I''ve been banging my head against the wall on this one for a while, and I think I just figured it out. I had configured my puppet clients with namespaceauth to allow puppetrun from the puppetmaster to force an update. The problem is, anytime I ran the puppetrun command, I''d get: dbs@bos-occam01:~$ puppetrun --host=bos-rep-etl01.REDACTED.net Triggering bos-rep-etl01.REDACTED.net warning: peer certificate won''t be verified in this SSL session Host bos-rep-etl01.REDACTED.net failed: HTTP-Error: 500 Internal Server Error bos-rep-etl01.REDACTED.net finished Version numbers matched (0.25.4), clocks were in sync, the client machine would simply say: Apr 27 11:08:00 bos-rep-etl01 puppetd[3787]: Denying unauthenticated client bos-occam01.REDACTED.net(10.10.10.96) access to puppetrunner.run The problem turned out to be simple. Run puppetrun as root: dbs@bos-occam01:~$ sudo puppetrun --debug --host=bos-rep- etl01.REDACTED.net Password: Triggering bos-rep-etl01.REDACTED.net bos-rep-etl01.REDACTED.net finished with exit code 0 Finished A feature request - if puppet can''t read the local certificate, it should throw a permission error of some sort. -d -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Peter Meier
2010-Apr-27 15:49 UTC
Re: [Puppet Users] Public information - puppetrun problem
> A feature request - if puppet can''t read the local certificate, it > should throw a permission error of some sort.Please file one at: http://projects.puppetlabs.com/projects/puppet Thanks. cheers pete -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Hi. Have same thing - works under root, doesn''t work under any other accounts. Regards. On Apr 27, 6:49 pm, Peter Meier <peter.me...@immerda.ch> wrote:> > A feature request - if puppet can''t read the local certificate, it > > should throw a permission error of some sort. > > Please file one at:http://projects.puppetlabs.com/projects/puppetThanks. > > cheers pete > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.