Puppet users - Feb 2007 - Not authorized to call puppetmaster.freshness ?

What''s this mean?

root@gravity:/etc/puppet/manifests# puppetd -v --listen
info: Starting handler for Runner
info: Starting server for Puppet version 0.22.1
info: Listening on port 8139
notice: Starting Puppet client version 0.22.1
err: Could not run Puppet::Client::MasterClient: Host
gravity.example.org not authorized to call puppetmaster.freshness

Thanks,
Kent

-- 
"It may be true that the law cannot make a man love me, but it can stop him
 from lynching me, and I think that''s pretty important." - Martin
Luther King Jr.

On Feb 16, 2007, at 6:23 PM, Kenton Brede wrote:
> What''s this mean?
>
> root@gravity:/etc/puppet/manifests# puppetd -v --listen
> info: Starting handler for Runner
> info: Starting server for Puppet version 0.22.1
> info: Listening on port 8139
> notice: Starting Puppet client version 0.22.1
> err: Could not run Puppet::Client::MasterClient: Host
> gravity.example.org not authorized to call puppetmaster.freshness
That means that your server''s namespaceauth.conf file is restricting  
access to the puppetmaster namespace.

I''ve got a sample config file up somewhere, but this is what mine  
looks like right now:

[fileserver]
     allow *.madstop.com

[puppetmaster]
     allow *.madstop.com

[pelementserver]
     allow puppet.madstop.com

[puppetrunner]
     allow culain.madstop.com

[puppetbucket]
     allow *.madstop.com

[puppetreports]
     allow *.madstop.com

You have to specifically allow each namespace.

Note that, as mentioned before but probably not often enough, the  
access model for this stuff is pretty bad.  We need to spend some  
time on this, but for now, namespaceauth.conf is what you get.   
puppetrun was done as a quick hack for a client, and now everyone''s  
using it.

  --
  As a general rule, don''t solve puzzles that open portals to Hell.
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com