Hi, I have a Gentoo server running puppetmasterd from Puppet 0.24.1 and a Ubuntu server running puppetd from Puppet 0.23.2. I have added listen=true to the [puppetd] section on the client and run puppetd --debug. I then run puppetrun --debug --host hostname on the puppetmaster server. This is the output I get: Puppetmaster: # puppetrun --debug --host hostname Failed to load ruby LDAP library. LDAP functionality will not be available debug: Parsing /etc/puppet/puppet.conf debug: Puppet::Network::Client::Runner: defining puppetrunner.run warning: peer certificate won''t be verified in this SSL session Triggering hostname debug: Calling puppetrunner.run err: Could not call puppetrunner.run: #<RuntimeError: HTTP-Error: 500 Internal Server Error > Host hostname failed: HTTP-Error: 500 Internal Server Error hostname finished with exit code 2 Failed: hostname Puppetd: debug: Parsing /etc/puppet/puppet.conf info: Loading fact drbd debug: /puppetconfig/main/File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] ... debug: Stored state in 0.03 seconds notice: Finished configuration run in 1.43 seconds debug: Creating default schedules notice: Denying unauthenticated client puppetmaster(10.17.4.5) access to puppetrunner.run I have this in namespaceauth.conf: [puppetrunner] allow puppetmaster I have tried changing it to "allow *" but it makes no difference. What to do? -- Anders
On Mon, Jan 14, 2008 at 02:36:09PM +0100, Anders Bruun Olsen wrote:> I have this in namespaceauth.conf: > [puppetrunner] > allow puppetmasterTry adding these too: [fileserver] allow * [puppetmaster] allow * -- Valentin
Valentin Vidic wrote:>> I have this in namespaceauth.conf: >> [puppetrunner] >> allow puppetmaster > Try adding these too: > [fileserver] > allow * > [puppetmaster] > allow *I have now added those lines on the client, but that did not change anything. The error message is the same. -- Anders
On Jan 14, 2008, at 5:36 AM, Anders Bruun Olsen wrote:> Puppetmaster: > # puppetrun --debug --host hostname > Failed to load ruby LDAP library. LDAP functionality will not be > available > debug: Parsing /etc/puppet/puppet.conf > debug: Puppet::Network::Client::Runner: defining puppetrunner.run > warning: peer certificate won''t be verified in this SSL sessionThis indicates that you''re not loading the certificate for the machine you''re running on. Either puppetrun and puppetmasterd are looking in different ssl directories, or they''re looking for certs for different hostnames, or something even more wonky is going on. -- Brand''s Asymmetry: The past can only be known, not changed. The future can only be changed, not known. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
it could be your puppetrunner section in the clients namespaceauth.conf , try using FQDN or similar. Ohad On Jan 14, 2008 10:35 PM, Anders Bruun Olsen <anders@bruun-olsen.net> wrote:> Valentin Vidic wrote: > >> I have this in namespaceauth.conf: > >> [puppetrunner] > >> allow puppetmaster > > Try adding these too: > > [fileserver] > > allow * > > [puppetmaster] > > allow * > > I have now added those lines on the client, but that did not change > anything. The error message is the same. > > -- > Anders > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users >_______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
Luke Kanies wrote:> This indicates that you''re not loading the certificate for the machine > you''re running on. > Either puppetrun and puppetmasterd are looking in different ssl > directories, or they''re looking for certs for different hostnames, or > something even more wonky is going on.It was indeed a problem with SSL - I had made a mistake meaning that the certificate was issued to puppet.my.lan, which is really a CNAME for admin.my.lan. I tore down the current SSL dir, restarted puppetmasterd and the puppetds I had running, re-authenticated the clients and now puppetrun works perfectly. The [fileserver] and [puppetmaster] sections in namespaceauth.conf were not neccesary after all and it was not neccesary to do "allow *". Thanks to all who replied! :) -- Anders