Hello I know this should be easy but read docs, searched and still not able the master to kick the client This in a cloud env where we run our own DNS, so reverse and forward DNS all work the client can do ''dig host'' or dig ''172.27.0.100'' and it will resolve to the puppet server puppet is a CNAME of noc01 and is also hard-coded in /etc/hosts file but when I do a ''puppet kick blueducks.cloud.aws'' im getting the following error master : Triggering blueducks.cloud.aws Host blueducks.cloud.aws failed: Error 403 on SERVER: Forbidden request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] authenticated at line 0 blueducks.cloud.aws finished with exit code 2 Failed: blueducks.cloud.aws client: Oct 22 18:16:48 blueducks puppet-agent[2512]: Denying access: Forbidden request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] authenticated at line 0 in namespaceauth.conf i have this [puppetrunner] allow puppet.cloud.aws the CA certs says the host/master is puppet (ca.pem file) Subject: CN=puppet What do I do wrong ? Thanks! -- -ls -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
If this is 2.6.x, then under "auth.conf", you should have something like this: path /run method save allow <puppet.master> <puppet.master> is your master''s fqdn. On Sat, Oct 23, 2010 at 6:57 AM, Luc Suryo <lsuryo@gmail.com> wrote:> Hello > > I know this should be easy but read docs, searched and still not able the > master to kick the client > > This in a cloud env where we run our own DNS, so reverse and forward DNS > all work > the client can do ''dig host'' or dig ''172.27.0.100'' and it will resolve to > the puppet server > > puppet is a CNAME of noc01 and is also hard-coded in /etc/hosts file > but when I do a ''puppet kick blueducks.cloud.aws'' im getting the following > error > > master : > > Triggering blueducks.cloud.aws > Host blueducks.cloud.aws failed: Error 403 on SERVER: Forbidden request: > noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] > authenticated at line 0 > blueducks.cloud.aws finished with exit code 2 > Failed: blueducks.cloud.aws > > > > client: > > Oct 22 18:16:48 blueducks puppet-agent[2512]: Denying access: Forbidden > request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws > [save] authenticated at line 0 > > > in namespaceauth.conf i have this > > [puppetrunner] > allow puppet.cloud.aws > > the CA certs says the host/master is puppet (ca.pem file) > Subject: CN=puppet > > > What do I do wrong ? Thanks! > > > -- > -ls > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks Been reading and looking at the code to find out that that is what it needs :) Made the file and everything work now Thanks! -ls On Fri, Oct 22, 2010 at 10:40 PM, Mohit Chawla < mohit.chawla.binary@gmail.com> wrote:> If this is 2.6.x, then under "auth.conf", you should have something like > this: > > path /run > method save > allow <puppet.master> > > <puppet.master> is your master''s fqdn. > > > > > > On Sat, Oct 23, 2010 at 6:57 AM, Luc Suryo <lsuryo@gmail.com> wrote: > >> Hello >> >> I know this should be easy but read docs, searched and still not able the >> master to kick the client >> >> This in a cloud env where we run our own DNS, so reverse and forward DNS >> all work >> the client can do ''dig host'' or dig ''172.27.0.100'' and it will resolve to >> the puppet server >> >> puppet is a CNAME of noc01 and is also hard-coded in /etc/hosts file >> but when I do a ''puppet kick blueducks.cloud.aws'' im getting the following >> error >> >> master : >> >> Triggering blueducks.cloud.aws >> Host blueducks.cloud.aws failed: Error 403 on SERVER: Forbidden request: >> noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] >> authenticated at line 0 >> blueducks.cloud.aws finished with exit code 2 >> Failed: blueducks.cloud.aws >> >> >> >> client: >> >> Oct 22 18:16:48 blueducks puppet-agent[2512]: Denying access: Forbidden >> request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws >> [save] authenticated at line 0 >> >> >> in namespaceauth.conf i have this >> >> [puppetrunner] >> allow puppet.cloud.aws >> >> the CA certs says the host/master is puppet (ca.pem file) >> Subject: CN=puppet >> >> >> What do I do wrong ? Thanks! >> >> >> -- >> -ls >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- -ls -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.