Red Cricket
2013-Mar-23 04:21 UTC
[Puppet Users] err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request:
Hi All, I am trying to follow the documentation at this link: http://docs.puppetlabs.com/pe/latest/quick_start.html When I get to the part where one runs ... sudo puppet agent --test I get this error message ... err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request: red-cricket-pe-master (xxx.xxx.xxx.xx) access to /facts/red-cricket-agent [save] authenticated at line 45 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Both systems are Red Hat Enterprise Linux Server release 6.2 (Santiago) ... maybe puppet does not support this version of redhat? Thanks Red -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Keith Burdis
2013-Mar-23 11:18 UTC
Re: [Puppet Users] err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request:
Puppet runs fine on RHEL 6.2. It looks like your auth.conf is missing some entries. Do you perhaps have an auth.conf.rpmnew you need to move into place? - Keith Hi All, I am trying to follow the documentation at this link: http://docs.puppetlabs.com/pe/latest/quick_start.html When I get to the part where one runs ... sudo puppet agent --test I get this error message ... err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request: red-cricket-pe-master (xxx.xxx.xxx.xx) access to /facts/red-cricket-agent [save] authenticated at line 45 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Both systems are Red Hat Enterprise Linux Server release 6.2 (Santiago) ... maybe puppet does not support this version of redhat? Thanks Red -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Red Cricket
2013-Mar-25 16:50 UTC
Re: [Puppet Users] err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request:
Thanks for the reply Keith. I will definitively have to dig into the auth.conf, but the auth.conf I am using is the one created when I run ./puppet-enterprise-installer as per the PE 2.7 quickstart guide. Is there a way to let puppetlabs know that there is a problem during the evaluation period? On Sat, Mar 23, 2013 at 4:18 AM, Keith Burdis <keith@burdis.org> wrote:> Puppet runs fine on RHEL 6.2. It looks like your auth.conf is missing some > entries. Do you perhaps have an auth.conf.rpmnew you need to move into > place? > > - Keith > Hi All, > > I am trying to follow the documentation at this link: > > http://docs.puppetlabs.com/pe/latest/quick_start.html > > When I get to the part where one runs ... > > sudo puppet agent --test > > I get this error message ... > > err: Could not retrieve catalog from remote server: Error 400 on SERVER: > Error 403 on SERVER: Forbidden request: red-cricket-pe-master > (xxx.xxx.xxx.xx) access to /facts/red-cricket-agent [save] authenticated > at line 45 > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > Both systems are Red Hat Enterprise Linux Server release 6.2 (Santiago) > ... maybe puppet does not support this version of redhat? > > Thanks > Red > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Keith Burdis
2013-Mar-25 17:09 UTC
Re: [Puppet Users] err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request:
You could try adding: On 25 March 2013 16:50, Red Cricket <red.cricket.blog@gmail.com> wrote:> Thanks for the reply Keith. I will definitively have to dig into the > auth.conf, but the auth.conf I am using is the one created when I run > ./puppet-enterprise-installer as per the PE 2.7 quickstart guide. Is there > a way to let puppetlabs know that there is a problem during the evaluation > period? > > > On Sat, Mar 23, 2013 at 4:18 AM, Keith Burdis <keith@burdis.org> wrote: > >> Puppet runs fine on RHEL 6.2. It looks like your auth.conf is missing >> some entries. Do you perhaps have an auth.conf.rpmnew you need to move into >> place? >> >> - Keith >> Hi All, >> >> I am trying to follow the documentation at this link: >> >> http://docs.puppetlabs.com/pe/latest/quick_start.html >> >> When I get to the part where one runs ... >> >> sudo puppet agent --test >> >> I get this error message ... >> >> err: Could not retrieve catalog from remote server: Error 400 on SERVER: >> Error 403 on SERVER: Forbidden request: red-cricket-pe-master >> (xxx.xxx.xxx.xx) access to /facts/red-cricket-agent [save] authenticated >> at line 45 >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> >> Both systems are Red Hat Enterprise Linux Server release 6.2 (Santiago) >> ... maybe puppet does not support this version of redhat? >> >> Thanks >> Red >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscribe@googlegroups.com. >> To post to this group, send email to puppet-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscribe@googlegroups.com. >> To post to this group, send email to puppet-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Keith Burdis
2013-Mar-25 17:11 UTC
Re: [Puppet Users] err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request:
