Freeaqingme/gist:5267577

## gistfile1.txt
Error: Error: /Stage[main]/Cluster::Core::Puppetmaster::Pupppet/File[/etc/puppet/hiera.yaml]: Could not evaluate: Could not retrieve information from environment production source(s) puppet:///prod-cluster/core/puppetmaster/hiera.yaml

Manifest:
---
  file { '/etc/puppet/hiera.yaml':
    owner => puppet,
    group => puppet,
    mode => 440,
    source => "puppet:///prod-cluster/core/puppetmaster/hiera.yaml"
  }
----


Strace:
...
[pid 19280] read(15, "\26\3\1\0\341\1\0\0\335\3\2QT\313\365W\205\25\31=\317\343\324\250\2265e\266\301\n\351\245"..., 8000) = 230
[pid 19280] writev(15, [{"\26\3\2\0:\2\0\0006\3\2QT\313\365jb\225]\21\233\272\247:P\323)'bg\305W"..., 3754}], 1) = 3754
[pid 19280] poll([{fd=15, events=POLLIN}], 1, 20447) = 1 ([{fd=15, revents=POLLIN}])
[pid 19280] read(15, "\26\3\2\v\16\v\0\v\n\0\v\7\0\5\2550\202\5\2510\202\3\221\240\3\2\1\2\2\1\0020"..., 8000) = 3572
[pid 19280] writev(15, [{"\26\3\2\6z\4\0\6v\0\0\1,\6pe\352\371\357\264\r\370v\361\271\367\353o\246\33\0333"..., 1738}], 1) = 1738
[pid 19280] poll([{fd=15, events=POLLIN}], 1, 27564) = 1 ([{fd=15, revents=POLLIN}])
[pid 19280] read(15, "\27\3\2\0\340\351=\224\30\375\240\262[U\35i\211'\3751vEI\245\214n\332\261\305\254n\213"..., 8000) = 229
[pid 19280] stat("/etc/puppet/rack/public/production/file_metadata/prod-cluster/core/puppetmaster/hiera.yaml", 0x7fea2cfe8b20) = -1 ENOENT (No such file or directory)
[pid 19280] stat("/etc/puppet/rack/public/production/file_metadata/prod-cluster/core/puppetmaster/hiera.yaml.html", 0x7fea2cfe8af0) = -1 ENOENT (No such file or directory)
[pid 19280] write(29, "\1\34get\0app_root\0/etc/puppet/rack\0"..., 286) = 286
[pid 19280] read(29, "\0\v", 2)         = 2
[pid 19280] read(29, "ok\00028070\0002\0", 11) = 11
[pid 19280] write(29, "\0\10pass IO\0", 10) = 10
[pid 19280] recvmsg(29, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=24, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {41}}, msg_flags=0}, 0) = 1
[pid 19280] write(29, "\0\7got IO\0", 9) = 9
...

(file tried to retrieve: /etc/puppet/rack/public/production/file_metadata/prod-cluster/core/puppetmaster/hiera.yaml )

fileserver.conf:
----
[plugins]
  allow *.dev.example.net
  allow 127.0.0.1

[prod-cluster]
path /etc/puppet/environments/production/files/cluster
allow *
-----

auth.conf:
----
path ~ ^/file_(metadata|content)/prod-cluster/
auth yes
allow *

path ~ ^/file_metadata/prod-cluster/core/puppetmaster/hiera.yaml
allow *

# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1

# allow nodes to retrieve their own node definition
path ~ ^/node/([^/]+)$
method find
allow $1

# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *

# allow all nodes to store their reports
path /report
method save
allow *

# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file
allow *

# allow access to the master CA
path /certificate/ca
auth any
method find
allow *

path /certificate/
auth any
method find
allow *

path /certificate_request
auth any
method find, save
allow *

# Configuration for Inventory Service
# Simple case with Inventory server on the same puppetmaster server
path /facts
auth no
method find, search
allow puppet01.dev.example.net

path /facts
auth no
method save
allow puppet01.dev.example.net

# Access to DashBoard (Here it's supposed to be on the puppetmaster)
# for file diff viewing
path /file_bucket_file
auth no
method find, search
allow puppet01.dev.example.net

# this one is not strictly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any
	Error: Error: /Stage[main]/Cluster::Core::Puppetmaster::Pupppet/File[/etc/puppet/hiera.yaml]: Could not evaluate: Could not retrieve information from environment production source(s) puppet:///prod-cluster/core/puppetmaster/hiera.yaml

