puppetboard
puppetboard copied to clipboard
voxpupuli
Overview / Metrics / Radiator not working
When we select "All environments" the "Overview", "Metrics", and "Radiator" pages return this error
Internal Server Error The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.
This error is also returned by the "Metrics" page with any specific environment selected but the "Overview" and "Radiator" pages work for those.
We are running puppetboard 2.1.2 in a docker container with pypuppetdb 2.1.0 and PuppetDB 6.9.1
We downgraded puppetdb to 6.9.0 and things again work as they should. Seems like the changes for the new API aren't fully in place even though the change logs seem to indicate they should be? Is there something we're missing?
Similar issue here but only with Metrics not working - downgrading PuppetDB to 6.9.0 also fixed this issue for me.
Some syslog goodness in case it helps:
Apr 27 00:45:40 vagrant docker-puppetboard[704]: 10.0.2.2 - - [27/Apr/2020:00:45:40 +0000] "GET /metrics HTTP/1.1" 500 290 "http://127.0.0.1:8080/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/$
Apr 27 00:45:40 vagrant docker-puppetboard[704]: ERROR:puppetboard.core:Exception on /metrics [GET]
Apr 27 00:45:40 vagrant docker-puppetboard[704]: Traceback (most recent call last):
Apr 27 00:45:40 vagrant docker-puppetboard[704]: File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app
Apr 27 00:45:40 vagrant docker-puppetboard[704]: response = self.full_dispatch_request()
Apr 27 00:45:40 vagrant docker-puppetboard[704]: File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
Apr 27 00:45:40 vagrant docker-puppetboard[704]: rv = self.handle_user_exception(e)
Apr 27 00:45:40 vagrant docker-puppetboard[704]: File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1821, in handle_user_exception
Apr 27 00:45:40 vagrant docker-puppetboard[704]: reraise(exc_type, exc_value, tb)
Apr 27 00:45:40 vagrant docker-puppetboard[704]: File "/usr/local/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise
Apr 27 00:45:40 vagrant docker-puppetboard[704]: raise value
Apr 27 00:45:40 vagrant docker-puppetboard[704]: File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
Apr 27 00:45:40 vagrant docker-puppetboard[704]: rv = self.dispatch_request()
Apr 27 00:45:40 vagrant docker-puppetboard[704]: File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
Apr 27 00:45:40 vagrant docker-puppetboard[704]: return self.view_functions[rule.endpoint](**req.view_args)
Apr 27 00:45:40 vagrant docker-puppetboard[704]: File "/usr/src/app/puppetboard/app.py", line 864, in metrics
Apr 27 00:45:40 vagrant docker-puppetboard[704]: metrics_domains = get_or_abort(puppetdb.metric)
Apr 27 00:45:40 vagrant docker-puppetboard[704]: File "/usr/src/app/puppetboard/utils.py", line 99, in get_or_abort
Apr 27 00:45:40 vagrant docker-puppetboard[704]: return func(*args, **kwargs)
Apr 27 00:45:40 vagrant docker-puppetboard[704]: File "/usr/local/lib/python3.8/site-packages/pypuppetdb/api.py", line 927, in metric
Apr 27 00:45:40 vagrant docker-puppetboard[704]: raise DoesNotComputeError(res['error'])
Apr 27 00:45:40 vagrant docker-puppetboard[704]: pypuppetdb.errors.DoesNotComputeError: java.lang.Exception : No access from client 172.17.0.2 allowed
We ran into this and found this documentation: https://puppet.com/docs/puppetserver/latest/metrics-api/v2/metrics_api.html#configuring-jolokia which seemed to align with the errors we were seeing on the puppetdb side (access not allowed for client).
That said, we were unable to make this work - if anyone else gets this working and can provide a working example, please could you post? Is this where we should be looking?
ok - we found a solution for us. Not terribly well documented but the breadcrumbs are all there.
- puppetdb uses a different jolokia-access.xml file than puppetserver
- We had to copy the configuration we had from
/etc/puppetlabs/puppetserver/conf.d/metrics.confto/etc/puppetlabs/puppetdb/conf.d/metrics.conf(created the conf.d folder along the way as it didn't exist
File looks as follows: /etc/puppetlabs/puppetdb/conf.d/metrics.conf
# settings related to metrics
metrics: {
# a server id that will be used as part of the namespace for metrics produced
# by this server
server-id: puppet.prod.net
registries: {
puppetserver: {
# specify metrics to allow in addition to those in the default list
#metrics-allowed: ["compiler.compile.production"]
reporters: {
# enable or disable JMX metrics reporter
jmx: {
enabled: true
}
# enable or disable Graphite metrics reporter
graphite: {
enabled: true
}
}
}
}
# this section is used to configure settings for reporters that will send
# the metrics to various destinations for external viewing
reporters: {
graphite: {
# graphite host
host: "localhost"
# graphite metrics port
port: 2003
# how often to send metrics to graphite
update-interval-seconds: 5
}
}
metrics-webservice: {
jolokia: {
# Enable or disable the Jolokia-based metrics/v2 endpoint.
# Default is true.
# enabled: false
# Configure any of the settings listed at:
# https://jolokia.org/reference/html/agents.html#war-agent-installation
servlet-init-params: {
# Specify a custom security policy:
# https://jolokia.org/reference/html/security.html
policyLocation: "file:///etc/puppetlabs/puppetdb/jolokia-access.xml"
debug: "true"
allowErrorDetails: "false"
}
}
}
}
and then added the following file and contents: /etc/puppetlabs/puppetdb/jolokia-access.xml
<?xml version="1.0" encoding="utf-8"?>
<restrict>
<remote>
<host>127.0.0.1</host>
<host>a.b.c.d</host>
</remote>
<commands>
<command>read</command>
<command>list</command>
<command>version</command>
<command>search</command>
</commands>
<mbean>
<name>puppetlabs.puppetdb.population:name=num-nodes</name>
<attribute mode="read">Value</attribute>
<operation>objectName</operation>
</mbean>
</restrict>
where a.b.c.d is the ip of the server running puppetboard.
Restarted puppetdb and everything now works - hope this helps someone out there.
I can confirm that the information provided above fixed our issue, and everything is working as expected after making these changes. We probably just need the documentation updated to include these changes for the v2 API.
Thanks a lot guys this helped me solved the issue.
My puppetdb and puppetboard are in the same pod so I set the host in /etc/puppetlabs/puppetdb/jolokia-access.xml to 0.0.0.0/0 for simplicity.
<remote>
<host>0.0.0.0/0</host>
</remote>
Note: we're still seeing this with PuppetDB 7, and it seems to be because there is now an auth.conf for PuppetDB which prevents unauthenticated requests to /metrics.
Can someone please provide a PR to add the required info to the app docs? @oldNoakes perhaps?
in /etc/puppetlabs/puppetdb/conf.d/auth.conf we had to set
allow: *
to
allow-unauthenticated: true
for
name: "puppetlabs puppetdb metrics"
restart puppetdb and puppetboard does not show Forbidden 403 anymore
For folks using the containers, I've opened https://tickets.puppetlabs.com/browse/PDB-5522 to give a place for this change to be done automatically.