You could try adding: path /facts auth any method find, search allow * before the deny entry at the end of the file and restarting your Puppet master. Or look for a similar entry and see if the allow line contains a specific hostname or IP that doesn''t match what you expect. I don''t know about Puppet Enterprise support arrangements. - Keith On 25 March 2013 16:50, Red Cricket <red.cricket.blog@gmail.com> wrote:> Thanks for the reply Keith. I will definitively have to dig into the > auth.conf, but the auth.conf I am using is the one created when I run > ./puppet-enterprise-installer as per the PE 2.7 quickstart guide. Is there > a way to let puppetlabs know that there is a problem during the evaluation > period? > > > On Sat, Mar 23, 2013 at 4:18 AM, Keith Burdis <keith@burdis.org> wrote: > >> Puppet runs fine on RHEL 6.2. It looks like your auth.conf is missing >> some entries. Do you perhaps have an auth.conf.rpmnew you need to move into >> place? >> >> - Keith >> Hi All, >> >> I am trying to follow the documentation at this link: >> >> http://docs.puppetlabs.com/pe/latest/quick_start.html >> >> When I get to the part where one runs ... >> >> sudo puppet agent --test >> >> I get this error message ... >> >> err: Could not retrieve catalog from remote server: Error 400 on SERVER: >> Error 403 on SERVER: Forbidden request: red-cricket-pe-master >> (xxx.xxx.xxx.xx) access to /facts/red-cricket-agent [save] authenticated >> at line 45 >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> >> Both systems are Red Hat Enterprise Linux Server release 6.2 (Santiago) >> ... maybe puppet does not support this version of redhat? >> >> Thanks >> Red >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscribe@googlegroups.com. >> To post to this group, send email to puppet-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscribe@googlegroups.com. >> To post to this group, send email to puppet-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Red Cricket
2013-Mar-25 19:52 UTC
Re: [Puppet Users] err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request:
Thanks again for your help Keith, but I am still having the same issue ... I changed the auth.conf from this ... $ cat /etc/puppetlabs/puppet/auth.conf_save path ~ ^/catalog/([^/]+)$ method find auth yes allow $1 path ~ ^/node/([^/]+)$ method find auth yes allow $1 path /certificate_revocation_list/ca method find auth yes allow * path ~ ^/report/([^/]+)$ method save auth yes allow $1 path /file auth yes allow * path /certificate/ca method find auth any allow * path /certificate/ method find auth any allow * path /certificate_request method find, save auth any allow * path /certificate_status method find, search, save, destroy auth yes allow pe-internal-dashboard path / auth any ... to this ... $ cat /etc/puppetlabs/puppet/auth.conf path /facts auth any method find, search allow * path ~ ^/catalog/([^/]+)$ method find auth yes allow $1 path ~ ^/node/([^/]+)$ method find auth yes allow $1 path /certificate_revocation_list/ca method find auth yes allow * path ~ ^/report/([^/]+)$ method save auth yes allow $1 path /file auth yes allow * path /certificate/ca method find auth any allow * path /certificate/ method find auth any allow * path /certificate_request method find, save auth any allow * path /certificate_status method find, search, save, destroy auth yes allow pe-internal-dashboard path / auth any ... and then rebooted my puppet master (I forget how to restart the puppetmaster in PE puppet). On Mon, Mar 25, 2013 at 10:11 AM, Keith Burdis <keith@burdis.org> wrote:> You could try adding: > > path /facts > auth any > method find, search > allow * > > before the deny entry at the end of the file and restarting your Puppet > master. > > Or look for a similar entry and see if the allow line contains a specific > hostname or IP that doesn''t match what you expect. > > I don''t know about Puppet Enterprise support arrangements. > > - Keith > > > On 25 March 2013 16:50, Red Cricket <red.cricket.blog@gmail.com> wrote: > >> Thanks for the reply Keith. I will definitively have to dig into the >> auth.conf, but the auth.conf I am using is the one created when I run >> ./puppet-enterprise-installer as per the PE 2.7 quickstart guide. Is there >> a way to let puppetlabs know that there is a problem during the evaluation >> period? >> >> >> On Sat, Mar 23, 2013 at 4:18 AM, Keith Burdis <keith@burdis.org> wrote: >> >>> Puppet runs fine on RHEL 6.2. It looks like your auth.conf is missing >>> some entries. Do you perhaps have an auth.conf.rpmnew you need to move into >>> place? >>> >>> - Keith >>> Hi All, >>> >>> I am trying to follow the documentation at this link: >>> >>> http://docs.puppetlabs.com/pe/latest/quick_start.html >>> >>> When I get to the part where one runs ... >>> >>> sudo puppet agent --test >>> >>> I get this error message ... >>> >>> err: Could not retrieve catalog from remote server: Error 400 on SERVER: >>> Error 403 on SERVER: Forbidden request: red-cricket-pe-master >>> (xxx.xxx.xxx.xx) access to /facts/red-cricket-agent [save] authenticated >>> at line 45 >>> warning: Not using cache on failed catalog >>> err: Could not retrieve catalog; skipping run >>> >>> Both systems are Red Hat Enterprise Linux Server release 6.2 (Santiago) >>> ... maybe puppet does not support this version of redhat? >>> >>> Thanks >>> Red >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to puppet-users+unsubscribe@googlegroups.com. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to puppet-users+unsubscribe@googlegroups.com. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscribe@googlegroups.com. >> To post to this group, send email to puppet-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.