806 - DEBUG - hostkey puppet.example.org-710746128 After some head-scratching I figured out that this means "Incoming overlord cert has hash 710746128, expected cert (from implicit acl) is 2990898000". This page was great help, btw (https://fedorahosted.org/func/wiki/FuncSecurity) Logging on client side could be also improved. Not even on DEBUG level you can see the response from remote end (for ping). (desperate, I had to decrypt the session in wireshark) > 2011-05-23 15:26:24,454 - WARNING - Could not load module > 2011-05-23 15:26:24,454 - WARNING - ['Traceback (most recent call last):\n', ' File "/usr/lib/python2.4/site-packages/func/module_loader.py", line 108, This WARN is totally unrelated.. Then func is walking over files to load, he will come to entry /usr/lib/python2.4/site-packages/func/overlord/modules/__init__.py After some processing and stripping __init__.py, he will try to execute.. import func.overlord.modules. # <-- notice the dot .. and bomb out. That warning should be harmless. System: RHEL5.6/Fedora14, func 0.28 Regards, BranoZ _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list