	Manifest:
	---
	file { '/etc/puppet/hiera.yaml':
	owner => puppet,
	group => puppet,
	mode => 440,
	source => "puppet:///prod-cluster/core/puppetmaster/hiera.yaml"
	}
	----


	Strace:
	...
	[pid 19280] read(15, "\26\3\1\0\341\1\0\0\335\3\2QT\313\365W\205\25\31=\317\343\324\250\2265e\266\301\n\351\245"..., 8000) = 230
	[pid 19280] writev(15, [{"\26\3\2\0:\2\0\0006\3\2QT\313\365jb\225]\21\233\272\247:P\323)'bg\305W"..., 3754}], 1) = 3754
	[pid 19280] poll([{fd=15, events=POLLIN}], 1, 20447) = 1 ([{fd=15, revents=POLLIN}])
	[pid 19280] read(15, "\26\3\2\v\16\v\0\v\n\0\v\7\0\5\2550\202\5\2510\202\3\221\240\3\2\1\2\2\1\0020"..., 8000) = 3572
	[pid 19280] writev(15, [{"\26\3\2\6z\4\0\6v\0\0\1,\6pe\352\371\357\264\r\370v\361\271\367\353o\246\33\0333"..., 1738}], 1) = 1738
	[pid 19280] poll([{fd=15, events=POLLIN}], 1, 27564) = 1 ([{fd=15, revents=POLLIN}])
	[pid 19280] read(15, "\27\3\2\0\340\351=\224\30\375\240\262[U\35i\211'\3751vEI\245\214n\332\261\305\254n\213"..., 8000) = 229
	[pid 19280] stat("/etc/puppet/rack/public/production/file_metadata/prod-cluster/core/puppetmaster/hiera.yaml", 0x7fea2cfe8b20) = -1 ENOENT (No such file or directory)
	[pid 19280] stat("/etc/puppet/rack/public/production/file_metadata/prod-cluster/core/puppetmaster/hiera.yaml.html", 0x7fea2cfe8af0) = -1 ENOENT (No such file or directory)
	[pid 19280] write(29, "\1\34get\0app_root\0/etc/puppet/rack\0"..., 286) = 286
	[pid 19280] read(29, "\0\v", 2) = 2
	[pid 19280] read(29, "ok\00028070\0002\0", 11) = 11
	[pid 19280] write(29, "\0\10pass IO\0", 10) = 10
	[pid 19280] recvmsg(29, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=24, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {41}}, msg_flags=0}, 0) = 1
	[pid 19280] write(29, "\0\7got IO\0", 9) = 9
	...

	(file tried to retrieve: /etc/puppet/rack/public/production/file_metadata/prod-cluster/core/puppetmaster/hiera.yaml )

	fileserver.conf:
	----
	[plugins]
	allow *.dev.example.net
	allow 127.0.0.1

	[prod-cluster]
	path /etc/puppet/environments/production/files/cluster
	allow *
	-----

	auth.conf:
	----
	path ~ ^/file_(metadata\|content)/prod-cluster/
	auth yes
	allow *

	path ~ ^/file_metadata/prod-cluster/core/puppetmaster/hiera.yaml
	allow *

	# allow nodes to retrieve their own catalog (ie their configuration)
	path ~ ^/catalog/([^/]+)$
	method find
	allow $1

	# allow nodes to retrieve their own node definition
	path ~ ^/node/([^/]+)$
	method find
	allow $1

	# allow all nodes to access the certificates services
	path /certificate_revocation_list/ca
	method find
	allow *

	# allow all nodes to store their reports
	path /report
	method save
	allow *

	# inconditionnally allow access to all files services
	# which means in practice that fileserver.conf will
	# still be used
	path /file
	allow *

	# allow access to the master CA
	path /certificate/ca
	auth any
	method find
	allow *

	path /certificate/
	auth any
	method find
	allow *

	path /certificate_request
	auth any
	method find, save
	allow *

	# Configuration for Inventory Service
	# Simple case with Inventory server on the same puppetmaster server
	path /facts
	auth no
	method find, search
	allow puppet01.dev.example.net

	path /facts
	auth no
	method save
	allow puppet01.dev.example.net

	# Access to DashBoard (Here it's supposed to be on the puppetmaster)
	# for file diff viewing
	path /file_bucket_file
	auth no
	method find, search
	allow puppet01.dev.example.net

	# this one is not strictly necessary, but it has the merit
	# to show the default policy which is deny everything else
	path /
	auth any