Hi, I''ve just set up a puppet server using passenger plus the dashboard and these parts all work fine but now I have enabled the inventory and added this to the auth.conf: path /facts auth any method find, search allow * The dashboard shows "Could not retrieve facts from inventory service: 403 "Forbidden"" and in the system log i find this: Jul 5 03:46:35 puppet2 puppet-master[5221]: Denying access: Forbidden request: puppet.local(192.168.2.45) access to /facts/puppet.local [find] at line 99 Jul 5 03:46:35 puppet2 puppet-master[5221]: Forbidden request: puppet.local(192.168.2.45) access to /facts/puppet.local [find] at line 99 Any ideas why this isn''t working? Regards, Dennis -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/OewwSLyyFjEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thu, Jul 5, 2012 at 2:52 AM, Dennis Jacobfeuerborn <djacobfeuerborn@gmail.com> wrote:> Hi, > I''ve just set up a puppet server using passenger plus the dashboard and > these parts all work fine but now I have enabled the inventory and added > this to the auth.conf: > > path /facts > auth any > method find, search > allow *Where abouts in auth.conf did you place this configuration? Note that it has to be placed *before* the last stanza in the default config which reads: # this one is not strictly necessary, but it has the merit # to show the default policy which is deny everything else path / auth any Hope this helps, Matt. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Did you generate the necessary certs to access the puppetmaster facts with the dashboard? http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html#generating-certs-and-connecting-to-the-puppet-master On Thursday, July 5, 2012 3:52:15 AM UTC+2, Dennis Jacobfeuerborn wrote:> > Hi, > I''ve just set up a puppet server using passenger plus the dashboard and > these parts all work fine but now I have enabled the inventory and added > this to the auth.conf: > > path /facts > auth any > method find, search > allow * > > The dashboard shows "Could not retrieve facts from inventory service: 403 > "Forbidden"" and in the system log i find this: > Jul 5 03:46:35 puppet2 puppet-master[5221]: Denying access: Forbidden > request: puppet.local(192.168.2.45) access to /facts/puppet.local [find] at > line 99 > Jul 5 03:46:35 puppet2 puppet-master[5221]: Forbidden request: > puppet.local(192.168.2.45) access to /facts/puppet.local [find] at line 99 > > Any ideas why this isn''t working? > > Regards, > Dennis >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/d7ZN1C6yVy8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thanks, that was indeed the issue. I just appended it to the file and didn''t notice the catch-all rule. On Thursday, July 5, 2012 10:06:10 AM UTC+2, Matthew Burgess wrote:> > On Thu, Jul 5, 2012 at 2:52 AM, Dennis Jacobfeuerborn > <djacobfeuerborn@gmail.com> wrote: > > Hi, > > I''ve just set up a puppet server using passenger plus the dashboard and > > these parts all work fine but now I have enabled the inventory and added > > this to the auth.conf: > > > > path /facts > > auth any > > method find, search > > allow * > > Where abouts in auth.conf did you place this configuration? Note that > it has to be placed *before* the last stanza in the default config > which reads: > > # this one is not strictly necessary, but it has the merit > # to show the default policy which is deny everything else > path / > auth any > > Hope this helps, > > Matt. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/HYGQ0qx1tCQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Sat, Jul 7, 2012 at 4:09 PM, Dennis Jacobfeuerborn <djacobfeuerborn@gmail.com> wrote:> Thanks, that was indeed the issue. I just appended it to the file and didn''t > notice the catch-all rule.Glad you got it sorted. To the devs, is it worth perhaps considering commenting out all lines in that last stanza so that they''re at least still there for documentation purposes, but won''t get in the way of folks trying to make customisations? Thanks, Matt. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
This is literally the exact answer to my problems. Thanks!!! On Thursday, July 5, 2012 4:06:10 AM UTC-4, Matthew Burgess wrote:> > On Thu, Jul 5, 2012 at 2:52 AM, Dennis Jacobfeuerborn > <djacobf...@gmail.com <javascript:>> wrote: > > Hi, > > I''ve just set up a puppet server using passenger plus the dashboard and > > these parts all work fine but now I have enabled the inventory and added > > this to the auth.conf: > > > > path /facts > > auth any > > method find, search > > allow * > > Where abouts in auth.conf did you place this configuration? Note that > it has to be placed *before* the last stanza in the default config > which reads: > > # this one is not strictly necessary, but it has the merit > # to show the default policy which is deny everything else > path / > auth any > > Hope this helps, > > Matt. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.