Hello
I know this should be easy but read docs, searched and still not able the
master to kick the client
This in a cloud env where we run our own DNS, so reverse and forward DNS all
work
the client can do ''dig host'' or dig
''172.27.0.100'' and it will resolve to
the puppet server
puppet is a CNAME of noc01 and is also hard-coded in /etc/hosts file
but when I do a ''puppet kick blueducks.cloud.aws'' im getting
the following
error
master :
Triggering blueducks.cloud.aws
Host blueducks.cloud.aws failed: Error 403 on SERVER: Forbidden request:
noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save]
authenticated at line 0
blueducks.cloud.aws finished with exit code 2
Failed: blueducks.cloud.aws
client:
Oct 22 18:16:48 blueducks puppet-agent[2512]: Denying access: Forbidden
request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws
[save] authenticated at line 0
in namespaceauth.conf i have this
[puppetrunner]
allow puppet.cloud.aws
the CA certs says the host/master is puppet (ca.pem file)
Subject: CN=puppet
What do I do wrong ? Thanks!
--
-ls
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
If this is 2.6.x, then under "auth.conf", you should have something like this: path /run method save allow <puppet.master> <puppet.master> is your master''s fqdn. On Sat, Oct 23, 2010 at 6:57 AM, Luc Suryo <lsuryo@gmail.com> wrote:> Hello > > I know this should be easy but read docs, searched and still not able the > master to kick the client > > This in a cloud env where we run our own DNS, so reverse and forward DNS > all work > the client can do ''dig host'' or dig ''172.27.0.100'' and it will resolve to > the puppet server > > puppet is a CNAME of noc01 and is also hard-coded in /etc/hosts file > but when I do a ''puppet kick blueducks.cloud.aws'' im getting the following > error > > master : > > Triggering blueducks.cloud.aws > Host blueducks.cloud.aws failed: Error 403 on SERVER: Forbidden request: > noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] > authenticated at line 0 > blueducks.cloud.aws finished with exit code 2 > Failed: blueducks.cloud.aws > > > > client: > > Oct 22 18:16:48 blueducks puppet-agent[2512]: Denying access: Forbidden > request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws > [save] authenticated at line 0 > > > in namespaceauth.conf i have this > > [puppetrunner] > allow puppet.cloud.aws > > the CA certs says the host/master is puppet (ca.pem file) > Subject: CN=puppet > > > What do I do wrong ? Thanks! > > > -- > -ls > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks Been reading and looking at the code to find out that that is what it needs :) Made the file and everything work now Thanks! -ls On Fri, Oct 22, 2010 at 10:40 PM, Mohit Chawla < mohit.chawla.binary@gmail.com> wrote:> If this is 2.6.x, then under "auth.conf", you should have something like > this: > > path /run > method save > allow <puppet.master> > > <puppet.master> is your master''s fqdn. > > > > > > On Sat, Oct 23, 2010 at 6:57 AM, Luc Suryo <lsuryo@gmail.com> wrote: > >> Hello >> >> I know this should be easy but read docs, searched and still not able the >> master to kick the client >> >> This in a cloud env where we run our own DNS, so reverse and forward DNS >> all work >> the client can do ''dig host'' or dig ''172.27.0.100'' and it will resolve to >> the puppet server >> >> puppet is a CNAME of noc01 and is also hard-coded in /etc/hosts file >> but when I do a ''puppet kick blueducks.cloud.aws'' im getting the following >> error >> >> master : >> >> Triggering blueducks.cloud.aws >> Host blueducks.cloud.aws failed: Error 403 on SERVER: Forbidden request: >> noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] >> authenticated at line 0 >> blueducks.cloud.aws finished with exit code 2 >> Failed: blueducks.cloud.aws >> >> >> >> client: >> >> Oct 22 18:16:48 blueducks puppet-agent[2512]: Denying access: Forbidden >> request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws >> [save] authenticated at line 0 >> >> >> in namespaceauth.conf i have this >> >> [puppetrunner] >> allow puppet.cloud.aws >> >> the CA certs says the host/master is puppet (ca.pem file) >> Subject: CN=puppet >> >> >> What do I do wrong ? Thanks! >> >> >> -- >> -ls >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- -ls -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.