puppet fileserver serve non-module file

Question

I'd like to server file which is located in /etc/puppet/files/key.pgp

  file { "/var/www/key.gpg":
    ensure  => present,
    source  => 'puppet:///files/key.gpg',
  }

I'm getting this error:

Not authorized to call find on /file_metadata/files/key.gpg

auth.conf: (I understood that this should match file*)

path /file
allow *

fileserver.conf:

[files]
  path /etc/puppet/files
  allow *

Am I doing something wrong? I'm using librarian for managing my modules, so I don't wanna put anything configuration specific to modules dir.

Answer 1

The file description should have the full path contained:

file { '/etc/puppet/files/gpg.key'
...

Check if files on server are accessible by the user that runs the puppet master. Also check if puppet is allowed to descend into the specified directory. If it is a gpg.key file, there is a very high chance that access mode is 0600 and puppet is not allowed to access it (maybe owned by root or somebody else).

Answer 2

This configuration looks correct, provided your Puppet agent is running on a host in the 192.168.1.x subnet.

The deny is coming from fileserver.conf, since your auth.conf is allowing all the /file* resources. It would seem that your puppet agent is not connecting form an IP in this range -- try adding allow * to the fileserver.conf [files] section temporarily to confirm this.

If your puppet agent host is multihomed, check which interface it is sending from.

Also check the permissions and ownership on the fileserver.conf is correct.